Professional Documents
Culture Documents
One-Click Transfer
User Guide
All rights reserved. This document contains information and ideas, which are
proprietary to Cyber-Ark Software. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, scanning, or otherwise, without the prior written
permission of Cyber-Ark Software.
OCT004-5-0-1
Table of Contents
Introduction............................................................................................5
Requirements........................................................................................................ 6
Authentication........................................................................................................ 6
Scheduling a Service........................................................................................... 16
Restoring Files .................................................................................................... 16
Authenticating to the Vault................................................................................... 17
Logging on to the Vault Manually .....................................................................................17
Logging on to the Vault Automatically..............................................................................18
Configuration .......................................................................................20
Services .............................................................................................................. 20
Creating a New Service ...................................................................................................21
Copying a Service ............................................................................................................22
Modifying a Service ..........................................................................................................23
Removing a Service .........................................................................................................24
Refreshing the Services List ............................................................................................24
Vaults .................................................................................................................. 25
Adding a Vault..................................................................................................................26
Modifying Vault Properties ...............................................................................................27
Removing a Vault.............................................................................................................27
Users................................................................................................................... 28
User Authorizations..........................................................................................................28
User Credentials ..............................................................................................................29
Configuring Manual Authentication ..................................................................................30
Configuring Automatic Authentication ..............................................................................30
Creating User Credential Files .........................................................................................31
Modifying a User ..............................................................................................................32
Deleting a User ................................................................................................................32
4
One-Click Transfer User Guide
5
Introduction
Introduction
Cyber-Arks One-Click Transfer is an end-user utility that transfers files between the
Cyber-Ark Vault and a standard file system, according to predefined settings. Files
can be transferred in different directions to and from the Vault, and can either be
uploaded to the Vault from the local file server, or downloaded from the Vault to the
local file server.
As a utility, One-Click Transfer does not require installation. This eliminates the need
for administrator permissions or assistance, and enables users to begin working
immediately. An intuitive GUI interface leads end-users through service
configuration, which is very simple and requires no training.
Transfers can either be carried out manually or according to a third party schedule
without human intervention. The files to be transferred can either be predefined or can
be selected by the user during the service.
Before file transfers can be carried out, the user is required to authenticate to the
Vault. Authentication can be supplied manually by the user, or stored in a user
credential file that is automatically used by the service. User credential files may
contain encrypted passwords, with or without an external token, or PKI certificates.
After each service, an E-mail message can be sent to specified E-mail addresses with
information about the activities that have been carried out. This feature can be used to
inform the receiver when a service has transferred files, and can also be used by
administrators when the utility requires immediate attention.
6
One-Click Transfer User Guide
Requirements
The One-Click Transfer utility must be installed on a machine that is accessible to the
Vault.
The One-Click Transfer utility is currently supported on the following platforms:
Windows XP
Windows 2000
Windows 2003
Windows Vista
The One-Click Transfer utility works with the following version of the Cyber-Ark
Vault:
Version 3.5 or higher
The One-Click Transfer utility requires the following memory for installation:
10MB
This utility also requires and additional space for temporary files and files being
transferred.
Authentication
The One-Click Transfer utility supports the following authentication methods:
Password
PKI on Windows
For more information about logging on during a One-Click Transfer service, refer to
Authenticating to the Vault, page 17.
7
Before Using the One-Click Transfer
User authentication Users can log onto the Vault with either a password or
a PKI certificate.
Safe Ownership The user that will carry out the service must have the
relevant Safe ownership authorizations to enable the transfer to be carried out.
For more information about Safe Ownership, refer to the IBV/SDV
Implementation Guide for Users.
Getting Started
The first time that you use the One-Click Transfer utility, the Service Configuration
wizard leads you through setting up the first service.
1. From the installation folder, double-click DCClient.exe to start the Service
Configuration wizard.
