IBM Endpoint Manager. Security and Compliance Analytics Setup Guide

Similar documents
IBM. Compliance Analytics Setup Guide. IBM BigFix. Version 1.9

IBM. Compliance Setup Guide. IBM BigFix Compliance. Version 9.2

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

IBM. Networking Simple Network Time Protocol. IBM i. Version 7.2

IBM Tealeaf UI Capture j2 Version 2 Release 1 May 15, IBM Tealeaf UI Capture j2 Release Notes

IBM. Avoiding Inventory Synchronization Issues With UBA Technical Note

IBM. IBM i2 Analyze: Backing Up A Deployment. Version 4 Release 1

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

IBM Security Directory Integrator Version 7.2. Release Notes GI

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Netcool/Impact Version Release Notes GI

IBM Cloud Orchestrator. Content Pack for IBM Endpoint Manager for Software Distribution IBM

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

IBM Storage Management Pack for Microsoft System Center Operations Manager (SCOM) Version Release Notes

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

IBM. Networking Open Shortest Path First (OSPF) support. IBM i. Version 7.2

Requirements Supplement

Patch Management for Solaris

IBM i Version 7.2. Systems management Logical partitions IBM

IBM Maximo Calibration Version 7 Release 5. Installation Guide

IBM Interact Advanced Patterns and IBM Interact Version 9 Release 1.1 November 26, Integration Guide

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

IBM Unica Campaign Version 8 Release 6 May 25, Validation PDK Guide

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

Release Notes. IBM Tivoli Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

IBM BigFix Compliance PCI Add-on Version 9.2. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM

IBM Security Access Manager for Versions 9.0.2, IBM Security App Exchange Installer for ISAM

IBM InfoSphere Master Data Management Reference Data Management Hub Version 11 Release 0. Upgrade Guide GI

Tivoli Endpoint Manager for Patch Management - AIX. User s Guide

Readme File for Fix Pack 1

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

IBM. Networking INETD. IBM i. Version 7.2

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

IBM. Business Process Troubleshooting. IBM Sterling B2B Integrator. Release 5.2

Application and Database Protection in a VMware vsphere Environment

IBM BigFix Version 9.2. Security Configuration Management - Payment Card Industry Data Security Standard (PCI DSS) content 1.

Using application properties in IBM Cúram Social Program Management JUnit tests

Tivoli Access Manager for Enterprise Single Sign-On

IBM emessage Version 8.x and higher. Account Startup Overview

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

IBM. IBM i2 Analyze Windows Upgrade Guide. Version 4 Release 1 SC

IBM License Metric Tool Enablement Guide

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

IBM OpenPages GRC Platform Version 7.0 FP2. Enhancements

IBM XIV Host Attachment Kit for AIX Version Release Notes

IBM i Version 7.2. Connecting to your system Connecting to IBM Navigator for i IBM

IBM. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns. Version 2 Release 1 BA

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

IBM Content Analytics with Enterprise Search Version 3.0. Expanding queries and influencing how documents are ranked in the results

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

IBM License Metric Tool Version Readme File for: IBM License Metric Tool, Fix Pack TIV-LMT-FP0001

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns IBM BA

IBM Tivoli Identity Manager Authentication Manager (ACE) Adapter for Solaris

IBM Maximo Spatial Asset Management Version 7 Release 6. Installation Guide IBM

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

Determining dependencies in Cúram data

Sterling External Authentication Server. Installation Guide. Version 2.4

IBM Tivoli Directory Server Version 5.2 Client Readme

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

IBM Tivoli Configuration Manager for Automated Teller Machines. Release Notes. Version 2.1 SC

Migrating on UNIX and Linux

Release Notes. IBM Tivoli Identity Manager I5/OS Adapter. Version First Edition (January 9, 2012)

Tivoli Access Manager for Enterprise Single Sign-On

IBM Extended Command-Line Interface (XCLI) Utility Version 5.2. Release Notes IBM

IBM FlashSystem V Quick Start Guide IBM GI

IBM Storage Device Driver for VMware VAAI. Installation Guide. Version 1.1.0

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

IBM XIV Provider for Microsoft Windows Volume Shadow Copy Service. Version 2.3.x. Installation Guide. Publication: GC (August 2011)

IBM XIV Provider for Microsoft Windows Volume Shadow Copy Service Version Installation Guide GC

IBM Operational Decision Manager. Version Sample deployment for Operational Decision Manager for z/os artifact migration

