HPE Community
Server Management - Systems Insight Manager
1752793 Members
6112 Online
108789 Solutions
New Discussion юеВ

Re: Best method for adding systems to collections?

 
MarkButler
Occasional Advisor

тАО11-06-2006 06:22 AM

тАО11-06-2006 06:22 AM

Best method for adding systems to collections?

I'm struggling with the best method of adding new servers to collections. Essentially I am trying to build a process for non-cms-admins to be able to add/del servers to the list that they control.

That way user-1 can see and monitor his 10 servers and user-2 and see and monitor his 10 servers and each can manually add/remove servers without having admin rights or contacting the cms admin for the trivial task of "can you assign a new server to me"

Adding servers via mxnode and then mxcollection works to update the custom server collections but mxcollection does not seem to be able to see the authorization-collections (name #1, name #2, etc.). After updating the collection, I can go in manually to the users-authorization-list and it shows that it will automatically add/remove the servers I changed in the main-collection but it doesn't do it automatically.

Is there a way to do this via CLI? Or I suppose what I am really asking is, what is the best way to make this scenario happen.
0 Kudos
Reply
6 REPLIES 6
Rob Buxton
Honored Contributor

тАО11-06-2006 07:38 AM

тАО11-06-2006 07:38 AM

Re: Best method for adding systems to collections?

That could be a challenge, as you're basically trying to subvert the protection mechanism.
In order to add new servers, the non-priv users will need to be able to see and effectively manage the servers they're not allowed to access in order to bring them into their lists.

What's to stop them bringing in servers they should not be allowed to access?
And if they're allowed access to all, you could give them all and let them create and manage their lists to restrict their own views.
0 Kudos
Reply
Brandon Long
Advisor

тАО11-06-2006 08:27 AM

тАО11-06-2006 08:27 AM

Re: Best method for adding systems to collections?

Tie the collection criteria to a common attribute.

In our company we have IP ranges assigned to different Physical sites, We create Site Collections based on IP ranges, then we create sub collections based on a pattern in the naming schema to sort them into Production, Test, or DEV systems, where there are a large number of systems in the site collection.
For smaller specific collections we still use the manual methods.
0 Kudos
Reply
MarkButler
Occasional Advisor

тАО11-06-2006 08:51 AM

тАО11-06-2006 08:51 AM

Re: Best method for adding systems to collections?

I appreciate the feedback, basically I am trying to work around the "all or nothing" approach that SIM uses. You either have full admin rights or you have no rights to do anything but view things. But perhaps it just isn't possible and I am stuck seeing the forest for the trees and not thinking it through.

We are a large decentralized company with hundreds of different sets of administrators (for example, the Brazil admins have admin rights over Brazilian servers but not French servers, plus the central groups have rights over their servers, i.e. exchange, AD, etc.)

I would like to go with a centralized server. SIM can handle the groups of admins (they exists as domain groups) and server groupings, but if everyone throughout the world had to send in a "please add my server", "please delete my server,", "Please let fred have access to these servers," etc. I can see considerable manpower used up, which would have to be recovered somehow (i.e. internal charging), and since SIM is a free download, half the admins would download their own copy and roll out installations that may or may not be secure.

So I was hoping for a method of non-admins to add/remove servers, the AD groups auto-handle add/remove of id's. However as you said, with that process nothing stops an admin from adding a server he/she should not have rights to. Back to square one I guess, I just don't see how we can implement a centralized SIM.

Brandon - thanks for the feedback, main server collections (the ones that show up in the list of "systems and events" can be automatically generated based on criteria, but unless I am missing it, the "collection" which SIM manually generates when assigning authorization to an ID cannot, plus it can't even use the main collections but instead generates one of its own which is not automatically syncronized..sigh..

0 Kudos
Reply
HP Systems Insight
Advisor

тАО11-07-2006 09:10 AM

тАО11-07-2006 09:10 AM

Re: Best method for adding systems to collections?

 
0 Kudos
Reply
HP Systems Insight
Advisor

тАО11-07-2006 09:19 AM

тАО11-07-2006 09:19 AM

Re: Best method for adding systems to collections?

Sorry about not getting the text in with my last post (got attachment only). Anyway, I use this script to automatically update groups that have been created for various programs. It is run each time a new system is discovered. I had to use the ctrl/lf util because the initial listing did not provide it. I run this under the same user that SIM runs under. Note that for each loop through the command it counts as a login to SIM. If you get notices for logins and you have a lot of groups you'll know when new systems have come online by the sudden burst of e-mails.
0 Kudos
Reply
MarkButler
Occasional Advisor

тАО11-07-2006 10:25 AM

тАО11-07-2006 10:25 AM

Re: Best method for adding systems to collections?

Thanks!
That gives me a good starting place.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.