To configure an authorized requestor for data federation, you must first enable data federation on the authorized requestor server.
After you enable data federation, you need to add data source servers to the authorized requestor server. If you know the administrator user name and password for the data source server, you can add the data source server directly from the authorized requestor.
If you do not know the administrator user name and password for a data source server, you can set up the authorized requestor with an opt-in password that allows administrators of data source servers to add their data source servers to the authorized requestor. When you do this, administrators of data source servers do not need to share their user names and passwords with you. You must share the opt-in password with the data source server administrator.
Create a role with Proxy for Authorized Data Requestors permission. For information on how to configure users and roles, see Configuring Roles and Users.
From Change Guardian Main as an administrator, click Integration > Change Guardian
Select Local server and other data sources in the Data Sources section.
Do one of the following to add data source servers to your authorized requestor:
If you are the administrator of the authorized requestor and you know the administrator user name and password on the data source server, continue with Using the Administrator Credentials to Add a Data Source Server.
If you are the administrator of the authorized requestor and you do not know the administrator user name and password on the data source server, you can set an opt-in password to allow administrators of data source servers to add their data source servers to the authorized requestor. Continue with Using the Opt-in Password to Add a Data Source Server.
If you are the administrator of the authorized requestor and you know the administrator user name and password on the data source server, you can add the data source server while you are logged in to your authorized requestor server.
IMPORTANT:You should ensure that the data source server that you add is able to communicate with the authorized requestor. The data source server should be able to communicate through TCP/IP. The IP address or host name of the data source server must be accessible through firewalls, NATs, etc. You can use the ping command to ensure that there is communication from both ways. If there is a communication failure between the servers, an error is displayed in the extended status page. For more information, see Managing the Data Federation Search Results.
If you are continuing from Enabling Data Federation, skip to Step 4; otherwise, continue to Step 2.
From Change Guardian Main as an administrator, click Integration > Change Guardian
Select Local server and other data sources in the Data Sources section.
Click the Add a data source link.
Specify the following information:
IP Address/DNS Name: IP address or the DNS name of the data source server.
Port: Port number of the data source server. The default port number is 8443. The data source server and authorized requestor do not need to be on the same port.
User Name: User name to log in to the data source server. This must be a user with administrator privileges.
Password: Password associated with the user name.
Click Login, then click Accept after verifying that the certificate information is correct.
Use the following information to configure the data source server:
The Add a data source page displays a lists of the various proxy roles on the data source server.
Name: Specify a descriptive name that you want to give to the data source.
This helps you to easily identify the data source server by a name instead of by its IP address or DNS name.
Search Proxy Role: Select a search proxy role that you want to assign to the authorized requestor.
When the authorized requestor makes search requests to the data source server, the proxy role's security filter is used when performing the search. Only events that pass the proxy role's security filter are returned to the authorized requestor server.
Only roles that have the Proxy for Authorized Requestors permission are listed. This permission is required for the data source server to accept and process incoming search requests from the authorized requestor server.
Click OK.
The server information is listed in the Data Sources list.
You can now search events, view event reports, and view alerts from the data source server. For more information, see Searching for Events, Running Reports, and Viewing Alerts respectively.
In organizations where administrative control of Change Guardian servers is decentralized, it might violate the security policy to share administrator passwords. However, Change Guardian allows you to share a limited-purpose opt-in password to add data source servers, which is more secure than requiring full administrator credentials. If you are not the administrator of the data source server, you can set an opt-in password in the authorized requestor server, then provide the opt-in password to the data source server administrators to allow them to opt in to the authorized requestor server.
When a data source server opts in to the authorized requestor, a message is sent to the authorized requestor server requesting that it be added to the list of data source servers maintained by the authorized requestor server. The request authorizes the authorized requestor to access data on the data source server. The authorized requestor requires an opt-in password to verify that the opt-in request has originated from a valid data source server. During the opt-in process, the authorized requestor and the data source server exchange the appropriate password, which allows the data source server to authenticate the search requests from the authorized requestor.
This procedure is similar to adding a data source server, but it is done from the data source server instead of the authorized requestor server.
Log in to the authorized requestor server as an administrator.
Click Integration in the toolbar, and then click Change Guardian.
The Data Federation page that is displayed has two sections: Data Sources and Authorized Requestors.
In the Data Sources section, select Local server and other data sources.
Click Set Opt-in Password.
Specify the opt-in password, then click Set Password.
Continue with Authorizing an Authorized Requestor Server to add the data source server to the authorized requestor.
Log in to the data source server as an administrator.
Click Integration in the toolbar, and then click Change Guardian.
The Data Federation page that is displayed has two sections: Data Sources and Authorized Requestors.
In the Authorized Requestors section, check the Allow authorized requestors to access data from your server box.
Click the Add link.
The Add authorized requestors page is displayed.
Specify the following information:
IP Address/DNS Name: The IP address or the DNS name of the authorized requestor.
Port: Port number of the authorized requestor. This is the port number on which the authorized requestor listens for incoming opt-in requests. The default port number is 8443.
Opt-in Password: The opt-in password that you configured on the authorized requestor. You must obtain this password from the administrator of the authorized requestor.
Click OK.
The Confirm Certificate page is displayed.
Verify the certificate information, then click Accept.
The Add authorized requestors page is displayed that lists the various proxy roles on the data source servers.
In the Name field, specify a descriptive name that you want to give to the authorized requestor server.
This helps you to easily identify the authorized requestor server by a name instead of by its IP address or DNS name.
Select a proxy role that you want to assign to the authorized requestor.
When the authorized requestor makes search requests to the data source server, the proxy role's security filter is used when performing the search. Only events that pass the proxy role's security filter are returned to the authorized requestor.
Only roles in the data source server that have the Proxy for Authorized Requestors permission are listed. This permission is required for the data source server to accept and process incoming search requests from the authorized requestor.
Click OK.
The authorized requestor is added to Authorized Requestors list and is enabled by default.
The data source server is also added in the Data Sources list in the authorized requestor server. Alternatively, you can click the Refresh link to see the data source server in the Data Sources list.