Single sign-on and external integration, Setting up access control – Grass Valley iControl V.4.43 User Manual

iControl

User Guide

299

Each room has one or more iControl Application Server(s), depending on the amount of
equipment to monitor and control. The Application Servers within each room are connected
to the same local LAN (

192.168

). The primary NIC (eth0) is configure for the public subnet

(

3.199.107

). This is the only subnet available to connect all Application Servers from all rooms

to the public LAN. PC clients can be connected on the public subnet, but typically monitoring
and control will be from PCs on the corporate LAN behind the firewall as shown.

Figure 6-2

Single Sign-on and External Integration

The iControl architecture is open and uses standard schemas, allowing integration with
existing security infrastructures. iControl supports integration with existing directory services
using standard schemas for authentication. The system can be configured to use an external
LDAP server or directory services server instead of using the iControl LDAP server.

It is also possible to use multiple LDAP servers with referral capabilities. For example, iControl
can bind and authenticate with an external LDAP server, but manage its permissions on the
iControl LDAP server for iControl-specific resources. Referrals are supported between LDAP
databases to support multiple domain authentication.

In the case where it is not possible to get direct access to directory services, iControl can be
integrated with an existing enterprise “single sign-on” system. For example, iControl interfaces
with Netegrity SiteMinder from Computer Associates to authenticate users.

Setting up Access Control

The figure below depicts a simple scenario — a single domain with two iControl Application
Servers.