2. In the General window, specify the name, description, and type of service.
8
One-Click Transfer User Guide
Field
Defines
Services
Description
Run mode
Without a user
interface
The service will automatically transfer all the files that are specified in
the Files window during service setup.
As this is the first time you are running the utility, no Vaults have been defined yet
in the utility.
Field
Defines
Existing Vault
4. Select Define a new Vault, then click Next; the Vault details window
appears.
9
Getting Started
Field
Defines
Name
Address
Port
Request timeout
Use RADIUS
authentication
Whether or not the user will be authenticated to the Vault with Radius
authentication. Select the type of certificates to use for authentication.
Proxy or Firewall
Server
Whether you are using a proxy or firewall server, or neither. If you are
using either a Proxy or Firewall, click Advanced to specify the settings to
use.
PKI Authentication
To log onto the Vault with a certificate, type the name that appears on the
Vault certificate, or click Select to choose the certificate from a list.
5. Specify the Vault details, then click Next; the User window appears.
10
One-Click Transfer User Guide
6. Select the type of connection that the user will use to run the service, then click
Next to display the Files window.
Field
Defines
Manual
Authentication File
Change password
Existing user
Defines
Service type
Store in a Safe
Retrieve from
a Safe
Files to transfer
Local folder
name
Safe name
Safe folder
name
File Pattern
The file pattern of the files to transfer. For example, files that begin with
mon, whose extensions are .xls would be represented by mon*.xls.
11
Getting Started
9. Click Next to display the Post action window where you can specify the activities
that will take place after the transfer.
Field
Defines
Archive
the files
Move the transferred files into an archive folder that you specify. You can also add
a timestamp to these files. The timestamp uses the following format:
yyyymmdd_hhmmss.
For example, Product.doc that was created on 23 May 2004 at 18.50 would be
renamed Product##20040523_185000##.doc
Note: An upload service moves files into an archive folder on the local file system, and a
download service moves files into an archive folder in the Vault.
Delete the
files
Rename
the file
10. Click Next to display the Success E-mail window where you can specify an Email message to send a confirmation of a successful transfer.
12
One-Click Transfer User Guide
11. Select Send success E-mail message to make the fields in this window active
so that you can specify a recipients E-mail information.
Field
Defines
E-mail settings
From
To
E-mail server
IP
The IP address of the mail server. You can copy the properties from your
Outgoing Mail SMTP application.
Message
Content
Subject
Template
12. Click Next to display the Error E-mail window where you can specify an E-mail
message to send after a failed transfer.
13
Getting Started
13. Select Send error E-mail message to make the fields in this window active.
Field
Defines
E-mail settings
From
To
E-mail server IP
The IP address of the mail server. You can copy the properties from your
Outgoing Mail SMTP application.
Message Content
Subject
Template
14. Click Next to display the Finish window where you finish configuring the service.
15. Select Create a shortcut on the desktop to create a shortcut to the service on
the desktop.
16. Click Finish to save all the service configurations and complete the first service
setup.
14
One-Click Transfer User Guide
Services
The One-Click Transfer window displays a list of the services that have already been
created. In this window, you can also run a selected service and carry out a limited
number of access changes to the service.
Viewing a Service
1. In the installation folder, double-click DCClient.exe to display the One-Click
Transfer window and display the services.
2. Select a service to view a description of the file transfer.
Name of the service
Each service is marked with an icon that indicates whether the file transfer is an
upload to the Safe or a download from the Safe.
Icon
Indicates
A download service.
An upload service.
15
Services
Running Services
After services have been set up and a connection to the Vault has been defined
through authorized users, the services can be run. A service can either be started
manually, or scheduled to run automatically.
The files that will be transferred during the service can either be specified during
service configuration, or while the service is running.
With a user interface for selecting files This type of service enables the user to
select the file to transfer while the service is running.
Without a user interface for selecting files This type of service transfers a group
of files, according to a file pattern. It can be run manually, but can also be
scheduled to run by a third party scheduling software.
