2.10 Managing Sessions

Another aspect of restricting user access to Operations Center components is session management, which includes the following functions:

Configure all of these features by using the Operations Server console, except for the session timeout cutoff, which is configured by using the Configuration Manager. This section summarizes the features and provides links or references to detailed documentation.

Monitoring the sessions and analyzing the effectiveness of these session policies are discussed in Section 6.0, Auditing.

The total number of concurrent user sessions is determined by the number of licensed Console and Portal users.

2.10.1 Restricting Concurrent Logins Per User

To control the number of concurrent logins that a user is allowed, open the user’s User property page and type a number in the Logins field. See Section 2.3, User and Group Accounts for details.

2.10.2 Restricting User Access to Components

To prevent a user from accessing the Operations Server console or the Business Service Dashboard components, open the user’s User property page and select Operations Server console or Business Service Dashboard in the Restrict Usage section. See Section 2.3, User and Group Accounts for details.

2.10.3 Restricting Concurrent Users in a Group

In some situations, you might want to allocate a subset of licensed user sessions to different groups. This ensures that certain groups are not allowed to use all of the allotted user sessions and prevent other users from accessing the system.

To restrict the number of users in the group who can concurrently log in to Operations Center software:

  1. In the Explorer pane, right-click the group and select Properties to open the Status property page.

  2. In the left pane, click Group to open the Group property page.

  3. Select Constrain Number of Concurrent Users and specify the maximum allowable number of users.

  4. Click Apply to save the changes.

If a user belongs to more than one group, Operations Center software leases a session from the group to which the user belongs, containing the largest number of available concurrent sessions. If a group has no setting for the maximum number of concurrent users, the session is leased from the default product license.

2.10.4 Establishing Session Timeouts

Administrators can establish a session inactivity interval, which is the number of minutes that users can remain inactive before they are required to log in again. Use the Configuration Manager to define the Inactivity Timeout setting, which is explained in the Operations Center Server Installation Guide.

2.10.5 Viewing User Session Information

The Session property page for each user displays login and session information about a user who is currently logged into Operations Center. All active users currently logged into Operations Center software display under the Sessions element in the Operations Server console.

To view session information:

  1. In the Explorer pane, expand the Server root element > Sessions.

    All active users currently logged into Operations Center are listed under the Sessions element.

  2. Right-click a user name and select Properties to open the Status property page.

  3. In the left pane, click Session to open the Session property page.

    The Session property page identifies the group name from which the session was leased, the IP address from which the user logged in, the time of the login, and the group under which the user logged in.

    The group under which the user logged in has nothing to do with the user’s permissions.

2.10.6 Viewing the Login Method Used by Active Users

The administrator can identify whether active users are logged in to Operations Center software through the Console (operations client) or through the dashboard (Web client). Knowing how a user logged in is important when attempting to forcibly log out a user.

You can also use the mosstatus command to obtain session information about users.

To identify which users are logged in to Operations Center and which login method they used:

  1. In the Explorer pane, expand the Administration root element > Servers > Sessions.

    All users who are logged in to Operations Center are listed. Their login methods display in parentheses.

2.10.7 Forcing Logout

Licensed user sessions can be allocated to the Operations Server console and the Portal. Occasionally, it is necessary to forcibly log out a user or a group from either of these Operations Center components. Users can be forced off either the Console or the dashboard.

NOTE:Force off messages are only deliverable to users of the Operations Center console only.

Forcibly Logging Out Users or Groups from the Operations Server console

  1. In the Explorer pane, expand the Administration root element > Security > Groups or Users.

  2. Select one or more groups or users, then right-click and select Force Off to open the Force Off dialog box.

  3. Type a message to send to the users being forced to log off.

    NOTE:This message is only sent to console users. Dashboard users will not receive this message.

  4. Click OK to force the users or groups off the server.

You can also use a forceoff during a session that uses an InterCommunication connection of multiple Operations Center servers, to cause the far-end adapter to stop. Otherwise, the adapter retry logic continues to log in to the server.

Forcing a User or Group to Log Out

If you want to notify users or group members that they are to be forcibly logged off, you can send them a message. For more information, see Sending a Group Message.

To forcibly log off a user or group of users:

  1. Use one of the following commands:

    forceoff username
    

    or

    forceoff group: groupname
    

    Replace username and groupname with the actual names as configured in Operations Center.

  2. When prompted, specify the following information:

    Enter Web server host hostname: Enter the hostname of the Operations Center server.

    The default is the local host.

    Enter Web server port: Enter the Web server port number of the Operations Center server.

    The default is 8080.

    Enter your account userid: Enter your user name.

    Enter your user password: Enter your password.

    The password is not masked.

Sending a Group Message

Before forcing users to log off, you can send users, the members of a group, or members of a session a message:

  1. At the command prompt, enter:

    moswall users/group/username "message"
    

    Replace users or group with an actual name, or if the message is to a session, replace username with the session ID.

    Replace message with the information to send to the user, group, or session.

    Examples:

    moswall jtball "You are being forcibly logged off the Operations Center server."
    moswall group6 "You are being forcibly logged off the Operations Center server."
    moswall session3 "You are being forcibly logged off the Operations Center server."