Administer > Security > Hardening the Operations Connector Platform

Hardening the Operations Connector Platform

This section describes several configuration and setup options that can be used to harden the Operations Connector platform.

Network and system security has become increasingly important. As a third-party data integration tool, Operations Connector might have access to some system information which could be used to compromise system security if steps are not taken to secure it. You should use the configuration and setup options in this section to protect the Operations Connector platform.

Operations Connector Users

Administrator user. The administrator account configured with the bsmc-conf tool. This account is required when adding an Operations Connector integration to OMi. The administrator user can access only the Operations Connector user interface and does not have access to OMi.

Local users. You can add additional users to Operations Connector with the command-line tool user. The tool creates local user accounts in the Operations Connector local user store. These users can access Operations Connector only; they cannot access OMi or other OMi applications. For more information about the user tool, see Local User Configuration Tool topic.

Single sign-on. Operations Connector also supports Single Sign-On (SSO) authentication. The default single sign-on authentication strategy for OMi is Lightweight Single Sign-On (LW-SSO). LW-SSO is embedded in OMi and does not require an external computer for authentication.

LW-SSO enables a user to log into OMi once and gain access to all OMi applications without being prompted to log in again. The applications inside OMi trust the authentication, and you do not need further authentication when moving from one application to another. For example, if you configure Operations Connector to use LW-SSO, OMi users can launch the Operations Connector user interface without having to provide additional credentials.

For more information about LW-SSO, see OMi Administration section.

Password Encryption

Operations Connector passwords for servers accessed remotely are encrypted using a method called Triple Data Encryption Standard, or 3DES. 3DES applies the Data Encryption Algorithm on each 64-bit block of text three successive times, using either two or three different keys. As a result, unauthorized users cannot reproduce the original password in a reasonable amount of time.

Using Secure Socket Layer (SSL) to Access Operations Connector

Operations Connector uses SSL to encrypt communication between the server and the user interface. This requires installing a certificate from a Certificate Authority (CA). For more information, see How to Prepare Operations Connector for Using SSL topic.

Related topics

How to Configure Operations Connector to Use SSL

Local User Configuration Tool