Migrating Classifications with Migration Manager

IBM. myfilegateway. Sterling File Gateway. Version 2.2

IBM FlashSystem V MTM 9846-AC3, 9848-AC3, 9846-AE2, 9848-AE2, F, F. Quick Start Guide IBM GI

IBM FlashSystem V840. Quick Start Guide GI

IBM Blockchain IBM Blockchain Developing Applications Workshop - Node-Red Integration

Implementing Enhanced LDAP Security

Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

Installing and Configuring Tivoli Monitoring for Maximo

IBM Security QRadar Version 7 Release 3. Community Edition IBM

IBM Storage Management Pack for Microsoft System Center Operations Manager (SCOM) Version Release Notes

MAPI Gateway Configuration Guide

IBM Security QRadar Version Forwarding Logs Using Tail2Syslog Technical Note

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

ios 9 support in IBM MobileFirst Platform Foundation IBM

IBM Security Role and Policy Modeler Version 1 Release 1. Glossary SC

IBM PowerHA SystemMirror for Linux. Version Release Notes IBM

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM Cloud Object Storage System Version Time Synchronization Configuration Guide IBM DSNCFG_ K

IBM i2 ibridge 8 for Oracle

IBM Copy Services Manager Version 6 Release 1. Release Notes August 2016 IBM

Limitations and Workarounds Supplement

IBM Spectrum LSF Version 10 Release 1. Readme IBM

IBM Watson Explorer Content Analytics Version Upgrading to Version IBM

Contents. Index iii

Transcription:

IBM Endpoint Manager Security and Compliance Analytics Setup Guide Version 9.2

IBM Endpoint Manager Security and Compliance Analytics Setup Guide Version 9.2

Note Before using this information and the product it supports, read the information in Notices on page 21. This edition applies to ersion 9, release 2, modification leel 0 of IBM Endpoint Manager and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2012, 2015. US Goernment Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents Chapter 1. Introduction........ 1 System Requirements........... 1 Setup Considerations........... 3 Chapter 2. Installing and upgrading Security and Compliance Analytics... 5 Download IBM Endpoint Manager Analytics... 5 Installing Security and Compliance Analytics... 5 Upgrading from earlier ersions of Security and Compliance Analytics........... 8 Migrating keystores............ 9 Perform Initial Configuration........ 10 Configure HTTPS............ 12 Configure the TEMA application serer to use LDAP................ 13 Adding LDAP serers.......... 13 Linking users to directories........ 15 Authenticating LDAP through user proisioning 16 Appendix. Support......... 19 Notices.............. 21 Copyright IBM Corp. 2012, 2015 iii

i IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Chapter 1. Introduction IBM Endpoint Manager for Security and Compliance Analytics (SCA) is a component of IBM Endpoint Manager for Security and Compliance, which includes ulnerability detection libraries and technical controls and tools based on industry best practices and standards for endpoint and serer security configuration (SCM checklists). The ulnerability detection libraries and the technical controls enable continuous, automated detection and remediation of security configuration issues. SCA proides report iews and tools for managing the ulnerability of SCM checks. SCA generates the following reports, which can be filtered, sorted, grouped, customized, or exported using any set of Endpoint Manager properties: Oeriews of Compliance Status, Vulnerabilities and History Checklists: Compliance Status and History Checks: Compliance Status, Values, and History Vulnerabilities: Rollup Status and History Vulnerability Results: Detailed Status Computers: Compliance Status, Values, Vulnerabilities, and History Computer Groups: Compliance Status, Vulnerabilities, and History Exceptions: Management, Status, and History New features System Requirements The following features and enhancements are included in Security and Compliance Analytics 1.6. Enhanced flexibility of computer groups associations. Using this feature, you can now make changes and assign users to complex computer groups without affecting the integrity of the compliance data that are reported. Migration from Jetty to IBM Websphere. Support for Transport Layer Security (TLS) 1.2 for HTTPS connections that are configured for TLS 1.2. Updated installer. Expanded support for Windows 2012 R2 and Microsoft SQL 2014. End of support for ersions of IBM Endpoint Manager earlier than 9.0. Support of operating systems with 64-bit ersions only. Performance improements when importing. Updated interface. Learn the system requirements to successfully deploy Security and Compliance Analytics. Configure your Security and Compliance Analytics deployment according to the following requirements: Copyright IBM Corp. 2012, 2015 1