To Run a Service
Shortcuts
You can create a shortcut to the service that will be placed on the Desktop. This
shortcut enables you to run the service without having to open the One-Click Transfer
window.
Select the service, then from the Service menu, select Create Shortcut; the
shortcut icon will appear on the Desktop.
Run the service as described above; the transfer is carried out with no user
intervention.
16
One-Click Transfer User Guide
Scheduling a Service
Services that transfer files without a user interface can be scheduled in a third party
scheduled software.
Insert the following code into the scheduled script:
For example, the following code would run a service called Customers:
DCClient.exe C:\Documents and Settings\Desktop\One-Click
Transfer\Services\Customers.ini
Restoring Files
Files that have been transferred by a One-Click Transfer service, and moved to an
archive folder, can be restored and returned to their pre-transfer location.
1. Select the service that carried out the transfer.
2. From the Service menu, select Restore.
If only one file is in the archive folder for this service, the file will be restored
immediately.
If more than one file is in the archive folder, the Service Archive Files window
appears.
3. Select the file to restore, then click Restore; the file is removed from the archive
folder and is restored to its pre-transfer location.
17
Services
2. The name of the user as it appears in the service configuration appears in the
username edit box.
If the name of the user does not appear or if it isnt correct, type the name of the
user who will run the service.
Password authentication:
3. Type the users password, then click Logon; a secure channel is created between
the client and the Vault through which this logon information is sent.
4. If the RADIUS server requires more information to authenticate you to the Vault,
a RADIUS Challenge window appears, prompting you for it.
5. Specify the additional logon details, then click OK; the RADIUS server
authenticates you to the Vault.
18
One-Click Transfer User Guide
To Change a Password
The user can change their password to the Vault through the One-Click Transfer.
1. In the One-Click Transfer window, select the service that logs onto the Vault
where the password will be changed.
2. From the Services menu, select Set Password; the Logon window appears.
3. Type the username and password, then click Logon; the Set Password on Vault
window appears.
4. Type the current password, then type the new password and confirm it.
5. Click OK; the password is changed in the Vault.
19
Services
Radius Authentication
This option refers to a credential file that stores the users password in an encrypted
form.
Start the service; the service accesses the credential file and logs onto the Vault
automatically.
20
One-Click Transfer User Guide
Configuration
The One-Click Transfer Configuration client enables users to configure Vaults, user
authentication, and file transfer services that can be carried out by the One-Click
Transfer Client.
Services
Each Service is defined in a service configuration file, called <service>.ini, and stored
in the Service subfolder of the One-Click Transfer installation folder. Service
definitions include the name and description of the service, and the source and
destination of the files to be transferred, etc.
21
Configuration
The One-Click Transfer Configuration window displays services that have already
been setup, and enables you to add new services, and update or delete existing ones.
This window is displayed in either of the following ways:
For more details about creating services, refer to Getting Started, page 7.
22
One-Click Transfer User Guide
Copying a Service
You can also create a new service by copying an existing one and then changing its
settings.
1. Select the service to copy, then from the Service menu, select Duplicate; the
Service Configuration wizard appears.
2. In the Service edit box, type the name of the new service.
3. Follow the Service Configuration wizard and make other modifications to the
service as necessary, then click Finish.
For more information about the Service Configuration wizard, refer to Getting
Started, page 7.
23
Configuration
Modifying a Service
You can modify the service configurations to make changes in the type of service or
the files to be transferred. You can change every setting, other than the name of the
service.
1. In the One-Click Transfer Configuration window, select a service.
2. Click Update,
or,
From the Service menu, select Update.
The Update Service window appears. Display the various tabs to update the
service configurations.
24
One-Click Transfer User Guide
Removing a Service
When a service is not required any more, you can delete it.
1. In the One-Click Transfer Configuration window, select the service to delete.
2. Click Remove,
or,
From the Service menu, select Remove.
