Page: 1 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

ARTICA v4 IT Charter

Version 4.30.000000

Page: 2 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

TABLE OF CONTENT

IT Charter feature .............................................................................................................................. 3

Installing the IT Charter feature .......................................................................................................................................... 4

Parameters ........................................................................................................................................... 5

Plugin performance ................................................................................................................................................................... 5 Cluster mode ................................................................................................................................................................................ 5

Build the IT Charter Web frontend. ............................................................................................. 6

Create an IT Charter .......................................................................................................................... 9

Inline PDF .................................................................................................................................................................................... 10

Default design ................................................................................................................................... 11

Display sessions ................................................................................................................................ 12

Page: 3 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

IT Charter feature Technology Charter feature allows the proxy service to redirect requests to an internal Web page that force members to read the company policy before accessing to Internet. This feature will only display one time the policy page if the user as correctly accept the User Agreement. Each User Agreement is logged in order to ensure that the policy has been read. The Artica IT Charter feature is a splash screen provided by the proxy that deny access to Internet until users have not accepted the charter. The charter can be displayed as HTML page or by PDF. When an user accept the IT charter an event is created in the database, identity of the user is saved in a memory database in order to not ask again to accept the IT Charter. You can create multiple charters. When an user as successfully read a policy agreement, it should be redirected to the next policy agreement. Identity tokens:

The login username ( if any authentication method ) OR The MAC address ( if the proxy is on the same subnet of the clients ) OR The IP address.

Limitations: If you did not perform any authentication method, the proxy will trust MAC/IP. In a TSE mode the proxy will checks IP/MAC of the TSE server. The IT Charter will be not useable because the first user that have accepted the IT Charter will accept it for all TSE sessions. This is the same by using the proxy on the Cloud. The proxy will see only the public IP address of the router.

Page: 4 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

INSTALLING THE IT CHARTER FEATURE

On the left menu, choose “Your system” / “Feature” On the search field, type “it chart” Click on Install button on the row IT Charters.

The setup will install the ITCharter service and the Web service

Page: 5 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

Parameters Service parameters can be found on the left menu under “Your Proxy” / “IT Charters”

Verbose mode: Turn the Session plugin into the verbose mode/ Allow SSL connections: By default to access to Internet, users must accept the IT Chart. But if you did

not decrypt SSL protocol, when accessing to an HTTS site the browser return an error. In this case, users cannot think it must start with an HTTP session. Turning on this feature will let users browse to any SSL sites. if users navigate to an HTTP site, they will be redirected to the splash screen.

Database size (MB): Set the session database size, by default it is 50MB Listen interface: By default the proxy use only the loopback. In a cluster configuration you have to

listen a real network interface. Exclude: list here computers that will be not affected by the IT Charter.

Especially for servers or nodes that needs to be connected to Internet by no human are able to accept the IT Charter. You can put MAC addresses (aa:bb:cc:dd:ee), IP addresses ( 192.168.1.3) or CDIR ( 192.168.1.0/24).

Redirect queries to: Set here the HTTP hostname to the website that will be handle the splash screen. ( see the Build the IT Charter Web frontend section)

PLUGIN PERFORMANCE Max Processes to run (processes): How many plugins the proxy can load to handle requests. Processes to start (processes): How many plugins the proxy can preload to handle requests. Process to prepare (processes): How many plugins the proxy can prepare if it needs more. Positive cache TTL (Seconds): How many time the user that have accept the IT chart is kept in memory.

After the expire period, the plugin will check the session from the database that consume more performances.

Negative cache TTL (Seconds): How many time the deny connection is kept in memory. It makes sense to set it to 0 in order to always let the user to accept the IT chart.

CLUSTER MODE In cluster configuration, in order to avoid ask the second time IT Charters, IT Charters sessions can be replicated from a master server. ( by default if using the global Cluster Mode or the HaCluster feature, this option is automatically defined) Set here the master server address here (by default, the communication port is 6123).

Enable cluster configuration: If enabled, then the proxy is in slave mode. Cluster master address: the address of the master in order to replicate sessions.

Page: 6 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

Build the IT Charter Web frontend. The IT Charter Web frontend will generate the HTTP page according to created IT Charters. Users will be redirected to this virtual web server in order to read and accept the IT Charter. Note: The IT charter is merged with the PROXY PAC section. If you have created a PROXY PAC section, you did not have to create a Web service.

On the left menu, select the “Web services” and “Services” Click on the button “New service” Under the service name: give a name of your new service. Choose the “Create IT Charter splash screen” Click on Add button.

Page: 7 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

Click on your new IT charter service in the main table. Choose “Server names” tab.

Server names determine which server block is used for a given request. They may be defined using exact names, wildcard names, or regular expressions. Examples:

example.org www.example.org *.example.org mail.* 192.168.1.1 ~^(?.+)\.example\.net$

When searching for a virtual server by name, if name matches more than one of the specified variants, e.g. both wildcard name and regular expression match, the first matching variant will be chosen, in the following order of precedence:

exact name longest wildcard name starting with an asterisk, e.g. *.example.org longest wildcard name ending with an asterisk, e.g. mail.* first matching regular expression (in order of appearance)

Page: 8 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

Select “Ports” section Add the 80 port.

On the main table, click on the arrow in order to compile you website in production mode

Page: 9 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

Create an IT Charter

To create an IT Charter, got to the IT Charters section. Click on the “New IT Charter” button.

The Title page will be you IT Charter definition and the IT Charter web page title. The button text is the label of the button that permit user to accept the IT Chart. The Introduction text is a text that explain to the user what is an IT Charter

Click on Add button Your new IT Charter is added in the table and click on this new created item.

Page: 10 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

If you plan to display the content of your IT Charter in HTML inside the splash screen, fill the content section with your IT Charter in HTML mode.

The Headers section allows you to modify CSS of the splash screen.

INLINE PDF If you plan to display inline the IT Charter in PDF mode, use the PDF section. Click on Upload:PDF button in order to add your PDF IT Charter. Turn on the “Enabled” checkbox and click on “Apply” button.

Page: 11 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

Default design By default, if you keep Headers and content with default values, an inline IT Charter will have this look and feel

The same look with an inline PDF.

Page: 12 Artica v4.x : http://articatech.net | contact: contact@articatech.com | support: http://bugs.articatech.com

Display sessions The sessions section displays members that have accepted the IT charter , in the table you can see when the user have accepted the IT charter and the name of the accepted IT Charter. You can delete a session: If you delete a session, user must be display and accept the IT Charter again. The button “Delete All” remove all sessions and all users must accept all IT charters again.

When deleting a session, the user is not redirected in real-time, it will deleted after the Positive cache TTL (7200 seconds by default ). If you need to redirect immediately, you have to reload the proxy service in order to flush caches.