Table 1. Supported components and system requirements to deploy Security and Compliance Analytics Components Requirements Supported browser ersions Internet Explorer ersions 10.0, 11.0 Supported IBM Endpoint Manager component ersions Firefox 31 and later ersions Firefox Extended Support Release (ESR) ersions 24 and 31 Google Chrome 35.0 and later ersions Console ersions 9.0, 9.1, 9.2 Web Reports ersions 9.0, 9.1, 9.2 Windows Client ersions 9.0, 9.1, 9.2 UNIX Client ersions 9.0, 9.1, 9.2 SCA serer operating system requirements Microsoft Windows Serer 2008 (64-bit only) Microsoft Windows Serer 2008 R2 Microsoft Windows Serer 2012 Microsoft Windows 2012 R2 Note: Security and Compliance Analytics supports operating systems with the 64-bit ersions only. SCA database serer requirements Microsoft SQL Serer 2005 Serice Pack 2 SCA serer SCA database IBM Endpoint Manager database user permissions Microsoft SQL Serer 2008 R2 Microsoft SQL Serer 2012 Microsoft SQL Serer 2014 You must hae Administrator priileges on the target SCA serer. You must hae dbcreator permissions on the target SCA database serer. IBM Endpoint Manager database user permissions SCM mastheads and Fixlet sites You might hae earlier BigFix Fixlets, IBM Endpoint Manager Fixlets, and custom Fixlets for security compliance in your deployment. These Fixlets continue to function correctly, but only certain Fixlets display within the SCA reports. IBM Endpoint Manager DB2 database permissions To iew the current list of SCM content sites that are supported with SCA, see the technote What SCM content is aailable for TEM?. You must hae data administration authority (DATAACCESS) to perform the following tasks: Access to create objects Access to data within an IBM Endpoint Manager DB2 database Note: Version 1.4 is the minimum ersion required to upgrade to Security and Compliance Analytics 1.6. 2 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Setup Considerations During setup, match your optimum deployment size to your hardware specifications. Use the suggestions as general guidance to setup Security and Compliance Analytics. Consider the requirements of the following serers when you are calculating the data sizing for SCA. Security and Compliance Analytics database serer Security and Compliance Analytics application serer Although you can install the Security and Compliance Analytics serer on the same computer as your SQL Serer, doing so might affect the performance of the Security and Compliance Analytics application. Carefully manage the SQL Serer memory and if necessary, use a dedicated SQL Serer computer. Security and Compliance Analytics database serer The size of the Security and Compliance Analytics database serer depends on the following factors. The number of computers The amount of content that is subscribed onto these computers The number of imports that are run You can add more disk space for future growth of endpoints and more security compliance checks. CPU and memory considerations A minimum of 2 to 3 GHz CPU with 4 GB RAM is sufficient for hosting a Security and Compliance Analytics database serer. The database serer would gather analytics data for seeral hundred Endpoint Manager clients. The requirements scale with the number of computers and compliance checks. It is suggested that you add more RAM for the SQL Serer as the deployment enironment scales up. Use the following suggested sizing matrix for your deployment enironment. Table 2. Suggested sizing matrix for SCA deployment enironments Deployment Size (Number of computers) Data Size CPU Memory 1-500 0-15 GB quad core 4 GB 500-5,000 15-25 GB quad core 8 GB 5,000-30,000 25-60 GB quad core 16 GB 30,000-100,000 60-165 GB quad core 32 GB 100,000+ 165 GB + 1.5 GB for eery 1,000 endpoints 2 x quad core 64 GB+ Note: The sizing matrix does not include the database log size. For Security and Compliance Analytics 1.6, the log size generally requires the same size as the database size. Disk space considerations and assumptions Chapter 1. Introduction 3

