Netcool/Security Manager Administration Guide 1.2 - e IBM Tivoli ...
Netcool/Security Manager Administration Guide 1.2 - e IBM Tivoli ...
Netcool/Security Manager Administration Guide 1.2 - e IBM Tivoli ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
frontmatter.fm February 9, 2005<br />
<strong>Netcool</strong>®/<strong>Security</strong> <strong>Manager</strong>TM <strong>1.2</strong><br />
<strong>Administration</strong> <strong>Guide</strong>
© 2005 Micromuse Inc., Micromuse Ltd.<br />
All rights reserved. No part of this work may be reproduced in any form or by any<br />
person without prior written permission of the copyright owner. This document is<br />
proprietary and confidential to Micromuse, and is subject to a confidentiality<br />
agreement, as well as applicable common and statutory law.<br />
Micromuse Disclaimer of Warranty and Statement of Limited Liability<br />
Micromuse provides this document "as is", without warranty of any kind, either<br />
express or implied, including, but not limited to, the implied warranties of<br />
merchantability, fitness for a particular purpose or non-infringement. This<br />
document may contain technical inaccuracies or typographical errors. Micromuse<br />
may make improvements and changes to the programs described in this document<br />
or this document at any time without notice. Micromuse assumes no responsibility<br />
for the use of the programs or this document except as expressly set forth in the<br />
applicable Micromuse agreement(s) and subject to terms and conditions set forth<br />
therein. Micromuse does not warrant that the functions contained in the programs<br />
will meet your requirements, or that the operation of the programs will be<br />
uninterrupted or error-free. Micromuse shall not be liable for any indirect,<br />
consequential or incidental damages arising out of the use or the ability to use the<br />
programs or this document.<br />
Micromuse specifically disclaims any express or implied warranty of fitness for high<br />
risk activities.<br />
Micromuse programs and this document are not certified for fault tolerance, and<br />
are not designed, manufactured or intended for use or resale as on-line control<br />
equipment in hazardous environments requiring fail-safe performance, such as in<br />
the operation of nuclear facilities, aircraft navigation or communication systems,<br />
air traffic control, direct life support machines, or weapons systems ("High Risk<br />
Activities") in which the failure of programs could lead directly to death, personal<br />
injury, or severe physical or environmental damage.<br />
Compliance with Applicable Laws; Export Control Laws<br />
Use of Micromuse programs and documents is governed by all applicable federal,<br />
state and local laws. All information therein is subject to U.S. export control laws<br />
and may also be subject to the laws of the country where you reside.<br />
All Micromuse programs and documents are commercial in nature. Use,<br />
duplication or disclosure by the United States Government is subject to the<br />
restrictions set forth in DFARS 252.227-7015 and FAR 52.227-19.<br />
Trademarks and Acknowledgements<br />
Micromuse and <strong>Netcool</strong> are registered trademarks of Micromuse.<br />
Other Micromuse trademarks include but are not limited to: <strong>Netcool</strong>/OMNIbus,<br />
<strong>Netcool</strong>/OMNIbus for Voice Networks, <strong>Netcool</strong>/Reporter, <strong>Netcool</strong>/Internet<br />
Service Monitors, <strong>Netcool</strong>/ISM, <strong>Netcool</strong>/ISM Global Perspective, <strong>Netcool</strong>/NT<br />
Service Monitors, <strong>Netcool</strong>/Wireless Service Monitors, <strong>Netcool</strong>/WSM,<br />
<strong>Netcool</strong>/Usage Service Monitors, <strong>Netcool</strong>/USM, <strong>Netcool</strong>/Telco Service<br />
Monitors, <strong>Netcool</strong>/TSM, <strong>Netcool</strong>/Fusion, <strong>Netcool</strong>/Data Center Monitors,<br />
<strong>Netcool</strong> DCM, <strong>Netcool</strong>/Impact, <strong>Netcool</strong>/Visionary, <strong>Netcool</strong>/Precision, <strong>Netcool</strong><br />
Probes & Monitors, <strong>Netcool</strong> Desktops, <strong>Netcool</strong> Gateways, <strong>Netcool</strong> Impact/Data<br />
Source Adaptors, <strong>Netcool</strong> EventList, <strong>Netcool</strong> Map, <strong>Netcool</strong> Virtual Operator,<br />
<strong>Netcool</strong>/Precision for IP Networks, <strong>Netcool</strong>/Precision for Transmission<br />
Networks, <strong>Netcool</strong>/Firewall, <strong>Netcool</strong>/Wave, <strong>Netcool</strong>/Webtop, <strong>Netcool</strong> TopoViz,<br />
<strong>Netcool</strong>/SM Operations, <strong>Netcool</strong>/SM Configuration, <strong>Netcool</strong>/OpCenter,<br />
<strong>Netcool</strong>/System Service Monitors, <strong>Netcool</strong>/SSM, <strong>Netcool</strong>/Application Service<br />
Monitors, <strong>Netcool</strong>/ASM, <strong>Netcool</strong>/ISM WAM, <strong>Netcool</strong>/SM Reporter, <strong>Netcool</strong><br />
for Asset Management, <strong>Netcool</strong>/Realtime Active Dashboards,<br />
<strong>Netcool</strong>/Dashboards, <strong>Netcool</strong>/RAD, <strong>Netcool</strong> for Voice over IP, <strong>Netcool</strong> for<br />
<strong>Security</strong> Management, <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, <strong>Netcool</strong>/Portal 2.0 Premium<br />
Edition, <strong>Netcool</strong> ObjectServer, <strong>Netcool</strong>/RAD, <strong>Netcool</strong>/Software Developers Kit,<br />
Micromuse Alliance Program, Micromuse Channel Partner, Authorized <strong>Netcool</strong><br />
Reseller, <strong>Netcool</strong> Ready, <strong>Netcool</strong> Solutions, <strong>Netcool</strong> Certified, <strong>Netcool</strong> Certified<br />
Consultant, <strong>Netcool</strong> Certified Trainer, <strong>Netcool</strong> CCAI Methodology, Micromuse<br />
University, Microcorrelation, Acronym, Micromuse Design, Integration Module<br />
for <strong>Netcool</strong>, The <strong>Netcool</strong> Company, VISIONETCOOL, and Network Slice.<br />
Micromuse acknowledges the use of I/O Concepts Inc. X-Direct 3270 terminal<br />
emulators and hardware components and documentation in <strong>Netcool</strong>/Fusion.<br />
X-Direct ©1989-1999 I/O Concepts Inc. X-Direct and Win-Direct are<br />
trademarks of I/O Concepts Inc.<br />
<strong>Netcool</strong>/Fusion contains <strong>IBM</strong> Runtime Environment for AIX®, Java<br />
Technology Edition Runtime Modules © Copyright <strong>IBM</strong> Corporation 1999. All<br />
rights reserved.<br />
Micromuse acknowledges the use of MySQL in <strong>Netcool</strong>/Precision for IP<br />
Networks. Copyright © 1995, 1996 TcX AB & Monty Program KB & Detron<br />
HB Stockholm SWEDEN, Helsingfors FINLAND and Uppsala SWEDEN. All<br />
rights reserved.<br />
Micromuse acknowledges the use of the UCD SNMP Library <strong>Netcool</strong>/ISM.<br />
Copyright © 1989, 1991, 1992 by Carnegie Mellon University. Derivative Work<br />
- Copyright © 1996, 1998, 1999, 2000 The Regents of the University of<br />
California. All rights reserved.<br />
Portions of the <strong>Netcool</strong>/ISM code are copyright ©2001, Cambridge Broadband<br />
Ltd. All rights reserved.<br />
Portions of the <strong>Netcool</strong>/ISM code are copyright © 2001, Networks Associates<br />
Technology, Inc. All rights reserved.<br />
Micromuse acknowledges the use of Viador Inc. software and documentation for<br />
<strong>Netcool</strong>/Reporter. Viador © 1997-1999 is a trademark of Viador Inc.<br />
Micromuse acknowledges the use of software developed by the Apache Group for<br />
use in the Apache HTTP server project. Copyright © 1995-1999 The Apache<br />
Group. Apache Server is a trademark of the Apache Software Foundation<br />
(http://www.apache.org/). All rights reserved.<br />
Micromuse acknowledges the use of software developed by Edge Technologies,<br />
Inc. 2003 Edge Technologies, Inc. and Edge enPortal are trademarks or registered<br />
trademarks of Edge Technologies Inc. All rights reserved.<br />
Micromuse acknowledges the use of Merant drivers. Copyright © MERANT<br />
Solutions Inc., 1991-1998.<br />
The following product names are trademarks of <strong>Tivoli</strong> Systems or <strong>IBM</strong><br />
Corporation: AIX, <strong>IBM</strong>, OS/2, RISC System/6000, <strong>Tivoli</strong> Management<br />
Environment, and TME10.<br />
<strong>IBM</strong>, NetView/6000, Domino, Lotus, Lotus Notes, and WebSphere are either<br />
trademarks or registered trademarks of <strong>IBM</strong> Corporation. VTAM is a trademark<br />
of <strong>IBM</strong> Corporation.<br />
Omegamon is a trademark of Candle Corporation.<br />
Netspy is a trademark of Computer Associates International Inc.<br />
The Sun logo, Sun Microsystems, SunOS, Solaris, SunNet <strong>Manager</strong>, Java are<br />
trademarks of Sun Microsystems Inc.<br />
SPARC is a registered trademark of SPARC International Inc. Programs bearing<br />
the SPARC trademark are based on an architecture developed by Sun<br />
Microsystems Inc. SPARCstation is a trademark of SPARC International Inc.,<br />
licensed exclusively to Sun Microsystems Inc.<br />
UNIX is a registered trademark of the X/Open Company Ltd.<br />
Sybase is a registered trademark of Sybase Inc. Adaptive Server is a trademark of<br />
Sybase Inc.<br />
Action Request System and Remedy are registered trademarks of Remedy<br />
Corporation.<br />
Peregrine System and ServiceCenter are registered trademarks of Peregrine Systems<br />
Inc.<br />
HP, HP-UX and OpenView are trademarks of Hewlett-Packard Company.<br />
InstallShield is a registered trademark of InstallShield Software Corporation.<br />
Microsoft, Windows 95/98/Me/NT/2000/XP are either registered trademarks or<br />
trademarks of Microsoft Corporation.
Microsoft Internet Information Server/Services (IIS), Microsoft Exchange Server,<br />
Microsoft SQL Server, Microsoft perfmon and Microsoft Cluster Service are<br />
registered trademarks of Microsoft Corporation.<br />
BEA and WebLogic are registered trademarks of BEA Systems Inc.<br />
FireWall-1 is a registered trademark of Check Point Software Technologies Ltd.<br />
Netscape and Netscape Navigator are registered trademarks of Netscape<br />
Communications Corporation in the United States and other countries.<br />
Netscape's logos and Netscape product and service names are also trademarks of<br />
Netscape Communications Corporation, which may be registered in other<br />
countries.<br />
Micromuse acknowledges the use of Xpm tool kit components.<br />
SentinelLM is a trademark of Rainbow Technologies Inc.<br />
GLOBEtrotter and FLEXlm are registered trademarks of Globetrotter Software<br />
Inc.<br />
Red Hat, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM<br />
logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember<br />
More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are<br />
trademarks or registered trademarks of Red Hat Inc. in the United States and other<br />
countries.<br />
Linux is a registered trademark of Linus Torvalds.<br />
Nokia is a registered trademark of Nokia Corporation.<br />
WAP Forum and all trademarks, service marks and logos based on these<br />
designations (Trademarks) are marks of Wireless Application Protocol Forum Ltd.<br />
Micromuse acknowledges the use of InstallAnywhere software in <strong>Netcool</strong>/WAP<br />
Service Monitors. Copyright © Zero G Software Inc.<br />
Orbix is a registered trademark of IONA Technologies PLC. Orbix 2000 is a<br />
trademark of IONA Technologies PLC.<br />
Micromuse acknowledges the use of Graph Layout Toolkit in <strong>Netcool</strong>/ Precision<br />
for IP Networks. Copyright © 1992 - 2001, Tom Sawyer Software, Berkeley,<br />
California. All rights reserved.<br />
Portions of <strong>Netcool</strong>/Precision for IP Networks are © TIBCO Software, Inc.<br />
1994-2003. All rights reserved. TIB and TIB/Rendezvous are trademarks of<br />
TIBCO Software, Inc.<br />
Portions of <strong>Netcool</strong>/Precision for IP Networks are Copyright © 1996-2003,<br />
Daniel Stenberg, .<br />
Micromuse acknowledges the use of Digital X11 in <strong>Netcool</strong>/Precision for IP<br />
Networks. Copyright 1987, 1988 by Digital Equipment Corporation, Maynard,<br />
Massachusetts, All Rights Reserved. DIGITAL DISCLAIMS ALL<br />
WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL<br />
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN<br />
NO EVENT SHALL DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT<br />
OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER<br />
RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN<br />
AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS<br />
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR<br />
PERFORMANCE OF THIS SOFTWARE.<br />
<strong>Netcool</strong>/SM Operations, <strong>Netcool</strong>/SM Configuration and <strong>Netcool</strong>/OpCenter<br />
include software developed by the OpenSSL Project for use in the OpenSSL<br />
Toolkit (http://www.openssl.org/).<br />
Micromuse acknowledges the use of software developed by ObjectPlanet. ©2003<br />
ObjectPlanet, Inc, Ovre Slottsgate, 0157 Oslo, Norway.<br />
Micromuse acknowledges the use of Expat in <strong>Netcool</strong>/ASM. Copyright 1998,<br />
1999, 2000 Thai Open Source Software Center Ltd and Clark Cooper. Copyright<br />
2001, 2002 Expat maintainers. THE EXPAT SOFTWARE IS PROVIDED<br />
HEREUNDER "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS<br />
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES<br />
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND<br />
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR<br />
COPYRIGHT HOLDERS OF THE EXPAT SOFTWARE BE LIABLE FOR<br />
ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN<br />
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,<br />
OUT OF OR IN CONNECTION WITH THE EXPAT SOFTWARE OR<br />
THE USE OR OTHER DEALINGS IN THE SOFTWARE. Expat explicitly<br />
grants its permission to any person obtaining a copy of any Expat software and<br />
associated documentation files (the "Expat Software") to deal in the Expat<br />
Software without restriction, including without limitation the rights to use, copy,<br />
modify, merge, publish, distribute, sublicense, and/or sell copies of the Expat<br />
Software. Expat's permission is subject to the following conditions: The above<br />
copyright notice and this permission notice shall be included in all copies or<br />
substantial portions of the Expat Software. Except as set forth hereunder, all<br />
software provided by Micromuse hereunder is subject to the applicable license<br />
agreement.<br />
Micromuse acknowledges that <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> includes Hypersonic<br />
SQL. Copyright (c) 2001-2002, The HSQL Development Group. All rights<br />
reserved.<br />
JABBER® is a registered trademark and its use is granted under a sublicense from<br />
the Jabber Software Foundation.<br />
Micromuse acknowledges the use of MySQL in <strong>Netcool</strong>/Precision for IP<br />
Networks and in <strong>Netcool</strong>/Precision for Transmission Networks. Copyright ©<br />
1995, 1996 TcX AB & Monty Program KB & Detron.<br />
Micromuse acknowledges the use of Cryptix in <strong>Netcool</strong>/Precision IP. Copyright<br />
(c) 1995-2004 The Cryptix Foundation Limited. All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification,<br />
are permitted provided that the following conditions are met:<br />
1. Redistributions of source code must retain the copyright notice, this list of<br />
conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
THIS SOFTWARE IS PROVIDED BY THE CRYPTIX FOUNDATION<br />
LIMITED AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR<br />
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE<br />
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
CRYPTIX FOUNDATION LIMITED OR CONTRIBUTORS BE LIABLE<br />
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,<br />
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED<br />
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS<br />
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)<br />
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br />
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT<br />
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY<br />
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE<br />
POSSIBILITY OF SUCH DAMAGE.<br />
All other trademarks, registered trademarks and logos are the property of their<br />
respective owners.<br />
Micromuse Inc., 139 Townsend Street, San Francisco, USA CA 94107<br />
www.micromuse.com<br />
Document Version Number: 1.1 - February 2005
Contents<br />
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1<br />
Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2<br />
About the <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3<br />
Associated Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> Release Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
Typographical Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5<br />
Note, Tip, and Warning Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6<br />
Syntax and Example Subheadings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7<br />
Operating System Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
Contents<br />
About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
What Is the <strong>Security</strong> <strong>Manager</strong>? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
How Do I Set Up the <strong>Security</strong> <strong>Manager</strong>?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
How Do I License the <strong>Security</strong> <strong>Manager</strong>? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
How Do I Run the <strong>Security</strong> <strong>Manager</strong>?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
Can I Run the <strong>Security</strong> <strong>Manager</strong> Under Process Control? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
How Do I Administer the <strong>Security</strong> <strong>Manager</strong>? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
Java Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
ObjectServer Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
License Server Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
Web Browser Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
Hardware Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
Exceed Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> i
Contents<br />
ii<br />
<strong>Security</strong> <strong>Manager</strong> Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15<br />
<strong>Security</strong> <strong>Manager</strong> Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15<br />
<strong>Security</strong> <strong>Manager</strong> Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15<br />
Authentication Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Authentication Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18<br />
Authentication Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19<br />
ObjectServer Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19<br />
NIS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19<br />
LDAP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
Native Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21<br />
Installing the <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22<br />
