RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

RM Unify Network Provisioning: prerequisites and preparation
Published Date : 31 Aug 2017   Last Updated : 12 Sep 2018   Content Ref: TEC5797912  





Symptoms

Note: RM Cloud Service Delivery can assist you with your Network Provisioning installation. For further information, please refer to TEC6284446 in the Other Useful Articles section, or speak to your Sales representative on 08450 700 300.


Note: Today, support is limited to networks provisioned from a single RM Unify establishment. Support for networks provisioned from multiple RM Unify establishments is coming soon.

Note:
For CC4 customers, this is supported on CC4.5 (i.e., where your CC4 First server is 2012R2) and above networks.


RM Unify Network Provisioning scenarios and solutions
  1. Where the MIS will be the source of new RM Unify users:
Click to view a larger image
  Network Provisioning & MIS Sync Create Mode

  1. Where CSV files will be the source of new RM Unify users:
Click to view a larger image
  Network Provisioning & CSV sourced users

Please ensure that you follow one of the flowcharts (tasking special note of the points highlighted below in some of the flowchart boxes) before proceeding with the installation of RM Unify Network Provisioning. If you do not follow this process accurately, there is a risk that you may compromise user accounts and their access to your network.

The following notes match up with some of the boxes in the above flowcharts (i.e., they are not steps to follow in order, please read each relevant section when working through the flowchart).

  1. When the Network Agent first runs, it will retrieve the user list from RM Unify. It is therefore highly likely that you will have users in your AD that correspond to users in RM Unify.

If there is already a user in the AD with the same username as an RM Unify user and a matching user role, the AD user will be linked to and updated with details from RM Unify.

  • RM Unify Students will be matched with AD students.
  • RM Unify TeachingStaff and NonTeachingStaff will be matched with any AD users that are not students.

If there is no user in the AD with the same username as an RM Unify user (either because there is no AD account or because the AD username does not match), then a new AD account will be created using the RM Unify username.

To facilitate this cloud-to-network user link, ensure that the usernames match by renaming RM Unify users and/or renaming AD users, before you install the Network Agent.

  • To rename a user in RM Unify, find the user in the users page, from the Actions menu, click 'Change username'.
  • To generate a CSV file of all RM Unify users, click here.

The above should prevent the Network Agent from creating multiple accounts for the same user in AD when you change to MIS Sync in Create Mode later in the setup. 

  1. Are there existing MIS users that correspond to RM Unify users? If so, then you must link the MIS user to their Unify account using MIS Sync in Link Mode. This prevents RM Unify from creating multiple accounts for the same user in RM Unify when you change to MIS Sync in Create Mode later in the setup. TEC5427652 (RM Unify MIS Sync) in the Other Useful Articles section below gives more information on this. In Link Users, 'Display as Table', confirm you have the user counts as below.
     
    User category Number of users   
    Users with a likely MIS record match   

    0

       
    Users with a possible MIS record match

    0

      
    Users not matched to an MIS record

    0

    If an RM Unify user does not have an MIS record, then set it as 'User not in MIS'.
    MIS records not matched to an RM Unify user

    0

    If an MIS record does not have an RM Unify account, then set it as 'Has no RM Unify account'.
      
  2. Are there existing AD users that exist in your MIS but do not exist in RM Unify? If so, select the same username format as your existing AD users so that when you change to MIS Sync in Create Mode, the user will get an RM Unify username that matches the format of their existing AD account. If it is not possible to match the username format of existing AD users, then you may wish to import the AD users into RM Unify (and then link to the MIS records) so that the usernames are consistent.
  3. The RM Unify CSV Extraction Tool is available for download from DWN3182515 in the Other Useful Articles section below.
  4. Use the Download Passwords page to generate passwords for newly provisioned users. This should be done after installation of the Network Agent so that the new passwords will be immediately synced to the AD. Following installation of the Network Agent, a user's password will be synced when their password is changed/generated or when the user next signs in to RM Unify.


Procedure

This article covers the software prerequisites and other tasks we recommend before installing the RM Unify Network Provisioning components. There are two components for this feature:

  1. RM Unify Network Agent Windows Service to be installed on one server. We strongly recommend the primary domain controller or CC4 First server.
  2. RM Unify Password Filter to be installed on all domain controllers that process passwords changes.

