SafeNet Synchronization Agent

SafeNet Synchronization Agent simplifies user creation in SafeNet Trusted Access (STA) and SafeNet Authentication Service Private Cloud Edition (SAS PCE). Without the agent, the administrator must manually input user information via the web-based management interface. With SafeNet Synchronization Agent, Lightweight Directory Access Protocol (LDAP), or Structured Query Language (SQL) user groups are monitored for membership changes and user information updates are automatically made in STA and SAS PCE.

alt_text

The client organization:
1. Installs SafeNet Synchronization Agent within their secure network on a server that is separate from their LDAP or SQL directory server.
2. Imports an encrypted key file into SafeNet Synchronization Agent.
3. Configures a connection between its LDAP or SQL directory server and the agent.
4. Configures the agent with a list of the user groups in the LDAP or SQL directory server that are to be synchronized with STA or SAS PCE.
The agent queries the LDAP or SQL directory server for all users within the configured groups.
The LDAP or SQL directory server transmits details of the users within the configured groups to the agent. The agent stores these details.
When the synchronization service is started, the agent pushes all user and group information to STA or SAS PCE. The agent queries the organization’s LDAP or SQL directory server periodically (by default, every 20 minutes). When a change to the organization’s users or groups is detected, the agent updates STA or SAS PCE.

SafeNet Synchronization Agent features

Most organizations maintain information about their users and groups in an SQL database or in an LDAP directory such as Active Directory (AD). SafeNet Synchronization Agent auto-populates STA or SAS PCE with that information.

Key features of SafeNet Synchronization Agent include the following:

Can be used directly with common user repositories
Can accommodate custom schemas for most LDAP and SQL directory servers
Does not write to the user source
Does not require an administrator account to connect to the user source
Can synchronize multiple user sources, such as multiple LDAP or SQL directory servers
Uses AES encryption between SafeNet Synchronization Agent and STA or SAS PCE
Supports SSL between SafeNet Synchronization Agent and the LDAP or SQL directory server
Supports optional domain password synchronization from AD user sources

SafeNet Synchronization Agent environment

Environment	Description
Supported Platforms	Windows Server 2022 Windows Server 2019 - Desktop Experience option Windows Server 2016 Windows Server 2012 R2 NOTE: If you attempt to install SafeNet Synchronization Agent v3.5.3 on Windows Server 2012 R2 without .NET 4.6.2, the installer prompts you to first install .NET 4.6.2 (which requires Windows updates: KB2919355 and KB2919442). Links for these software components are provided in this table. Windows Server 2012 Windows Server 2008 R2 SP1 (64-bit)
Additional Software Components	Microsoft .NET Framework 4.8 Full for Windows Server 2019 https://dotnet.microsoft.com/download/dotnet-framework/net48 Microsoft .NET Framework 4.6.2 (Offline Installer) for Windows Server 2012 R2 https://support.microsoft.com/en-us/topic/the-net-framework-4-6-2-offline-installer-for-windows-9dce3874-a9e5-9b11-289d-5594824aafe0 Install prior to installing the Sync Agent Windows Server 2012 R2 Update (KB2919355) https://www.microsoft.com/en-ca/download/details.aspx?id=42334 Windows Server 2012 R2 Update (KB2919442) https://www.microsoft.com/en-ca/download/details.aspx?id=42153 Visual C++ Redistributable Packages for Visual Studio 2013 https://www.microsoft.com/en-ca/download/details.aspx?id=40784 (version 12.0.30501 or later) Visual C++ Redistributable for Visual Studio 2015 https://www.microsoft.com/en-ca/download/details.aspx?id=48145 (version 14.0.230264 or later) MySQL .NET Connector (required for MySQL) https://dev.mysql.com//Downloads/Connector-Net/mysql-connector-net-6.10.7.msi Oracle client winx64_12102_client (required for Oracle) https://www.oracle.com/database/technologies/instant-client/winx64-64-downloads.html
Network Ports	LDAP: TCP Port 389 - TCP Port 636 (optional) STA: TCP Port 8456 (required) SQL: Appropriate TCP port
LDAP Directory Server Access or SQL Access	Read-only
Active Directory Server Access (for optional domain password synchronization)	Read-only
Supported LDAP or SQL User Groups	Single or multiple LDAP or SQL groups
Supported LDAP Directory Servers	Active Directory Novell eDirectory 8.x Sun One 5.x
Supported SQL Servers	MS SQL MySQL (requires MySQL .NET Connector) See Additional Software Components. Oracle (requires Oracle client winx64_12102_client) See Additional Software Components. PostgreSQL

High availability recommendations

A high availability configuration with multiple Synchronization Agents ensures there is no single point of failure. Your configuration should include:

Multiple Synchronization Agents with identical schema and group configurations
Identical content among the LDAP servers that are configured

If agent configurations are not synchronized or the contents of the LDAP directory servers differs, the synchronization agents will work against each other, as all agents are active. Active/passive configuration is not available.

Suggest A Change

SafeNet Synchronization Agent

SafeNet Synchronization Agent features

SafeNet Synchronization Agent environment

High availability recommendations

On this page