The domain manager sets the security mechanism used in a centrally managed environment. Remote Control managed agents are authenticated by supplying the domain manager with the login credentials for validation against the security provider. Authentication is controlled by the Enable security cache and Enable fail safe configuration policies. After a user is validated, Remote Control checks the access privileges assigned to that user in the management database to determine viewer settings for a remote control session.
With Windows, CA ITCM uses Microsoft Unified Logon for access security. This means you can grant access rights to any Windows user or group. You can also authorize users from trusted domains to access the system. The administrators on the enterprise server can access the domain server with the same account name and password, even if they are in different domains but have trust relationships. For example, if the domain manager SRVDMGR01 is in the domain DM01, which has a trust relationship with another domain DM02, the users and groups in both security authorities can be granted access rights to CA ITCM.
Because CA ITCM security is a thin layer around the native O/S security, it closely follows the domain model. So the limitations with domain local groups apply to CA ITCM as well. A domain local group can be used only within the domain in which it exists. In our example, you cannot authenticate a local group in DM01 to be accessed in DM02. However, this would work if you have authenticated the domain local group using a user and global group combination from DM02 that had membership in the DM01 domain local group. Also, you can use only security groups and not distribution groups because Windows does not generate security tokens for distribution groups.
Every time you open the DSM Explorer, it connects to the domain manager using the current Windows login credentials. You can, however, log in as a different user. You can also grant access rights to a user or group using the Security Profiles dialog.
Note: For detailed information about CA ITCM security, see the DSM Explorer Help and the Implementation Guide.
|
Copyright © 2013 CA.
All rights reserved.
|
|