New group properties
You can access the new group dialog box with one of the following methods:
| | Right-click on the Groups node in the cluster tree in the left pane and select New group |
| | Select New Group from the Action menu |
| | Click New on the toolbar and select New Group. |
The New Group dialog box opens. This window contains six tabs that are described in the following sections.
General tab
Group name
Enter a name for the group. This field is mandatory.
Note
Each group name must be unique among the groups and users.
Description
Provide more information for your reference on the group. This field is optional.
Use default group properties
If checked, the group configuration has the same parameters you set in the Default group properties dialog. This includes
the General, Security, Printer and Display color settings. If you uncheck the check box, you can set different configuration
parameters for the group.
Language
Contains all the languages supported by the [emulation] servers and clients (for the emulation). You can select the language
to use from this list.
Keyboard
Contains all the keyboards available for the selected language. Select the groups preferred keyboard from this list.
Default Inactive user timeout (min)
Sets the time, in minutes, for each session type that the server waits for the next user interaction before it drops the sessions
due to user inactivity.
| | Display: Sets the time the server waits before it drops the session due to user inactivity during a display session. |
| | Printer: Sets the time the server waits before it drops the session due to user inactivity during a printer session. |
| | File Transfer: Sets the time the server waits before it drops the session due to user inactivity during a file transfer session. |
Keep alive mechanism
Allows you to define a time interval (in seconds) according to which the server will verify if the client is alive. The default
value is 120 sec (or 2 min).
Session selection
Allows you to define the option by which users can connect to a session. If a user has more than one session defined for him/her,
you can provide them with one of the following connection options:
| | Enable round-robin selection: After signing on, the user will be connected to any one of the available sessions that are defined for him/her by means of a round-robin mechanism. |
| | Enable client session selection: After signing on, the user is presented with a list of the sessions defined for him/her and he/she will be able to select which session to connect to. |
Security tab
Authentication type
Allows you to select the default authentication method for users when connecting to the cluster. There are currently four
options available:
| | UserID/Password: Uses a user ID and password that you define in HAM. This option allows you to set the remaining parameters of the security settings related to password complexity and features in this dialog box. |
| | RSA SecurID: Users RSA SecurID tokens. In this case, you must have the RSA Ace Agent installed and properly configured on the servers. Selecting this option disable all the other parts of the dialog box (except the Group IP address validation) as the settings cannot be used in conjunction with RSA SecurID. Note that for this authentication method to work, you must select the same option during the installation of the server software. |
| | Windows Domain: Uses the currently active Windows domain account of the user (the account they are currently logged on with to the Windows domain). This option covers both the Windows domain and the Active Directory Service. This option also disables some parts of the dialog box (except the Group IP address validation) as the settings cannot be used in conjunction with the Windows Domain authentication method. |
| | Novell iChain: Uses the currently active Novell iChain account (the account they are currently logged on with to the Novell iChain server and Novell eDirectory server in the backend). This option disables some parts of the dialog box (except the Group IP address validation) as they cannot be used in conjunction with the Novell iChain method. |
User cannot change password
Disables the Change password button on the client's ActiveX control toolbar preventing him/her from changing their passwords.
Password must contain a digit
Enhances password complexity.
User must change password on first sign on
Forces users to replace the passwords assigned to them by the administrator and define their own new passwords the first time
they connect to the cluster.
Minimum password length
Defines a minimum acceptable length policy for user passwords. If the field is set to zero, passwords of any length will be
acceptable, even an empty password.
Password never expires
Deselect the check box to force users to change their passwords at regular intervals set by the Expiry period field. The Warning period field defines the number of days before the end of the Expiry period during which HAM sends the user a warning notification
to change their password. The notification stops once the user changes the password. If the user does not change the password
by the end of the expiry period, they cannot sign on until they change it.
Enable grace login policy
Defines your policy on blocking users who attempt to sign on with the wrong password. The Number of attempts field defines the number of times the user can enter an incorrect password before the account is locked. The Reset interval time field defines the time in minutes after which the system automatically unlocks a locked account.
Group IP address validation
Defines IP address filters or access lists for the users. HAM allows you to define up to four subnets. HAM accepts connections
only from users having IP addresses belonging to the defined subnets. For example, if you define 10.1.1 and 10.1.2 then HAM
only gives access to users with IP addresses in the ranges 10.1.1.0 to 10.1.1.255 and 10.1.2.0 to 10.1.2.255.
Display color tab
This tab allows you to select colors for a variety of elements within the ActiveX Display client. Select the element to change
from the Host color drop-down menu. When you select an element, its associated color appears in the sample edit box below. The possible elements
are the Background and Foreground colors.