Running the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22<br />
Setting the NCSM_HOME Environment Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24<br />
Synchronizing Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25<br />
Reading the Installation Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25<br />
Licensing the <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26<br />
Licensing Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26<br />
Configuring Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26<br />
Quorum Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26<br />
Upgrading the <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28<br />
Upgrading on UNIX Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28<br />
Upgrading on Windows Platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30<br />
Troubleshooting Installation Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33<br />
ObjectServer Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33<br />
Windows User Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Contents<br />
Chapter 3: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35<br />
Running the <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36<br />
Starting the <strong>Security</strong> <strong>Manager</strong> on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36<br />
Stopping the <strong>Security</strong> <strong>Manager</strong> on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36<br />
Viewing the <strong>Security</strong> <strong>Manager</strong> Status on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36<br />
Starting the <strong>Security</strong> <strong>Manager</strong> on Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37<br />
Stopping the <strong>Security</strong> <strong>Manager</strong> on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37<br />
Logging into the <strong>Security</strong> <strong>Manager</strong> GUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38<br />
The <strong>Security</strong> <strong>Manager</strong> GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39<br />
Navigation Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39<br />
Main Work Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41<br />
Chapter 4: Working with Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47<br />
About Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48<br />
Viewing Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49<br />
Creating Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50<br />
Editing Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51<br />
Deleting Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54<br />
Chapter 5: Working with Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55<br />
About Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56<br />
Viewing Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57<br />
Creating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
Creating Users Automatically. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
Synchronizing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
Manually Creating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
Editing Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61<br />
Deleting Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> iii
Contents<br />
iv<br />
Chapter 6: Working with Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67<br />
About Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68<br />
Viewing Roles in a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69<br />
Adding and Removing User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70<br />
Adding and Removing Group Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72<br />
Chapter 7: Working with Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73<br />
About Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74<br />
Viewing Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75<br />
Creating Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76<br />
Editing Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78<br />
Deleting Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81<br />
Setting Up Default Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82<br />
Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82<br />
Chapter 8: External Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83<br />
Setting Up ObjectServer Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84<br />
Setting Up NIS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85<br />
Installing the NIS Plug-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85<br />
Configuring the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86<br />
Editing the Plug-In Properties File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88<br />
Setting Up LDAP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89<br />
Installing the LDAP Plug-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89<br />
Configuring the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90<br />
Synchronizing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Contents<br />
Appendix A: Supplementary Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93<br />
Configuring the Refresh Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94<br />
<strong>Security</strong> <strong>Manager</strong> Port Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95<br />
Backing Up the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96<br />
Restoring the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96<br />
<strong>Security</strong> <strong>Manager</strong> Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97<br />
Setting Up <strong>Security</strong> <strong>Manager</strong> Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97<br />
Running the <strong>Security</strong> <strong>Manager</strong> in a Failover Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99<br />
SSL and the <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100<br />
Setting Up SSL Between the <strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong> Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100<br />
Setting Up SSL Between the <strong>Security</strong> <strong>Manager</strong> and an LDAP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104<br />
Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> v
Contents<br />
vi<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Preface.fm February 9, 2005<br />
Preface<br />
This guide describes how to install, administer, and use <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong>. The following chapters<br />
and appendices describe each functional area, and task-oriented examples are provided to assist users and<br />
administrators in configuring and using the application.<br />
This preface contains the following sections:<br />
• Audience on page 2<br />
About the <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> on page 3<br />
Associated Publications on page 4<br />
Typographical Notation on page 5<br />
Operating System Considerations on page 8<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 1
Preface<br />
Audience<br />
2<br />
This guide is intended for administrators who are responsible for setting up and running <strong>Netcool</strong>/Impact,<br />
<strong>Netcool</strong>/RAD, and other applications that use the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong><br />
About the <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong><br />
About the <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong><br />
This book is organized as follows:<br />
Chapter 1: Introduction on page 9. This chapter contains overview information about the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong>.<br />
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong> on page 21. This chapter contains instructions on setting<br />
up the <strong>Security</strong> <strong>Manager</strong>, including installing and licensing the <strong>Security</strong> <strong>Manager</strong> and<br />
troubleshooting the installation.<br />
Chapter 3: Getting Started on page 35. This chapter contains instructions on getting started with the<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, including starting and stopping it and using the GUI.<br />
Chapter 4: Working with Domains on page 47. This chapter contains instructions on working with<br />
domains, including viewing, creating, editing, and deleting them.<br />
Chapter 5: Working with Users on page 55. This chapter contains instructions on working with users,<br />
including viewing, creating, editing, and deleting them.<br />
Chapter 7: Working with Groups on page 73. This chapter contains instructions on working with<br />
groups, including viewing, creating, editing, and deleting them. It also explains how to set up default<br />
groups.<br />
Chapter 6: Working with Roles on page 67. This chapter contains instructions on working with roles,<br />
including viewing them and assigning them to users and groups.<br />
Chapter 8: External Authentication on page 83. This chapter contains instructions on setting up<br />
external authentication.<br />
Appendix A: Supplementary Information on page 93. This appendix contains supplementary<br />
information about the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, including information about setting refresh<br />
intervals, port usage, failover, and backing up the database.<br />
3
Preface<br />
Associated Publications<br />
4<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> provides the following additional documentation:<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Online Help<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Release Notes<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> Online Help<br />
This online help system provides information on using the <strong>Security</strong> <strong>Manager</strong> GUI. It contains conceptual<br />
information about the software and instructions on working with domains, roles, users, and groups. It also<br />
contains information on setting up external authentication.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> Release Notes<br />
This guide contains information on new and updated features in this release of the <strong>Security</strong> <strong>Manager</strong>. It also<br />
contains information on known issues with the product.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Typographical Notation<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong><br />
Typographical Notation<br />
Table 1 shows the typographical notation and conventions used to describe commands, SQL syntax, and<br />
graphical user interface (GUI) features. This notation is used throughout this book and other <strong>Netcool</strong> ®<br />
publications.<br />
Table 1: Typographical Notation and Conventions (1 of 2)<br />
Example Description<br />
Monospace The following are described in a monospace font:<br />
Commands and command line options<br />
Screen representations<br />
Source code<br />
Object names<br />
Program names<br />
SQL syntax elements<br />
File, path, and directory names<br />
Italicized monospace text indicates a variable that the user must populate. For example, -password<br />
password.<br />
Bold The following application characteristics are described in a bold font style:<br />
Buttons<br />
Frames<br />
Text fields<br />
Menu entries<br />
A bold arrow symbol indicates a menu entry selection. For example, File→Save.<br />
Italic The following are described in an italic font style:<br />
An application window name; for example, the Login window<br />
Information that the user must enter<br />
The introduction of a new term or definition<br />
Emphasized text<br />
5
Preface<br />
6<br />
Table 1: Typographical Notation and Conventions (2 of 2)<br />
Example Description<br />
[1] Code or command examples are occasionally prefixed with a line number in square brackets. For<br />
example:<br />
[1] First command...<br />
[2] Second command...<br />
[3] Third command...<br />
{ a | b } In SQL syntax notation, curly brackets enclose two or more required alternative choices, separated by<br />
vertical bars.<br />
[ ] In SQL syntax notation, square brackets indicate an optional element or clause. Multiple elements or<br />
clauses are separated by vertical bars.<br />
| In SQL syntax notation, vertical bars separate two or more alternative syntax elements.<br />
... In SQL syntax notation, ellipses indicate that the preceding element can be repeated. The repetition is<br />
unlimited unless otherwise indicated.<br />
,... In SQL syntax notation, ellipses preceded by a comma indicate that the preceding element can be<br />
repeated, with each repeated element separated from the last by a comma. The repetition is unlimited<br />
unless otherwise indicated.<br />
a In SQL syntax notation, an underlined element indicates a default option.<br />
( ) In SQL syntax notation, parentheses appearing within the statement syntax are part of the syntax and<br />
should be typed as shown unless otherwise indicated.<br />
Many <strong>Netcool</strong> commands have one or more command line options that can be specified following a hyphen<br />
(-).<br />
Command line options can be string, integer, or BOOLEAN types:<br />
A string can contain alphanumeric characters. If the string has spaces in it, enclose it in quotation<br />
(") marks.<br />
An integer must contain a positive whole number or zero (0).<br />
A BOOLEAN must be set to TRUE or FALSE.<br />
SQL keywords are not case-sensitive, and may appear in uppercase, lowercase, or mixed case. Names of<br />
ObjectServer objects and identifiers are case-sensitive.<br />
Note, Tip, and Warning Information<br />
The following types of information boxes are used in the documentation:<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
!<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong><br />
Typographical Notation<br />
Note: Note is used for extra information about the feature or operation that is being described. Essentially,<br />
this is for extra data that is important but not vital to the user.<br />
Tip: Tip is used for additional information that might be useful for the user. For example, when describing<br />
an installation process, there might be a shortcut that could be used instead of following the standard<br />
installation instructions.<br />
Warning: Warning is used for highlighting vital instructions, cautions, or critical information. Pay close<br />
attention to warnings, as they contain information that is vital to the successful use of our products.<br />
Syntax and Example Subheadings<br />
The following types of constrained subheading are used in the documentation:<br />
Syntax<br />
Syntax subheadings contain examples of ObjectServer SQL syntax commands and their usage. For example:<br />
CREATE DATABASE database_name;<br />
Example<br />
Example subheadings describe typical or generic scenarios, or samples of code. For example:<br />
[1] <br />
[2] <br />
[6] <br />
7
Preface<br />
Operating System Considerations<br />
8<br />
All command line formats and examples are for the standard UNIX shell. UNIX is case-sensitive. You must<br />
type commands in the case shown in the book.<br />
Unless otherwise specified, command files are located in the $OMNIHOME/bin directory, where<br />
$OMNIHOME is the UNIX environment variable that contains the path to the <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong><br />
home directory.<br />
On Microsoft Windows platforms, replace $OMNIHOME with %OMNIHOME% and the forward slash (/)<br />
with a backward slash (\).<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
01_Introduction.fm February 9, 2005 5:21 pm<br />
Chapter 1: Introduction<br />
This chapter contains an introduction to the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong>.<br />
It contains the following sections:<br />
About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 10<br />
System Requirements on page 13<br />
<strong>Security</strong> <strong>Manager</strong> Components on page 15<br />
Authentication Architecture on page 16<br />
Authentication Model on page 17<br />
Authentication Types on page 19<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 9
Chapter 1: Introduction<br />
1.1 About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
This section contains overview information about the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following topics:<br />
What Is the <strong>Security</strong> <strong>Manager</strong>?<br />
How Do I Set Up the <strong>Security</strong> <strong>Manager</strong>?<br />
How Do I License the <strong>Security</strong> <strong>Manager</strong>?<br />
How Do I Run the <strong>Security</strong> <strong>Manager</strong>?<br />
Can I Run the <strong>Security</strong> <strong>Manager</strong> Under Process Control?<br />
How Do I Administer the <strong>Security</strong> <strong>Manager</strong>?<br />
What Is the <strong>Security</strong> <strong>Manager</strong>?<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is a standalone server component that provides user authentication for<br />
applications such as <strong>Netcool</strong>/Impact and <strong>Netcool</strong>/RAD. You must install and configure the <strong>Security</strong><br />
<strong>Manager</strong> before you install these applications. This version of the <strong>Security</strong> <strong>Manager</strong> is compatible with<br />
<strong>Netcool</strong>/Impact 3.1 and <strong>Netcool</strong>/RAD 2.0.<br />
The <strong>Security</strong> <strong>Manager</strong> consists of two sub-components: the <strong>Security</strong> <strong>Manager</strong> server and the <strong>Security</strong><br />
<strong>Manager</strong> database. The server provides the core functionality for the authentication system. The database<br />
stores users and other information used by the server. For more information, see <strong>Security</strong> <strong>Manager</strong><br />
Components on page 15.<br />
The <strong>Security</strong> <strong>Manager</strong> provides an authentication model that consists of users, groups, roles, and domains.<br />
This model allows you to control the access that each user, or group of users, has over different features of<br />
different software products. For more information on the authentication model, see Authentication Model<br />
on page 17.<br />
The <strong>Security</strong> <strong>Manager</strong> allows you to use native authentication, in which account information is stored<br />
locally in the <strong>Security</strong> <strong>Manager</strong> database, or to use account information already defined in a<br />
<strong>Netcool</strong>/OMNIbus ObjectServer, a Network Information Service (NIS), or an LDAP directory. For more<br />
information, see Authentication Types on page 19.<br />
How Do I Set Up the <strong>Security</strong> <strong>Manager</strong>?<br />
Before you set up the <strong>Security</strong> <strong>Manager</strong>, you must first obtain the installation files from the Micromuse<br />
Product CD-ROM or as a download from the Micromuse Support Site. The installation files include the<br />
<strong>Security</strong> <strong>Manager</strong> installer and a README file.<br />
10 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
To install the <strong>Security</strong> <strong>Manager</strong>, you run the installer program and follow the on-screen prompts. The<br />
installer sets all of the required configuration properties. On UNIX platforms, you must set the required<br />
