RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

RM Unify Network Provisioning
Published Date : 31 Aug 2017   Last Updated : 28 Oct 2019   Content Ref: TEC5797903  





Symptoms

RM Cloud Service Delivery can assist you with your Network Provisioning installation. For further information, please speak to your Sales representative on 0800 046 9798 or email networks@rm.com, quoting this article.



Procedure

What is RM Unify Network Provisioning?

Microsoft Active Directory (AD) is an essential component of your school network. It helps you manage computers, servers, users and permissions. With RM Unify, we help you reduce the burden of user management in your cloud services, but we can also do the same for your AD users too.

As a school, you must first decide whether you want to drive your AD user management from RM Unify, or drive RM Unify from your own AD.

  • Want to drive AD users from the MIS, via RM Unify? You need RM Unify Network Provisioning, so continue reading this article.
  • Want to drive RM Unify users from your AD because you have existing AD management strategies? You need RM Unify AD Sync. Please refer to DWN3182456 in the Other Useful Articles section below.

Note: Today, support is limited to networks provisioned from a single RM Unify establishment. Support for networks provisioned from multiple RM Unify establishments is coming soon.

Note:
For CC4 customers, this is supported on CC4.5 (i.e., where your CC4 First server is 2012R2) and above networks. 

The RM Unify Network Provisioning feature takes the stress out of managing users in AD. It is a bolt-on for RM Unify and its primary tasks are:

  1. Creating users in your AD network and providing ongoing synchronisation of the user attributes.
  2. Synchronising passwords in both directions, from cloud-to-network and network-to-cloud.
Image showing the Network Provisioning features

Your users can be provisioned into RM Unify from MIS Sync, a CSV file, or created through the web form in RM Unify Management Console. The user's lifecycle in AD is driven by RM Unify in the cloud, which performs the following in AD:

  • User creation.
  • User attribute changes.
  • Username changes.
  • User disable/enable.
  • Password changes.

Note: Users are never deleted from your AD. Deletion of a user in the cloud results in a disabled user in your AD.

All this is audited in the RM Unify Management Console. A new User Audit page shows all the events that have affected your users in the cloud or in your AD. This means that you have full visibility of all changes to your user data from one place.


How does it work?

The RM Unify Network Agent is a Windows Service installed on one server on your network. We recommend the primary domain controller or CC4 First server. This Windows Service is responsible for contacting the RM Unify cloud service, pulling the changes in user data for your school and enacting these changes in your AD.

On first run, the Active Directory Schema will be extended by defining some new attributes for user objects, which are required for the Network Agent to keep track of which users it manages. First run will also trigger a full-sync with RM Unify, pulling down all users for your establishment and updating the AD users to reflect this. The Network Agent will never delete users from your AD. Once the initial synchronisation has taken place, user changes in RM Unify will be pushed down to AD every five minutes.

Note: You cannot use this RM Unify Network Provisioning feature alongside RM Unify AD Sync. You must choose how you want to manage your AD users. Once the Network Agent MSI is generated in the RM Unify Management Console, RM Unify will no longer process messages from AD Sync and the AD Sync Service should be uninstalled from your network.

The RM Unify Password Filter component needs to be installed on each domain controller that processes password changes. This component is responsible for collecting password changes from your AD and securely synchronising them with RM Unify. Passwords are synchronised between the AD and RM Unify cloud every five minutes.

Please refer to:

  • TEC5832777 in the Other Useful Articles section below for more details on the synchronisation mechanism.
  • TEC5797912 in the Other Useful Articles section below for details about the prerequisites before installing the RM Unify Network Provisioning components.

How do I enable Network Provisioning?

Network Provisioning can be enabled from the RM Unify Management Console: https://launchpad.rmunify.com/ManagementConsole/NetworkUserSync.

Clicking the above link will prompt you to log on to your RM Unify establishment if you are not already logged on and is accessible to all RM Unify customers with a valid RM Unify Premium licence. 



Other Useful Articles

RM Unify Network Provisioning: prerequisites and preparation (TEC5797912)
RM Unify Password Filter (TEC5797917)
RM Unify AD Sync Service v3 (DWN3182456)
FAQ for RM Unify Network Provisioning (TEC5832777)
FAQ for RM Unify MIS Sync (TEC5983537)
Installation services for RM Unify Network Provisioning (TEC6284446)

FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: rm unify network provisioning, network provisioning


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page