In this installation guide you will get detailed instructions on how to configure your Vacman Middleware to be able to send SMS messages with the help of Ozeki NG SMS Gateway. Please follow the instructions and check video tutorials and configuration screenshots, as well.

Video: Send SMS from Vacman Middleware (part 1/2, configure your modem)
Video: Send SMS from Vacman Middleware (part 2/2, configure your system)

Ozeki offers a powerful solution for those who use Vacman Middleware to improve security of corporate IT environment. With the use of Ozeki NG SMS Gateway SMS functionality can be added to your IT system. In practice it means that Vacman Middleware includes Digipass which makes a two-factor authentication possible. After you provide your password at the initial login, Vasco's Digipass generates a one-time password. This password will be sent to a given mobile phone or mobile phones with the help of Ozeki NG SMS Gateway via SMS.

With this solution you will gain a flexible but a reliable and cost-effective system to protect corporate data and sensitive information. It is the proper solution against intruders and data thieves and it is possible to make online attacks ineffective. The generated passwords are required at each login so only authenticated users will gain access to your corporate IT network. These passwords expire automatically after they were used. Furthermore if one-time passwords have been failed to use the administrator can preset that the system should deny access to resources partially or completely. He also can set which certain specified options requiring SMS authentication should be allowed or denied.

If you decide to setup an SMS system in your company you will get a well-functioning and reliable system as this excellent solution provides a secure way to handle corporate passwords.

Prerequisites

In order to setup this solution you need to find a way to connect your system to the mobile network. You can do this by using an Internet connection or you can setup a wireless connection by attaching a GSM phone/GSM modem to your computer. To help you make a decision, we have prepared a webpage for you: Internet based SMS connections vs. GSM modem based (wireless) SMS connections. Depending on what you select, you need the following prerequisites.

Prerequisites for Internet based connection to the Mobile network

If you wish to connect your system to an SMS service provider over the Internet you need the following components:

Figure 1/a - Prerequisites for Ozeki NG SMS Gateway IP SMS connection

In this case you need to find an SMS service provider who can reach the mobile phones in your area. This SMS service provider should be able to provide SMS service through the Internet. To find such a provider, you can check our website where we list some of them: SMPP SMS Service providers. Once you have found such a provider, you need to sign up for their service to get the connection parameters. You can use these parameters to configure your Ozeki NG SMS Gateway software.

Prerequisites for wireless (GSM modem) connection to the Mobile network

If you wish to connect your system to the mobile network wirelessly, you need a GSM modem or GSM phone, that you can attach to your computer with a data cable. In this case your Ozeki NG SMS Gateway software will operate this phone and will send and receive SMS messages wirelessly. To setup this connection method, you need the following components:

Figure 1/b - Prerequisites for Ozeki NG SMS Gateway GSM modem connection

Your checklist (for GSM modem connection):

SIM Card - You can get this from your local mobile network operator.*
Modem - Use a Wavecom, Siemens or Multitech modem.
Data cable - Comes with the modem
Computer - Recommended: Intel P4 3Ghz, 2GB RAM, 500MB HDD, Windows OS
Ozeki NG SMS Gateway - Download it from http://www.sms-integration.com
Vacman Middleware

*The SIM card will come with a plan, that will determine how much money you will spend on each SMS.
Ozeki NG SMS Gateway can be obtained by
opening the download page:
Download Ozeki NG SMS Gateway!

System architecture

If you meet with all the hardware and software requirements you can start building a system based on SMS technology. It works as follows: First you need to log into Vacman Middleware on its login interface with your username and password. After this, Vacman Middleware generates a one-time password and forwards this generated password to Ozeki NG SMS Gateway through an HTTP request. The built-in webserver of the SMS gateway will accept this request and will send this generated password in an SMS to a given mobile phone. The gateway can send the SMS message through a mobile phone attached to the computer with a data cable or over the Internet. This process can be examined in Figure 2.

Figure 2 - Ozeki NG SMS Gateway - solution for how to send SMS from Check Point Connectra

Please note that it is more secure to send the one time passwords using a GSM modem through the airwaves to the recipient, than through an Internet based SMS service provider account, because it is significantly harder to intercept an SMS message traveling through the air, than it is to intercept internet traffic.

Configuration guide for Vacman Middleware SMS

If you wish to add SMS functionality to Vacman Middleware please follow the steps of this guide!

This solution uses Active Directory for extracting data. It is supposed that Active Directory has been installed on Windows server. Before you start the installation, first you need to prepare Active Directory for the installation of Vacman Middleware. It means that you need to add a schema to Active Directory. This schema can be added with the help of "dpadadmin.exe" utility. Figure 3 shows the place of the utility:

Figure 3 - Enter dapadmin directory

Run "dpadadmin" command with the following parameters (Figure 4):

dpadadmin addschema -v

Figure 4 - Add Active Directory schema

The command will be executed and it adds a schema to the Active Directory.

Now you can start the installation of Vacman Middleware. After you accept the license agreement, you can select the installation type: Active Directory. Click on "Next" (Figure 5).

