422 Tivoli Business Systems Manager Version 2.1: End-to-End Business Impact Management
13.1 Resource security
IBM Tivoli Business Systems Manager uses the Windows facility extensively. For
this reason, we must use Windows built-in security features to enforce controlled
access to IBM Tivoli Business Systems Manager resources. The following
subsection provides an overview of the resources and security models that we
used.
13.1.1 Protecting files and directories
In line with the aim to optimize Windows security features, we implemented the
NT file system (NTFS) for all servers that provide a more granular security and
protection capability compared to the FAT file system.
Windows has the ability to change access permissions to drives, files, and
directories and can audit activities on these as well. IBM Tivoli Business Systems
Manager codes reside on Windows and use Windows networking shares to
communicate. These files and shares on IBM Tivoli Business Systems Manager
servers have to be protected.
We modified the permission of files and directories under the TivoliManager path
where we installed the IBM Tivoli Business Systems Manager code in our IBM
Tivoli Business Systems Manager servers.
Chapter 13. Setting up roles and security 423
To duplicate our example: In Windows Explorer, right-click on the directory and
select Properties as shown in Figure 13-1.
Figure 13-1 Changing TivoliManager directorys property
424 Tivoli Business Systems Manager Version 2.1: End-to-End Business Impact Management
From the TivoliManager Properties window, click the Sharing tab and select the
Do not share this folder radio button, as shown in Figure 13-2.
Figure 13-2 Sharing property for the TivoliManager directory
Chapter 13. Setting up roles and security 425
Modify the security properties from the Security tab of the TivoliManager
Properties window, as shown in Figure 13-3 on page 425:
? Click Add to add Administrators and the local SYSTEM account. We added
the SYSTEM account with Full Control because all the IBM Tivoli Business
Systems Manager services need access. You may want to grant specific
access for other administrators.
? Clear the check box for Allow inheritable permissions from parent to
propagate to this object. Confirm by clicking Apply.
Figure 13-3 Security property of TivoliManager directory
Click the Advanced button to open the Access Control Settings for Tivoli
Manager window, and check Reset permissions on all child objects, as shown in
Figure 13-4 on page 426.
426 Tivoli Business Systems Manager Version 2.1: End-to-End Business Impact Management
Figure 13-4 Advanced security setting
Click OK to return to the Properties window, and click OK to close it.
13.1.2 Protecting the registry
The Windows Registry stores important configuration options that are critical to
the operation of IBM Tivoli Business Systems Manager services. The Registry
also contains passwords, such as the Microsoft SQL Server system administrator
password, for accessing the IBM Tivoli Business Systems Manager database.
Protecting the registry is very important, as we want only administrators to be
able to changeor even readthis information.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.181.142