environment variables after installation. The installer creates an installation log that you can view to see if<br />
the process completed successfully.<br />
After you have installed the <strong>Security</strong> <strong>Manager</strong>, you can change the configuration at any time by manually<br />
editing its properties files.<br />
For more information, see Installing the <strong>Security</strong> <strong>Manager</strong> on page 22.<br />
How Do I License the <strong>Security</strong> <strong>Manager</strong>?<br />
The <strong>Security</strong> <strong>Manager</strong> requires a <strong>Security</strong> <strong>Manager</strong> server license. The license server code for the server is<br />
cro_ncsm_server. Unlike version 1.0, this version of the <strong>Security</strong> <strong>Manager</strong> does not require DSA<br />
licenses for the ObjectServer or LDAP authentication.<br />
You must obtain the required license and install it in your license server before running the <strong>Security</strong><br />
<strong>Manager</strong>. When you install the <strong>Security</strong> <strong>Manager</strong>, you specify the host and port for this license server.<br />
For more information, see Licensing the <strong>Security</strong> <strong>Manager</strong> on page 26.<br />
How Do I Run the <strong>Security</strong> <strong>Manager</strong>?<br />
On UNIX platforms, the <strong>Security</strong> <strong>Manager</strong> provides a set of administration scripts that you can use to start<br />
and stop the <strong>Security</strong> <strong>Manager</strong> server. On Windows platforms, you start and stop the <strong>Security</strong> <strong>Manager</strong><br />
using the Windows services administration tools. For more information, see Running the <strong>Security</strong> <strong>Manager</strong><br />
on page 36.<br />
Can I Run the <strong>Security</strong> <strong>Manager</strong> Under Process Control?<br />
You can run the <strong>Security</strong> <strong>Manager</strong> under process control with no special considerations. The <strong>Security</strong><br />
<strong>Manager</strong> runs as a “non-pa aware” application. Previous versions of the security manager required you to<br />
take additional steps in starting and stopping the <strong>Security</strong> <strong>Manager</strong> database, which was a specially<br />
customized version of PostgreSQL. These steps are no longer necessary. You can run the <strong>Security</strong> <strong>Manager</strong><br />
under process control in the same way you run any other application.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 11
Chapter 1: Introduction<br />
How Do I Administer the <strong>Security</strong> <strong>Manager</strong>?<br />
The <strong>Security</strong> <strong>Manager</strong> provides a web-based GUI that you can use to perform all of the required<br />
administration tasks. When used with <strong>Netcool</strong>/RAD, this GUI runs in standalone mode. When used with<br />
<strong>Netcool</strong>/Impact, it runs as an application instance in the <strong>Netcool</strong> GUI Server. The <strong>Security</strong> <strong>Manager</strong> GUI<br />
allows you to manage all aspects of user authentication.<br />
For more information, see The <strong>Security</strong> <strong>Manager</strong> GUI on page 39.<br />
12 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
<strong>1.2</strong> System Requirements<br />
System Requirements<br />
Make sure that the target system fulfills the following requirements before installing the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong>.<br />
Operating Systems<br />
The <strong>Security</strong> <strong>Manager</strong> is supported on the following operating systems:<br />
Sun Microsystems Solaris 7, 8, and 9<br />
Red Hat Linux 9.0 and Enterprise Server 3.0<br />
Microsoft Windows 2000 Server, Windows XP and Windows 2003 Server<br />
<strong>IBM</strong> AIX 5L (5.1 and 5.2)<br />
Hewlett-Packard HP-UX 11.11<br />
Note: If you intend to install the <strong>Security</strong> <strong>Manager</strong> on a Linux platform, Micromuse recommends that you<br />
use Red Hat Enterprise Server 3.0. Red Hat no longer officially supports version 9.0.<br />
Java Support<br />
The <strong>Security</strong> <strong>Manager</strong> uses version 1.4.2 of the Java Runtime Environment (JRE). The JRE is installed<br />
automatically when you install the <strong>Security</strong> <strong>Manager</strong>. You do not need to install the JRE separately or<br />
configure the <strong>Security</strong> <strong>Manager</strong> to use the appropriate JRE installation.<br />
ObjectServer Support<br />
The <strong>Security</strong> <strong>Manager</strong> requires an instance of the <strong>Netcool</strong>/OMNIbus ObjectServer. The <strong>Security</strong> <strong>Manager</strong><br />
is compatible with versions 3.5, 3.6, and v7.<br />
License Server Support<br />
The <strong>Security</strong> <strong>Manager</strong> is compatible with the <strong>Netcool</strong> Common License Server version 1.0b21 and later.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 13
Chapter 1: Introduction<br />
Web Browser Support<br />
The <strong>Netcool</strong>/Impact GUI runs on the following web browsers:<br />
Microsoft Internet Explorer 5.5 and later<br />
Netscape 6 and later<br />
Mozilla 1.7 and later<br />
Hardware Support<br />
Hardware requirements for the <strong>Security</strong> <strong>Manager</strong> vary depending on your environment. For<br />
recommendations on hardware sizing for the <strong>Security</strong> <strong>Manager</strong>, contact your Micromuse account manager<br />
or Micromuse Technical Support.<br />
Exceed Limitations<br />
Micromuse does not recommend the use of Hummingbird Exceed with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
installer program. Under some conditions, the license agreement text displayed by the installer program is<br />
not legible when viewed inside Exceed. You must read the full text of the license agreement and accept the<br />
terms of the agreement before installing this software.<br />
14 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
1.3 <strong>Security</strong> <strong>Manager</strong> Components<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> consists of the following sub-components:<br />
<strong>Security</strong> <strong>Manager</strong> server<br />
<strong>Security</strong> <strong>Manager</strong> database<br />
<strong>Security</strong> <strong>Manager</strong> Server<br />
<strong>Security</strong> <strong>Manager</strong> Components<br />
The <strong>Security</strong> <strong>Manager</strong> server provides the core functionality for the authentication system. During runtime,<br />
it performs authentication for <strong>Netcool</strong> applications using account information stored in the <strong>Security</strong><br />
<strong>Manager</strong> database. It also serves the <strong>Security</strong> <strong>Manager</strong> GUI, which is a web-based GUI that you can use to<br />
manage users, groups, roles, and domains.<br />
On UNIX platforms, the <strong>Security</strong> <strong>Manager</strong> server is a runnable application that you start and stop from the<br />
command line using the server administration scripts. On Windows platforms, the server is a Windows<br />
service named <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> that you start and stop using the Windows Services<br />
<strong>Administration</strong> tools.<br />
<strong>Security</strong> <strong>Manager</strong> Database<br />
The <strong>Security</strong> <strong>Manager</strong> database stores users and other information used by the <strong>Security</strong> <strong>Manager</strong> server. The<br />
database is an embedded instance of Hypersonic SQL that has been customized and prepared for use with<br />
the <strong>Security</strong> <strong>Manager</strong>. The <strong>Security</strong> <strong>Manager</strong> uses Hypersonic SQL 1.7.2.<br />
You do not need to install this database separately or start or stop it independently of the <strong>Security</strong> <strong>Manager</strong><br />
server. For more information on Hypersonic SQL, see the software home page at<br />
http://hsqldb.sourceforge.net/.<br />
Unlike previous versions, the <strong>Security</strong> <strong>Manager</strong> does not use an instance of the PostgreSQL database.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 15
Chapter 1: Introduction<br />
1.4 Authentication Architecture<br />
The following figure shows the relationship between <strong>Netcool</strong> applications, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
and authentication sources.<br />
<strong>Netcool</strong> Applications Authentication<br />
Sources<br />
<strong>Netcool</strong>/<br />
RAD<br />
<strong>Netcool</strong>/<br />
Impact<br />
Other<br />
<strong>Netcool</strong><br />
Applications<br />
Figure 1: Authentication Architecture<br />
<strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong><br />
<strong>Security</strong><br />
<strong>Manager</strong><br />
Server<br />
<strong>Security</strong><br />
<strong>Manager</strong><br />
Database<br />
<strong>Netcool</strong>/<br />
OMNIbus<br />
ObjectServer<br />
NIS<br />
Server<br />
LDAP<br />
Directory<br />
Server<br />
16 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
1.5 Authentication Model<br />
Domains<br />
Users<br />
Groups<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> authentication model consists of the following components:<br />
Domains<br />
Users<br />
Groups<br />
Roles<br />
Authentication Model<br />
Domains are sets of users and groups that represent a product or collection of products that share the same<br />
real-world users and access privileges.<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to view, create, edit, and delete domains. All Micromuse products<br />
use a domain named Micromuse <strong>Netcool</strong> Applications. You do not need to create a new<br />
domain for use with <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> or other products in the <strong>Netcool</strong> suite.<br />
Users are real-world users in your environment. You should create one user for each real-world user that<br />
requires access to a domain protected by the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
The <strong>Security</strong> <strong>Manager</strong> provides three default users, root, admin, and guest, that you can use to<br />
perform initial setup tasks. The admin user is a native authentication user with administration privileges<br />
for the <strong>Security</strong> <strong>Manager</strong>. The root user is an ObjectServer authentication user that also has administration<br />
privileges. The password for the admin user is an empty string. The password for the root user is defined<br />
in the ObjectServer.<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to view, create, edit, and delete native authentication users. External<br />
authentication users are automatically imported into the <strong>Security</strong> <strong>Manager</strong> database the first time users log<br />
in.<br />
Groups are real-world groups of users that share the same set of access privileges. You can create custom<br />
groups or use the default groups provided by the <strong>Security</strong> <strong>Manager</strong>. Some applications, such as<br />
<strong>Netcool</strong>/Impact and <strong>Netcool</strong>/RAD, create custom groups and add them to the <strong>Security</strong> <strong>Manager</strong> database.<br />
Possible examples of custom groups are Administrators, Operators and Remote_Users.<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to view, create, edit, and delete groups.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 17
Chapter 1: Introduction<br />
Roles<br />
The following table shows the default groups provided by the <strong>Security</strong> <strong>Manager</strong>:<br />
Table 2: <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Default Groups<br />
Group Name Description<br />
All Domain Users Virtual group that contains all users in a particular domain.<br />
Administrator Group for users who require read and write access to <strong>Security</strong> <strong>Manager</strong> domains,<br />
users, and groups.<br />
ReadOnlyUser Sample user group that demonstrates users, groups, and roles.<br />
Roles are sets of access privileges that can be assigned to a user or a group. Roles are installed automatically<br />
by applications that use the <strong>Security</strong> <strong>Manager</strong>, such as <strong>Netcool</strong>/Impact and <strong>Netcool</strong>/RAD. Unlike users and<br />
groups, roles are independent of domains. You can use a single role across more than one domain, if<br />
necessary. You cannot create, edit or delete roles using the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
18 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
1.6 Authentication Types<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports the following authentication types:<br />
ObjectServer authentication<br />
NIS authentication<br />
LDAP authentication<br />
Native authentication<br />
Authentication Types<br />
Version 1.0 of the <strong>Security</strong> <strong>Manager</strong> only allowed you to use a single type of external authentication<br />
(ObjectServer, NIS, or LDAP) at one time. This version allows you to use multiple types simultaneously.<br />
ObjectServer Authentication<br />
ObjectServer authentication is a scheme in which users and groups are stored in a <strong>Netcool</strong>/OMNIbus<br />
ObjectServer. This information is accessed in real time from the ObjectServer when the <strong>Security</strong> <strong>Manager</strong><br />
authenticates a user. The <strong>Security</strong> <strong>Manager</strong> supports ObjectServer versions 3.4, 3.4.1, 3.5, 3.6, and v7.<br />
You can use ObjectServer authentication immediately upon installation of the <strong>Security</strong> <strong>Manager</strong>. No<br />
additional configuration is required.<br />
Note: In this version of the <strong>Security</strong> <strong>Manager</strong>, ObjectServer authentication is the default authentication<br />
scheme. In version 1.0, native authentication was the default. You are required to configure the <strong>Security</strong><br />
<strong>Manager</strong> to work with an existing ObjectServer at installation.<br />
NIS Authentication<br />
NIS authentication is a scheme in which users and groups are derived from user information defined in a<br />
Network Information Service (NIS). This information is accessed in real time from the NIS when the<br />
<strong>Security</strong> <strong>Manager</strong> authenticates a user. The <strong>Security</strong> <strong>Manager</strong> supports NIS version 2. NIS+ is not<br />
supported.<br />
For more information, see Setting Up NIS Authentication on page 85.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 19
Chapter 1: Introduction<br />
LDAP Authentication<br />
LDAP authentication is a scheme in which users and groups are stored in an Lightweight Directory Access<br />
Protocol (LDAP) server. This information is accessed in real time from the LDAP authentication source<br />
when the <strong>Security</strong> <strong>Manager</strong> authenticates a user. The <strong>Security</strong> <strong>Manager</strong> supports versions 2 and 3 of the<br />
LDAP protocol.<br />
For more information, see Setting Up LDAP Authentication on page 89.<br />
Native Authentication<br />
Native authentication is a scheme in which users are created and stored in the <strong>Security</strong> <strong>Manager</strong> database.<br />
Native authentication does not require an external authentication source, such as NIS or a<br />
<strong>Netcool</strong>/OMNIbus ObjectServer, in order to manage users and access permissions.<br />
20 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
02_Setting_Up.fm February 9, 2005 5:21 pm<br />
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
This chapter contains instructions on setting up the <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following sections:<br />
Installing the <strong>Security</strong> <strong>Manager</strong> on page 22<br />
Licensing the <strong>Security</strong> <strong>Manager</strong> on page 26<br />
Upgrading the <strong>Security</strong> <strong>Manager</strong> on page 28<br />
Troubleshooting Installation Problems on page 33<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 21
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
2.1 Installing the <strong>Security</strong> <strong>Manager</strong><br />
To install the <strong>Security</strong> <strong>Manager</strong>, you do the following:<br />
Run the <strong>Security</strong> <strong>Manager</strong> installer<br />
Set the NCSM_HOME environment variable (UNIX only)<br />
Synchronize users (optional)<br />
After you have finished installing the <strong>Security</strong> <strong>Manager</strong>, you can read the installation log to verify that the<br />
software has been installed correctly, or to troubleshoot installation errors.<br />
Running the Installer<br />
The <strong>Security</strong> <strong>Manager</strong> installer copies the program files to the target system and sets the minimum required<br />
configuration properties.<br />
Note: You can run the <strong>Security</strong> <strong>Manager</strong> GUI as an application instance in the <strong>Netcool</strong> GUI Server or in<br />
standalone mode. If you want to run the GUI as an application instance in the GUI server, you must answer<br />
Yes when asked by the installer if you want to use an application registry. You must also provide the<br />
hostname of the system where the GUI server is installed and other configuration information related to the<br />
GUI server application registry. If you want to run the GUI in standalone mode, answer, No when asked by<br />
the installer about the application registry.<br />
The <strong>Security</strong> <strong>Manager</strong> installer prompts you for the following information:<br />
Table 3: <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Installation Prompts (1 of 2)<br />
Prompt Description<br />
Installation directory Directory where you want to install the <strong>Security</strong> <strong>Manager</strong>. The default is<br />
/opt/netcool/security on UNIX platforms and<br />
C:\Program Files\<strong>Netcool</strong>\<strong>Security</strong> on Windows.<br />
HTTP listener port Port used by the <strong>Security</strong> <strong>Manager</strong> when listening to SOAP calls from the <strong>Netcool</strong><br />
GUI Server. The default is 8077. This is the same port number you specify when<br />
you install the GUI Server.<br />
Server port Port used by the <strong>Security</strong> <strong>Manager</strong> server. The default is 1275.<br />
Database port Port used by the <strong>Security</strong> <strong>Manager</strong> database. The default is 5600.<br />
ObjectServer host Name of the system where the ObjectServer used for authentication is running. The<br />
local system is the default.<br />
22 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Table 3: <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Installation Prompts (2 of 2)<br />
Prompt Description<br />
ObjectServer port Port used by the ObjectServer. The default is 4100.<br />
Running the Installer on UNIX Platforms<br />
Installing the <strong>Security</strong> <strong>Manager</strong><br />
