HPE Community
Server Management - Systems Insight Manager
1751750 Members
5192 Online
108781 Solutions
New Discussion юеВ

Re: SMH, VCA, VCRM and usernames and passwords

 
Brett Burmeister
Occasional Advisor

тАО02-10-2006 05:29 AM

тАО02-10-2006 05:29 AM

SMH, VCA, VCRM and usernames and passwords

Good morning,
I'm installing SIM 5.0 from scratch, no upgrade and yet I'm having a brain challenge with regards to security and the System Management Homepage and the Version Control Agent. Both sets of install documentation state that you should use different "os" usernames and password. It further states not to use the administrator account for version control.

so, my question is - do I need to create a new local account on all servers in order to manage version control? or, is this just a local account on the SIM server?

thank you.
0 Kudos
Reply
7 REPLIES 7
Igor Karasik
Honored Contributor

тАО02-10-2006 05:44 AM

тАО02-10-2006 05:44 AM

Re: SMH, VCA, VCRM and usernames and passwords

You need to create local account only on VCRM server (VCRM can be installed on HPSIM server or on different server)
0 Kudos
Reply
Brett Burmeister
Occasional Advisor

тАО02-10-2006 07:53 AM

тАО02-10-2006 07:53 AM

Re: SMH, VCA, VCRM and usernames and passwords

Thanks for the note. While I think I understand, here's what confuses me:

from the install:

"If this is a new install, an operating system account must be created and configured in the System Management Homepage on this computer and each of the Version Control agents must be configured to use the new account."

please help me understand.

is "an operating systems account" a local user account - i.e. vcadmin or whatnot?

"each of the Version Control agents must be configured" - implies more than 1 Version Control Agent...

thanks.

0 Kudos
Reply
Scott_278
Valued Contributor

тАО02-10-2006 08:14 AM

тАО02-10-2006 08:14 AM

Re: SMH, VCA, VCRM and usernames and passwords

I don't think the "operating system account" needs to be a local account, although it could be. It could also be a domain account - I am using a domain account which is a member of the local Administrators group on my CMS, which is also my VCRM.

Then in the VCA configuration of my servers, I specify this domain account for credentials, and point it at my repository on my CMS.

I sympathize though - the documentation is quite obtuse...
0 Kudos
Reply
Rich Purvis
Honored Contributor

тАО02-10-2006 09:15 AM

тАО02-10-2006 09:15 AM

Re: SMH, VCA, VCRM and usernames and passwords

Here is an example:

On the system running VCRM you can create an account called VCAdmin. You then create a group of users called SMHAdmins. You add VCAdmin to the group SMHAdmins. You then go to the System Management Homepage on the system running VCRM and go to the Settings Tab. You will see a box labeled System Management Homepage - click on the "Security" link. When the security page comes up click on the "User Groups" link. On this page you add SMHAdmins to one of the Administrator boxes and press save configuration.

Now you configure your Version Control Agents to login to the VCRM using VCAdmin using the correct password.

The good thing about this setup is that you don't have special priveleges for the VCAdmin userid or the SMHAdmins group. That's right, they do not have to have OS Admin privileges just SMH Admin priveleges.

Hopefully that makes sense - I wrote it up in like 2 minutes.

Good luck.

-Rich
Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
Brett Burmeister
Occasional Advisor

тАО02-13-2006 05:43 AM

тАО02-13-2006 05:43 AM

Re: SMH, VCA, VCRM and usernames and passwords

i want to avoid creating a local account - can that be done? Rich - your description is excellent, although it makes it seem more difficult.

when you go the settings for the System Homepage, Security - you have the option to add operation system groups- can these be both groups and users? if i have my service account in the local administrators group, if I add just that group, will it pass through or do I have to add it explicitely.

thanks guys.
0 Kudos
Reply
Rich Purvis
Honored Contributor

тАО02-13-2006 06:33 AM

тАО02-13-2006 06:33 AM

Re: SMH, VCA, VCRM and usernames and passwords

No, they can only be groups. The Administrator group is already set for Administrator under SMH by default - you do not have to add that group. As long as you are not using the Adminstrator ID but an ID in the Administrator's group you should be fine. The reason for the scenario that I described above is for people who are security conscious to the point that they do not want to be using a userid that has actual Administrator level OS privilege.

-Rich
Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
Brett Burmeister
Occasional Advisor

тАО02-17-2006 11:06 AM

тАО02-17-2006 11:06 AM

Re: SMH, VCA, VCRM and usernames and passwords

Rich,
when putting the local group in the security section of the SMH, do i have to be explicit about the name - i.e. systemname\smhadmins vs. smhadmins..

thanks.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.