Custom Windows, SSH and SNMP credentials can be managed by the Authentication Manager and
•set globally •applied to a group •applied to a computer
Apply custom credentials is necessary under the following conditions:
•The currently-logged on user does not have permission to install and/or update agents on remote hosts •The user account under which the heartbeat agent is running under does not have permission to query the EventSentry service status on remote hosts •Remote hosts use SNMP v3 authentication or SNMP v1/v2c authentication with a community other than "public" •Remote hosts support SSH
Credentials in the authentication manager are used by the management console when accessing remote hosts through remote update or the event viewer and by the Heartbeat Agent when polling the remote agent status or retrieving SNMP information. Since all credentials configured in the authentication manager are encrypted, it is required that the heartbeat agent service run under the the same Windows account under which the credentials are entered in the management console. |
|
|
Important Info for Windows Credentials & Heartbeat Monitoring Windows credentials entered will be encrypted in the registry, and can only be decrypted by the user who encrypted them. E.g., if user Bulls\DerrickR configures credentials for hosts, then the EventSentry Heartbeat Monitor service needs to also run under the Bulls\DerrickR user account.
Note that the Heartbeat Agent, when utilizing the collector, does not need to utilize Windows credentials. |
The authentication manager is accessible via Tools -> Options, or by selecting
•computer groups
•any group
•any host
and clicking "Set Authentication" in the ribbon or the context menu.
Adding Accounts EventSentry supports Windows, SSH and SNMP accounts, both of which are identified by a unique "Account Name" which identifies the credentials. The "Account Name" and the actual user name can be the same, but an account name must be unique. Account names are case sensitive. An account is added by clicking the + icon in the authentication manager.
Windows / SSH Specify a valid user name, including the domain when necessary (Windows only), as well as a password.
EventSentry automatically determines whether to use Windows or SSH credentials depending on the group / host type.
LAPS Support Windows credentials can be configured to use LAPS by checking the "Use LAPS" check box. LAPS is only utilized by the management console (for agent management), the heartbeat agent does not have the ability to dynamically retrieve LAPS passwords from AD.
SNMP For SNMP v1 and v2c only a community needs to be specified.
For SNMP v3, a user name and either Authentication, Encryption or both Authentication and Encryption can be specified. |
|
Assigning Credentials
Credentials can be assigned to the selected entity by either selecting an account name from the list or by adding a new account to the authentication manager with the + icon. A green check mark next to an account name indicates that the account is assigned to the currently selected entity.
Removing Credentials
Credentials can be removed from a selected entity by clicking "Set Authentication" in the ribbon or the context menu and subsequently clicking "Clear Selection" in the authentication manager.
