It is sometimes necessary to have a virtual machine that several users can access. Suppose that several database administrators from different departments maintain a centralized database. They could perform the necessary maintenance from one virtual machine. To access the machine, all of the administrators enter the same logonid and password of the machine itself. Only one person has access to the machine at a time. Although using a virtual machine like this serves a valuable purpose, it poses a possible security breach. From an auditing standpoint, there is no way to determine who is using the machine (other than someone logged on). Individual accountability is lost.
CA ACF2 for VM defines a virtual machine to have the special GRPLOGON privilege to solve this problem. This is a bit field in the Privileges group of the logonid record. A machine with this privilege is called a group virtual machine. Many people can use such a machine, with one person having access at any given time. They all can be identified through auditing.
This group logon feature minimizes password proliferation. To log onto a group machine, you do not need to know other passwords because the users logging onto the group machine use their own passwords. You can log onto a group virtual machine (a virtual machine with the GRPLOGON privilege) by logging on as a group user. You can also autolog a group virtual machine like any other virtual machine.
The following terms describe CA ACF2 for VM group logon support:
Indicates an individual who uses a group virtual machine.
Indicates a virtual machine defined with the GRPLOGON privilege in the Logonid database. Many users can use it and still be identifiable to the system.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|