The following confirmation window appears prompting you to confirm that you
want to delete the selected service.
25
Configuration
Vaults
Each Vault that will be referred to in a service is defined in a Vault configuration file
and stored in the Vault subfolder of the One-Click Transfer installation folder. The
user credentials of the User who will access the Vault during the service are stored in
a credential file in the same folder.
For example, to enable a user called Simon to run a service that accesses the
Bank Vault, the following files must be created and stored in the Vaults/Bank
subfolder:
Vault.ini This file contains all the details about the Bank Vault. For more
information about the parameters in Vault.ini, refer to Vault.ini, page 40.
Simon.cred This file contains an encrypted password that will enable the service
to run through the user account in the Vault called Simon.
26
One-Click Transfer User Guide
Adding a Vault
1. From the Tools menu, select Vaults; the Vaults Manager window
appears and displays a list of Vaults that have already been defined.
3. Specify the name and IP address of the Vault that a user will access in order to
carry out a service.
4. Specify the request timeout period in seconds.
5. To enable the user to log onto the Vault with Radius authentication, select
RADIUS authentication, then select one of the following:
Trust self-signed certificates
Allow third party authentication with self-signed certificates
6. Specify whether or not access to the Vault is via a Proxy or Firewall server, and
which type.
7. If appropriate, specify the Vaults DN.
8. Click OK; the Vault appears in the Vaults list as one that is recognized by the
utility.
27
Configuration
Removing a Vault
When a connection to a specific Vault is no longer required, you can delete the Vault
from the One-Click Transfer.
1. In the Vaults list, select the Vault to delete, then click Remove; the following
confirmation window appears prompting you to confirm that you want to delete
the selected Vault.
28
One-Click Transfer User Guide
Users
The One-Click Transfer utility maintains a list of known Users on each Vault. These
users are used to access the Vaults and perform file transfers when processing the
services. These users must be created in the Vault before they can carry out a OneClick Transfer service. In addition, the user must be a Safe Owner of the Safe
specified in the service and must have the appropriate authorizations.
User Authorizations
The following table lists the activities that the service might specify and the relevant
authorizations that the user must have.
Activity
Authorization
Download transfer
Upload transfer
Change filename
Open files
For more information about Safe Owners and authorizations, refer to the IBV/SDV
Implementation Guide for Users.
29
Configuration
User Credentials
The logon credentials of a User are required to log onto the Vault successfully. OneClick Transfer enables users to log onto the Vault either manually or automatically
with a credential file.
Manual This type of logon requires the user to supply a user name and password
Password The user supplies their Vault username and password in a logon
window.
file and initiate services automatically. The credential file can specify any of the
authentication types listed below. The credentials of users who will log on with a
credential file or with PKI must be defined in the User Properties window. All user
credential files are stored in the Vault subfolder.
Password with External Token The users password is encrypted with a key
stored on an external token, such as a USB or a Smartcard.
Any PKCS#11 token can be used for this type of authentication, as long as it
meets all of the following criteria:
The token must be a hardware token.
The token is accessible through the PKCS#11 interface.
Access to the token is only possible after supplying a PIN.
The token supports RSA with 1024 or 2048 bit key length.
The token must be able to perform encryption and key generation in hardware.
Radius authentication The users logon credentials are stored in an encrypted
form on the One-Click Transfer station. If an additional Radius challenge response
is required, the user must supply the response manually.
Certificate Any certificate that is accessible through Windows Internet Explorer
certificates stores can be used to authenticate to the Vault.
30
One-Click Transfer User Guide
If you have not yet created users for this Vault, the Create a new user in Vault
window for the selected Vault appears.
31
Configuration
32
One-Click Transfer User Guide
Managing Users
To Modify a User
The authentication method of a User can be modified so that the user can access the
Vault with a different authentication method.
1. In the Users list, select the user, then click User; the Update User Properties
window appears.
