The CIC service is an active – passive component and has to be installed on all LUCS server machines.
CIC is responsible for the following features:
- Synchronization of SfB related changes
- Synchronization of User properties over SfB
- Run the LUCS.CIC.Setup.msi
- On the Luware-LUCS-CIC Configuration Settings screen of the setup pay attention to fill the
- Instance Name
- Port number
- SfB Server Version
- Configure Certificate Security
For security reason LUCS provides possibility to use certificate-based encryption and verification during the components communication. To configure certificate based authentication, select ‘Configure Certificate Security’ check box and press ‘Next’ button to open a page with server certificate settings.
If ‘Configure Certificate Security’ check box was set to true, configure the server and client certificate settings as the next step. The client settings specify which settings CIC will use while connecting to PS. The server settings are used to validate another services when they try to connect to CIC.
|Mode||Transfer security modes offered by WCF to ensure a secured communication between a client and a server.||None : This mode ensures that no security is applied while communication between server and client.|
Transport: As the name suggests, it is concerned with security of communication between a client and a service over a network protocol. It guarantees the confidentiality and integrity of messages at transport level since transport security secures the entire communication channel.
|Validation Mode||The mode that specifies how incoming certificate is validated and how trust is determined .||None: In this mode no validation is perfomed.|
ChainTrust: : In this mode WCF simply validates the certificate against the issuer of a certificate known as a root authority (the expiration time is checked too).
PeerTrust: In this mode WCF simply checks if the incoming certificate is installed in the Trusted People folder in the certificate store (the expiration time is checked too).
PeerOrChainTrust: Mixed mode.
|Is Dedicated||The flag that defins which certificate is used for encryption.||False: Encryption is done with default certificate. It means that certificate with the hostname of the machinefrom the Personal Store is used on server side.|
True: Encryption is done with a dedicated certificate. It means there is possibility to configure identifier (thumbprint) of the certificate.
|Thumbprint||The thumbprint is a hash value computed over the complete certificate, which includes all its fields, including the signature.||→ See Prepare Certificate Thumbprint|
Note: The system reports all errors related to connection or certificate issues to a log file ‘C:\Program Files\Luware AG\LUCS-ICH\log\connectionIssues.log’.
Open Services and start the installed service.
- Check that service is successfully started without any errors in Event Viewer or in the log file
c:\Program Files\Luware AG\LUCS-CIC\log\regularLog.txt
In the Luware-LUCS-Configurator application:
- Open LUCS Configurator -> Topology -> Components (Server)
Add CIC component as it is shown in the example (select the CIC Server Type, System Instance, Activity Order and fill the service’s Settings according to the table below):WebConfigurator - CIC Component Configuration
Key How to get the value AdSynchronizationTimeInSec The amount of seconds that identifies a time period before the previous and next full synchronization with Active Directory.
By default is set to one minute.
ApplicationID Identifies the registered SfB Application of ICH. To get the required value
1. run Get-CsTrustedApplication command in SfB Server Management Shell
2. search for the right component by application port number or name
3. copy the ApplicationId
ConferencingPolicyName The name of the conferencing policy, which will be created and assigned by CIC for the application endpoints. LyncServerURI Enter the SfB Server URI.
MaximumUsersCountPerSynchronizationRound Default Value: 50 MmApplicationId Identifies the registered SfB Application of MM. To get the required value
1. Run Get-CsTrustedApplication command in SfB Server Management Shell
2. search for right component by application port number or name
3. copy the ApplicationId
MmTrustedApplicationPoolFQDN Enter the MM Trusted Application Pool FQDN. Example: lucs.dev.local Office365PoolingTimeInSec The polling time in seconds to get users for every tenant.
Default Value: 3600
Password Password created for CIC service user to access the SfB remote PowerShell. ReistrarPoolAdPAth Information of Reistrar Pool in LDAP TrustedApplicationPoolFQDN Enter the ICH Trusted Application Pool FQDN. Example: lucs.dev.local UserAdPath List of paths to AD devided by semicolon Username Username created for CIC service user to access the SfB remote PowerShell.
VerbaProvisioningEnabled Flag if Verba provisioning should be enabled. VerbaProvisioningLogin Verba login name to provision the user and services VerbaProvisioningPassword Password of the login name to provision the user and services on Verba. VerbaProvisioningUri URI to the Verba server to provision the user and services.
VerbaRoleMappingService List of service roles devided by semicolon VerbaRoleMappingUser List of user roles devided by semicolon