Figure 5 - Install server using Active Directory

Select the components to be installed and click on "Next" (Figure 6).

Figure 6 - Select components

The installation wizard will check the prerequisites of Active Directory (Figure 7).

Figure 7 - Active Directory prerequisites

If it meets with the requirements, Vacman Middleware automatically recognizes the used domain. In our example it is : "ozdomain" (Figure 8).

Figure 8 - Configuration domain

By default the program will use encrypted communication. It means that Certificate Authority is enabled in Active Directory. If you do not want to use this option, then check "My Active Directory does not have a Certificate Authority set up" before the installation. After you set the options, the installation starts (Figure 9).

Figure 9 - Certificate authority

On the next page you can select license method. I requested a trial license file previously. To load it select: "Load License Key from an existing License file". Then I choose the downloaded license file, restart the computer and the installation is complete (Figure 10).

Figure 10 - Activate from license file

Next launch "Administration MMC interface" in "Start" menu (Figure 11).

Figure 11 - Administration MMC interface

Right click on "Policies" then click on "New" and on "Policy" (Figure 12).

Figure 12 - New policy

Type a name (e.g. ozpolicy) in the name field (Figure 13).

Figure 13 - New policy name

Then right click on "Radius Client" in "Components" and select "Properties" (Figure 14).

Figure 14 - Component properties

Finally choose the created policy: "ozpolicy" (Figure 15).

Figure 15 - Policy for the component

Next launch "Virtual Digipass MDC Configuration" (Figure 16).

Figure 16 - Digipass MDC configuration

You need to provide the account of the SMS gateway, which will be used in the HTTP query. By default the following values are set in Ozeki NG SMS Gateway (Figure 17):
Username: "admin"
Password: "abc123"

Figure 17 - Username and password

Next click on "Gateway Settings" tab and check "Edit advanced settings" box and fill the form according to the following parameters (Figure 18) and (Figure 19):

Figure 18 - Edit advanced settings

Protocol:

HTTP

Address:

127.0.0.1/api

port:

9501

http query:

action=sendmessage&username=[acc_user]&password=[acc_pwd]&recipient= [otp_dest]&messagetype=SMS:TEXT&messagedata=[otp_msg]

query method:

GET



Please note that you need to enter the connection strings in one line without line brakes!

Figure 19 - Configured advanced settings

In "Gateway results" tab you need to edit success message rule (Figure 20). This rule includes a matching pattern:

<statusmessage>Message accepted for delivery</statusmessage>

If this pattern agrees with the one in the response message then sending was successful.

Figure 20 - Success message

In "Gateway results" tab you can also edit failure message rule (Figure 21). It contains a matching pattern:

<errorcode>

If this pattern is also in the response message then sending was unsuccessful.

Figure 21 - Failure message

Changes will come into operation only if the service restarts (Figure 22).

Figure 22 - Restarting service

Next launch the following console: "Active Directory Users and Computers" (Figure 23).

Figure 23 -Active Directory user and computers

Right click on "Users" and select "Import Digipass" menu item (Figure 24).

Figure 24 - Import Digipass

In the appeared window browse your Digipass file (Figure 25).

Figure 25 - Import dpx file

I will use a demo dpx file. So select "DemoVDP.dpx" file from "Demo DPX Files" directory of the installation directory (Figure 26).

Figure 26 - Open dpx file

The key for the demo file is:

11111111111111111111111111111111

Next click on "Show application" and then import the application you want (Figure 27).

Figure 27 - Enter key and import application

You will get a confirmation: "The file was imported successfully" (Figure 28).

Figure 28 - Digipass imported

I will create a user to test Virtual Digipass. The name of my user will be "example john". I also provide a password and a logon name for this user (Figure 29).

Figure 29 -Create new user in Active Directory

If it is done, right click on the created user and select "Properties" (Figure 30).

Figure 30 - New user properties

Click on "Digipass Assignment" tab and then on "Assign" menu item in it (Figure 31).

Figure 31 - Assign Digipass for user

In "Select Digipass" window click on "Find", select your digipass and click on "OK" (Figure 32).

Figure 32 - Find Digipass and select

Then select the added digipass (Figure 33).

Figure 33 - Assigned Digipass

After this click on "Manage" (Figure 34).

Figure 34 - Manage Digipass

Click on "RESP" tab which is named after the type of application. In this tab click on "Test" menu item (Figure 35).

Figure 35 - Test Digipass

Provide a mobile phone number, in our example it is: "+36301234567". Then click on "Generate/Deliver" menu item. If the HTTP request runs successfully, the response message will be "OTP delivered" (Figure 36).

Figure 36 - Test number

In Ozeki NG SMS Gateway you can see the sent one-time password (Figure 37).

Figure 37 -Sent password

If you type it into "Verification" part of test window, you will get a message with the following text: "Operation successful" (Figure 38).

Figure 38 - Verify one-time password

Thank you for reading this guide about SMS messaging from Vacman Middleware!