Page tree
Skip to end of metadata
Go to start of metadata

This topic contains the following sections: 

Security models

BMC TrueSight Capacity Optimization has two security models:

  • Basic security (default)
  • Advanced security

Basic security

If you select Basic security, the product is installed so that all functionality is available (remote requests from the GUI are honored, Investigate is supported, and so on).

Advanced security

If you select Advanced security, Perform Agent is affected as follows:

  • The Service Daemon is not installed.
  • Perform Agent is not installed (some of its functionality is replaced by udrprovider).
  • The best1collect.exe executable is not installed (some of its functionality is replaced by best1collect_secure.exe).

In an Advanced Security installation, the remote agent does not support the following features:

  • Collector start, stop, and query requests issued from a remote node
  • Any Investigate request (for example, charts, drill downs, and alerts)
  • Data transfer
  • Any Perform Agent requests originating from a remote node.

Running the Gateway Server with data from secure computers

The secure computer data must be manually collected and transferred to the managing computer (Gateway Server). BMC recommends grouping all secure computers into a policy file (equivalent to a domain file on UNIX).

Note

A Manager run can handle up to 12 computers. BMC recommends grouping secure computers into groups of 12 or fewer, and setting up a Manager run for each of these groups.

To run Manager with secure computers

  1. From the Start menu, select All Programs > BMC Software > Gateway Server > Gateway Server.
  2. Click Manager.
  3. Click Scripts.
  4. Locate the new script.
  5. In the script wizard, specify the following parameters on the Operation page:
    • Analyze existing data
    • Add a policy file that contains the secure computers
  6. On the Collect or Analyze Interval page, specify an appropriate time period and day offset.

Ports required for data collection using Proxy Agent in a firewall environment

When firewall mode is active, the managing node makes a connection to port 6767 on the remote node. Drill-down requests and graph requests that would normally use port 30000 are routed instead through the established connection on port 6767. Even though port 30000 is not used by the remote computers to send data, the console computer does bind to this port.

If you are behind a firewall environment, and proxy data collection is enabled, the following ports need to be configured on your system:

  • Ports 111135139, and 445 from the proxy host to the agentless computer
  • Open RPC ports for DCOM from the proxy host to the agentless computer. You can allow a large range of ports as defined by the OS (range is 1024 - 65536) or you can limit the range by creating specific registry keys, and restarting the agentless computer.

Note

If you make the range of ports too small, you might run out of available ports.

For more information about proxy data collection, see Collecting Gateway Server data using proxy hosts.

Secure Perform Agent support for secure computers

Secure Perform Agent provides support for secure remote computers. Perform the steps in Running Gateway Server with data from secure computers to enable the Gateway Server to process secure computer data. The console processes the data collected from secure computers on a daily basis, but the console cannot collect or transfer data from secure computers.

Note

Gateway Server cannot process data from a mixture of secure and non-secure computers.