Restraining access for Manager and Monitor

hitesh_parashar.38600 · July 30, 2002, 7:34am

Hi:

We are using EAI 4.1.

Can anybody with Manager / Monitor installed access any broker inside an enterprise? If yes, this is a security hazard.

What is the “best practice” regarding restraining the access of brokers using manager / monitor? Can we achieve this without using SSL / firewalls.

Regards,

Hitesh.

stefan.zeul.38606 · July 30, 2002, 2:16pm

We are dealing with the same problem what you mentioned.

The proposed solution fro WM with ssl and certificates seems to be to complicated to manage.

We have created a service request according this issue but we are interested if you got a solution
or a workaround from WM.

steve.willis.16620 · July 31, 2002, 12:38pm

We had the same issues with Manager and Monitor and what we did was to create our own web based tools to manage these functions on top of the ATC database and using the wM APIs using a security model of our own making to accomodate different classes of users from support to end-users. We have created the following screens to manage the environment:

Process Manager - Start and Stop different integration components (ATCs, Adapters, Brokers)
Process Status - list of all integration components with queue lengths
Application Log Manager - Query facility to view information stored in the log by date, event type, serial number, status, etc.
Error Manager - Facility to view events in error and void or resend them.
Performance Monitor - Real time query of integration performance by target location by time range (last 30 minutes, last 4 hours, etc) up to the last 72 hours.
Performance Reporter - Back-end historical query of performance over a period of time.
Security Manager - manages ACLs, profiles, users, etc.

I’ve shared these tools with my wM account team and I would hope that these kind of tools WITH security are included in the OMI spec and the transition to the new logging facilities with 6.0 and that they will have the ability to have profiles and ACLs to support it. The Integration Server has ACLs and Users and Profiles and that is the direction that they are going for logging hopefully these will be more robust in 6.0.

hitesh_parashar.38600 · August 5, 2002, 2:12am

Steve:

Even if we create our own tool(s) with our own security model, anyone can come and install wM Manager and play around with our setup. How do we prevent that? Please suggest what you have done to block the access from wM Manager?

Thanks,

Hitesh.

steve.willis.16620 · August 5, 2002, 12:33pm

You’re right. At this point we just limit the availability of the install disks and download rights. That works for now since we’ve given the people who need them the in-house developed tools.

Steve

stefan.zeul.38606 · November 7, 2002, 9:52am

We now have a solution for that issue with the use of just one certificate.

You only have to enable SSL and restrict the access to the admin clientgroup with one certificate.

That’s it…