ObjectServer user Default ObjectServer user. The <strong>Security</strong> <strong>Manager</strong> uses this user to perform queries<br />
on the ObjectServer. Default is root.<br />
ObjectServer password Password for the ObjectServer user.<br />
Use application registry? If you want to run the <strong>Security</strong> <strong>Manager</strong> GUI as an application instance in the<br />
<strong>Netcool</strong> GUI Server, answer yes.<br />
Registry name Name used to identify the <strong>Security</strong> <strong>Manager</strong> in the application registry.<br />
Registry host Hostname or IP address of the system where the application registry is located. In<br />
most cases, this is the system where the <strong>Netcool</strong> GUI Server is installed.<br />
Registry port Port used by the application registry. The default is 8080.<br />
Registry location Path where the application registry is located. If you are using the application<br />
registry that is installed with the <strong>Netcool</strong> GUI server, the default is<br />
/registry/services.<br />
Registry username Name of the registry administration user. If you are using the application registry<br />
that is installed with the <strong>Netcool</strong> GUI server, the default is admin.<br />
Registry password Password for the registry admin user. If you are using the application registry that is<br />
installed with the <strong>Netcool</strong> GUI server, the default is netcool.<br />
License server host Hostname or IP address of the license server to be used by the <strong>Security</strong> <strong>Manager</strong>.<br />
Default is localhost.<br />
License server port Port of the license server to be used by the <strong>Security</strong> <strong>Manager</strong>. The default is 27000.<br />
On UNIX platforms, the installer is named security.bin and is located in the arch/VM directory of<br />
the <strong>Security</strong> <strong>Manager</strong> tar file, where arch is the name of the operating system.<br />
You can run the installer in GUI mode or in console mode. In GUI mode, the installer presents a series of<br />
graphical dialog boxes that guide you through the installation process. In console mode, the installer<br />
prompts you for required information from the command line. If you are installing the <strong>Security</strong> <strong>Manager</strong><br />
remotely using telnet or another command line application, you must run the installer in console mode.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 23
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
Note: Micromuse recommends that you run the installer in console mode on versions of Linux other than<br />
Red Hat 9. Some default configurations of Linux do not have the operating system packages required to<br />
support a GUI mode installation.<br />
You cannot run the installer as user root. You can run the installer as any other user that has read, write,<br />
and execute permissions to the target directory on the system.<br />
To run the <strong>Security</strong> <strong>Manager</strong> installer:<br />
1. At a command line prompt, change the current directory to the path where the installer is located.<br />
2. To run the installer in GUI mode, enter the following:<br />
./security.bin<br />
To run the installer in console mode, enter the following:<br />
./security.bin -i console<br />
3. Follow the on-screen prompts.<br />
Running the Installer on Windows Platforms<br />
On Windows platforms, the installer is named security.exe and is located in the root-level directory<br />
of the <strong>Security</strong> <strong>Manager</strong> zip file. The installer presents a series of graphical dialog boxes that guide you<br />
through the installation process.<br />
1. Extract the contents of the <strong>Security</strong> <strong>Manager</strong> zip file to a temporary directory.<br />
2. Open the temporary directory in Windows Explorer.<br />
3. Double-click the security.exe icon to launch the installer.<br />
4. Follow the on-screen prompts.<br />
Setting the NCSM_HOME Environment Variable<br />
On UNIX platforms, you must set the NCSM_HOME environment variable to the directory where you<br />
installed the <strong>Security</strong> <strong>Manager</strong>. By default, this directory is<br />
/opt/netcool/security.<br />
24 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
The following example shows how to set NCSM_HOME using sh or bash:<br />
NCSM_HOME=/opt/netcool/security; export NCSM_HOME<br />
The following example shows how to set NCSM_HOME using csh:<br />
setenv NCSM_HOME /opt/netcool/security<br />
Synchronizing Users<br />
Installing the <strong>Security</strong> <strong>Manager</strong><br />
The <strong>Security</strong> <strong>Manager</strong> provides a script that you can use to synchronize users between the ObjectServer (or<br />
any other external authentication source) and the <strong>Security</strong> <strong>Manager</strong> database.<br />
You can run this tool after installation in order to import external users and perform initial setup tasks that<br />
you require, such as assigning user roles and organizing users by groups. Using the synchronization script is<br />
an optional step.<br />
The synchronization script is named ncsm_syncusers and is located in the<br />
$NCSM_HOME/bin directory. For more information on this script, see Synchronizing Users on page 92.<br />
Reading the Installation Log<br />
The <strong>Security</strong> <strong>Manager</strong> installation log is named<br />
<strong>Netcool</strong>_<strong>Security</strong>_<strong>Manager</strong>_Install_Log.log and is located in the $NCSM_HOME<br />
directory. The installation log contains runtime messages generated during the installation process. You can<br />
use this log to verify that you have installed the <strong>Security</strong> <strong>Manager</strong> successfully. You can also use it to<br />
troubleshoot installation problems.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 25
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
2.2 Licensing the <strong>Security</strong> <strong>Manager</strong><br />
This section contains information on licensing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains information on:<br />
Licensing requirements<br />
Configuring licensing<br />
Quorum licensing<br />
Licensing Requirements<br />
The <strong>Security</strong> <strong>Manager</strong> requires a <strong>Security</strong> <strong>Manager</strong> server license. The license server code for the server is<br />
cro_ncsm_server. Unlike version 1.0, this version of the <strong>Security</strong> <strong>Manager</strong> does not require DSA<br />
licenses for the ObjectServer, LDAP or PostgreSQL.<br />
You must obtain the required license and install it in your license server before running the <strong>Security</strong><br />
<strong>Manager</strong>. When you install the <strong>Security</strong> <strong>Manager</strong>, you specify the host and port for this license server.<br />
Configuring Licensing<br />
Licensing properties are located in the license properties file. This file is named<br />
license.props and is located in the $NCSM_HOME/etc directory. The licensing properties are set<br />
automatically when you install the <strong>Security</strong> <strong>Manager</strong>. However, you can manually edit the license properties<br />
file at any time to change the configuration. If you manually edit the properties file, you must stop and<br />
restart the <strong>Security</strong> <strong>Manager</strong> before the change takes effect.<br />
The following table shows the license properties for the <strong>Security</strong> <strong>Manager</strong>:<br />
Table 4: <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> License Properties<br />
Property Description<br />
license.server.host Hostname or IP address of the license server to be used by the <strong>Security</strong> <strong>Manager</strong>. Default<br />
is localhost.<br />
license.server.port Port of the license server to be used by the <strong>Security</strong> <strong>Manager</strong>. Default is 27000.<br />
Quorum Licensing<br />
To use the <strong>Security</strong> <strong>Manager</strong> with a quorum licensing configuration, you must manually edit the contents<br />
of the license properties file so that it contains the hostnames and port numbers of the License Server<br />
instances.<br />
26 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
To edit the license properties file:<br />
1. Remove all properties currently defined in the file. This includes the<br />
impact.license.host and impact.license.port properties.<br />
2. Add the following property to the file:<br />
impact.license.server=port@host_01,port@host_02,port@host_03<br />
Licensing the <strong>Security</strong> <strong>Manager</strong><br />
where host_01, host_02 and host_03 are the primary, secondary and tertiary instances of the<br />
License Server and port is the port number used by the servers (by default, 27000). You must specify<br />
the License Servers in the order that they appear in the license file.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 27
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
2.3 Upgrading the <strong>Security</strong> <strong>Manager</strong><br />
Micromuse provides a set of packages that allow you to upgrade the <strong>Security</strong> <strong>Manager</strong> from versions 1.0 and<br />
1.1 to version <strong>1.2</strong>. You must obtain these packages from Micromuse separately from the main <strong>Security</strong><br />
<strong>Manager</strong> installer.<br />
Upgrading on UNIX Platforms<br />
To upgrade the <strong>Security</strong> <strong>Manager</strong> on UNIX platforms, follow the instructions below:<br />
1. Shut down the 1.0 or 1.1 version of the <strong>Security</strong> <strong>Manager</strong> server and database.<br />
2. Install <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> in a new directory on the target system, following the instructions in<br />
Installing the <strong>Security</strong> <strong>Manager</strong> on page 22.<br />
Note: Do not overwrite the previous <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> version.<br />
3. Log into to <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> to ensure that it was installed successfully.<br />
4. Shut down the <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> server and database.<br />
5. To set the NCSM_HOME environment variable, follow the instructions in Setting the NCSM_HOME<br />
Environment Variable on page 24.<br />
6. Change directories to NCSM_HOME.<br />
28 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
7. Start the Database <strong>Manager</strong> utility using the following command:<br />
Upgrading the <strong>Security</strong> <strong>Manager</strong><br />
$NCSM_HOME/platform//j2re/bin/java -cp lib3p/ncsm3p2004Aug24.jar<br />
org.hsqldb.util.Database<strong>Manager</strong> -url jdbc:hsqldb:db/security<br />
Figure 2: Data <strong>Manager</strong> GUI<br />
8. Enter the following SQL query in the text box, as shown in Figure 2:<br />
SHUTDOWN SCRIPT<br />
9. Click the Execute button.<br />
10. Select File→Exit from the toolbar to exit the GUI.<br />
You are now ready to run the upgrade operation.<br />
1. Obtain the uppgrade tar file from Micromuse and extract its contents to a temporary directory. The<br />
name of the file is either ncsm10To12Upgrade.tar or ncsm11To12Upgrade.tar.<br />
2. Using either tsch or csh, run the upgrade script and follow the on-screen prompts. The hame of<br />
the upgrade script is either upgrade10To12 or upgrade11To12.<br />
Note: Make sure that no version of <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is running when you run the upgrade<br />
script.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 29
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
After you upgrade, you can configure your <strong>Netcool</strong> applications to use the new version of the <strong>Security</strong><br />
<strong>Manager</strong>, as required.<br />
Upgrading on Windows Platforms<br />
To upgrade <strong>Security</strong> <strong>Manager</strong> 1.0 or 1.1 to <strong>1.2</strong> on Windows platforms, follow the instructions below:<br />
1. From the Control Panel, select Administrative Tools→Services.<br />
2. In the Services window, select the 1.0 or 1.1 version of the <strong>Security</strong> <strong>Manager</strong> server and click the<br />
Shutdown button. Do not shut down the <strong>Security</strong> <strong>Manager</strong> Database server at this point. You need<br />
to back up this database before you install <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong>.<br />
3. In NCSM_HOME\platform\win32\pgsql\bin, type the following command to back up<br />
your database:.<br />
pg_dump D -a -h localhost -p SMdatabaseport security ><br />
c:\tempdirectory\backupfilename.<br />
where:<br />
– SMdatabaseport is the port used by the <strong>Security</strong> <strong>Manager</strong> server.<br />
– tempdirectory is the directory where you stored your database backup file.<br />
– backupfilename is the name of your backupfile.<br />
4. In the Services window, shut down your <strong>Security</strong> <strong>Manager</strong> 1.0 or 1.1 database.<br />
5. Uninstall <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.0 or 1.1.<br />
6. Install <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> in a new directory on the target system, following the instructions in<br />
Running the Installer on Windows Platforms on page 24.<br />
7. Log on to <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> to ensure it was installed successfully.<br />
8. Shut down the <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> server.<br />
30 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Upgrading the <strong>Security</strong> <strong>Manager</strong><br />
9. Change directories to $NCSM_HOME and type the following command to open the Database<br />
<strong>Manager</strong> GUI:<br />
platform\win32\j2re\bin\java -cp lib3p\ncsm3p2004Aug24.jar<br />
org.hsqldb.util.Database<strong>Manager</strong> -url jdbc:hsqldb:db/security<br />
Figure 3: Database <strong>Manager</strong> GUI<br />
10. Enter the following SQL query in the text box, as shown in Figure 3:<br />
SHUTDOWN SCRIPT<br />
11. Click the Execute button.<br />
12. Select File→Exit from the toolbar to exit the GUI.<br />
You are now ready to run the upgrade operation.<br />
1. Obtain the upgrade zip file from Micromuse and extract its contents to a temporary directory. The<br />
name of this zip file is either ncsm10To12Upgrade.zip or ncsm11To12Upgrade.zip.<br />
2. Unzip the file.<br />
You now need to copy your backup database file from your temporary direcotry to netcool <strong>Security</strong><br />
<strong>Manager</strong> <strong>1.2</strong>.<br />
3. In a text editor, create a new file called SM12DBData.<br />
4. Copy all the insert statements from the backup database file into this new file.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 31
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
5. Change to the directory where you stored your upgrade file.<br />
6. Enter the following commands:<br />
type schema.12 backupfilename > SM12DBData<br />
cp SM12DBData C:\SM<strong>1.2</strong> NCSM_HOME\db\security.script<br />
7. Now that you have saved your database to <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> you should delete the<br />
following files from C:\SM1.1$\NCSM_HOME\db\:<br />
– security.backup<br />
– security.data<br />
– security.lck<br />
– security.log<br />
8. Start your <strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> server.<br />
After you upgrade, you can configure your <strong>Netcool</strong> applications that used <strong>Security</strong> <strong>Manager</strong> 1.0 or 1.1 to<br />
use the new version of the <strong>Security</strong> <strong>Manager</strong>, as required.<br />
32 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
2.4 Troubleshooting Installation Problems<br />
Troubleshooting Installation Problems<br />
Micromuse recommends that you check the following when troubleshooting an installation:<br />
ObjectServer authentication<br />
Windows user password<br />
ObjectServer Authentication<br />
This version of the <strong>Security</strong> <strong>Manager</strong> requires access to an instance of the <strong>Netcool</strong>/OMNIbus ObjectServer<br />
in order to work.<br />
During installation, the installer prompts you for the hostname and port of this ObjectServer. The installer<br />
also prompts you for the name of an ObjectServer user with root-level access privileges (for example, the<br />
root user) and the corresponding password. This information must be correct in order for the <strong>Security</strong><br />
<strong>Manager</strong> to operate successfully.<br />
If you are having problems with the initial login to the <strong>Security</strong> <strong>Manager</strong>, check the ObjectServer-related<br />
configuration properties in the server properties file to make sure that they are specified correctly. The file<br />
is named smParentType_NCOMS.type and it is stored in the $NCSM_HOME/etc directory.<br />
Windows User Password<br />
At install, the Windows version of the <strong>Security</strong> <strong>Manager</strong> installer prompts you for the password of the user<br />
currently logged into the system. If you do not supply the correct password, the <strong>Security</strong> <strong>Manager</strong> will not<br />
operate successfully. You can check the password setting by looking at the <strong>Security</strong> <strong>Manager</strong> database<br />
properties using the Windows services administration tools.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 33
Chapter 2: Setting Up the <strong>Security</strong> <strong>Manager</strong><br />
34 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
03_Getting_Started.fm February 9, 2005 5:21 pm<br />
Chapter 3: Getting Started<br />
This chapter contains instructions on getting started with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following topics:<br />
Running the <strong>Security</strong> <strong>Manager</strong> on page 36<br />
Logging into the <strong>Security</strong> <strong>Manager</strong> GUI on page 38<br />
The <strong>Security</strong> <strong>Manager</strong> GUI on page 39<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 35
Chapter 3: Getting Started<br />
3.1 Running the <strong>Security</strong> <strong>Manager</strong><br />
On UNIX platforms, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> provides a set of administration scripts that you can use<br />
to start and stop the software components. On Windows platforms, you use the Windows services<br />
administration tools.<br />
Note: In previous versions of the <strong>Security</strong> <strong>Manager</strong>, you were required to start and stop the server and<br />
database separately. In this version, the <strong>Security</strong> <strong>Manager</strong> database is started automatically when you start<br />
the server.<br />
Starting the <strong>Security</strong> <strong>Manager</strong> on UNIX<br />
You can start the <strong>Security</strong> <strong>Manager</strong> server and database by running the server startup script. This script is<br />
named ncsm_server and is located in the $NCSM_HOME/bin directory.<br />
To start the <strong>Security</strong> <strong>Manager</strong> server, enter the following at a command prompt:<br />
$NCSM_HOME/bin/ncsm_server<br />
Stopping the <strong>Security</strong> <strong>Manager</strong> on UNIX<br />
