Securing the Aggregation Server for Extended Reporting

The Aggregation Server for Extended Reporting system has one Administrator account; you cannot delete this account, and the account password never expires.

Note

Only the Administrator role is defined for the BMC Real End User Experience Monitoring Aggregation Server for Extended Reporting component.

As an Administrator, you can configure security for the Aggregation Server for Extended Reporting system interfaces in the following ways:

You can require a "strict" password for the Administrator account.
You can configure automatic timeout for inactive web interface sessions.
You can enable or disable secure shell (SSH) access, which allows remote use of the Aggregation Server command-line interface (CLI).

The following sections describe how to perform these functions.

Strict passwords

Aggregation Server passwords are case-sensitive. By default, the Aggregation Server applies simple password validation rules. It checks passwords only for length (minimum 6 characters). If your organization requires stronger passwords, the Extended Reporting Administrator can enable strict validation rules:

Minimum 10 characters
Must contain two noncontiguous nonalphabetic characters: 0123456789!@#$%^&*()_+-=

Example

mypassword (not valid)
myp3ssw#rd (valid)

Enabling strict password validation does not affect passwords that have already been created.

Session timeout

By default, the Aggregation Server for Extended Reporting web interface sessions expire after two hours of inactivity. Any subsequent actions require the user to log on again. When you set a new timeout period, it applies only to sessions created after the change was made. In other words, existing sessions are not affected.

The Automatic page reload feature acts as a keep-alive signal to its web server. Under certain circumstances, autoreload might inadvertently prevent an Aggregation Server for Extended Reporting web interface session from timing out.

To change security settings for the Aggregation Server for Extended Reporting web interface

Log on to the Aggregation Server for Extended Reporting web interface.
Click Services in the Security settings.
Perform the following steps to change security settings for the web interface and the Administrator account.

Task	Action
Enable or disable the strict password requirement	In the Require strict passwords for user accounts row, click Enable or Disable.
Set the time-out period for inactive sessions	From the shortcut menu for Inactive session timeout period row, select Edit. In the hr and min boxes respectively, enter the number of hours and minutes of inactivity after which users must log in again. The timeout period can be as short as 5 minutes or as long as 48 hours.
Enable or disable automatic page reload	In the Automatic page reload row, click Enable or Disable. Certain screens can reload themselves after a specified delay. This is useful if you want to monitor the data in near–real time without refreshing the page manually. If you are viewing a page that has autoreload enabled and you forget to close the browser at the end of the session, the session will never time out; the autoreload feature acts as a keep-alive signal to Aggregation Server web server. For this reason, automatic page reload is disabled, by default.
Edit the pre-login message	From the shortcut menu for Pre-login message row, select Edit. A message consists of a title and body. Both fields are optional. You can type a maximum of 1024 characters in the Message box. Do not mark up the text with HTML tags. In the Title box, type a title for the message. In the Message box, type the message. Edit the message and click Save. Extended Reporting displays a message on the logon screen of its web interface.

To secure access to the command-line interface

Log on to the Aggregation Server for Extended Reporting web interface.
To secure remote connections to the Aggregation Server command-line interface (CLI), next to SSH access, click ON.

For information about the CLI, see Command-line-interface.