Background color
The color of the area behind the displayed text.
Foreground color
The color of the displayed text.
By default, the text and background of different areas of a host Display screen are painted in different colors. The following
colors are the default colors set by the host for the various Background and Foreground regions of the host Display screen:
When you click on a color button in the Mapped colors section, the sample color box below the group changes to reflect the new color selection. Repeat these steps for each color
or field that you want to change.
| | Black |
| | Blue |
| | Green |
| | Red |
| | Cyan |
| | Magenta |
| | Yellow |
| | White |
| | Panel Background is the background color for the applet window. |
| | Protected Foreground is the color of the text in protected fields such as the password field. |
| | Edit Background is the background color of editable fields. |
| | Status Foreground is the color of the text that appears on the status line. |
| | Status Background is the background color of the status line. |
Printer tab
Server polling interval
The number of milliseconds the client waits before checking with the Server for any available print jobs. It is recommended
that you set this interval to five seconds.
Data Timeout
The amount of time to wait for the data at the end of a print job in the field. This amount of time is measured in milliseconds.
Sessions tab
Use the Sessions tab to assign sessions to group members. To use this tab, you must first create sessions.
Available sessions
Displays all the sessions (pools and single sessions) created by you but not yet assigned to this group.
Assigned sessions
Displays the sessions (pools and single sessions) that are assigned to this group. These are the sessions (or pools) that
can be used by group members to connect to their respective hosts. Those sessions (or pools) will be shared between the group
members depending on how you configure the assignment. At the user level, you can override assignments made at the group level.
For more information on overriding group assignments at the user level, see assigning sessions to users in the Session tab
in the User Properties section.
All, 3270, 5250 and VT
The radio buttons at the top of the dialog are display filters that control what types of sessions are displayed in the Available
sessions and Session assignment lists. If you select All (the default), sessions from all three emulation types are displayed.
If you select 3270 for example, then the Available Sessions list only displays 3270 sessions even though other session types
may be available to the group. Use these buttons when you have multiple sessions of different emulation types assigned to
the group and you want to ease the visual management of the session assignment.
Assigning sessions
Follow the steps below to assign a session (a pool or single session) to the group.
The following window appears.
| 1. | Select the session(s) from the Available sessions list. |
| 2. | Click the single left arrow (<). |
Session/Pool name
Displays the name of the selected session.
Available to all group users
This check box is checked by default. If you select this check box, the pool will be available to all the users (existing
or created afterwards) in the group. If you clear this check box, the pool will be assigned to the group but users cannot
use it until it is specifically assigned to them at the user level. Use this option if you want to give a small number of
users in a large group access to a certain session while restricting access to other group members.
Total sessions for group
The maximum number of sessions from the selected pool that will be available to all the users of this group. For example,
if the original pool has a size of 50 sessions, and you provide only 20 to this group, the users of this group will not be
able to use more than 20 sessions from this pool at the same time. This field must be smaller or equal to the total pool size.
Default number of sessions per user
Defines the default number of concurrent sessions that every member will have access to. This field must be smaller than or
equal to the value that you entered in the Total sessions for group field above. For example, if you enter 3 in this field,
then every user in the group will, by default, have access to 3 concurrent display sessions from this pool). Note that you
can override this value at the user level to provide certain users with more or fewer sessions than other group members. If
your group members will have different requirements from the same pool, enter a value in this field that will be used by most
members and then modify the small number of users with different requirements.
Note
When assigning one pool to different groups, ensure that you do not to overuse the pool. For example, if you have a pool of
50 sessions and assign it to 3 groups with a Total sessions for group set to 20 for each group, the user who tries to connect
to session 51 will be denied access. The server validates the limits at the user level (Default number of sessions per user),
the group level (Total sessions for group) and the pool size level. If any of these limits is exceeded, the session will not
be granted.
Assigning a single session
Assigning a single session is similar to assigning a pool except that only the Available to all group users is configurable.
The other two fields are size related and cannot be configured for a single session.
Assigning multiple sessions
From the Available sessions list, use Click +Ctrl to select multiple single sessions that you want to assign to the group
and then click on the (<<) button. The operation is similar to assigning a single session. However, the selection you make
for the Available to all group users check box will apply to all the selected sessions.
Removing session assignments
Use the right arrow keys (>) and (>>) to remove an assigned session or pool of sessions from a group as follows:
Once a session (or pool) is removed from the group, it is removed from all users of that group.
| | Use the (>) button to remove an assigned session (pool) from the group. |
| | Use the (>>) button to remove all assigned sessions (pools) from the group. |