Article ID: 113927, created on May 18, 2012, last review on May 5, 2014

  • Applies to:
  • Operations Automation

Resolution

The article describes Parallels Operations Automation (POA)-managed users, files/folders, and permissions on the Hosted PBX Web-based Management Service server, as well as the default settings of its internal and external websites.

The following entities are managed by the Device Provisioning Web Service:
Entity Life-time Description
The folder Configs\pspip550 Is created with the first folder's "s00XX" inside of it.
Is removed with the last folder's "s00XX" inside of  it.
Has the same name as the folder with phone device configuration file templates.
The folder Configs\pspip550\s00XXX Is created with the first configuration file of a specified type in the subscription.
Is removed with the last configuration file of a specified type in the subscription.
A name is generated for each subscription via Web Service.
Configuration files in s00XXX folder Are created when a phone device is assigned to a user.
Are removed when a phone device is taken away from a user.

Organization-specific files are created once with the 1st phone's device files and are removed with the last one.
Names are generated from templates by the Web Service.
Device user Is created with the first configuration file of a specified type in the subscription.
Is removed with the last configuration file of a specified type in the subscription.
The name is generated by the Hosted PBX APS application when the subscription is provisioned.
The user is used to configure phone devices to be able to download configuration files.
There is one user for all devices in an organization.

The table below shows the default file and folder permissions on the Web-based Management Service's External Website:
Path Inheritance Account Rights
Configs Do not inherit permissions Local Administrators This folder, subfolders, and files: Full –°ontrol
SYSTEM This folder, subfolders, and files: Full –°ontrol
Authenticated Users This folder: Travers folder/execute file, Read attributes, Read permissions

This folder and files: List folder/readdata, Read attributes, Read extended attributes, Read permissions
Configs\Web.config Inherit permissions Authenticated Users This object only: List folder/readdata, Read attributes, Read extended attributes, Create folders/append data, Read permissions
Configs\pspip550 Inherit permissions    
Configs\pspip550\s00XX Inherit permissions <deviceuser> This folder and subfolders: Traverse folder/execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions

This folder and files: List folder/read data, Read attributes, Read extended attributes, Read permissions

The default settings on the Web-based Management Service's Internal Website are as follows:
  • Name: Hosted BroadWorks Web Internal Site
  • Bindings: HTTPS on the default port (443) and an exclusive internal IP
  • SSL Certificate: self-signed certificate which is generated during the installation
  • Authentication: only Windows Authentication on the whole website
  • .NET Authorization Rules
    • Allow access to AD_DOMAIN\BWAuthUser
    • Deny access to All Users
  • IIS Application Pool: Hosted BroadWorks Web Internal Pool which is running under AD_DOMAIN\BWPoolXXXXX with Domain Administrator privileges
 
The default settings on the Web-based Management Service External Website are as follows:
  • Name: Hosted BroadWorks Web External Site
  • Bindings: HTTPS on the default port (443) and an exclusive external IP
  • SSL Certificate: only trusted (phone devices do not support self-signed certificates)
  • Authentication
    • Only Anonymous Authentication on the website’s root
    • Only Digest Authentication on the Configs virtual directory
  • Directory Browsing: disabled for the whole site
  • IIS Application Pool: Hosted BroadWorks Web External Pool which is running under the default IIS pool user (ApplicationPoolIdentity)
The folder Hosted BroadWorks Web does not inherit file permissions from a parent and has the specific permissions:
  • SYSTEM and Local Administrators: Full control
  • Authenticated Users: Read & execute, List folder content, Read
The following AD domain users are created during the Web-based Management Service installation:
  • BWAuthUser: AD domain user (used to access the Web-service from Hosted BroadWorks APS application; credentials of this user are configured in POA APS application Global Settings)
  • BWPoolXXXXX: member of the Domain Administrators group, XXXXX – auto-generated part

 

caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF