Requesting Access to IBM Director Agent on Windows Planning / Implementation



Similar documents
TCP/IP ports on the CMM, IMM, IMM2, RSA II, BMC, and AMM management processors 1

Introduction to PCI Express Positioning Information

Deploying Citrix MetaFrame on IBM eserver BladeCenter with FAStT Storage Planning / Implementation

IBM RDX Removable Disk Backup Solution (Withdrawn) Product Guide

Intel I340 Ethernet Dual Port and Quad Port Server Adapters for System x Product Guide

Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide

Introduction to Windows Server 2016 Nested Virtualization

io3 Enterprise Mainstream Flash Adapters Product Guide

ServeRAID M5000 Series Performance Accelerator Key for IBM System x Product Guide

IBM Security QRadar Version (MR1) Checking the Integrity of Event and Flow Logs Technical Note

IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

IBM Security QRadar Version Installing QRadar with a Bootable USB Flash-drive Technical Note

Platform LSF Version 9 Release 1.2. Migrating on Windows SC

6Gb SAS Host Bus Adapter Product Guide

Tivoli Endpoint Manager for Security and Compliance Analytics. Setup Guide

Installing on Windows

Release Notes. IBM Tivoli Identity Manager Oracle Database Adapter. Version First Edition (December 7, 2007)

IBM Lotus Protector for Mail Encryption. User's Guide

IBM Client Security Solutions. Client Security User's Guide

An Introduction to NIC Teaming with Lenovo Networking Switches

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

Tivoli Endpoint Manager for Security and Compliance Analytics

IBM Security QRadar Version (MR1) Configuring Custom Notifications Technical Note

IBM Proventia Management SiteProtector. Configuring Firewalls for SiteProtector Traffic Version 2.0, Service Pack 8.1

IBM Connections Plug-In for Microsoft Outlook Installation Help

Table 1 shows the LDAP server configuration required for configuring the federated repositories in the Tivoli Integrated Portal server.

IBM Security SiteProtector System Migration Utility Guide

Active Directory Synchronization with Lotus ADSync

Lenovo Partner Pack for System Center Operations Manager

IBM Cognos Controller Version New Features Guide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Version 8.2. Tivoli Endpoint Manager for Asset Discovery User's Guide

Integrating ERP and CRM Applications with IBM WebSphere Cast Iron IBM Redbooks Solution Guide

IBM TRIRIGA Application Platform Version Reporting: Creating Cross-Tab Reports in BIRT

IBM Endpoint Manager. Security and Compliance Analytics Setup Guide

IBM SmartCloud Analytics - Log Analysis. Anomaly App. Version 1.2

Oracle Enterprise Manager

IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory Version 2.0. Content Pack for OpenLDAP and Microsoft Active Directory

IBM Enterprise Marketing Management. Domain Name Options for

IBM Security SiteProtector System Two-Factor Authentication API Guide

HP Device Manager 4.7

Rapid Data Backup and Restore Using NFS on IBM ProtecTIER TS7620 Deduplication Appliance Express IBM Redbooks Solution Guide

Remote Control Tivoli Endpoint Manager - TRC User's Guide

Tivoli Endpoint Manager for Configuration Management. User s Guide

IBM Rational Rhapsody NoMagic Magicdraw: Integration Page 1/9. MagicDraw UML - IBM Rational Rhapsody. Integration

Solution Brief: Microsoft SQL Server 2014 Data Warehouse Fast Track on System x3550 M5 with Micron M500DC Enterprise Value SATA SSDs

IBM Client Security Solutions. Password Manager Version 1.4 User s Guide

Patch Management for Red Hat Enterprise Linux. User s Guide

IBM Security QRadar Version Common Ports Guide

OS Deployment V2.0. User s Guide

Red Hat CloudForms for Lenovo Product Guide

Introduction to Windows Server 2016 Nano Server

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Endpoint Manager for Mobile Devices Setup Guide

IBM Enterprise Marketing Management. Domain Name Options for

IBM Configuring Rational Insight and later for Rational Asset Manager

Remote Support Proxy Installation and User's Guide

Sametime Version 9. Integration Guide. Integrating Sametime 9 with Domino 9, inotes 9, Connections 4.5, and WebSphere Portal

Deploying Business Objects Crystal Reports Server on IBM InfoSphere Balanced Warehouse C-Class Solution for Windows

Oracle Enterprise Manager

Citrix XenServer Workload Balancing Quick Start. Published February Edition

Disaster Recovery Procedures for Microsoft SQL 2000 and 2005 using N series

IBM Lotus Protector for Mail Encryption

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

IBM Cognos Controller Version New Features Guide

XenClient Enterprise Synchronizer Installation Guide

IBM WebSphere Message Broker - Integrating Tivoli Federated Identity Manager

IBM TRIRIGA Anywhere Version 10 Release 4. Installing a development environment

IBM FlashSystem. SNMP Guide

IBM Security SiteProtector System Configuring Firewalls for SiteProtector Traffic

Packet Capture Users Guide

IBM Tivoli Web Response Monitor

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

IBM PowerSC Technical Overview IBM Redbooks Solution Guide

IBM Financial Transaction Manager for ACH Services IBM Redbooks Solution Guide

IBM BladeCenter Layer 2-7 Gigabit Ethernet Switch Module (Withdrawn) Product Guide

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor

Linux. Managing security compliance

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

IBM XIV Management Tools Version 4.7. Release Notes IBM

Mobility Manager 9.5. Users Guide

Getting Started With IBM Cúram Universal Access Entry Edition

IBM Endpoint Manager Version 9.0. Patch Management for Red Hat Enterprise Linux User's Guide

Intel Storage System SSR212CC Enclosure Management Software Installation Guide For Red Hat* Enterprise Linux

Tivoli Security Compliance Manager. Version 5.1 April, Collector and Message Reference Addendum

Installing the BlackBerry Enterprise Server Management console with a remote database

Mobile App User's Guide

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Rebasoft Auditor Quick Start Guide

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

IBM Security QRadar Version (MR1) Installing QRadar 7.1 Using a Bootable USB Flash-Drive Technical Note

ALTIRIS Software Delivery Solution for Windows 6.1 SP3 Product Guide

InfoPrint 4247 Serial Matrix Printers. Remote Printer Management Utility For InfoPrint Serial Matrix Printers

QLogic 4Gb Fibre Channel Expansion Card (CIOv) for IBM BladeCenter IBM BladeCenter at-a-glance guide

Implementing the End User Experience Monitoring Solution

1U 18.5-inch Standard and Enhanced Media Consoles Product Guide

Tivoli IBM Tivoli Monitoring for Transaction Performance

Citrix XenApp Manager 1.0. Administrator s Guide. For Windows 8/RT. Published 10 December Edition 1.0.1

Transcription:

Requesting Access to IBM Director Agent on Windows Planning / Implementation Main When IBM Director Server first discovers a managed system, that system might be initially locked (represented by padlock icon next to the system) and require the appropriate credentials be supplied before being able to be managed. To manage such locked systems, you must right-click the inaccessible system and select Request Access. You then need to specify an account with administrative privileges on the system you are attempting to access. For Linux systems, you can just use the root user ID; however for Windows, the proper credentials vary depending on the type of agent on the remote system. Tip: You can select multiple systems before requesting access by using Shift-click or Ctrl-click. In this manner, you can request access to all systems using the same credentials in a single operation. Requesting access to Windows managed systems provides some challenges if domain credentials are supplied. The format of the user name and domain name varies depending on the level of IBM Director Agent installed on the managed system. Refer to Table 1 for acceptable formats for supplying domain credentials to Windows-based systems. Table 1: Windows domain credentials for accessing secured systems Director agent level Domain credential formats accepted Level-0 (agentless) Level-1 (Core Services) Level-2 (full agent) Level-0 systems username@domain username@domain domain\username domain\username For Level-0 systems (agentless), the process depends, generally, on the operating system of the target. More accurately, it depends on the protocol used for communication. By default, IBM Director uses DCOM to communicate with all Level-0 Windows systems, while using SSH for all other operating systems on all platforms. You can choose to use SSH on Windows systems as well by installing the Open SSH software included on the IBM Director installation CD (in the coresvcs directory). During Level-0 system discovery, these systems are discovered and added to the management console in a secure state (padlock icon ). Management of these systems is not possible until access is granted using the Request Access task. Requesting Access to IBM Director Agent on Windows 1

Requesting access to Level-0 Windows systems Level-0 Windows systems require an account with local administrative privileges to successfully be username@domain (domain accounts) If the user name on a Windows Level-0 secured system is local system account and the same user name exists as a domain account, IBM Director uses the local account for authentication, unless you specify the domain using username@domain. This can cause problems if you have a domain account with the same user name as a local account. Tip: You cannot use the syntax domain\username to unlock Level-0 systems. Level-1 systems For Level-1 systems (IBM Director Core Services), SSL secures all communication. When IBM Director Server is installed, a self-signed security certificate is created. During Level-1 system discovery, these systems are discovered and added to the management console in a secure state (padlock icon ). Management of these systems is not possible until access is granted using the Request Access task. Requesting access to Level-1 Windows systems Level-1 Windows systems require an account with local administrative privileges to successfully be username@domain or domain\username (domain accounts) Tip: Unlike Level-0 or Level-2, you can use either username@domain or domain\username to unlock Level- 1 systems. Upon acceptance of the proper Request Access credentials, the security certificate is pushed to the CIMOM (WMI for Windows, Pegasus for all other operating systems and platforms) on the managed system. This certificate is used to open a secure pipe between IBM Director Server and the managed system for all subsequent sessions. Tip: The certmgr command, available in the DIRCLI command line interface to IBM Director Server, can be used to generate, import, distribute, and revoke security certificates for Level-1 managed systems. Note, however, that the certificates created using this command expire after one year. For more information about this and other DIRCLI commands, see Appendix A: IBM Director commands in the IBM Director Systems Management Guide, available from: http://www.ibm.com/systems/management/director/resources Level-2 systems For Level-2 systems (IBM Director Agent), the process is a bit more complex, although invisible to the management console user. It works like this: 1. IBM Director Server attempts to access IBM Director Agent. IBM Director Server bids the public keys that correspond to the private keys it holds. 2. IBM Director Agent checks these keys. If it considers the keys to be trusted, IBM Director Agent replies with a challenge that consists of one of the trusted public keys and a random data block. Requesting Access to IBM Director Agent on Windows 2

3. IBM Director Server generates a digital signature of the random data block using the private key that corresponds to the public key included in the challenge. IBM Director Server sends the signature back to IBM Director Agent. 4. IBM Director Agent uses the public key to verify that the signature is a valid signature for the random data block. If the signature is valid, IBM Director Agent grants access to IBM Director Server. Requesting access to Level-2 Windows systems Level-2 Windows systems require an account with local administrative privileges to successfully be username\domain (domain accounts) Tip: You cannot use the syntax username@domain to unlock Level-2 systems. Windows authentication issues Issues can arise if you have duplicate user names for local users and domain users or supply domain credentials in the incorrect format, which might prevent you from accessing Windows-based managed systems. Scenario 1 Local administrator account - username: JohnD, password: 1234 Domain administrator account - JohnD, password: 5678 If you request access to the system with the user name JohnD, IBM Director uses the local system account JohnD and authenticates against password 1234. If you specify JohnD with the password 5678, the request fails because the password is incorrect for the local system account. You need to specify the local system account JohnD with the password 1234 or specify the domain account JohnD@domain (Level-0, Level-1) or domain\johnd (Level-1, Level-2) with the password 5678 to gain access. Scenario 2 Local user account - username: JohnD, password: 1234 Domain administrator account - JohnD, password: 5678 If you request access to the system with the user name JohnD, IBM Director uses the local system account JohnD and authenticates against password 1234. If you specify JohnD with the password 1234, the request for access fails because the user does not have local administrative privileges. If you specify JohnD with password 5678, the request fails because the password is incorrect for the local system account. You need to specify JohnD@domain (Level-0, Level-1) or domain\johnd (Level-1, Level-2) with the password 5678 to gain access. Requesting Access to IBM Director Agent on Windows 3

Notices Lenovo may not offer the products, services, or features discussed in this document in all countries. Consult your local Lenovo representative for information on the products and services currently available in your area. Any reference to a Lenovo product, program, or service is not intended to state or imply that only that Lenovo product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any Lenovo intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any other product, program, or service. Lenovo may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: Lenovo (United States), Inc. 1009 Think Place - Building One Morrisville, NC 27560 U.S.A. Attention: Lenovo Director of Licensing LENOVO PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON- INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. Lenovo may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. The products described in this document are not intended for use in implantation or other life support applications where malfunction may result in injury or death to persons. The information contained in this document does not affect or change Lenovo product specifications or warranties. Nothing in this document shall operate as an express or implied license or indemnity under the intellectual property rights of Lenovo or third parties. All information contained in this document was obtained in specific environments and is presented as an illustration. The result obtained in other operating environments may vary. Lenovo may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Any references in this publication to non-lenovo Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this Lenovo product, and use of those Web sites is at your own risk. Any performance data contained herein was determined in a controlled environment. Therefore, the result obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Copyright Lenovo 2015. All rights reserved. This document was created or updated on Feb 13, 2007. Send us your comments in one of the following ways: Use the online Contact us review form found at: http://lenovopress.com/tips0656 Send your comments in an e-mail to: Requesting Access to IBM Director Agent on Windows 4

comments@lenovopress.com This document is available online at http://lenovopress.com/tips0656. Trademarks Lenovo, the Lenovo logo, and For Those Who Do are trademarks or registered trademarks of Lenovo in the United States, other countries, or both. These and other Lenovo trademarked terms are marked on their first occurrence in this information with the appropriate symbol ( or TM), indicating US registered or common law trademarks owned by Lenovo at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of Lenovo trademarks is available on the Web at http://www.lenovo.com/legal/copytrade.html. The following terms are trademarks of Lenovo in the United States, other countries, or both: Flex SystemTM Lenovo Lenovo(logo) Lenovo XClarityTM System x X5TM The following terms are trademarks of other companies: Intel, Intel Xeon, Intel logo, Intel Inside logo, and Intel Centrino logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. Requesting Access to IBM Director Agent on Windows 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information