SoftTree Technologies SoftTree Technologies
Technical Support Forums
RegisterSearchFAQMemberlistUsergroupsLog in
Remote agent security

 
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite View previous topic
View next topic
Remote agent security
Author Message
Loril



Joined: 21 Feb 2007
Posts: 82

Post Remote agent security Reply with quote
I was able to set up security (users and privileges) on the remote agent, however, how/where do you input the username and password when assigning the job on the master scheduler to run on that remote agent? I keep getting the error: Logon failed. Thanks!
Wed Feb 21, 2007 3:01 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
This type of security is used to control what users can do in 24x7 using the remote control interface, what types of jobs they can create and so on. If you are concerned about what user's jobs can do, you should set these jobs to run under specific network accounts. Take a look at Run As set of job properties. Jobs running under specific network user accounts inherit privileges of these accounts. Please note that network user permissions are managed outside of 24x7 using Active Directory or other user management tools. If you decide to run jobs using network user accounts, please ensure these accounts have "Logon as batch job" privilege and the account used to run the scheduler software has "Act as part of the Operation System" privilege so it can run jobs on behave of other users.
Wed Feb 21, 2007 4:01 pm View user's profile Send private message
Loril



Joined: 21 Feb 2007
Posts: 82

Post Reply with quote
What we are trying to do is to prevent users from running jobs from the stand-alone scheduler on their PCs against the remote host/agent directly without prior approval. The RunAs option you suggested probably won't work in this scenario. Any other suggestions? Thanks.
Wed Feb 21, 2007 9:53 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
In this situation you should consider 2 things:

1. Deny their connectivity to the master scheduler running on the server and also remote agents if you use any. This can be done by simply enabling the security options in 24x7 and entering users who can connect remotely and run jobs. Anyone who is not entered is effectively shut out

2. Use the 24x7 web-based interface. In most simply scenario you can configure web server for password-based security for the directory containing 24x7 interface files so that only selective users can access them. A better solution is to create several canned and simple web forms and add them as job templates to the web interface. Users will be then limited to specific operations only or a list of predefined programs and actions they can run as defined by the job template. Of course, different users can be given access to different job templates. In this scenario you would have the complete control over what their jobs can or cannot do, you can also add any additional auditing, logging and notification functions and so on. The sky is the only limit.

Hope this helps.
Wed Feb 21, 2007 10:59 pm View user's profile Send private message
Loril



Joined: 21 Feb 2007
Posts: 82

Post Reply with quote
I was trying to configure the web mgt control thinking of using it in a similar way that you've described. However, I've discovered from testing that security in web mgt control doesn't work right. In any case, that's a whole different issue that I am pursuing in another route.

Back to the web forms that you are describing. The solution that you've suggested involves ASP programming, correct? Or can everything be done via 24x7 scheduler? Thanks!
Thu Feb 22, 2007 12:40 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
Yes and no. If you find that the default templates provided with 24x7 are good enough you can simple delete these that you don't need (this is done on the scheduler side) and also delete the web page for blank jobs (read this a do anything job).

If you find that you need templates specific to your business you could then create appropriate forms in any HTML editor (MS Front Page, Adobe DreamWeaver, many many other...) and then add a bit of ASP code to make these forms communicate with web interface.

By the way, I forgot to mention another very effective method for securing remote access to the scheduler. You can use your firewall to disable all TCP access on port 1096 to the scheduler computer except the traffic coming from your webserver computer. In this case you don't need to manage users and their access privileges.
Thu Feb 22, 2007 1:03 am View user's profile Send private message
Loril



Joined: 21 Feb 2007
Posts: 82

Post Reply with quote
Thanks for your guidance on the templates. I'll research and test to see if it will suit our needs.

As for your suggestion of using a firewall, that might not work because 'super users' will still need remote control access to the main scheduler. Thanks.
Wed Feb 28, 2007 4:36 pm View user's profile Send private message
Display posts from previous:    
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite All times are GMT - 4 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

 

Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.