Production Environment
This document covers configuration details that you need to take care of when moving Applications Manager into Production:
User Accounts (OS User / Applications Manager Web Client User)
Note
OS User will be referred to as
OS User. A user login account to the Applications Manager Web Client will be referred to as
Web Client User. Refer
User Administration document for more information on users.
- Make sure you change the password for the default "admin" Web Client User within Applications Manager.
- Have a dedicated OS User (System) account for installing Applications Manager. This OS user account needs full permissions on all folders and sub-folders in the installation root of Applications Manager only. Also make sure this OS User account is fully secure. It is NOT necessary to install Applications Manager in a root (in Linux) or administrator (windows) OS User account. But make sure the whole installation is done using the same OS user account. Do not install using root and try to run using an OS user account. That will fail.
- If you want to give full "Read-Only" priviledges to certain Web Client Users in your organisation, then make sure you create a client login with "USER" role.
- If you want to give restricted "Read-Only" privileges to certain Web Client Users in your organisation, then make sure you create a client login with "Operator" role. "Operator" can view only servers that they own.
Other General Guidelines
- Refer the Security/Firewall Requirements document to understand what changes are required in the firewall.
- You can install Applications Manager as a Windows Service or configure a cron job on Linux to start on server start up.
- If you are planning to use the Enterprise Edition, fully understand the EE architecture.
- By default, uploading binaries, MIBs, scripts are allowed in Applications Manager. This may be required in the intial stages while using Applications Manager for uploading MIBs, action scripts etc. However while going in to production, it is strongly recommended to disable this
- Are you getting false alarms for server availabilty? This could be because, your production servers are taking too long to respond. You can set higher timeouts.
- To change the default HTTP port used by Applications Manager, refer the Server Settings document . You can refer to this document on other settings that you can modify. For eg., whenever Applications Manager starts, if you do not want the browser to open automatically, you need to modify the entry <am.browser.startup=false>
- Backup the Applications Manager configuration and data.
From a security point of view, the following are done :
- All passwords are encrypted
- The encryption keys are uniquely generated for each customer environment.