Yes, Keck utilizes secure connections at every level. If additional security is required beyond Microsoft Windows authentication, select the SSL option during installation which will ensure an https: connection between you and your servers.
1. AD and Keck website on the same machine:
This is probably the simplest of all setups. You can have Keck installed on the same machine as your AD Services. This doesn't require any specific ports to be opened between the Keck application and the AD Server as they are both on the same box. The only remaining question then is do you want to access the site remotely. If yes, depending on the type of website you create during the installation (Default, Custom Website or SSL Website), you would either need to open up Port 80 (local/custom website) or Port 443 (for SSL website) in order to access the site.
2. Keck on a different machine than AD Services but on the same network:
Same as above.
3. Keck on a machine in a different DMZ than where AD is installed:
The same comments above apply. The only difference is that now we also need to open up two additional ports "between" the two networks. These ports are Port 80 and the standard LDAP Port (port 389). These two ports are used by Keck behind the scenes to talk to the AD Server. You would still need to open up Port 80 or Port 443 for outside traffic coming into the DMZ where Keck is installed in order to be able to access the Keck website from a remote location.
NOTE: Please note that if you are trying to create an SSL website and Port 443 is already taken by a different site on that machine then the installer will prompt you to specify a different port number. In this case, it will be whatever port you provided that will need to be opened up for SSL traffic. Keck creates a self-signed cert for SSL websites and the browswer may give a warning that the cert is not one that is in the trusted list but you can click continue or simply add the certificate to the trust list to avoid future warnings.
Do I need to purchase an SSL Cert to use the SSL option?
No, Keck can generate a self-signed certificate during the SSL installation. It also has the option to use an existing certificate that you may have created through VeriSign on any other Cert Creation Authority.
Note: Please be aware that you may get a certificate warning when accessing the site through your browser if the cert is not tied to a Root Certificate. You should, however, be able to continue to access the site once you have acknowledged the warning alert.
Keck requires connecting to "a" DC (Domain Controller - a server that is running Active Directory Domain Dservices (AD DS)) during the installation. Since this is the server that Keck uses to carry out AD tasks, it uses the domain that this DC is a part of. The licensing is also tied to that same domain. If we were to change the domain field or the TLD (top-level domain) field under the settings page, the license key and activation code will not match up to the new domain/TLD now assigned. It requires a separate license and a separate Keck installation for each domain/TLD that you want to connect to. Multiple Keck Websites can exist on the same web server as long as we use a different URL for each one of them.In order to verify that you have the Application Development Features installed as part of your IIS, you can follow the following steps:
For Windows 7 / Vista / XP:You will need to select Add/Remove Programs under Control Panel and then click on Add/Remove Windows Components. Application Development Features should be listed under Internet Information Services. Make sure that .Net, ASP, ASP.NET, ISAPI Extensions and ISAPI Filters are checked. Complete the installation if necessary.
For Windows 2008:To Install and verify IIS with ALL Application Development Role Services:• Start -> All Programs -> Administrative Tools -> Server Manager• Right click Roles -> Add Roles• Select Web Server (IIS) from the Role list• Click Next.• Click Next.• From the role service list, leave all the defaults selected and check all services under"Application Development" and complete the wizard by clicking on Next and then Close.Yes, Keck allows for the export of all reports to Excel or a comma separated text file.
Are changes to the Active Directory executed by Keck immediate or delayed?
All Active Directory changes made by Keck go into effect immediately, just as they would if executed directly from the server's console.
Can I use Keck and Windows AD at the same time?
Yes, Keck will work both as your primary AD management tool or as a supplement to built-in Windows AD Tools.
Does Keck start and stop services like Windows does?
Yes, with Keck you can start and stop critical services just as you now do using the built-in Windows tools. Keck will prompt you if a service that you are trying to start or stop has dependent services. Keck also provides access to common Event Logs so you can look for any warnings or errors that may have resulted in an abrupt shut-down of a service on a specific server.
Can I use Keck on a mobile device?
Yes, you can manage your active directory from any web enabled device running a current web browser. Future releases will run as an application on the most popular mobile devices.
Am I limited to a single server per Keck user license?
No, Keck is licensed per domain. You can manage as many servers as you have in a single domain.
Do I need to change my network to use Keck to manage my AD servers?
Generally, no, however you may need to verify that your firewall allows access to the port you select if you install the SSL version of Keck.
Does TechToolbox have access to my network via Keck?
No. Only you and your authorized personnel will have access to your network. TechToolbox, nor any other unauthorized party, has any way to access any customer's server(s) via Keck.