Requirements: RM Unify Password Filter
  • Operating system
    • Windows Server (WS) 2008R2, WS 2012, WS 2012R2, or WS 2016.
  • .NET Framework v3.5 SP1
    • If your server is a CC4 server, then .NET Framework 3.5 SP1 is installed by default.
    • Otherwise:
      • Windows Server 2008R2
        1. Confirm whether .NET Framework version 3.5 SPI is installed.
          1. Run PowerShell by clicking the PowerShell icon on the Taskbar. Alternatively, on Server Core, type powershell in the Command Prompt window and press Enter.
          2. Type import-module servermanager and press Enter.
          3. Type Get-WindowsFeature -Name NET-Framework-core | fl Installed and press Enter. The display will indicate whether or not the component is installed.
        2. If required, install .NET Framework version 3.5 SPI as follows:
          1. Type Add-WindowsFeature -Name NET-Framework-core and press Enter.
          2. Repeat step 1 above to confirm the component has installed successfully.
      • Windows Server (WS) 2012, WS 2012 R2 and WS 2016
        1. Confirm whether .NET Framework version 3.5 SPI is installed.
          1. Run PowerShell by clicking the PowerShell icon on the Taskbar. Alternatively, on Server Core, type powershell in the Command Prompt window and press Enter.
          2. Type import-module servermanager and press Enter.
          3. Type Get-WindowsFeature -Name NET-Framework-core | fl Installed and press Enter. The display will indicate whether or not the component is installed.
        2. If required, install .NET Framework version 3.5 SPI as follows. You will need the original WS 2012/2016 installation media. For the following example this is assumed to be in drive E:
          1. Type Install-WindowsFeature -Name NET-Framework-core -source E:\sources\sxs and press Enter.
          2. Repeat step 1 above to confirm the component has installed successfully
  • Microsoft Visual C++ 2010 Redistributable Package (x64)
    1. Confirm whether Microsoft Visual C++ 2010 Redistributable (x64) is installed:
      1. Open a Command Prompt window.
      2. Type C: and press Enter.
      3. Type cd %SYSTEMROOT%\system32 and press Enter.
      4. Type dir /b msvcr100.dll and press Enter. If the file is found, this command returns a single line of output with the same filename. This indicates that the Microsoft Visual C++ 2010 Redistributable (x64) package is installed. If the command returns "File Not Found", the Microsoft Visual C++ 2010 Redistributable (x64) package is not installed.
    2. If required, install Microsoft Visual C++ 2010 Redistributable (x64):
      1. Download the latest version of Microsoft Visual C++ 2010 SPI Redistributable (x64).
      2. Follow the instructions at this URL: http://www.microsoft.com/en-gb/download/details.aspx?id=13523
      3. Run vcredist_x64.exe to perform the installation.
      4. Repeat step 1 above to confirm the component has installed successfully.

Requirements: RM Unify Network Agent
  • CC4: CC4 version
    • CC4.5, or
    • Connect On Prem (CoP)
  • Non-CC4: Operating system
    • Windows Server (WS) 2012R2, or WS 2016.
  • Microsoft .NET Framework 4.6.1
  • Uninstall RM Unify AD Sync
      • If RM Unify AD Sync is installed on your network, remove it as follows:
        1. Log on as administrator to the server running the RM Unify AD Sync service.
        2. Navigate to Control Panel, Programs (or 'Programs and Features')
        3. Search for RM Unify AD Sync and select Uninstall. There is no need for a server reboot.
        4. Once uninstallation is completed, you may delete the C:\Program Files(x86)\RM\RM Unify AD Sync folder.
    • Remove RM Unify Linked User Provisioning or LGfL USO Linked RM User Provisioning components (RM Managed Service sites only)  
      • RM Managed Service sites that presently use RM Unify Linked User Provisioning or LGfL USO Linked RM User Provisioning should remove the relevant components prior to introducing RM Unify Network Provisioning. 
        • RM Unify Linked User Provisioning sites should follow TEC4502298 in the Other Useful Articles section below.
        • LGfL USO Linked RM User Provisioning sites should follow TEC4586608 in the Other Useful Articles section below.
    • Set password policies in AD
      • If a password set for a user in AD is not complex enough to meet the RM Unify password policy, then it will be rejected by RM Unify and the password will be out of sync between the network and the cloud. This will be listed in the User Audit page in the RM Unify Management Console. We suggest that you periodically check the User Audit page for password sync failures.
      • The current RM Unify password policy is detailed in TEC5943089 (in the Other Useful Articles section below) and uses heuristics rather than composition rules to determine how strong a user's password is. Therefore, the RM Unify password policy cannot be represented with AD password policy rules but we do suggest that you set password policies in your AD for Students and Staff to increase the chance of passwords being accepted by the RM Unify policy. E.g. A minimum of 4 characters for Students and a minimum of 6 characters for Staff. You can get a feel for the RM Unify password policy by visiting the Change Password page (https://sts.platform.rmunify.com/Account/ChangePassword) and typing in a 'New password'. We accept Weak passwords for Students but require Acceptable passwords for other roles.
      • You may also wish to encourage users to change their passwords in RM Unify rather than on the local school network.
      • We will be adding a feature that allows you to set school specific password complexity thresholds in RM Unify.
    • Add firewall or proxy server rules

    *This applies to any firewall or proxy server that requires authentication - whether running locally or provided by a third party or LA, and even if authentication is transparent.


    Requirements: CC4
    • CC4UPD206
      • On a CC4 network, CC4UPD206 is required so that passwords with special characters set through RM Unify will be correctly set on the network. CC4UPD206 is available for download from DWN5832932 in the Other Useful Articles section below.


    Other Useful Articles

    RM Unify Network Provisioning (TEC5797903)
    RM Unify Password Filter (TEC5797917)
    RM Unify MIS Sync (TEC5427652)
    FAQ for RM Unify Network Provisioning (TEC5832777)
    RM Unify CSV Extraction Tool (DWN3182515)
    RM Unify password policy (TEC5943089)
    Installation services for RM Unify Network Provisioning (TEC6284446)

    FEEDBACK
    Did the information in this article help answer your question?
     Yes
     No
    Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
    Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


    If this article has not helped provide a solution then it is also possible to log a call...


    Please read - important disclaimer information.
    http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


    Top Of PageTop of page