2. Modify the Users authentication method, then click OK.
To Delete a User
When a user is no longer needed to carry out a service, he can be deleted from the
Users list.
1. In the Users list, select the user to delete, then click Remove; the following
confirmation window appears prompting you to confirm that you want to delete
the selected user.
33
Activity Logs
Activity Logs
All activities that are carried out by the utility are written to log files and stored in the
in the Logs subfolder of the One-Click Transfer installation folder. All log messages
are written to the log files, including general and informative messages, errors, and
warnings.
The following list details the log files that are created, and their contents:
DCClient.log This file contains all the log messages related to the One-Click
Transfer Client.
DCConfig.log This file contains all the log messages related to the One-Click
Transfer Configuration client.
<service>.log This file contains all the log messages related to the service of the
same name.
All these log files are stored in the Logs subfolder of the One-Click Transfer
Installation folder.
General Logs
The General log displays the contents of the DCClient log file. This lists all the
activities that have been carried out by the One-Click Transfer utility.
To View the Log File
1. Do not select a service.
2. From the View menu, select View Main Log; the Show Log File window
appears and displays the contents of the general One-Click Transfer log.
34
One-Click Transfer User Guide
Service Logs
The Service log displays the contents of the service log file. This lists all the activities
that have been carried out by the One-Click Transfer utility for this service.
To View the Log File
1. Select a service.
2. From the View menu, select View Service Log; the Show Log File window
appears and displays the information in the specified service log.
History Logs
When the size of a log file reaches 5 MB, it is moved into the History subfolder of the
Logs folder. Only the most recent history file of each log is retained.
To View the General History Log File
1. Do not select a service.
2. From the View menu, select View Main Log; the Show Log File window
appears.
3. Click History; the Show Log File window displays the History log file of the OneClick Transfer client.
To View the Service History Log File
1. Select a service.
2. From the View menu, select View Service Log; the Show Log File window
appears
3. Click History; the Show Log File window displays the History log file of the
service.
Sending Logs
Log files can be sent to an e-mail account directly from the Show Log File window.
1. Display the log to send, then click Send; the default E-mail Message window
opens. The log file appears in the message as an attachment.
2. Enter the E-mail addresses to send the log file to, and click Send.
35
Customizing the One-Click Transfer GUI
To Customize a Logo
1. Create a logo that is 200 pixels wide and 36 pixels in height.
2. Save the logo as logo.jpg, and copy it to the One-Click Transfer installation
folder.
When you next start the One-Click Transfer utility, your logo will appear on the right
of the screen.
To Customize an Icon
Save the icon as logo.ico, and copy it to the One-Click Transfer installation
folder.
When you next start the One-Click Transfer utility, your logo will appear in the corner
of the title bar.
To Customize Help Information
Write the information to display and save it as about.txt in the One-Click Transfer
installation folder.
When you next start the One-Click Transfer utility, your information will appear in
the About One-Click Transfer window.
36
One-Click Transfer User Guide
Meaning
Mandatory
Default
Value
Acceptable
Values
Name
Yes
None
String
Description
A description of the
service
No
None
String
UserName
Yes
No
String
VaultName
Yes
None
String
SafeName
Yes
None
String
FolderName
Yes
None
Path
SafeFolderName
Yes
None
String
FilePattern
No
*.*
String
37
Appendix A: Parameter Files
Token
Meaning
Mandatory
Default
Value
Acceptable
Values
ArchiveFolderName
No
None
Path
PostMsg
The message to
display after a service
has been carried out
successfully.
