There are several steps you take to integrate CA ControlMinder with the ObserveIT Enterprise session recording software. At the end of the integration, all SAM sessions are recorded by the ObserveIT Enterprise software.
Note: For more information about how to complete Steps 1-5, see the ObserveIT Enterprise documentation on the ObserveIT installation media.
Do the following to set up the integration:
Verify that the servers you use meet the minimum system requirements to install ObserveIT Enterprise.
Recorded sessions are stored on a dedicated Microsoft SQL Server.
The ObserveIT Enterprise application server uses IIS to process the metadata that the agents send.
The ObserveIT application server, agent, and management console are also installed.
You configure the recording settings.
The scripts enable the SAM automatic login that triggers the session recording.
Create a service account for the Enterprise Management Server to use
You configure the connection settings to enable session logging.
After you complete the installation of the ObserveIT Enterprise application server, you prepare the server for integration with CA ControlMinder. After you prepare the ObserveIT Enterprise application server, the server is configured to start recording and saving SAM sessions.
Do the following to prepare the integration:
CA ControlMinder uses the service account to connect to the ObserveIT Enterprise application server.
After you install and start ObserveIT Enterprise you can start the web-based management console.
To open the management console
http://observeit_server_name:port/ObserveIT
Example:
http://observeit_server:4884/ObserveIT
The ObserveIT Enterprise management console opens.
Note: You can also open the ObserveIT Enterprise management console by clicking Start, Programs, ObserveIT, ObserveIT WebConsole.
CA ControlMinder Enterprise Management uses a service account to authenticate the ObserveIT Enterprise application server to record user activities. You supply the service account credentials when you configure the ObserveIT Enterprise application server connection settings in CA ControlMinder Enterprise Management.
To create a service account
The console users screen opens.
The add console user window opens.
The service account is created.
Note: For more information about users management, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.
User session recording works in conjunction with SAM automatic login. When a user checks out a privileged account password and selects to log in to the endpoint, a remote management software opens and automatically logs the user in. CA ControlMinder Enterprise Management controls the remote management programs by using the session recording scripts, based on the endpoint type.
For example, when a user chooses to log into a Windows endpoint, CA ControlMinder Enterprise Management uses a script that opens the Remote Desktop software to connect to the endpoint.
To record the sessions on the ObserveIT Enterprise application server, you deploy the session recording scripts on the Enterprise Management Server.
To deploy the session recording scripts
JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/sso_scripts
We recommend that you back up the files in the directory before you overwrite them.
You can now configure the connection settings to the ObserveIT Enterprise application server.
In order to complete the integration with ObserveIT Enterprise, you configure the connection settings to the ObserveIT Enterprise application server in CA ControlMinder Enterprise Management.
To define the connection to ObserveIT
The Create Connection screen appears.
Defines a free text description of the connection
Define the ObserveIT Enterprise application server URL
Example:http://observeit_host:4884/observeit/
Define the service account user name
Define the service account password
Specifies the following advanced connection settings:
Specifies whether to display a message indicating that the session is recorded at the top of the screen
Specifies the ObserveIt viewer windows width and height
Specifies the full pathname to the location where the ObserveIT Enterprise ActiveX file is located. By default, you specify the URL to the ObserveIT Application server.
Example: http://observeit_host:4884/ObserveIT/AgentInstall/Agent.cab#version=1,0,0,0
Specifies the full pathname of the location where the ObserveIT Enterprise application server stores the recorded sessions. By default, you specify the URL to the ObserveIT Application server.
Example: http://observeit_host:4884/ObserveITApplicationServer
CA ControlMinder Enterprise Management creates the connection.
Each SAM session is recorded and stored on the ObserveIT Enterprise database. Each session is divided into individual slides that you can reply separately from the entire recorded session.
The following process describes how SAM sessions are logged:
If this is the first time that this option is used, the user is required to install ActiveX.
Important! To enable Internet Explorer to download the ActiveX, specify the ObserveIT Enterprise host name in the Local Intranet Zone or Trusted Zone and set the Download signed ActiveX controls security option to Enable.
Note: For more information about sessions recording, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.
The ObserveIT Enterprise application server logs the SAM sessions on a dedicated Microsoft SQL Server. The ObserveIT database server uses two dedicated databases. The first database is named ObserveIT and holds the configuration and metadata. The second database is named ObserveIT_Data and stores the screenshots that the ObserveIT agents collect during the recorded session.
Note: For more information about session logging, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.
You play back the recorded SAM sessions from CA ControlMinder Enterprise Management. When you select to play back a session, CA ControlMinder Enterprise Management plays the recorded session in a new window. The player window contains control buttons you use to navigate the session. You can also perform a free text search within the recorded sessions.
Note: For more information about free text search, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.
To play back sessions
The Audit Privileged Accounts task appears in the list of available task
The Audit Privileged Accounts search window opens.
Note: Verify that the SAM Audit Manager role is assigned to you.
The tasks that satisfy your search criteria are displayed.
The player window opens and the session is played from the beginning of the session.
Note: Use the controls at the bottom of the window to navigate the session.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|