An example deployment size of 30,000 Endpoint Manager Clients that are subscribed to SCM contents must take into account the following disk space considerations and assumptions: A 60 GB of free disk space is needed by the Security and Compliance Analytics database serer with 30,000 Endpoint Manager Clients. Add 1.5 GB free disk space for the SCA database serer for eery 1,000 more clients. The disk space suggestions are based on the following assumptions: - Your deployment enironment has an aerage of 2,000 SCM checks and 200 SCM checks per computer - 2% check result change oer each import (daily) - 5% of the checks hae associated exceptions that are managed in Security and Compliance Analytics - 1% of the measured alue change oer each import (daily) - All measured alue analyses for all checks are actiated - Your deployment contains one year of archied compliance data (365 imports) Note: Disk space size is affected by the sum of the following key elements: (Number of check results and their compliance change oer time) + (Number of ulnerability results and their compliance change oer time) + (Number of measured alues change oer time) + (Computer Group * Checks * Number of imports oer time) + (Number of exceptions + Number of Measured Values) Security and Compliance Analytics application serer A minimum of 3 GB of free disk space is needed by the SCA Serer. 10 GB of free disk space can be sufficient for up to 250,000 computers. A 2 to 3 GHz CPU Quad-cores with 8GB RAM free memory space to support 30,0000 computers. Note: The Security and Compliance Analytics application has a hard limit of 1 GB of memory use and there are up to 4 simultaneous PDF generation processes which would take about 1 GB of memory use. 4 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Chapter 2. Installing and upgrading Security and Compliance Analytics Before installing SCA, ensure that your system meets all prerequisites as described in Systems Requirements. Install and configure IBM Endpoint Manager Analytics by completing the following steps: Install by using the InstallAnywhere installer Perform initial configuration by using the web interface Upgrading from an earlier ersion requires updating the data schema as well. To do this, the operator must access the Security and Compliance Analytics web interface from the serer hosting Security and Compliance Analytics. Click Upgrade Schema Download IBM Endpoint Manager Analytics To download IBM Endpoint Manager Analytics, perform the following steps: 1. In the IBM Endpoint Manager console, add the SCM Reporting masthead. 2. In the Security Configuration domain in the console, open the Configuration Management naigation tree. Click the TEM SCA 1.6 First-time Install Fixlet under the SCA Install/Upgrade menu tree item. 3. Take the associated action and follow the installation steps in the description of the Fixlet. Installing Security and Compliance Analytics Follow these steps to install Security and Compliance Analytics. Procedure 1. Run the installer executable file. When you are prompted, extract the installer file to a folder. Copyright IBM Corp. 2012, 2015 5

2. Run tema-windows-x86_64.bat from within the folder to begin the installation. 3. You can change the installation path and port during installation. a. Installation path b. TCP port 6 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Note: Security and Compliance Analytics uses HTTPS by default from ersion 1.6 and later. 4. Specify the user account that runs the IBM Endpoint Manager Analytics serice. If you configure IBM Endpoint Manager Analytics to connect to the SQL Serer through a user that is authenticated through Windows, the IBM Endpoint Manager Analytics serice must be configured to run as that same user. 5. When the installation is completed, use the web interface to complete the setup of the IBM Endpoint Manager Analytics serer. Chapter 2. Installing and upgrading Security and Compliance Analytics 7

6. The final window of the installer prompts you to launch a web browser to complete the setup. Click Done. The Security and Compliance Analytics web serer may take a while to fully load. Allow time for the serer to initialize. While the serer is loading or during the database configuration, you might receie a message stating Not Found. This is expected. The page automatically reloads when it is ready. Upgrading from earlier ersions of Security and Compliance Analytics Before you begin Updating from an earlier ersion requires updating the data schema as well. The operator must access the Security and Compliance Analytics web interface from the serer hosting Security and Compliance Analytics. Click Upgrade Schema. About this task Security and Compliance Analytics 1.6 uses IBM WebSphere. Earlier ersions use Jetty as an application serer. 8 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

When upgrading from earlier ersions of Security and Compliance Analytics, the installer replaces the preiously supplied serer certificate and priate key pair with a new self-signed certificate and key pair. Note: Version 1.4 is the minimum ersion that is required to upgrade to Security and Compliance Analytics 1.6. To upgrade from earlier ersions of Security and Compliance Analytics, you must configure your SSL certificate settings again. To apply the settings again, go to Management > Serer Settings when installation is completed. Procedure Migrating keystores 1. Click Replace in the Certificate section. 2. Click Browse... and select your serer certificate and priate key. 3. Enter the priate key password. 4. Click Sae and restart Security and Compliance Analytics. If the original certificate and key pair are difficult to get or are unaailable, follow the steps in Migrating Keystores. Follow these steps to migrate keystores in Security and Compliance Analytics. A keystore is a database file that stores security certificates, such as authorization or public key certificates. About this task The Security and Compliance Analytics installer will sae the following files for your reference under <TEMA_ROOT>\wlp\usr\serers \serer1\resources\ security\. Under <TEMA_ROOT>\wlp\usr\serers \serer1\resources\security\, a copy of your original keystore file Under <TEMA_ROOT>\wlp\usr\serers \serer1\config\ A copy of your original jetty.xml file The keystore password in deobfuscated_password file Migrating keystores require the following: Jaa Runtime Enironment (installed in <TEMA_ROOT>\jre\bin\ The original keystore file The deobfuscated_password file Command prompt (Windows) with appropriate PATH set Chapter 2. Installing and upgrading Security and Compliance Analytics 9