No
None
String
FileNewName
This parameter is
mandatory if
RenameProperty
=Yes
None
String
LogFileName
No
None
String
DesktopShortcutPath
No
None
Path
SuccessMailTemplate
Path
This parameter is
mandatory if
SendSuccessMail
=Yes
None
Path
SuccessMailSubject
This parameter is
mandatory if
SendSuccessMail
=Yes
None
String
SuccessMailServerIP
This parameter is
mandatory if
SendSuccessMail
=Yes
None
IP address
SuccessMailSender
Address
This parameter is
mandatory if
SendSuccessMail
=Yes
None
IP address
SuccessMailRecipient
Address
This parameter is
mandatory if
SendSuccessMail
=Yes
None
IP address
ErrorMailTemplatePath
This parameter is
mandatory if
SendErrorMail =Yes
None
Path
ErrorMailSubject
This parameter is
mandatory if
SendErrorMail =Yes
None
String
38
One-Click Transfer User Guide
Token
Meaning
Mandatory
Default
Value
Acceptable
Values
ErrorMailServerIP
This parameter is
mandatory if
SendErrorMail =Yes
None
IP address
ErrorMailSender
Address
This parameter is
mandatory if
SendErrorMail =Yes
None
IP address
ErrorMailRecipient
Address
This parameter is
mandatory if
SendErrorMail =Yes
None
IP address
InteractiveRule
Yes
No
Yes/No
Yes=with
interface
No=without
interface
InteractiveLogon
Yes
Yes
Yes/No
Yes=manual
logon
No=credential
file logon
DisplayInteractiveMsg
Whether or not to
display success or
error messages.
Yes
OpenAfterDownload
Whether or not to
open the file(s) after
downloading them.
Yes
No
Yes/No
Yes=open the
files
No=do not
open the files
AddTimeStamp
No
No
Yes/No
AddTimestampOn
Archive
This parameter is
mandatory if
PostOperation=1
No
Yes/No
Yes=add a
timestamp
No=do not add
a timestamp
RenameFile
Whether or not to
rename a file after
transferring it.
No
No
Yes/No
Yes=rename
the file
No=do not
rename the file
Yes/No
Yes=display
messages
No=do not
display
messages
Yes=add a
timestamp
No=do not add
a timestamp
39
Appendix A: Parameter Files
Token
Meaning
Mandatory
Default
Value
Acceptable
Values
SendSuccessMail
Whether or not to
send a message after
a successful transfer.
No
No
Yes/No
Yes=send
message
No=do not
send message
SendErrorMail
Whether or not to
send a message after
an unsuccessful
transfer.
Yes
No
Yes/No
Yes=send
message
No=do not
send message
ChangePasswordOn
EveryLogon
Whether or not to
change the users
password after every
logon.
Yes
No
Yes/No
Yes=change
password
No=do not
change
password
PostOperation
Yes
0/1
Yes
ActionType
0=no action
1=archive
2=delete files
0/1
0=upload
1=download
40
One-Click Transfer User Guide
Vault.ini
The Vault.ini file contains all the information about the Vault.
Parameter
Description
Default Value
Acceptable
Values
Vault
None
String
Address
None
IP address
Port
1858
Number
Timeout
30
Number
AuthType
PA_AUTH
PA_AUTH
(Password),
NT_AUTH,
RADIUS_AUTH,
PKI_AUTH
NTAuthAgentName
None
String
NTAuthAgentKeyFile
None
String
VaultDN
None
String
ProxyType
None
HTTP,
HTTPS,
SOCKS4,
SOCKS5
ProxyAddress
None
IP address
ProxyPort
8081
Number
ProxyUser
None
User name
ProxyPassword
None
Password
ProxyAuthDomain
NT_DOMAIN_
NAME
Domain name
BehindFirewall
No
Yes/No
Optional Parameters:
41
Appendix A: Parameter Files
Parameter
Description
Default Value
UseOnlyHTTP1
No
Yes/No
NumofRecordsPerSend
15
Number
NumOfRecordsPer
Chunk
15
Number
ReconnectPeriod
Number
CIFSGateway
None
String
HTTPGatewayAddress
URL
URL
Acceptable
Values
42
One-Click Transfer User Guide