Previous Topic: About ObserveIT IntegrationNext Topic: Integration with RSA SecurID


How to Set Up the Integration

There are several steps you take to integrate CA ControlMinder with the ObserveIT Enterprise session recording software. At the end of the integration, all SAM sessions are recorded by the ObserveIT Enterprise software.

Note: For more information about how to complete Steps 1-5, see the ObserveIT Enterprise documentation on the ObserveIT installation media.

Do the following to set up the integration:

  1. Review the ObserveIT Enterprise system and installation requirements.

    Verify that the servers you use meet the minimum system requirements to install ObserveIT Enterprise.

  2. Prepare the central database.

    Recorded sessions are stored on a dedicated Microsoft SQL Server.

  3. Configure the Internet Information Server (IIS).

    The ObserveIT Enterprise application server uses IIS to process the metadata that the agents send.

  4. Install the ObserveIT Enterprise server components.

    The ObserveIT application server, agent, and management console are also installed.

  5. Configure the ObserveIT Enterprise application server.

    You configure the recording settings.

  6. Deploy the session recording scripts on the Enterprise Management Server.

    The scripts enable the SAM automatic login that triggers the session recording.

  7. Create a service account.

    Create a service account for the Enterprise Management Server to use

  8. Define the connection to the ObserveIT Enterprise application server in CA ControlMinder Enterprise Management.

    You configure the connection settings to enable session logging.

How to Prepare the Integration

After you complete the installation of the ObserveIT Enterprise application server, you prepare the server for integration with CA ControlMinder. After you prepare the ObserveIT Enterprise application server, the server is configured to start recording and saving SAM sessions.

Do the following to prepare the integration:

  1. Open the management console.
  2. Create a service account.

    CA ControlMinder uses the service account to connect to the ObserveIT Enterprise application server.

Open the Management Console

After you install and start ObserveIT Enterprise you can start the web-based management console.

To open the management console

  1. Using a browser, open the ObserveIT Enterprise management console. Enter the following URL:
    http://observeit_server_name:port/ObserveIT 
    

    Example:

    http://observeit_server:4884/ObserveIT
    
  2. Use the administrator credentials you specified during installation to log in.

    The ObserveIT Enterprise management console opens.

Note: You can also open the ObserveIT Enterprise management console by clicking Start, Programs, ObserveIT, ObserveIT WebConsole.

Create a Service Account

CA ControlMinder Enterprise Management uses a service account to authenticate the ObserveIT Enterprise application server to record user activities. You supply the service account credentials when you configure the ObserveIT Enterprise application server connection settings in CA ControlMinder Enterprise Management.

To create a service account

  1. From the ObserveIT Enterprise management console, select Configuration, Console Users.

    The console users screen opens.

  2. Select Create User.

    The add console user window opens.

  3. Enter the user name, password and confirm the password.
  4. Set the authentication method to ObserveIT.Authentication and the user role to Admin.
  5. Click Add.

    The service account is created.

Note: For more information about users management, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.

Deploy the Session Recording Scripts

User session recording works in conjunction with SAM automatic login. When a user checks out a privileged account password and selects to log in to the endpoint, a remote management software opens and automatically logs the user in. CA ControlMinder Enterprise Management controls the remote management programs by using the session recording scripts, based on the endpoint type.

For example, when a user chooses to log into a Windows endpoint, CA ControlMinder Enterprise Management uses a script that opens the Remote Desktop software to connect to the endpoint.

To record the sessions on the ObserveIT Enterprise application server, you deploy the session recording scripts on the Enterprise Management Server.

To deploy the session recording scripts

  1. From the CA Support web site, download the session recording scripts and save them in a temporary directory.
  2. On the Enterprise Management Server, navigate to the following directory, where JBoss_HOME specifies the directory JBoss is installed:
    JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/sso_scripts
    
  3. Copy the session recording scripts into the sso_scripts directory.

    We recommend that you back up the files in the directory before you overwrite them.