You can stop the <strong>Security</strong> <strong>Manager</strong> server and database by running the server shutdown script. This script<br />
is named ncsm_shutdown and is located in the $NCSM_HOME/bin directory.<br />
To stop the <strong>Security</strong> <strong>Manager</strong> server, enter the following at a command prompt:<br />
$NCSM_HOME/bin/ncsm_shutdown<br />
Viewing the <strong>Security</strong> <strong>Manager</strong> Status on UNIX<br />
You can view the status of the <strong>Security</strong> <strong>Manager</strong> server and the <strong>Security</strong> <strong>Manager</strong> database by running the<br />
status script. This script is named ncsm_status and is located in the<br />
$NCSM_HOME/bin directory.<br />
To run the status script, enter the following at a command prompt:<br />
$NCSM_HOME/bin/ncsm_status<br />
The following example shows typical output from the status script:<br />
<strong>Netcool</strong>/<strong>Security</strong><strong>Manager</strong> license server is running (pid= )<br />
<strong>Netcool</strong>/<strong>Security</strong><strong>Manager</strong> database is running (pid=3487 )<br />
<strong>Netcool</strong>/<strong>Security</strong><strong>Manager</strong> Server is running<br />
36 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Starting the <strong>Security</strong> <strong>Manager</strong> on Windows<br />
To start the <strong>Security</strong> <strong>Manager</strong> on Windows platforms:<br />
1. In the Start Menu, select Control Panel →Administrative Tools → Services.<br />
2. In the Services window, right-click on <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and select Start.<br />
Stopping the <strong>Security</strong> <strong>Manager</strong> on Windows<br />
To stop the <strong>Security</strong> <strong>Manager</strong> on Windows platforms:<br />
1. In the Start Menu, select Control Panel → Administrative Tools → Services.<br />
2. In the Services window, right-click on <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and select Stop.<br />
Running the <strong>Security</strong> <strong>Manager</strong><br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 37
Chapter 3: Getting Started<br />
3.2 Logging into the <strong>Security</strong> <strong>Manager</strong> GUI<br />
Before you perform any security administration tasks, you must log into the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
The first time you log into the <strong>Security</strong> <strong>Manager</strong> GUI, you can use the default admin or root users. The<br />
password for the admin user is netcool. The root user is an ObjectServer user whose password is<br />
defined in the ObjectServer database.<br />
To log into the <strong>Security</strong> <strong>Manager</strong> GUI:<br />
1. Start your web browser.<br />
2. Open the URL of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Login page. The URL is in the format<br />
http://hostname:port, where hostname is the name of the system where you installed the<br />
<strong>Netcool</strong> GUI Server and port is the HTTP port. The default URL is<br />
http://localhost:8077.<br />
3. The Login page appears in the web browser.<br />
Figure 4: <strong>Security</strong> <strong>Manager</strong> GUI Login Page<br />
4. Enter a username in the Username field.<br />
5. Enter a password in the Password field.<br />
6. Click Log In.<br />
38 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
3.3 The <strong>Security</strong> <strong>Manager</strong> GUI<br />
The <strong>Security</strong> <strong>Manager</strong> GUI<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> GUI is a web-based graphical user interface that you use to perform security<br />
administration tasks. These tasks include working with domains, users, groups, and roles.<br />
Figure 5 shows the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
Figure 5: <strong>Security</strong> <strong>Manager</strong> GUI<br />
The <strong>Security</strong> <strong>Manager</strong> GUI consists of two frames, the Navigation panel and the Main Work panel.<br />
Navigation Panel<br />
The Navigation panel appears in the left hand side of the <strong>Security</strong> <strong>Manager</strong> GUI. You use this frame to<br />
navigate between security management tasks.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 39
Chapter 3: Getting Started<br />
Figure 6 shows the Navigation panel.<br />
Figure 6: <strong>Security</strong> <strong>Manager</strong> GUI Navigation Panel<br />
The Navigation panel contains two task panes, the Domain and Group task panes.<br />
Domain Task Pane<br />
The Domain task pane contains a list box that lists all of the currently defined domains. It also contains<br />
buttons that allow you to create, edit and delete domains.<br />
Figure 7 shows the Domain task pane.<br />
Figure 7: <strong>Security</strong> <strong>Manager</strong> GUI Domain Task Pane<br />
Group Task Pane<br />
The Group task pane contains a table that lists all of the currently defined groups. It also contains buttons<br />
that allow you to create, edit and delete groups.<br />
40 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Figure 8 shows the Group task pane.<br />
Figure 8: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
Main Work Panel<br />
The Main Work panel appears in the right hand side of the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
Figure 9 shows a typical view of the Main Work panel.<br />
Figure 9: <strong>Security</strong> <strong>Manager</strong> GUI Main Work Panel<br />
The <strong>Security</strong> <strong>Manager</strong> GUI<br />
The Main Work panel is a workspace that provides the space for one or more tabs. Each tab is associated<br />
with a dialog box called an editor. You click on the tab to view an editor. To close an editor, you click the<br />
Close Tab button.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 41
Chapter 3: Getting Started<br />
Figure 10 shows an image of a typical tab.<br />
Figure 10: <strong>Security</strong> <strong>Manager</strong> GUI Main Work Panel Tab<br />
The Main Work panel has the following editors:<br />
Domain Editor<br />
User List Editor<br />
User Editor<br />
Group Editor<br />
Domain Editor<br />
The Domain Editor is the dialog box that you use to create and edit domains. This editor is displayed when<br />
you click the New Domain button in the Domain task pane. It is also displayed when you select a domain<br />
from the Domain task pane and click the Edit Domain button.<br />
42 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Figure 11 shows the Domain Editor as displayed inside the Main Work panel.<br />
Figure 11: <strong>Security</strong> <strong>Manager</strong> GUI Domain Editor<br />
Group Editor<br />
The <strong>Security</strong> <strong>Manager</strong> GUI<br />
The Group Editor is the dialog box that you use to create and edit groups. This editor is displayed when you<br />
click the New Group button in the Group task pane. It is also displayed when you click any Edit Group<br />
button in the task pane.<br />
The Group Editor has two tabs, the Group Properties tab and the Group Roles tab.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 43
Chapter 3: Getting Started<br />
Figure 12 shows the Group Editor as displayed inside the Main Work panel.<br />
Figure 12: <strong>Security</strong> <strong>Manager</strong> GUI Group Editor<br />
User List Editor<br />
The User List Editor is the dialog box that shows the users that belong to a group. This editor is displayed<br />
when you select a group from the Group task pane. You use this editor to create, edit and delete users.<br />
44 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Figure 13 shows the User List Editor as displayed inside the Main Work panel.<br />
Figure 13: <strong>Security</strong> <strong>Manager</strong> GUI User List Editor<br />
User Editor<br />
The <strong>Security</strong> <strong>Manager</strong> GUI<br />
The User Editor is the dialog box that you use to edit users. This editor is displayed when you click the New<br />
User button in the Group Editor. It is also displayed when you select a user from any Group Editor and click<br />
the Edit Group button.<br />
The User Editor has two tabs, the User Details tab and the User Roles tab.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 45
Chapter 3: Getting Started<br />
Figure 14 shows the User Editor as displayed inside the Main Work panel.<br />
Figure 14: <strong>Security</strong> <strong>Manager</strong> GUI User Editor<br />
46 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
04_Domains.fm February 9, 2005 5:21 pm<br />
Chapter 4: Working with Domains<br />
This chapter contains instructions on working with domains.<br />
It contains the following sections:<br />
About Domains on page 48<br />
Viewing Domains on page 49<br />
Creating Domains on page 50<br />
Editing Domains on page 51<br />
Deleting Domains on page 54<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 47
Chapter 4: Working with Domains<br />
4.1 About Domains<br />
Domains are sets of users and groups that represent a product or collection of products and its related users.<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to view, create, edit, and delete domains.<br />
Note: You do not need to create a domain for use with <strong>Netcool</strong>/Impact and <strong>Netcool</strong>/RAD. These products<br />
use the Micromuse <strong>Netcool</strong> Applications domain, which is shipped with the <strong>Security</strong> <strong>Manager</strong><br />
by default.<br />
You can do the following with domains:<br />
View domains<br />
Create domains<br />
Edit domains<br />
Delete domains<br />
48 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
4.2 Viewing Domains<br />
Viewing Domains<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to view currently defined domains. The domains are displayed in<br />
the Domains drop-down list.<br />
To view the currently defined domain:<br />
1. In the Navigation panel, click the Domains list box.<br />
Figure 15: <strong>Security</strong> <strong>Manager</strong> GUI Domain List<br />
The drop-down list contains all of the currently defined domains.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 49
Chapter 4: Working with Domains<br />
4.3 Creating Domains<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to create new domains. You do not need to create domains in order<br />
to manage user authentication for Micromuse products. All Micromuse products use a domain named<br />
Micromuse <strong>Netcool</strong> Applications.<br />
To create a domain:<br />
1. In the Navigation panel, click the New Domain button in the Domain task pane.<br />
Figure 16: <strong>Security</strong> <strong>Manager</strong> GUI Domain Task Pane<br />
Figure 17: <strong>Security</strong> <strong>Manager</strong> GUI New Domain Button<br />
The Domain Editor appears in the Main Work panel.<br />
2. Follow the instructions in the following section to set the domain configuration properties.<br />
3. Click the Save button.<br />
The domain appears in the Domain drop-down list.<br />
50 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
4.4 Editing Domains<br />
Editing Domains<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to edit the configuration properties for a domain. You must edit a<br />
domain when it is created in order to set its required properties, such as the domain name and the session<br />
and password expiration times. You can also edit the domain any other time you need to change its<br />
configuration.<br />
Table 5 shows the configuration properties for a domain.<br />
Table 5: <strong>Security</strong> <strong>Manager</strong> Domain Configuration Properties<br />
Property Description<br />
Domain Name Name for the domain.<br />
External Authentication Policy Used for ObjectServer, NIS, and LDAP authentication.<br />
External Authentication Group Policy Used for ObjectServer, NIS, and LDAP authentication.<br />
External Authentication User Policy Used for ObjectServer, NIS, and LDAP authentication.<br />
Session Expiration Number of minutes of inactivity before login sessions expire in this domain.<br />
Default is 30 minutes. For sessions that never expire, enter 0.<br />
Password Expiration Number of days after creation or reset that passwords automatically expire.<br />
Password Minimum Length Minimum number of characters for passwords. Optional.<br />
Password Maximum Length Maximum number of characters for passwords. Optional.<br />
Forbidden Characters Characters that cannot be used for passwords. Optional.<br />
First Character Requirement for the first character in passwords. Options are No<br />
Restrictions, Must Be a Number and Must Be a Letter.<br />
For more information on setting the configuration properties for external authentication, see<br />
Chapter 8: External Authentication on page 83.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 51
Chapter 4: Working with Domains<br />
To edit a domain:<br />
1. In the Navigation panel, select the domain you want to edit from the Domain list.<br />
Figure 18: <strong>Security</strong> <strong>Manager</strong> GUI Domains List<br />
2. Click the Edit Domain button.<br />
Figure 19: <strong>Security</strong> <strong>Manager</strong> GUI Edit Domain Button<br />
52 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
The Domain Editor dialog appears in the Main Work panel.<br />
Figure 20: <strong>Security</strong> <strong>Manager</strong> GUI Domain Editor<br />
3. Enter or modify the desired configuration properties.<br />
4. Click the Save button.<br />
Editing Domains<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 53
Chapter 4: Working with Domains<br />
4.5 Deleting Domains<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to delete domains. You must be careful when you delete a domain,<br />
as there is no way to restore it once it has been deleted. If you delete the Micromuse <strong>Netcool</strong><br />
Applications domain, user authentication is disabled for all <strong>Netcool</strong> products that use the <strong>Security</strong><br />
<strong>Manager</strong>.<br />
To delete a domain:<br />
1. In the Navigation panel, select the domain that you want to delete from the Domain list.<br />
Figure 21: <strong>Security</strong> <strong>Manager</strong> GUI Domain List<br />
2. Click the Delete Domain button.<br />
Figure 22: <strong>Security</strong> <strong>Manager</strong> GUI Delete Domain Button<br />
The domain is removed from the Domain drop-down list.<br />
54 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
05_Users.fm February 9, 2005 5:21 pm<br />
Chapter 5: Working with Users<br />
This chapter contains instructions on working with users.<br />
It contains the following sections:<br />
About Users on page 56<br />
Viewing Users on page 57<br />
Creating Users on page 58<br />
Editing Users on page 61<br />
Deleting Users on page 64<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 55
Chapter 5: Working with Users<br />
5.1 About Users<br />
Users are real-world users in your environment. You should create one user for each real-world user that<br />
requires access to a domain protected by the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
The <strong>Security</strong> <strong>Manager</strong> provides three default users, admin, root, and guest, that you can use to<br />
perform initial setup tasks. The admin user is a native authentication user with administration privileges<br />
for the <strong>Security</strong> <strong>Manager</strong>. The root user is an ObjectServer authentication user that also has administration<br />
privileges. The password for the admin user is an empty string. The password for the root user is defined<br />
in the ObjectServer.<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to do the following with native authentication users:<br />
View users<br />
Create users<br />
Edit users<br />
Delete users<br />
External authentication users are automatically imported into the <strong>Security</strong> <strong>Manager</strong> database the first time<br />
they are used to log into a <strong>Netcool</strong> product.<br />
56 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
5.2 Viewing Users<br />
Viewing Users<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to view currently defined users. The users are displayed in the User<br />
List Editor.<br />
To view the currently defined users, n the Navigation panel, click the name of a group in the Group task<br />
pane.<br />
Figure 23: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
Figure 24: <strong>Security</strong> <strong>Manager</strong> GUI List Users Button<br />
The User List Editor appears in the Main Work panel and displays all the users in the group.<br />
Figure 25: <strong>Security</strong> <strong>Manager</strong> GUI User List Editor<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 57
Chapter 5: Working with Users<br />
5.3 Creating Users<br />
The <strong>Security</strong> <strong>Manager</strong> allows the following types of user creation:<br />
Automatic<br />
Synchronized<br />
Manual<br />
Creating Users Automatically<br />
External authentication users are created in the <strong>Security</strong> <strong>Manager</strong> database automatically the first time they<br />
are used to log into a <strong>Netcool</strong> product. At initial login, the <strong>Security</strong> <strong>Manager</strong> server authenticates the user<br />
against the external source (for example, an ObjectServer). If the username and password are valid, it creates<br />
an equivalent user in the <strong>Security</strong> <strong>Manager</strong> database. After the user has been created, you can manage it just<br />
as you do any other user.<br />
Synchronizing Users<br />
You can synchronize users with an external authentication source using the<br />
ncsm_syncusers script. This script imports all users in the authentication source into the <strong>Security</strong><br />
<strong>Manager</strong> database. For more information on this script, see Synchronizing Users on page 92.<br />
Manually Creating Users<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to manually create users. Manually created users exist only in the<br />
<strong>Security</strong> <strong>Manager</strong> database.<br />
58 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
To manually create a user:<br />
Creating Users<br />
1. In the Navigation panel, click any List Users button in the Group task pane. The user you create will<br />
be a member of the corresponding group by default.<br />
Figure 26: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
Figure 27: <strong>Security</strong> <strong>Manager</strong> GUI List Users Button<br />
The User List Editor appears in the Main Work panel and displays all the users in the group.<br />
Figure 28: <strong>Security</strong> <strong>Manager</strong> GUI User List Editor<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 59
Chapter 5: Working with Users<br />
2. Click the New User button.<br />
Figure 29: <strong>Security</strong> <strong>Manager</strong> GUI New User Button<br />
The User Editor appears in the Main Work panel.<br />
3. Follow the instructions in the following section to set the user configuration properties.<br />
4. Click the Save button.<br />
The user appears in the User List Editor.<br />
60 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
5.4 Editing Users<br />
Editing Users<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to edit the configuration properties for a user. You must edit a user<br />
