×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Operations Management 11.0 ... Planning Planning the Real End User Experience Monitoring Software Edition deployment Security planning for Real End User Experience Monitoring Software Edition

Access security for BMC Real End User Experience Monitoring Software Edition

To enable you to establish access security and prevent unauthorized use of the system, Real End User Experience Monitoring Software Edition provides access policies and entitlement groups features. Also, there are configuration files that must only be accessible to users that have root account privileges.

The following information describes these access security features and the configuration files that need to be protected from non-root users. 

Access policies

The Security user ensures the access security by setting up the following access policies:

  • Session inactivity timeouts
  • Password strength validation
  • Password expiration time
  • Account lockout after a number of invalid logon attempts
  • Possibility of concurrent use of a single user account
  • Automatic logon prevention

Configure these and other access policies in the Account policies and Services pages under
Administration > Security settings menu item of the Real User Analyzer.

For more information, see the Enhancing access management (Analyzer) Open link section.

Entitlement groups

To distribute access to Watchpoints for Observer users, use the Entitlement groups. Observers who are assigned to an Entitlement group have access to data from only the Watchpoints associated with that Entitlement group.

Enable the use of Entitlement groups in the Real User Analyzer by selecting Administration > Security settings > Account policies, and configure them by selecting Administration > General settings > Entitlement groups.

For more information, see the Defining entitlement groups to restrict access to traffic data Open link section.

Configuration files

Although security best practices advise against storing clear text passwords, there are some cases that require the passwords to be included in some configuration files.

It is important to ensure that the following configuration files are only accessible to Linux users that have root account privileges

  • EUEM_HOME/common/virtual_to_software_edition/restore_2_7_backup.sh
  • EUEM_HOME/common/virtual_to_software_edition/mysql/db.conf
  • EUEM_HOME/common/virtual_to_software_edition/postgres/db.conf
  • EUEM_HOME/<component>/apache-tomcat/conf/server.xml
  • EUEM_HOME/<component>/victor/bin/diagnostics/get_diags.sh
  • EUEM_HOME/<component>/victor/conf/platform/security/keystore/java/keystore
  • EUEM_HOME/<component>/victor/conf/laika/accounts/backup/users.xml
  • EUEM_HOME/<component>/victor/conf/laika/accounts/users.xml
  • EUEM_HOME/<component>/victor/conf/laika/truesight_services.properties
  • EUEM_HOME/<component>/victor/conf/laika/truesight-cfg.xml

Note

If the passwords in these files were symmetrically encrypted, you would have to generate or choose an encryption key and store it in clear text, or in a keyfile encrypted with a clear text passphrase. This offers additional protection than the original passwords being stored in clear text.

Any other encoding of passwords is an unnecessary complication, and can easily be reverse engineered.

Related topics

Securing the end-user experience monitoring system and restricting access to traffic data Open link

Was this page helpful? Yes No Submitting... Thank you
Last modified by Mukta Kirloskar on Jun 12, 2017
planning security requirements cli access_control euem

Comments

Log in or register to comment.

Security planning for Real End User Experience Monitoring Software Edition
Data security for Real End User Experience Monitoring Software Edition
© Copyright 2015-2018 BMC Software, Inc. © Copyright 2013-2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.