Security considerations for secure computers
This topic contains the following sections:
TrueSight Capacity Optimization has two security models:
- Basic security (default)
- Advanced security
If you select Basic security, the product is installed so that all functionality is available (remote requests from the GUI are honored, Investigate is supported, and so on).
If you select Advanced security, Capacity Agent is affected as follows:
- The Service Daemon is not installed.
- Capacity Agent is not installed (some of its functionality is replaced by udrprovider).
- The best1collect.exe executable is not installed (some of its functionality is replaced by best1collect_secure.exe).
In an Advanced Security installation, the remote agent does not support the following features:
- Collector start, stop, and query requests issued from a remote node
- Any Investigate request (for example, charts and drill downs)
- Data transfer
- Any Perform Agent requests originating from a remote node.
Running the Gateway Server with data from secure computers
The secure computer data must be manually collected and transferred to the managing computer (Gateway Server). BMC recommends grouping all secure computers into a policy file (equivalent to a domain file on UNIX).
A Manager run can handle up to 12 computers. BMC recommends grouping secure computers into groups of 12 or fewer, and setting up a Manager run for each of these groups.
Secure Perform Agent support for secure computers
Secure Perform Agent provides support for secure remote computers. Perform the steps in Running Gateway Server with data from secure computers to enable the Gateway Server to process secure computer data. The console processes the data collected from secure computers on a daily basis, but the console cannot collect or transfer data from secure computers.
Gateway Server cannot process data from a mixture of secure and non-secure computers.