|
|
|
CA Server Automation provides several SystemEDGE security lockdown options that enhance the agent security and establish CA Server Automation as the single point of configuration through which all other changes must gain approval. You can configure the following security options through CA Server Automation:
Removes the ability to modify the agent through SNMP, which establishes CA Server Automation or local sysedge.cf file manipulation as the only methods for configuring the agent. CA Server Automation requires SNMP write-access.
Causes any CA Server Automation-initiated changes to overwrite changes made to the agent by other methods. When you enter a CA Server Automation Manager node during SystemEDGE installation, the agent is in managed mode. Managed mode establishes CA Server Automation as the mode of configuration that supersedes all other changes. For example, if a user directly modifies the syedge.cf file, and a file is later deployed to that system through CA Server Automation, the settings in the CA Server Automation-delivered file override those in the local file.
Notifies the CA Server Automation Manager when an agent applies SNMP-based changes initiated by an SNMP Set operation. This option is only available for agents in managed mode. By default, this option is enabled when the agent is in managed mode. From the CA Server Automation user interface, you can decide the changes that are acceptable and overwrite any unwanted changes. When this option is enabled, SNMP Set changes are also logged to the sysedge_audit.log file located in the data directory of the agent installation.
For more information about enabling and configuring these security options, see the CA Server Automation documentation.
| Copyright © 2013 CA. All rights reserved. |
|