Procedure 1. Conert the keystore from JKS to PKCS12 format. Table 3. Example command line of conerting the keystore format from JKS to PKCS12 Command line example Reference Input file: keystore Output file: keystore.p12 <password_string>: The password string saed in the deobfuscated_password file key_pass: The new password of your choice for keystore.p12. The password must be a minimum of 6 characters. 2. Conert the PKCS12 format keystore into PEM format certificate and key using OpenSSL. Table 4. Example command line of conerting the keystore format from PKCS12 to PEM Command line example Reference > openssl pkcs12 -in keystore.p12 -out keystore.pem Input file: keystore.p12 Output file: keystore.pem Perform Initial Configuration You will be prompted to enter the following passwords: Password (Import password) for keystore.p12 New password of your choice for the priate key. The password must be a minimum of 4 characters. 3. Open the PEM encoded certificate and key (keystore.pem). Sae it as certificate and a priate key file. a. The file keystore.pem contains both the certificate and priate key in sections. b. Copy then sae the following section serer.crt. -----BEGIN CERTIFICATE-----... -----END CERTIFICATE----- c. Copy then sae the following section as serer.key. -----BEGIN RSA PRIVATE KEY-----... -----END RSA PRIVATE KEY----- 4. Go to Management > Serer Settings. Apply the following in Security and Compliance Analytics. certificate (serer.crt) key pair (serer.key) password (PEM pass phrase entered in Step 2.) To set up the database connection, perform the following steps: 1. Enter the host and database name fields. 2. Select a type of authentication. 3. Click Create to create a new administratie user. 10 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

In the next screen, enter a username and password for the new administrator account. Click Create. Next, connect to your IBM Enterprise Manager database. Enter the host, database name, and authentication method for your primary IBM Endpoint Manager database. Click Create. You can also set up a Web Reports database in the fields on the right side of the window. Chapter 2. Installing and upgrading Security and Compliance Analytics 11

Configure HTTPS IBM Endpoint Manager Analytics administrators can configure SSL and the TCP ports from the Management/Serer Settings section of the web interface. When turning on SSL, you can proide a pre-existing priate key and certificate or hae the system automatically generate a certificate. If you change the port or SSL settings, you must restart the serice for the changes to take effect. If you generate a certificate, you must specify a certificate subject common name. The common name must correspond to the DNS name of the IBM Endpoint Manger Analytics serer. 12 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

If you proide a pre-existing priate key and certificate, they must be PEM-encoded. If your priate key is protected with a password, you must enter it in the Priate key password field. Configure the TEMA application serer to use LDAP IBM Endpoint Manager for Security Compliance Security Compliance Analytics 1.4 supports authentication through the Lightweight Directory Access Protocol (LDAP) serer. You can add LDAP associations to IBM Endpoint Manager Analytics so you and other users can log in using credentials based on your existing authentication scheme. To use LDAP for authentication of IBM Endpoint Manager Analytics users, you must do the following steps: Add an LDAP serer directory Link a user to the created directory You can also use the user proisioning feature to authenticate LDAP users without creating indiidual users in the application. Adding LDAP serers To use LDAP for authentication of IBM Endpoint Manager Analytics users, you must add a working LDAP directory. Before you begin You must be an Administrator to do this task. Procedure 1. Log in to the TEMA application serer. 2. Go to Management > Directory Serers. Chapter 2. Installing and upgrading Security and Compliance Analytics 13

3. To create an LDAP connection, click New. 4. Enter a name for the new directory. 5. Select an LDAP Serer for authentication from a list and enter the name of a Search Base 6. If the alues of your LDAP serer are different from the default, select Other from the LDAP Serer list. 7. Enter alues of filters and attributes of your LDAP serer. 8. Enter a name and a password for the authenticated user. 9. If your LDAP serer uses Secure Socket Layer protocol, select the SSL check box. If you require no user credential, select the Anonymous Bind check box. 10. In the Host field, proide the host name on which the LDAP serer is installed. 11. Enter the Port. 12. To erify whether all of the proided entries are alid, click Test Connection. 13. Click Create. You configured a system link to an authentication system. 14 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

