3.3 Key Component I&A

You can connect multiple Operations Center servers for different reasons, such as load balancing or creating a gateway to establish a single connection for users outside their firewall. Operations Center uses adapter technology to establish connections and interactions between Operations Center servers. Operations Center adapters are restricted by their credentials and optionally by a trusted list of IP addresses. This combination identifies the Operations Center servers from which the adapters can accept and process information requests.

Adapters are configured with a one-to-one relationship, where one adapter communicates with a specific Operations Center server. To establish communication between two Operations Center servers, the Operations Center administrator must configure an InterCommunication adapter (ICA) on each Operations Center server. See the Operations Center Adapter and Integration Guide for details on creating and configuring adapters.

During the adapter configuration, the Operations Center administrator defines a set of credentials (such as an account name and password) for each Operations Center server that communicates with another Operations Center server. Server credentials are stored on each Operations Center server and the passwords are also encrypted and stored.

Whether the environment is in secured or unsecured mode, communication between Operations Center servers always involves transmitting the credentials in encrypted form and comparing them to the credential data stored on the remote Operations Center server.

The Operations Center server must trust its own certificate. Otherwise, the threads used to connect to itself fail and other applications, such as the dashboard, cannot log in.

Figure 3-5 illustrates how communication between Operations Center servers transmits credentials in encrypted form:

Figure 3-5 Encryption Between Operations Center servers

Upon successful authentication, the Operations Center server is allowed access to the remote Operations Center server based on its assigned levels of access, as defined in the Operations Center access control lists.

In some cases, organizations place Operations Center servers outside the firewall and leverage their firewalls to ensure more secure communications.

Operations Center uses adapters to establish connections and interactions with third-party management systems. Adapters are configured with a one-to-one relationship, where one adapter talks to a specific management system. See the Operations Center Adapter and Integration Guide for details on creating and configuring adapters. Operations Center adapters are identified by their credentials and optionally by a trusted list of IP addresses. This combination identifies the Operations Center adapters from which the server accepts and process information requests. The Operations Center adapter passes its credentials along with the information requests to the remote management system.

Operations Center uses Apache Tomcat as its internal Web server, but Operations Center does not use Tomcat’s authentication. Operations Center prompts users to provide their credentials to access the Operations Center server. The Operations Center session is maintained within the HTTP session.

Operations Center uses database management systems (DBMS) for several purposes:

The interface between the DBMS and Operations Center engine consists of Java Database Connectivity (JDBC) API calls.

Operations Center uses Windows authentication when communicating with a third party DBMS on the Windows platforms.

For information on how to configure Single Sign On (SSO) for Operations Center databases, see Configuring and Administering the Database in the Operations Center Server Configuration Guide.

When using SQL Views, the Operations Center user ID and password are used to access data. The data is transferred unencrypted between the requesting application and SQL Views.