Specifying or modifying information for remote host authentication

To enable agent installation, you must specify how to authenticate to a remote host on which an agent has not yet been installed. The information you provide defines the mechanism and the user credential needed to access the remote host.

If you are installing on multiple platforms, you typically define at least one set of authentication information for each platform.

In addition to providing remote host authentication information, you must also define rules that specify which remote host authentication to use for each agentless device. See Creating or modifying rules for remote host authentication.

Before you begin

Create automation principals, which specify user credentials that can be used to access remote hosts. For more information, see Creating automation principals.

When installing agents on Microsoft Windows systems, set up a PsExec server, which functions as a proxy to execute psexec requests on agentless hosts. For more information, see Setting up a PsExec server.

Required authorizations

To create a remote host authentication, your role must be granted the following authorizations:

  • BL_Administration.Read
  • RemoteHostAuthentication.Read
  • RemoteHostAuthentication.Create
  • AutomationPrincipal.Read (to access automation principals specified in this procedure)
  • Server.Read on the PsExec server, if you are specifying a remote host authentication for Windows

To specify information for remote host authentication

  1. Select Configuration > Infrastructure Management.
  2. In the Infrastructure Management window, right-click the Remote Host Authentications node. Then select New Remote Host Authentication. The New Remote Host Authentication window opens.
  3. Enter the following information for authenticating to a remote host:

    Field

    Description

    Name

    Name for this set of authentication information. You can enter any name. The BMC Server Automation system uses the name for identification and display within the system.

    Description

    (Optional) Descriptive text about the authentication information.

    Command Execution Protocol

    Specifies the mechanism for accessing an agentless device. Select one of the following:

    PSEXEC (Windows Only) — Specifies that a PsExec server is used as a proxy to execute psexec requests on an agentless Windows host. This protocol is required when installing agents on Windows servers. Authentication on agentless hosts uses credentials defined in an automation principal that you specify on this panel.

    SSH (Non-Windows) — Executes commands directly on an agentless host using the credentials defined in an automation principal that you specify on this panel.

    SSH + SUDO (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The sudo command is attached as a prefix to all commands. If sudo requests a password, the password associated with the automation principal is used.

    SSH + SU (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The automation principal credentials are used to access the agentless host. The credentials provided in a superuser automation principal are used to issue the su command to gain elevated privileges.

    PsExec Server

    Identifies a live Windows server where PsExec is installed. This option is only required when authenticating to Windows servers. Multiple remote host authentication definitions can use the same PsExec server.
    The PsExec server must:
    - Run a Windows operating system
    - Have PsExec installed
    - Have an RSCD agent, version 8.2 or later, installed and running
    - Be added to the Servers folder in the BMC Server Automation Console

    BMC recommends that when you install agents on Windows 7 and Windows 2008 devices that are not enabled for a domain, specify a PsExec server that is not part of a domain. When you install agents on Windows 7 and Windows 2008 devices that are enabled for a domain, specify a PsExec server that belongs to the same domain. Ensure that the automation principals you are using to access the agentless devices are associated with the same domain.
    For more information about the PsExec server, see Setting up a PsExec server.

    Maximum Execution Parallelism

    Specifies the maximum number of PsExec connections that the PsExec server can run simultaneously. By default this option is set to 20.
    You can set a level of parallel execution for the Agent Installer Job with the Number of targets to process in parallel option. (See Agent Installer Job - General). Regardless of that level, no active PsExec server ever exceeds the level of parallelism set with Maximum Execution Parallelism option.

    SSH Port

    (only enabled for Non-Windows platforms) Specifies the port used for SSH communication on the host. By default this port number is set to 22.

    Note

    While specifying a port number ensure that you do not use any of the reserved ports.

    Automation Principal

    Identifies the automation principal to be used when authenticating to a remote host. An automation principal defines user credentials that can be used to access the remote system. For more information, see Creating automation principals.

    Super-user Automation Principal

    Identifies an automation principal that provides credentials for a superuser account on a UNIX system. Only the SSH + SU command execution protocol requires a superuser automation principal.

  4. Click Finish. The Infrastructure Management window lists the remote host authentication you created.

To modify existing information for remote host authentication

  1. Select Configuration > Infrastructure Management.
  2. In the Infrastructure Management window, expand the Remote Host Authentications node. Right-click the remote host authentication you want to modify and select Properties. The Modify Remote Host Authentication window opens.
  3. Enter the following information for authenticating to a remote host:

    Field

    Description

    Name

    Name for this set of authentication information. You can enter any name. The BMC Server Automation system uses the name for identification and display within the system.

    Description

    (Optional) Descriptive text about the authentication information.

    Command Execution Protocol

    Specifies the mechanism for accessing an agentless device. Select one of the following:

    PSEXEC (Windows Only) — Specifies that a PsExec server is used as a proxy to execute psexec requests on an agentless Windows host. This protocol is required when installing agents on Windows servers. Authentication on agentless hosts uses credentials defined in an automation principal that you specify on this panel.

    SSH (Non-Windows) — Executes commands directly on an agentless host using the credentials defined in an automation principal that you specify on this panel.

    SSH + SUDO (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The sudo command is attached as a prefix to all commands. If sudo requests a password, the password associated with the automation principal is used.

    SSH + SU (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The automation principal credentials are used to access the agentless host. The credentials provided in a superuser automation principal are used to issue the su command to gain elevated privileges.

    PsExec Server

    Identifies a live Windows server where PsExec is installed. This option is only required when authenticating to Windows servers. Multiple remote host authentication definitions can use the same PsExec server.
    The PsExec server must:
    - Run a Windows operating system
    - Have PsExec installed
    - Have an RSCD agent, version 8.2 or later, installed and running
    - Be added to the Servers folder in the BMC Server Automation Console

    BMC recommends that when you install agents on Windows 7 and Windows 2008 devices that are not enabled for a domain, specify a PsExec server that is not part of a domain. When you install agents on Windows 7 and Windows 2008 devices that are enabled for a domain, specify a PsExec server that belongs to the same domain. Ensure that the automation principals you are using to access the agentless devices are associated with the same domain.
    For more information about the PsExec server, see Setting up a PsExec server.

    Maximum Execution Parallelism

    Specifies the maximum number of PsExec connections that the PsExec server can run simultaneously. By default this option is set to 20.
    You can set a level of parallel execution for the Agent Installer Job with the Number of targets to process in parallel option. (See Agent Installer Job - General). Regardless of that level, no active PsExec server ever exceeds the level of parallelism set with Maximum Execution Parallelism option.

    SSH Port

    (only enabled for Non-Windows platforms) Specifies the port used for SSH communication on the host. By default this port number is set to 22.

    Note

    While specifying a port number ensure that you do not use any of the reserved ports.

    Automation Principal

    Identifies the automation principal to be used when authenticating to a remote host. An automation principal defines user credentials that can be used to access the remote system. For more information, see Creating automation principals.

    Super-user Automation Principal

    Identifies an automation principal that provides credentials for a superuser account on a UNIX system. Only the SSH + SU command execution protocol requires a superuser automation principal.

  4. Click Finish. The Infrastructure Management window lists the remote host authentication you created.
Was this page helpful? Yes No Submitting... Thank you

Comments