Security considerations for secure computers

This topic contains the following sections:

Security models
Running the Gateway Server with data from secure computers
Secure Perform Agent support for secure computers

Security models

TrueSight Capacity Optimization has two security models:

Basic security (default)
Advanced security

Basic security

If you select Basic security, the product is installed so that all functionality is available (remote requests from the GUI are honored, Investigate is supported, and so on).

Advanced security

If you select Advanced security, Capacity Agent is affected as follows:

The Service Daemon is not installed.
Capacity Agent is not installed (some of its functionality is replaced by udrprovider).
The best1collect.exe executable is not installed (some of its functionality is replaced by best1collect_secure.exe).

In an Advanced Security installation, the remote agent does not support the following features:

Collector start, stop, and query requests issued from a remote node
Any Investigate request (for example, charts and drill downs)
Data transfer
Any Perform Agent requests originating from a remote node.

Running the Gateway Server with data from secure computers

The secure computer data must be manually collected and transferred to the managing computer (Gateway Server). BMC recommends grouping all secure computers into a policy file (equivalent to a domain file on UNIX).

Note

A Manager run can handle up to 12 computers. BMC recommends grouping secure computers into groups of 12 or fewer, and setting up a Manager run for each of these groups.

Secure Perform Agent support for secure computers

Secure Perform Agent provides support for secure remote computers. Perform the steps in Running Gateway Server with data from secure computers to enable the Gateway Server to process secure computer data. The console processes the data collected from secure computers on a daily basis, but the console cannot collect or transfer data from secure computers.