when it is created in order to set its required properties, such as the username and password. You can also<br />
edit the user any other time you need to change its configuration.<br />
The following table shows the configuration properties for a user:<br />
Table 6: <strong>Security</strong> <strong>Manager</strong> User Configuration Properties<br />
Property Description<br />
Username Username for the user.<br />
First Name First name of the user. Optional.<br />
Last Name Last name of the user. Optional.<br />
Password Password for the user. The password must conform to the password rules defined in the<br />
domain configuration.<br />
Confirm Password Password confirmation.<br />
Primary Group Primary group membership for the user. The configuration settings for this group override<br />
that of all other groups.<br />
Authenticate Externally Set automatically by the <strong>Security</strong> <strong>Manager</strong> when it creates an external authentication user.<br />
Active Select this option to make the user available to the authentication system.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 61
Chapter 5: Working with Users<br />
To edit a user:<br />
1. In the Navigation panel, click the List Users button for the Default (All Domain Users)<br />
group the Group task pane.<br />
Figure 30: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
Figure 31: <strong>Security</strong> <strong>Manager</strong> GUI List Users Button<br />
The User List Editor appears in the Main Work panel and displays all the users in the domain.<br />
Figure 32: <strong>Security</strong> <strong>Manager</strong> GUI User List Editor<br />
2. Click the name of the user you want to edit.<br />
62 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
The User Editor appears in the Main Work panel.<br />
Figure 33: <strong>Security</strong> <strong>Manager</strong> GUI User Editor<br />
3. Enter or modify the required configuration properties.<br />
Editing Users<br />
4. Use the User Roles tab to specify the roles for the user. For information on roles required by the user,<br />
see the documentation for the individual <strong>Netcool</strong> products (for example, <strong>Netcool</strong>/Impact and<br />
<strong>Netcool</strong>/RAD).<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 63
Chapter 5: Working with Users<br />
5.5 Deleting Users<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to delete users from the <strong>Security</strong> <strong>Manager</strong> database. You must be<br />
careful when you delete a user, as there is no way to restore it once it has been deleted. When you delete an<br />
external authentication user, only the cached copy in the database is deleted.<br />
To delete a user:<br />
1. In the Navigation panel, click any List Users button in the Group task pane.<br />
Figure 34: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
Figure 35 shows the List Users button.<br />
Figure 35: <strong>Security</strong> <strong>Manager</strong> GUI List Users Button<br />
64 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
The User List Editor appears in the Main Work panel and displays all the users in the group.<br />
Figure 36: <strong>Security</strong> <strong>Manager</strong> GUI User List Editor<br />
2. Choose the user you want to delete by selecting the option box next to the name of the user.<br />
3. Click Delete.<br />
The user is deleted and removed from the User List editor.<br />
Deleting Users<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 65
Chapter 5: Working with Users<br />
66 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
07_Roles.fm February 9, 2005 5:21 pm<br />
Chapter 6: Working with Roles<br />
This chapter contains instructions on working with roles.<br />
It contains the following sections:<br />
About Roles on page 68<br />
Viewing Roles in a Domain on page 69<br />
Adding and Removing User Roles on page 70<br />
Adding and Removing Group Roles on page 72<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 67
Chapter 6: Working with Roles<br />
6.1 About Roles<br />
Roles are sets of access privileges that can be assigned to a user or a group. Roles are installed automatically<br />
by applications that use the <strong>Security</strong> <strong>Manager</strong>, such as <strong>Netcool</strong>/Impact and <strong>Netcool</strong>/RAD.<br />
Note: Roles in <strong>Netcool</strong>/RAD operate on global and per instance levels. When you manage <strong>Netcool</strong>/RAD<br />
roles in the <strong>Security</strong> <strong>Manager</strong> GUI (for example, applying roles to users and groups), you are specifying<br />
global roles. Per instance roles are managed in the <strong>Netcool</strong>/RAD GUI. For more information, see the<br />
<strong>Netcool</strong>/RAD <strong>Administration</strong> <strong>Guide</strong>.<br />
You can do the following with roles in the <strong>Security</strong> <strong>Manager</strong> GUI:<br />
View all the roles in a domain<br />
Add and remove user roles<br />
Add and remove group roles<br />
68 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
6.2 Viewing Roles in a Domain<br />
To view all the roles currently defined in a domain:<br />
1. In the Navigation Frame, select the domain you want to edit from the Domain list.<br />
Figure 37: <strong>Security</strong> <strong>Manager</strong> GUI Navigation Frame<br />
2. Click the Edit Domain button.<br />
Figure 38: <strong>Security</strong> <strong>Manager</strong> GUI Edit Domain Button<br />
3. Click the All Roles tab in the Domain Editor that opens.<br />
Figure 39: <strong>Security</strong> <strong>Manager</strong> GUI Domain Editor<br />
Viewing Roles in a Domain<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 69
Chapter 6: Working with Roles<br />
6.3 Adding and Removing User Roles<br />
To add and remove roles associated with a user:<br />
1. In the Navigation Frame, click the List Users button for the Default (All Domain Users)<br />
group.<br />
Figure 40: <strong>Security</strong> <strong>Manager</strong> GUI Group Panel<br />
2. Click the Edit User button for the user you want to edit in the User List Editor that appears.<br />
Figure 41: <strong>Security</strong> <strong>Manager</strong> GUI User List Editor<br />
70 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
3. Click the User Roles tab in the User Editor that appears.<br />
Figure 42: <strong>Security</strong> <strong>Manager</strong> GUI User Editor<br />
4. Use the Add button and the Remove button to add and remove roles for the user.<br />
5. Click the Save button in the editor toolbar.<br />
Adding and Removing User Roles<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 71
Chapter 6: Working with Roles<br />
6.4 Adding and Removing Group Roles<br />
To add and remove roles associated with a group:<br />
1. In the Navigation Frame, click the name of the group whose roles you want to add or remove.<br />
Figure 43: <strong>Security</strong> <strong>Manager</strong> GUI Group Panel<br />
2. Click the Group Roles tab in the Group Editor that appears.<br />
Figure 44: <strong>Security</strong> <strong>Manager</strong> GUI Group Editor<br />
3. Use the Add button and the Remove button to add and remove roles for the group.<br />
4. Click the Save button in the editor toolbar.<br />
72 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
06_Groups.fm February 9, 2005 5:21 pm<br />
Chapter 7: Working with Groups<br />
This chapter contains instructions on working with groups.<br />
It contain the following sections:<br />
About Groups on page 74<br />
Viewing Groups on page 75<br />
Creating Groups on page 76<br />
Editing Groups on page 78<br />
Deleting Groups on page 81<br />
Setting Up Default Groups on page 82<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 73
Chapter 7: Working with Groups<br />
7.1 About Groups<br />
Groups are real-world groups of users that share the same set of access privileges. You can create custom<br />
groups or use the default groups provided by the <strong>Security</strong> <strong>Manager</strong>. Some applications, such as<br />
<strong>Netcool</strong>/Impact and <strong>Netcool</strong>/RAD, create custom groups and add them to the <strong>Security</strong> <strong>Manager</strong> database.<br />
Possible examples of custom groups are Administrators, Operators and Remote_Users.<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to do the following with groups:<br />
View groups<br />
Create groups<br />
Edit groups<br />
Delete groups<br />
74 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
7.2 Viewing Groups<br />
Viewing Groups<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to view the currently defined groups. The groups are displayed in<br />
the Group task pane of the Navigation panel.<br />
Figure 45: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 75
Chapter 7: Working with Groups<br />
7.3 Creating Groups<br />
To create a group:<br />
1. In the Navigation panel, click the New Group button in the Group task pane.<br />
Figure 46: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
Figure 47: <strong>Security</strong> <strong>Manager</strong> GUI New Group Button<br />
2. The Group Editor appears in the Main Work panel.<br />
Figure 48: <strong>Security</strong> <strong>Manager</strong> GUI Group Editor<br />
76 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
3. Follow the instructions in the following section to set the group configuration properties.<br />
4. Click the Save button.<br />
The group appears in the Group task pane.<br />
Creating Groups<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 77
Chapter 7: Working with Groups<br />
7.4 Editing Groups<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to edit the configuration properties for a native authentication<br />
group. You must edit a group when it is created in order to set the required properties, such as the group<br />
name and display name. You can also edit the group any other time you need to change the its configuration.<br />
The following table shows the group configuration properties.<br />
Table 7: <strong>Security</strong> <strong>Manager</strong> Group Configuration Properties<br />
Property Description<br />
Group Name Internal name for the group.<br />
Display Name Name for the group as it appears in the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
External<br />
Authentication Name<br />
If this group is used to map against a group defined in an ObjectServer, LDAP or NIS<br />
authentication source, you must enter the name of the external group here.<br />
78 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
To edit a group:<br />
1. In the Navigation panel, click the name of the group in the Group task pane.<br />
Figure 49: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
The Group Editor appears in the Main Work panel.<br />
Figure 50: <strong>Security</strong> <strong>Manager</strong> GUI Group Editor<br />
Editing Groups<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 79
Chapter 7: Working with Groups<br />
2. Enter or modify the required configuration properties.<br />
3. Use the Group Roles tab to specify the roles for the group. For information on roles required by the<br />
user, see the documentation for the individual <strong>Netcool</strong> products (for example, <strong>Netcool</strong>/Impact and<br />
<strong>Netcool</strong>/RAD).<br />
80 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
7.5 Deleting Groups<br />
Deleting Groups<br />
You can use the <strong>Security</strong> <strong>Manager</strong> GUI to delete groups. You must be careful when you delete a group, as<br />
there is no way to restore it once it has been deleted.<br />
To delete a group:<br />
1. In the Navigation panel, click the Delete button for the group in the Group task pane.<br />
Figure 51: <strong>Security</strong> <strong>Manager</strong> GUI Group Task Pane<br />
Figure 52: <strong>Security</strong> <strong>Manager</strong> GUI Delete User Button<br />
The group is deleted and removed from the Group task pane.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 81
Chapter 7: Working with Groups<br />
7.6 Setting Up Default Groups<br />
Example<br />
This version of the <strong>Security</strong> <strong>Manager</strong> allows you to specify one or more default groups. New external<br />
authentication users automatically become part of the default groups on creation. Both internal and external<br />
groups can be used as defaults.<br />
Default groups are specified in the <strong>Security</strong> <strong>Manager</strong> server properties file. This file is named<br />
SM_server.props and is located in the $NCSM_HOME/etc directory. The following table shows the<br />
properties used to specify default groups:<br />
Table 8: Default Groups Properties<br />
Property Description<br />
impact.security.externalauth.userrecords.<br />
addtodefaultgroup<br />
impact.security.externalauth.userrecords.<br />
defaultgroup.n<br />
Specifies whether to add new external authentication<br />
users to default groups. Possible values are true and<br />
false.<br />
<strong>Security</strong> <strong>Manager</strong> internal name for a default group,<br />
where n is an integer that identifies the group. You must<br />
use integers in ascending order from 1.<br />
The following example shows how to specify default groups in the server properties file. In this example, the<br />
default groups are RADUsers and RADViewAllInstanceUsers.<br />
impact.security.externalauth.userrecords.addtodefaultgroup=true<br />
impact.security.externalauth.userrecords.defaultgroup.1=RADUsers<br />
impact.security.externalauth.userrecords.defaultgroup.2=RADViewAllInstanceUsers<br />
82 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
08_External_Authentication.fm February 9, 2005 5:21 pm<br />
Chapter 8: External Authentication<br />
This chapter contains instructions on setting up external authentication.<br />
It contains the following sections:<br />
Setting Up ObjectServer Authentication on page 84<br />
Setting Up NIS Authentication on page 85<br />
Setting Up LDAP Authentication on page 89<br />
Synchronizing Users on page 92<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 83
Chapter 8: External Authentication<br />
8.1 Setting Up ObjectServer Authentication<br />
ObjectServer authentication is a scheme in which users are derived from user information stored in a<br />
<strong>Netcool</strong>/OMNIbus ObjectServer. This information is accessed in real time from the ObjectServer when the<br />
<strong>Security</strong> <strong>Manager</strong> server authenticates a user. The <strong>Security</strong> <strong>Manager</strong> supports ObjectServer versions 3.4,<br />
3.4.1, 3.5, 3.6, and v7.<br />
You can use ObjectServer authentication immediately upon installation of the <strong>Security</strong> <strong>Manager</strong>. No<br />
additional configuration is required.<br />
84 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
8.2 Setting Up NIS Authentication<br />
Setting Up NIS Authentication<br />
NIS authentication is a scheme in which users are derived from user information stored in a Network<br />
Information System. This information is accessed in real time from NIS when the <strong>Security</strong> <strong>Manager</strong> server<br />
authenticates a user. The <strong>Security</strong> <strong>Manager</strong> supports version NIS version 2. NIS+ is not supported.<br />
To set up NIS authentication, you do the following:<br />
Install the NIS plug-in<br />
Configure the domain<br />
Edit the plug-in properties file<br />
After you have set up NIS authentication, you can change the configuration at any time by manually editing<br />
the plug-in properties file.<br />
Installing the NIS Plug-In<br />
To install the NIS plug-in, you run the install script. This script is named ncsm_NIS_config and is<br />
located in the $NCSM_HOME/install directory. You must stop the <strong>Security</strong> <strong>Manager</strong> server before<br />
running the install script. You can safely restart the server immediately after installation.<br />
The install script prompts you for the following information.<br />
Table 9: NIS Plug-In Installer Prompt<br />
Prompt Description<br />
Network domain name The network domain name for NIS authentication.<br />
To run the install script:<br />
1. Stop the <strong>Security</strong> <strong>Manager</strong> server by entering the following at a command prompt:<br />
$NCSM_HOME/bin/ncsm_shutdown<br />
2. Enter the following:<br />
$NCSM_HOME/install/ncsm_NIS_config<br />
3. Follow the on-screen prompts.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 85
Chapter 8: External Authentication<br />
4. Restart the <strong>Security</strong> <strong>Manager</strong> server by entering the following:<br />
$NCSM_HOME/bin/ncsm_server<br />
Configuring the Domain<br />
After you have installed the NIS plug-in, you must configure the domain using the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
To configure the domain:<br />
1. Log into the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
2. In the Navigation panel, select the domain that you want to configure from the Domains list. The<br />
domain used by Micromuse products is called Micromuse <strong>Netcool</strong> Applications.<br />
Figure 53: <strong>Security</strong> <strong>Manager</strong> GUI Domains List<br />
3. Click the Edit Domain button.<br />
Figure 54: <strong>Security</strong> <strong>Manager</strong> GUI Edit Domain Button<br />
86 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
The Domain Editor appears in the Main Work panel.<br />
Figure 55: <strong>Security</strong> <strong>Manager</strong> GUI Domain Editor<br />
4. Click the External Authentication Sources tab.<br />
5. Click the New Authentication Source button.<br />
Setting Up NIS Authentication<br />
6. In the dialog box that opens, enter smNISAuthentication in the External Authentication<br />
Policy field.<br />
7. Enter smGetNISGroups in the External Authentication Group Policy field.<br />
8. Enter smGetNISUsers in the External Authentication User Policy field.<br />
9. Click Apply.<br />
10. Click Save.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 87
Chapter 8: External Authentication<br />
Editing the Plug-In Properties File<br />
You can change the NIS plug-in configuration at any time after installation by manually editing the plug-in<br />
properties file. This file is named sm_nisdomain.props and is located in the $NCSM_HOME/etc<br />
directory.<br />
The plug-in properties file contains a property called impact.nisprovider.url. This property<br />
specifies the network domain name for the NIS server. The format for the property name is<br />
nis:///name, where name is the network domain name.<br />
You must stop and restart the <strong>Security</strong> <strong>Manager</strong> server in order for the configuration changes to take effect.<br />
88 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
8.3 Setting Up LDAP Authentication<br />
Setting Up LDAP Authentication<br />
LDAP authentication is a scheme in which users are derived from information in an LDAP directory server.<br />
This information is accessed in real time from LDAP when the <strong>Security</strong> <strong>Manager</strong> server authenticates a user.<br />
The <strong>Security</strong> <strong>Manager</strong> supports versions 2 and 3 of the LDAP protocol.<br />
To set up LDAP authentication, you do the following:<br />
Install the LDAP plug-in<br />
Configure the domain<br />