  4. Select to overwrite the existing files with the new files.

You can now configure the connection settings to the ObserveIT Enterprise application server.

Define the Connection to ObserveIT

In order to complete the integration with ObserveIT Enterprise, you configure the connection settings to the ObserveIT Enterprise application server in CA ControlMinder Enterprise Management.

To define the connection to ObserveIT

  1. In CA ControlMinder Enterprise Management, select System, Connection Management, Session Recording, Create Connection.

    The Create Connection screen appears.

  2. Enter the following details:
    Connection description

    Defines a free text description of the connection

    Playback URL

    Define the ObserveIT Enterprise application server URL

    Example:http://observeit_host:4884/observeit/

    User ID

    Define the service account user name

    Password

    Define the service account password

    Advanced

    Specifies the following advanced connection settings:

    Viewer Page

    Specifies whether to display a message indicating that the session is recorded at the top of the screen

    Viewer Parameters

    Specifies the ObserveIt viewer windows width and height

    ActiveX URL

    Specifies the full pathname to the location where the ObserveIT Enterprise ActiveX file is located. By default, you specify the URL to the ObserveIT Application server.

    Example: http://observeit_host:4884/ObserveIT/AgentInstall/Agent.cab#version=1,0,0,0

    Server URL

    Specifies the full pathname of the location where the ObserveIT Enterprise application server stores the recorded sessions. By default, you specify the URL to the ObserveIT Application server.

    Example: http://observeit_host:4884/ObserveITApplicationServer

  3. Click Submit.

    CA ControlMinder Enterprise Management creates the connection.

How Sessions Are Logged

Each SAM session is recorded and stored on the ObserveIT Enterprise database. Each session is divided into individual slides that you can reply separately from the entire recorded session.

The following process describes how SAM sessions are logged:

  1. A user checks out a privileged account password from CA ControlMinder Enterprise Management and selects to automatically log into the endpoint.

    If this is the first time that this option is used, the user is required to install ActiveX.

  2. A remote management session opens and the user is logged in without entering the password.
  3. The ObserveIT agent installed on the endpoint begins to record the user activities and send the slides to the ObserveIT Enterprise application server, which saves the data in the database.
  4. The user closes the remote management session and the ObserveIT agent stops the recording.
  5. The recorded sessions appear in CA ControlMinder Enterprise Management.

Important! To enable Internet Explorer to download the ActiveX, specify the ObserveIT Enterprise host name in the Local Intranet Zone or Trusted Zone and set the Download signed ActiveX controls security option to Enable.

Note: For more information about sessions recording, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.

Where Sessions Are Logged

The ObserveIT Enterprise application server logs the SAM sessions on a dedicated Microsoft SQL Server. The ObserveIT database server uses two dedicated databases. The first database is named ObserveIT and holds the configuration and metadata. The second database is named ObserveIT_Data and stores the screenshots that the ObserveIT agents collect during the recorded session.

Note: For more information about session logging, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.

Play Back Sessions

You play back the recorded SAM sessions from CA ControlMinder Enterprise Management. When you select to play back a session, CA ControlMinder Enterprise Management plays the recorded session in a new window. The player window contains control buttons you use to navigate the session. You can also perform a free text search within the recorded sessions.

Note: For more information about free text search, see the ObserveIT Documentation on the ObserveIT Enterprise installation media.

To play back sessions

  1. In CA ControlMinder Enterprise Management, select Privileged Accounts, Audit subtask.

    The Audit Privileged Accounts task appears in the list of available task

  2. Select Audit Privileged Accounts

    The Audit Privileged Accounts search window opens.

    Note: Verify that the SAM Audit Manager role is assigned to you.

  3. Specify the search criteria, enter the number of rows to display and click Search.

    The tasks that satisfy your search criteria are displayed.

  4. Click the play back icon in the session details column to play back the session.

    The player window opens and the session is played from the beginning of the session.

    Note: Use the controls at the bottom of the window to navigate the session.