14. To add a backup LDAP serer, in the Primary Serer tab, click the Add backup serer link. a. Enter the host and IP of the backup LDAP serer. b. Click Test Connection to erify whether all of the proided entries are alid. c. Click Sae to confirm the changes. 15. Optional: To edit the directory, select its name. Click Sae to confirm the changes. 16. Optional: To delete the created directory, select its name. In the upper left of the window, click Delete. Linking users to directories To complete an authentication process through LDAP, you must create a user that would link to the created directory. Before you begin You must be an Administrator to do this task. Procedure 1. Log in to the TEMA application serer. 2. Go to Management > Users. Chapter 2. Installing and upgrading Security and Compliance Analytics 15

3. To create a user, click New. 4. In the Username field, enter the name of an existing user of an LDAP serer. 5. From the list, select a Computer Group that the user would be assigned to. 6. From the Authentication Method list, select the name of an LDAP directory. 7. Click Create. 8. 8. Optional: To delete the created user, click its name. Then in the upper left of the window, click Delete. What to do next To confirm authentication, log in to the Endpoint Manager Analytics serer with the credentials. Authenticating LDAP through user proisioning You can configure the LDAP group permission to authenticate LDAP users without creating users indiidually in SCA. Before you begin You must configure at least one directory with a working LDAP group in the LDAP serer. Procedure 1. Log in to the TEMA application serer. 2. Go to Management > User Proisioning. 3. To create a user, click New. 4. In the Group Names field, type the name of an existing group of an LDAP serer. 5. From the list, select a Computer Group that the TEMA would grant for authentication. 6. From the Roles field, click one or more roles that the group users granted for access permission. 16 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

7. From the Computer Group field, select a computer group that the group users would be assigned to. 8. Click Create. What to do next To confirm authentication, log in to the Endpoint Manager Analytics serer with user within the LDAP group you created. Chapter 2. Installing and upgrading Security and Compliance Analytics 17

18 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Appendix. Support For more information about this product, see the following resources: IBM Knowledge Center IBM Endpoint Manager Support site IBM Endpoint Manager wiki Knowledge Base Forums and Communities Copyright IBM Corp. 2012, 2015 19

20 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Notices This information was deeloped for products and serices offered in the U.S.A. IBM may not offer the products, serices, or features discussed in this document in other countries. Consult your local IBM representatie for information on the products and serices currently aailable in your area. Any reference to an IBM product, program, or serice is not intended to state or imply that only that IBM product, program, or serice may be used. Any functionally equialent product, program, or serice that does not infringe any IBM intellectual property right may be used instead. Howeer, it is the user's responsibility to ealuate and erify the operation of any non-ibm product, program, or serice. IBM may hae patents or pending patent applications coering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drie Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan The following paragraph does not apply to the United Kingdom or any other country where such proisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are proided for conenience only and do not in any manner sere as an endorsement of those Web Copyright IBM Corp. 2012, 2015 21

sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it beliees appropriate without incurring any obligation to you. Licensees of this program who wish to hae information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be aailable, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material aailable for it are proided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equialent agreement between us. Any performance data contained herein was determined in a controlled enironment. Therefore, the results obtained in other operating enironments may ary significantly. Some measurements may hae been made on deelopment-leel systems and there is no guarantee that these measurements will be the same on generally aailable systems. Furthermore, some measurements may hae been estimated through extrapolation. Actual results may ary. Users of this document should erify the applicable data for their specific enironment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly aailable sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objecties only. All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may ary. This information is for planning purposes only. The information herein is subject to change before the products described become aailable. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of indiiduals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: 22 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

This information contains sample application programs in source language, which illustrate programming techniques on arious operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of deeloping, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples hae not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, sericeability, or function of these programs. The sample programs are proided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. If you are iewing this information softcopy, the photographs and color illustrations may not appear. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and serice names might be trademarks of IBM or other companies. A current list of IBM trademarks is aailable on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml. Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Goernment Commerce. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a trademark of Linus Toralds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. ITIL is a registered trademark, and a registered community trademark of The Minister for the Cabinet Office, and is registered in the U.S. Patent and Trademark Office. UNIX is a registered trademark of The Open Group in the United States and other countries. Jaa and all Jaa-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries. Notices 23

24 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Printed in USA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback