430 Tivoli Business Systems Manager Version 2.1: End-to-End Business Impact Management
13.2 Password protection
Passwords can be viewed as a special access control that can enforce security
and, at the same time, introduce a security risk whenever a password is known to
unauthorized persons. For security reasons, passwords should be changed at
regular intervals. This section deals with the role of passwords related to IBM
Tivoli Business Systems Manager and the task of changing passwords without
interrupting IBM Tivoli Business Systems Manager availability.
The following subsections discuss several issues related to IBM Tivoli Business
Systems Manager passwords:
? Section 13.2.1, TBSM processes passwords on page 430 discusses
Windows passwords for IBM Tivoli Business Systems Manager services
? Section 13.2.2, Microsoft SQL Server on page 432 covers Microsoft SQL
Servers system administrator passwords
? Section 13.2.3, Reporting system password on page 433 discusses
Reporting system passwords
13.2.1 TBSM processes passwords
Most IBM Tivoli Business Systems Manager processes run on the local system
user ID, which does not require a password. However, specific,
password-protected user IDs are required for certain processes we discuss here:
? Microsoft SNA server processes
? TPSTART.EXE
? Task server
The SNABase process
SNA client applications access the mainframe Object Server task via the SNA
server machine. For this reason, the SNA client requires authority to access the
SNA server machine and vice versa. The SNA server and the SNA client
services must be started with the same user ID and password. That user ID is
defined in the services property for SNAbase.
If we were to change the password for the user ID used to start the SNA client,
we would have to change the password for the same user ID on the SNA server.
The reverse also is true.
Chapter 13. Setting up roles and security 431
TPSTART consideration
TPSTART must be opened from the Startup folder of a Windows user ID. This
requires the Event Server to be logged on continuously. An automatic logon
mechanism in the Windows registry is stored in the following key:
HKLMSOFTWAREMicrosoftWindowsNTCurrentVersionWinlogon
Figure 13-8 shows the Winlogon key for the Event Server.
Figure 13-8 Automatic logon for Event Server
The following values must be defined:
DefaultUserName Default user ID for the Windows machine.
DefaultDomainName Default domain for the Windows machine.
DefaultPassword Default password for the Windows machine.
AutoAdminLogon Sets the automatic log on feature using the defaults. This
value must be set to 1.
This means that the password of the logged-on user ID is hardcoded into the
registry, so when the actual password is changed the registry definition must be
modified accordingly.
432 Tivoli Business Systems Manager Version 2.1: End-to-End Business Impact Management
Task server password consideration
The task server executes z/OS commands using Tivoli NetView for z/OS. IBM
Tivoli Business Systems Manager requires individually an authenticated user ID
and password for the connection to Tivoli NetView for z/OS. This password is
specified dynamically at run time. The command tserver hostcmdoper is no
longer used.
13.2.2 Microsoft SQL Server
Changing the system administrator (sa) password for the Microsoft SQL Server
database requires updating the sa user password in the registry of each IBM
Tivoli Business Systems Manager server. We found the database password in
the following registry keys on our IBM Tivoli Business Systems Manager servers:
HKLMSOFTWAREAccessible Software, Inc.Access11.0SettingsDB
HKLMSOFTWAREAccessible Software, Inc.Access11.0SettingsModelParams
HKLMSOFTWAREAccessible Software, Inc.Access11.0SettingsModelParamsSetup
Defaults
In some servers, additional keys contain the SQL servers password, including:
? Propagation server
[HKEY_LOCAL_MACHINESOFTWAREAccessible Software,
Inc.Access11.0Propagation AgentsDB]
? Database server and history server
[HKEY_LOCAL_MACHINESOFTWAREAccessible Software,
Inc.Access11.0ComponentsTSDEventHandler]
[HKEY_LOCAL_MACHINESOFTWAREAccessible Software,
Inc.Access11.0PADispatcherDB]
? Health monitor server
[HKEY_LOCAL_MACHINESOFTWAREAccessible Software, Inc.Access11.0Health
MonitorProfilesIBMTIV6DB]
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset