EdgeSight in Trusted Domains Woes
|
by Nicholas Dille on 07/20/2009 | 3 Comments | 1,387 Views
|
When EdgeSight is set up correctly, all data is collected without any user interference especially no administrator credentials are required. Unfortunately, this is only true for historical reports generated from the EdgeSight database. As soon as real-time reports are used and workers are started manually on devices in trusted domains, the administrator's job gets tricky.
Untrusted Domains
In an environment with separate domains, the EdgeSight console presents the credentials of the user running the web browser to the agent when generating real-time reports and manually running workers. As agents are unable to validate these credentials against their local domain controllers, they are rejected and the console is forced to inquire about an adequate username and password.
Obviously, the administrator perceives the console the way it was designed: when an unmanaged device is monitored using EdgeSight, all interactive tasks require explicit credentials to be supplied.
Trusted Domains
When the EdgeSight console is executed on a device located in the same or in a trusted domain as the agents against which real-time reports and workers are executed, the credentials of the user running the console are presented when connecting to the agent. If these credentials do not represent an administrator of the device, the access is denied by the agent.
The user running the console is successfully authenticated but does not hold the necessary rights to perform the requested operation.
Workaround 1
Execute the web browser running the console in the context of an administrator adequate to manage the target device. This may require running several instances of the console for different types of target devices depending on the environment.
Workaround 2
If you are in control of all domains involved in the setup, create a user and assign administrative rights for all involved agents.
Solution
In the end, the only proper solution to this pitfall is an enhancement to the console inquiring about adequate credentials when the access is denied.
Trackback URL for this post:
http://blogs.sepago.de/e/trackback/1277
- ‹‹‹ previous Article
- 51 of 80
- next Article ›››
[Your opportunity] IT-Competence and work-live-balance is our USP. Continue your career with sepago! Immediate job offers
3 responses for "EdgeSight in Trusted Domains Woes" |
Add Comment
 |
Nicholas Dille Head of Technology and Innovation Blogs about Centralized computing, virtualization and performance monitoring Personal Profile Personal Blog RSS-Feed  Twitter: NicholasDille  |
 |
Related Jobs
Latest posts
Most viewed
| Title | |
|---|---|
| 11,524 Views |
Who Needs Aero Glass Remoting? Although It's Cool! |
| 10,117 Views |
Jailed 32-Bit Processes on Windows x64 (Update) |
| 6,217 Views |
Emulating a Redirecting Load Balancer for WI and PNA |