After you have set up LDAP authentication, you can change the configuration at any time by manually<br />
editing the authentication type file.<br />
Installing the LDAP Plug-In<br />
To install the LDAP plug-in, you run the install script. This script is named<br />
ncsm_ldap_config and is located in the $NCSM_HOME/install directory. You must stop the<br />
<strong>Security</strong> <strong>Manager</strong> server before running the install script. You can safely restart the server immediately after<br />
installation.<br />
The install script prompts you for the following information.<br />
Table 10: LDAP Plug-In Installer Prompts<br />
Prompt Description<br />
LDAP server hostname Hostname or IP address of the system where the LDAP server is running.<br />
LDAP server port Port used by the LDAP server. The default is 389.<br />
Fully-qualified DN of an LDAP user Fully qualified dn of an LDAP user that has permissions to browse users and<br />
groups in the directory.<br />
LDAP user password Password for the LDAP user.<br />
LDAP user ID attribute Name of the LDAP attribute defined as a unique user ID in the LDAP server<br />
schema. Default is uid.<br />
LDAP user base context Base context for LDAP users.<br />
LDAP group attribute Name of the LDAP attribute to use as a group in the authentication model. Default<br />
is cn.<br />
LDAP group base context Base context for LDAP groups.<br />
LDAP group attributes filter LDAP filter that specifies which group a user belongs to.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 89
Chapter 8: External Authentication<br />
To run the install script:<br />
1. Stop the <strong>Security</strong> <strong>Manager</strong> server by entering the following at a command prompt:<br />
$NCSM_HOME/bin/ncsm_shutdown<br />
2. Enter the following:<br />
$NCSM_HOME/install/ncsm_ldap_config<br />
3. Follow the on-screen prompts.<br />
4. Restart the <strong>Security</strong> <strong>Manager</strong> server by entering the following:<br />
$NCSM_HOME/bin/ncsm_server<br />
Configuring the Domain<br />
After you have installed the LDAP plug-in, you must configure the domain using the <strong>Security</strong> <strong>Manager</strong><br />
GUI.<br />
To configure the domain:<br />
1. Log into the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
2. In the Navigation panel, select the domain that you want to configure from the Domains list. The<br />
domain used by Micromuse products is called Micromuse <strong>Netcool</strong> Applications.<br />
Figure 56: <strong>Security</strong> <strong>Manager</strong> GUI Domains List<br />
3. Click the Edit Domain button.<br />
Figure 57: <strong>Security</strong> <strong>Manager</strong> GUI Edit Domain Button<br />
90 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
The Domain Editor appears in the Main Work panel.<br />
Figure 58: <strong>Security</strong> <strong>Manager</strong> GUI Domain Editor<br />
4. Click the External Authentication Sources tab.<br />
5. Click the New Authentication Source button.<br />
Setting Up LDAP Authentication<br />
6. In the dialog box that opens, enter smLDAPAuth in the External Authentication Policy field.<br />
7. Enter smGetLDAPGroups in the External Authentication Group Policy field.<br />
8. Enter smGetLDAPUsers in the External Authentication User Policy field.<br />
9. Click Apply.<br />
10. Click Save.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 91
Chapter 8: External Authentication<br />
8.4 Synchronizing Users<br />
The <strong>Security</strong> <strong>Manager</strong> provides a script that you can use to synchronize users from an external<br />
authentication source with users stored in the <strong>Security</strong> <strong>Manager</strong> database. The script is named<br />
ncsm_syncusers and is located in the $NCSM_HOME/bin directory.<br />
This script is optional, as the <strong>Security</strong> <strong>Manager</strong> automatically imports users into the database the first time<br />
they are used to log into a <strong>Netcool</strong> product. This script is most useful for importing all users from an external<br />
authentication source at one time before organizing them into groups and adding any required roles.<br />
Note: The <strong>Security</strong> <strong>Manager</strong> must be running when you start the synchronization script.<br />
The syntax for the synchronization script is as follows:<br />
$NCSM_HOME/bin/ncsm_syncusers ObjectServer | NIS | LDAP<br />
For example, to synchronize ObjectServer users with the <strong>Security</strong> <strong>Manager</strong> database, you enter the following<br />
at a command prompt:<br />
$NCSM_HOME/bin/ncsm_syncusers ObjectServer<br />
92 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
09_Appendix.fm February 9, 2005 5:21 pm<br />
Appendix A: Supplementary Information<br />
This appendix contains supplementary information about the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following sections:<br />
Configuring the Refresh Interval on page 94<br />
<strong>Security</strong> <strong>Manager</strong> Port Usage on page 95<br />
Backing Up the Database on page 96<br />
<strong>Security</strong> <strong>Manager</strong> Failover on page 97<br />
SSL and the <strong>Security</strong> <strong>Manager</strong> on page 100<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 93
Appendix A: Supplementary Information<br />
A.1 Configuring the Refresh Interval<br />
This version of the <strong>Security</strong> <strong>Manager</strong> allows you to configure the interval at which user, group, and role<br />
information is refreshed from the database. In previous versions, end users were required to log out and log<br />
back in when changes to the authentication setup were made. In this version, changes are refreshed<br />
automatically at intervals you define.<br />
You configure the refresh interval by setting properties in the server properties file. This file is named<br />
SM_server.props and is located in the $NCSM_HOME/etc directory.<br />
The following table shows the refresh interval configuration properties:<br />
Table A1: Refresh Interval Configuration Properties<br />
Property Definition<br />
security.refresh.timeinsec Number of seconds between each attempt to refresh from the<br />
authentication source. Default is 30.<br />
security.refresh.maxretries Maximum number of times to retry a refresh after failing to<br />
connect to the authentication source. Default is 10.<br />
94 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
A.2 <strong>Security</strong> <strong>Manager</strong> Port Usage<br />
The following table shows the default TCP ports used by the <strong>Security</strong> <strong>Manager</strong>.<br />
Table A2: <strong>Security</strong> <strong>Manager</strong> TCP Ports<br />
<strong>Security</strong> <strong>Manager</strong> Port Usage<br />
Description Default Port<br />
HTTP port. This port is used by the <strong>Security</strong> <strong>Manager</strong> for SOAP communication with other<br />
<strong>Netcool</strong> products. You also use this port to access the standalone GUI from a web browser. If you<br />
want to make the GUI available outside a firewall, you must expose this port.<br />
Server port. This port is used internally by the <strong>Security</strong> <strong>Manager</strong> server to communicate with<br />
other application components.<br />
Database port. This port is used internally by the <strong>Security</strong> <strong>Manager</strong> database to communicate<br />
with other application components.<br />
Note: You specify these ports when you install the <strong>Security</strong> <strong>Manager</strong> or when you edit the server properties<br />
file. If a specified port is not available, the <strong>Security</strong> <strong>Manager</strong> will not operate successfully.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 95<br />
8077<br />
1275<br />
5600
Appendix A: Supplementary Information<br />
A.3 Backing Up the Database<br />
Micromuse recommends that you regularly back up the <strong>Security</strong> <strong>Manager</strong> database. You must stop the<br />
<strong>Security</strong> <strong>Manager</strong> before you back up or restore the database.<br />
To back up the database:<br />
1. Stop the <strong>Security</strong> <strong>Manager</strong> by entering the following at a command prompt:<br />
$NCSM_HOME/bin/ncsm_shutdown<br />
2. Back up the database by entering the following:<br />
$NCSM_HOME/bin/ncsm_db backup -backupfile filename<br />
where filename is the name of the file you want to use to store the backup data.<br />
3. Restart the <strong>Security</strong> <strong>Manager</strong> server by entering the following:<br />
$NSCM_HOME/bin/ncsm_server<br />
Restoring the Database<br />
To restore the database:<br />
1. Stop the <strong>Security</strong> <strong>Manager</strong> by entering the following at a command prompt:<br />
$NCSM_HOME/bin/ncsm_shutdown<br />
2. Restore the database by entering the following:<br />
$NCSM_HOME/bin/ncsm_db restore -backupfile filename<br />
where filename is the name of the file that contains the backup data.<br />
3. Restart the <strong>Security</strong> <strong>Manager</strong> server by entering the following:<br />
$NSCM_HOME/bin/ncsm_server<br />
96 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
A.4 <strong>Security</strong> <strong>Manager</strong> Failover<br />
Failover is a feature that helps you manage uptime and availability for the <strong>Security</strong> <strong>Manager</strong>.<br />
<strong>Security</strong> <strong>Manager</strong> Failover<br />
In a failover configuration, you install primary and secondary servers of the <strong>Security</strong> <strong>Manager</strong> on different<br />
systems in your environment. You then configure them in such a way that if the primary server fails, the<br />
secondary server takes over the role as primary. When the original primary server is restarted, is assumes the<br />
new secondary role.<br />
<strong>Security</strong> <strong>Manager</strong> data is replicated and synchronized at startup and during run time.<br />
Setting Up <strong>Security</strong> <strong>Manager</strong> Failover<br />
To set up <strong>Security</strong> <strong>Manager</strong> failover, you do the following:<br />
Install primary and secondary instances of the <strong>Security</strong> <strong>Manager</strong><br />
Configure <strong>Netcool</strong> applications to use the failover configuration<br />
Configure <strong>Security</strong> <strong>Manager</strong> database properties<br />
Configure <strong>Security</strong> <strong>Manager</strong> primary and secondary type properties<br />
Configure <strong>Security</strong> <strong>Manager</strong> server properties<br />
Installing the <strong>Security</strong> <strong>Manager</strong> Instances<br />
The first step in setting up failover is to install primary and secondary instances of the <strong>Security</strong> <strong>Manager</strong> on<br />
different systems in your environment. To install the <strong>Security</strong> <strong>Manager</strong>, you can run the install script and<br />
follow the on screen prompts as described in Installing the <strong>Security</strong> <strong>Manager</strong> on page 22. There are no special<br />
considerations when installing the instances for failover.<br />
Configuring the <strong>Netcool</strong> Applications<br />
You must configure the <strong>Netcool</strong> applications that use the <strong>Security</strong> <strong>Manager</strong> (for example, <strong>Netcool</strong>/Impact,<br />
<strong>Netcool</strong>/RAD and the <strong>Netcool</strong> GUI Server) so that they are able to locate both instances of the <strong>Security</strong><br />
<strong>Manager</strong> server. You configure them by setting properties in their respective server properties files. This file<br />
is named server.props or servername_server.props and is located in the etc directory of<br />
the product installation. For example, the default <strong>Netcool</strong>/Impact server properties file is<br />
$IMPACT_HOME/etc/NCI_server.props.<br />
To configure the applications, set the following in each server properties file:<br />
security.backup.host.1=hostname<br />
security.backup.port.1=port<br />
impact.security.backup.host.1=hostname<br />
impact.security.backup.port.1=port<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 97
Appendix A: Supplementary Information<br />
where hostname is the hostname of the system where the secondary <strong>Security</strong> <strong>Manager</strong> is running and<br />
port is the port. The default security manager port is 1275. The location of the primary <strong>Security</strong> <strong>Manager</strong><br />
is described by other configuration properties that you set when you install the <strong>Netcool</strong> application.<br />
Configuring the <strong>Security</strong> <strong>Manager</strong> Databases<br />
You must also configure the primary and secondary instances of the Server <strong>Manager</strong> database so that they<br />
do not use localhost as the default server address. The server address property is located in the<br />
$NCSM_HOME/etc/db.properties file.<br />
To configure the security manager databases, comment out the server.address property in each<br />
db.properties file by inserting the # character at the beginning of the line. The resulting line should<br />
look like the following:<br />
# server.address=localhost<br />
Configuring Primary and secondary Type Properties<br />
You must configure both primary and secondary type properties. The properties files are located in the<br />
$NCSM_HOME/etc/smParentType.type file. You must modify these properties in order to enable<br />
data replication between the primary and secondary <strong>Security</strong> <strong>Manager</strong> instances.<br />
You must add or modify the contents of the primary type file so that it contains the following lines:<br />
smParentType.SQL.NUMDBPROPERTIES=1<br />
smParentType.SQL.DBPROPERTY.1.NAME=IMPACT_REPLICATE_CHANGES<br />
smParentType.SQL.DBPROPERTY.1.VALUE=true<br />
You must also modify the smParentType.sql.urls property. This property contains a set of JDBC<br />
connection strings. Each connection string is separated by the pipe character (|).<br />
For the primary <strong>Security</strong> <strong>Manager</strong>, add the following connection string to the property:<br />
jdbc:hsqldb:hsql://secondary_host:secondary_port/security<br />
where secondary_host is the hostname of the system where the primary <strong>Security</strong> <strong>Manager</strong> is running<br />
and secondary_port is the port used by the <strong>Security</strong> <strong>Manager</strong> database. The default port is 5600.<br />
The resulting property should resemble the following:<br />
smParentType.SQL.URLS=jdbc:hsqldb:hsql://host_primary:5600/security|<br />
jdbc:hsqldb:hsql://host_secondary:5600/security<br />
where host_primary is the hostname of the primary instance and host_secondary is the hostname<br />
of the secondary instance.<br />
For the secondary <strong>Security</strong> <strong>Manager</strong>, add a connection string representing the primary <strong>Security</strong> <strong>Manager</strong> to<br />
the property in the same way.<br />
98 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
The resulting property should resemble the following:<br />
smParentType.SQL.URLS=jdbc:hsqldb:hsql://host_secondary:5600/security|<br />
jdbc:hsqldb:hsql://host_primary:5600/security<br />
<strong>Security</strong> <strong>Manager</strong> Failover<br />
where host_primary is the hostname of the primary instance and host_secondary is the hostname<br />
of the secondary instance.<br />
Configuring the <strong>Security</strong> <strong>Manager</strong> Server<br />
The final step in setting up <strong>Security</strong> <strong>Manager</strong> failover is to configure the primary and secondary server<br />
instances. You configure each server by modifying the<br />
$NCSM_HOME/etc/SM_server.props file.<br />
To configure the primary <strong>Security</strong> <strong>Manager</strong> server, add the following lines to the file:<br />
impact.security.failover=true<br />
impact.security.controlport=port_primary_control<br />
impact.security.failover.other.host=host_secondary<br />
impact.security.failover.other.port=port_secondary_control<br />
impact.security.failover.ResyncRateInSec=10<br />
where port_primary_control is the control port for the primary server,<br />
host_secondary is the hostname of the system where the secondary server is running and<br />
port_secondary_control is the control port for the secondary server. The control port is used for<br />
communication between the primary and secondary server instances. You can specify any unused port for<br />
this property.<br />
To configure the secondary <strong>Security</strong> <strong>Manager</strong> server, add the following lines to the file:<br />
impact.security.failover=true<br />
impact.security.controlport=port_secondary_control<br />
impact.security.failover.other.host=host_primary<br />
impact.security.failover.other.port=port_primary_control<br />
impact.security.failover.ResyncRateInSec=10<br />
Running the <strong>Security</strong> <strong>Manager</strong> in a Failover Configuration<br />
To run the <strong>Security</strong> <strong>Manager</strong> in a failover configuration you start the primary server and then the secondary<br />
server using the server startup script. This script is named ncsm_server and is located in the<br />
$NCSM_HOME/bin directory. You start the server instances in the same way that you start a single server<br />
configuration of the security manager with no special considerations. You can shut down the server instances<br />
using the ncsm_shutdown script.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 99
Appendix A: Supplementary Information<br />
A.5 SSL and the <strong>Security</strong> <strong>Manager</strong><br />
The <strong>Security</strong> <strong>Manager</strong> supports Secure Socket Layer (SSL) communication at the following levels:<br />
Between the <strong>Security</strong> <strong>Manager</strong> server and <strong>Netcool</strong>/Impact, <strong>Netcool</strong>/RAD, and the <strong>Netcool</strong> GUI<br />
Server<br />
Between the <strong>Security</strong> <strong>Manager</strong> server and an LDAP server<br />
Setting Up SSL Between the <strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong> Applications<br />
The <strong>Security</strong> <strong>Manager</strong> supports communication via SSL between the <strong>Security</strong> <strong>Manager</strong> server and<br />
<strong>Netcool</strong>/Impact, <strong>Netcool</strong>/RAD, and the <strong>Netcool</strong> GUI Server. When you enable SSL communication for<br />
the <strong>Security</strong> <strong>Manager</strong>, all <strong>Netcool</strong> applications that use the <strong>Security</strong> <strong>Manager</strong> for authentication must also<br />
be set up to use SSL.<br />
To set up SSL for use with the <strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong> applications, you do the following:<br />
Create a server certificate<br />
Create client certificates<br />
Configure the <strong>Security</strong> <strong>Manager</strong> servlet service<br />
Configure the <strong>Security</strong> <strong>Manager</strong> server<br />
Configure the <strong>Netcool</strong> applications<br />
Note: When you create the client and server certificates, you are required to specify a password for the local<br />
keystore and the local truststore. Make sure to record the passwords that you specify. You will use them when<br />
you configure the <strong>Security</strong> <strong>Manager</strong> server and the <strong>Netcool</strong> applications for use with SSL.<br />
Creating the Server Certificate<br />
The first step in setting up SSL for use with the <strong>Security</strong> <strong>Manager</strong> is creating the server certificate. You create<br />
this certificate using the Java keytool utility. This utility is part of the Java Runtime Environment (JRE)<br />
and is located in the $NCSM_HOME/platform/arch/J2RE/bin directory, where arch is the name<br />
of the operating system where the <strong>Security</strong> <strong>Manager</strong> is installed.<br />
For more information on keytool, see the Java Runtime Environment documentation at<br />
http://java.sun.com.<br />
100 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
To create the server certificate:<br />
SSL and the <strong>Security</strong> <strong>Manager</strong><br />
1. At a command prompt, change the current directory to the location that you will use to store the<br />
server certificate and create a subdirectory named ssl as follows:<br />
cd $NCSM_HOME<br />
mkdir ssl<br />
cd ssl<br />
2. Generate the server certificate using the keytool utility as follows:<br />
$NCSM_HOME/platform/arch/J2RE/bin/keytool -genkey -alias sm_svr -keyalg RSA<br />
-keypass keypassword -storepass storepassword -keystore keystore.jks<br />
where keypassword and storepassword are password strings of your choice. Passwords must<br />
be six characters or longer.<br />
The keytool utility prompts you for the information required to populate and sign the server<br />
certificate. You must enter the hostname of the system where the <strong>Security</strong> <strong>Manager</strong> is running in<br />
response to the first name and last name prompt.<br />
This command creates a file named keystore.jks in the current directory.<br />
3. Export the server certificate using the keytool utility as follows:<br />
$NCSM_HOME/platform/arch/J2RE/bin/keytool -export -alias sm_svr -storepass<br />
storepassword -file server.cer -keystore keystore.jks<br />
This command creates a file named server.cer in the current directory. This file contains the<br />
exported certificate.<br />
4. Create a trust store file and add the server certificate to the file as follows:<br />
$NCSM_HOME/platform/arch/J2RE/bin/keytool -import -v -trustcacerts -alias sm_svr<br />
-keypass keypassword -storepass storepassword -file server.cer -keystore<br />
cacerts.jks<br />
The keytool utility prompts you whether you want to trust this certificate. You must answer Yes.<br />
This command creates a file named cacerts.jks in the current directory.<br />
Creating Client Certificates<br />
After you have created the server certificate, you must create a client certificate for each <strong>Netcool</strong> application<br />
that uses the <strong>Security</strong> <strong>Manager</strong> for authentication. This includes <strong>Netcool</strong>/Impact, <strong>Netcool</strong>/RAD, and the<br />
<strong>Netcool</strong> GUI Server.<br />
Note: You must also create a client certificate for the <strong>Security</strong> <strong>Manager</strong> server itself, in addition to the server<br />
certificate that you created in the previous step.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 101
Appendix A: Supplementary Information<br />
As with the server certificate, you generate client certificates using the Java keytool utility. This utility is<br />
located in the platform/arch/J2RE/bin directory of each <strong>Netcool</strong> application installation, where<br />
arch is the name of the platform where the application is installed.<br />
You must create the client certificates on the system where each application is installed. For example, when<br />
you generate the certificate for <strong>Netcool</strong>/Impact, you must run the keytool utility on the system where<br />
<strong>Netcool</strong>/Impact is located.<br />
To create a client certificate:<br />
1. At a command prompt, create a new directory named ssl in the home directory for the <strong>Netcool</strong><br />
application. For example, if you are generating a client certificate for <strong>Netcool</strong>/Impact, create a new<br />
directory named $IMPACT_HOME/ssl. If you are generating a client certificate for the <strong>Netcool</strong><br />
GUI Server, create a new directory called $GUI_HOME/ssl.<br />
2. Change the current directory to the ssl location you created above.<br />
3. Generate the client certificate using the keytool utility as follows:<br />
app_home/platform/arch/J2RE/bin/keytool -genkey -alias sm_clnt -keyalg RSA<br />
-keypass keypassword -storepass storepassword -keystore clntks.jks<br />
where app_home is $NCSM_HOME, $IMPACT_HOME, $GUI_HOME or $RAD_HOME and<br />
keypassword and storepassword are password strings of your choice. Passwords must be six<br />
characters or longer.<br />
The keytool utility prompts you for the information required to populate and sign the client<br />
certificate. You must enter the hostname of the system where the <strong>Security</strong> <strong>Manager</strong> is running in<br />
response to the first name and last name prompt.<br />
This command creates a file named clntks.jks in the current directory.<br />
4. Export the client certificate using the keytool utility as follows:<br />
app_home/platform/arch/J2RE/bin/keytool -export -alias sm_clnt -storepass<br />
storepassword -file client.cer -keystore clntks.jks<br />
This command creates a file named client.cer in the current directory. This file contains the<br />
exported certificate.<br />
5. Add the client certificate to the trust file as follows:<br />
app_home/platform/arch/J2RE/bin/keytool -import -v -trustcacerts -alias sm_clnt<br />
-keypass keypassword -storepass storepassword -file client.cer -keystore<br />
cacerts.jks<br />
The keytool utility prompts you whether you want to trust this certificate. You must answer Yes.<br />
102 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Configuring the <strong>Security</strong> <strong>Manager</strong> Servlet Service<br />
SSL and the <strong>Security</strong> <strong>Manager</strong><br />
The servlet service is an internal component of the <strong>Security</strong> <strong>Manager</strong> that runs the <strong>Security</strong> <strong>Manager</strong> GUI.<br />
To configure this service, you set configuration properties in the<br />
SM_servletservice.props file. This file is located in $NCSM_HOME/etc.<br />
To configure the servlet service, set the following properties in the<br />
SM_servletservice.props file:<br />
impact.http.ssl.enable=true<br />
impact.ssl.keystore=ncsm_home/ssl/keystore.jks<br />
impact.ssl.keypass=keypass_encrypt<br />
where ncsm_home is the directory where the <strong>Security</strong> <strong>Manager</strong> is installed and<br />
keypass_encrypt is the encrypted keystore password you specified when you created the<br />
keystore.jks file. You must use the ncsm_crypt tool to encrypt the keystore password. This tool<br />
is located in the $NCSM_HOME/bin directory.<br />
The following example shows typical values for these properties:<br />
impact.http.ssk.enable=true<br />
impact.ssl.keystore=/opt/netcool/security/ssl/keystore.jks<br />
impact.ssl.keypass=F7EA3A52059022B9F390AD2E9242E81A<br />
Configuring the <strong>Security</strong> <strong>Manager</strong> Server<br />
To configure the <strong>Security</strong> <strong>Manager</strong> server, set the following properties in the<br />
$NCSM_HOME/etc/SM_server.props file:<br />
security.protocol=https<br />
security.keystore=ncsm_home/ssl/clntks.jks<br />
security.keypass=keypass_encrypt<br />
security.truststore=ncsm_home/ssl/cacerts.jks<br />
security.trustpass=trustpass_encrypt<br />
where ncsm_home is the directory where the <strong>Security</strong> <strong>Manager</strong> is installed and<br />
keypass_encrypt and trustpass_encrypt are the encrypted keystore and truststore passwords<br />
that you specified when you created the client certificate on the system where the <strong>Security</strong> <strong>Manager</strong> resides.<br />
You must use the ncsm_crypt tool to encrypt the keystore password. This tool is located in the<br />
$NCSM_HOME/bin directory.<br />
The following example shows typical values for these properties:<br />
security.protocol=https<br />
security.keystore=/opt/netcool/security/ssl/clntks.jks<br />
security.keypass=F7EA3A52059022B9F390AD2E9242E81A<br />
security.truststore=/opt/netcool/security/ssl/cacerts.jks<br />
security.trustpass=F7EA3A52059022B9F390AD2E9242E81A<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 103
Appendix A: Supplementary Information<br />
Configuring the <strong>Netcool</strong> Applications<br />
The final step in setting up SSL is configuring the <strong>Netcool</strong> applications. You must configure each<br />
application that uses the <strong>Security</strong> <strong>Manager</strong> for authentication. This includes <strong>Netcool</strong>/Impact, the <strong>Netcool</strong><br />
GUI Server and <strong>Netcool</strong>/RAD.<br />
To configure the <strong>Netcool</strong> applications, set the properties specified in the above step in each server properties<br />
file. This file is named servername_server.props or server.props, where servername is<br />
the name of the server instance, and is located in the etc directory of the product installation. For example,<br />
the default server properties file for <strong>Netcool</strong>/Impact is named NCI_server.props and is located in the<br />
$IMPACT_HOME/etc directory.<br />
Note: Make sure that you have created client certificates for each of the applications that communicate with<br />
the <strong>Security</strong> <strong>Manager</strong> as described in Creating Client Certificates on page 101.<br />
The following example shows typical values for SSL properties in the <strong>Netcool</strong>/Impact server properties file:<br />
security.protocol=https<br />
security.keystore=/opt/netcool/impact/ssl/clntks.jks<br />
security.keypass=F7EA3A52059022B9F390AD2E9242E81A<br />
security.truststore=/opt/netcool/impact/ssl/cacerts.jks<br />
security.trustpass=F7EA3A52059022B9F390AD2E9242E81A<br />
Setting Up SSL Between the <strong>Security</strong> <strong>Manager</strong> and an LDAP Server<br />
The <strong>Security</strong> <strong>Manager</strong> supports communication via SSL between the <strong>Security</strong> <strong>Manager</strong> server and an LDAP<br />
server that you are using as an authentication source.<br />
To set up SSL for use with the <strong>Security</strong> <strong>Manager</strong> and an LDAP server, you do the following:<br />
Configure the LDAP server for use with SSL<br />
Install the client certificate for the LDAP service in the keystore of the Java Runtime Environment<br />
(JRE) used by the <strong>Security</strong> <strong>Manager</strong><br />
Configure the <strong>Security</strong> <strong>Manager</strong> Server<br />
Configuring the LDAP Server<br />
The first step in setting up SSL communication is to configure the LDAP server. Instructions for configuring<br />
the LDAP server vary according by product. Typically, you first obtain a server certificate from a certificate<br />
authority (CA) and install it on the platform used by the LDAP server. Then, you use tools provided by the<br />
LDAP vendor to enable SSL communication. For more information, see the LDAP server documentation.<br />
104 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
Installing the Client Certificate<br />
SSL and the <strong>Security</strong> <strong>Manager</strong><br />
You must install the SSL client certificate in the keystore of the Java Runtime Environment (JRE) used by<br />
the <strong>Security</strong> <strong>Manager</strong>. You first obtain the client certificate from a CA according to the instructions provided<br />
by the LDAP server vendor. You then install the certificate using the Java keytool utility. This utility is<br />
located in the $NCSM_HOME/platform/arch/J2RE/bin directory, where arch is the name of the<br />
operating system where the <strong>Security</strong> <strong>Manager</strong> is installed.<br />
To install the client certificate, enter the following at a command prompt:<br />
$NCSM_HOME/platform/arch/J2RE/bin/keytool -import -v -trustcacerts -alias aliasname<br />
-file certname -keystore $NCSM_HOME/platform/arch/lib/cacerts/keystorename<br />
where aliasname is the alias of the server certificate, certname is the filename of the certificate file and<br />
keystorename is the name of the keystore file.<br />
Configuring the <strong>Security</strong> <strong>Manager</strong> Server<br />
To configure the <strong>Security</strong> <strong>Manager</strong> server, you edit the primary type properties file for the LDAP<br />
authentication source. This file is named smParentType_LDAP.type and is located in the<br />
$NCSM_HOME/etc directory.<br />
You must make the following changes to the primary type properties file:<br />
Set the value of the smParentType_LDAP.PROVIDERURL property to the hostname and SSL<br />
port used by the LDAP server<br />
Uncomment the smParentType_LDAP.LDAP.SECURITY.PROTOCOL property.<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 105
Appendix A: Supplementary Information<br />
106 <strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
NCSMAdm12IX.fm February 9, 2005 5:21 pm<br />
Index<br />
A<br />
authentication 10<br />
architecture 16<br />
domains 17<br />
groups 17<br />
LDAP 20<br />
native 20<br />
NIS 19<br />
ObjectServer 19<br />
roles 18<br />
users 17<br />
B<br />
back up the database 96<br />
C<br />
configure <strong>Netcool</strong> applications for failover 97<br />
configure <strong>Netcool</strong> applications for SSL 104<br />
configure primary type properties for failover 98<br />
configure <strong>Security</strong> <strong>Manager</strong> Databases for failover 98<br />
configure <strong>Security</strong> <strong>Manager</strong> server for failover 99<br />
configure <strong>Security</strong> <strong>Manager</strong> server for LDAP 105<br />
configure <strong>Security</strong> <strong>Manager</strong> server for SSL 103<br />
configure <strong>Security</strong> <strong>Manager</strong> servlet service for SSL 103<br />
create client certificates for SSL 101<br />
create server certificates for SSL 100<br />
D<br />
database<br />
back up 96<br />
restore 96<br />
databases<br />
configure 97<br />
default TCP ports, used by <strong>Security</strong> <strong>Manager</strong> 95<br />
domains 17, 48<br />
creating 50<br />
deleting 54<br />
editing 51<br />
viewing 49<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 107<br />
F<br />
failover<br />
about 97<br />
configure <strong>Netcool</strong> applications 97<br />
configure primary type properties 98<br />
configure <strong>Security</strong> <strong>Manager</strong> databases 98<br />
configure <strong>Security</strong> <strong>Manager</strong> server 99<br />
install instances 97<br />
set up 97<br />
set up instances 97<br />
G<br />
groups 17, 74<br />
creating 76<br />
deleting 81<br />
editing 78<br />
setting up defaults 82<br />
viewing 75<br />
I<br />
install client certificates for LDAP 105<br />
install instances for failover 97<br />
installing<br />
<strong>Security</strong> <strong>Manager</strong> 22<br />
instances, primary and secondary 97<br />
Index
Index<br />
108<br />
J<br />
Java support 13<br />
L<br />
LDAP authentication 20<br />
configuring domain 90<br />
installing plug-in 89<br />
setting up 89<br />
LDAP server configuration for SSL 104<br />
licensing<br />
<strong>Security</strong> <strong>Manager</strong> 26<br />
N<br />
native authentication 20<br />
NCSM_HOME 24<br />
NIS authentication 19<br />
configuring domain 86<br />
editing plug-in properties file 88<br />
installing plug-in 85<br />
setting up 85<br />
O<br />
ObjectServer authentication 19<br />
setting up 84<br />
P<br />
port usage 95<br />
Q<br />
quorum licensing 26<br />
R<br />
refresh interval, configuring 94<br />
roles 18, 68<br />
adding and removing for groups 72<br />
adding and removing for users 70<br />
S<br />
viewing 69<br />
Secure Socket Layer<br />
configure <strong>Netcool</strong> applications 104<br />
set up between <strong>Security</strong> <strong>Manager</strong> and an LDAP server 104<br />
install client certificates 105<br />
Secure Socket layer<br />
setting up between <strong>Security</strong> <strong>Manager</strong> and an LDAP server<br />
configure LDAP server 104<br />
configure <strong>Security</strong> <strong>Manager</strong> server 105<br />
Secure Socket Layer (SSL) 100<br />
configure <strong>Security</strong> <strong>Manager</strong> server 103<br />
configure <strong>Security</strong> <strong>Manager</strong> servlet service 103<br />
create client certificates 101<br />
create server certificate 100<br />
set up between <strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong><br />
applications 100<br />
<strong>Security</strong> <strong>Manager</strong> 10<br />
architecture 16<br />
components 15<br />
database 15<br />
environment variables 24<br />
GUI 39<br />
installing 22<br />
licensing 26<br />
logging in 38<br />
run in a failover configuration 99<br />
running 36<br />
server 15<br />
system requirements 13<br />
<strong>Security</strong> <strong>Manager</strong> failover 97<br />
SSL, see Secure Socket Layer 99<br />
start the <strong>Security</strong> <strong>Manager</strong> on UNIX 36<br />
stop the <strong>Security</strong> <strong>Manager</strong> on UNIX 36<br />
synchronizing users 92<br />
T<br />
TCP ports 95<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
U<br />
upgrading 28<br />
users 17, 56<br />
creating 58<br />
deleting 64<br />
editing 61<br />
synchronizing 92<br />
viewing 57<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 109<br />
Index
Index<br />
110<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>
ackmatter.fm February 9, 2005<br />
Contact Information<br />
Corporate<br />
Region Address Telephone Fax World Wide Web<br />
USA Micromuse Inc. (HQ)<br />
139 Townsend Street<br />
San Francisco<br />
CA 94107<br />
USA<br />
EUROPE Micromuse Ltd.<br />
Disraeli House<br />
90 Putney Bridge Road<br />
London SW18 1DA<br />
United Kingdom<br />
ASIA-PACIFIC Micromuse Ltd.<br />
Level 2<br />
26 Colin Street<br />
West Perth<br />
Perth WA 6005<br />
Australia<br />
Technical Support<br />
1-800-<strong>Netcool</strong> (638 2665)<br />
+1 415 538 9090<br />
Region Telephone Fax<br />
USA 1-800-<strong>Netcool</strong> (800 638 2665)<br />
+1 415 538 9090 (San Francisco)<br />
+1 415 538 9091 http://www.micromuse.com<br />
+44 (0) 20 8875 9500 +44 (0) 20 8875 9995 http://www.micromuse.co.uk<br />
+61 (0) 8 9213 3400 +61 (0) 8 9486 1116 http://www.micromuse.com.au<br />
+1 415 538 9091<br />
EUROPE +44 (0) 20 8877 0073 (London, UK) +44 (0) 20 8875 0991<br />
ASIA-PACIFIC +61 (0) 8 9213 3470 (Perth, Australia) +61 (0) 8 9486 1116<br />
E-mail World Wide Web<br />
GLOBAL support@micromuse.com http://support.micromuse.com<br />
License Generation Team<br />
E-Mail World Wide Web<br />
licensing@micromuse.com http://support.micromuse.com/helpdesk/licenses<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong> 111
Contact Information<br />
112<br />
<strong>Netcool</strong>/<strong>Security</strong> <strong>Manager</strong> <strong>1.2</strong> <strong>Administration</strong> <strong>Guide</strong>