Access Privileges prerequisites

This section is common to all editions of IT360 - Professional Edition, Enterprise Edition - Probes only and MSP Edition - Probes only.

The following table lists the access privileges required to monitor the respective resource types.

Resource Type

Prerequisites

Servers

IBM AIX

SSH or Telnet Credentials

Sun OS

SSH or Telnet Credentials
SNMP – Read Community

Windows (2000/2003/2008/XP/NT/Vista & 7)

SNMP – Read Community
WMI – Administrator or equivalent Credentials

(User requires Local Administrator role or a Domain Administrator role for WMI credentials)

SUSE

SSH or Telnet Credentials
SNMP – Read Community

Debian

SSH or Telnet Credentials
SNMP – Read Community

ESX

  • In order to add VMWare ESX/ESXi servers for monitoring, we recommend to use the root account. However, in case you are unable to use the root account, you can use a view-only profile to add the servers. This profile has enough rights to be used for monitoring. The user you create must be:
    • a member of the group user
    • based on the profile 'read only'
  • VI SDK for Java or VIM API is a part of VMware vSphere Web Services SDK. This service should be running to access the ESX server. To verify the same, check if you are able to access the below URL from the IT360 Server:

https://ESX_host_name:port/mob (default port is 443)
E.g., https://172.15.2.60:7443/mob

When you access the above URL, it should prompt for a username and password. Provide the same credentials that are being used in IT360. Once provided, the URL should be accessible and will list the ESX hosts.

Linux

SSH or Telnet Credentials
SNMP – Read Community

HP Unix

SSH or Telnet Credentials

Tru64 Unix

SSH or Telnet Credentials

FreeBSD

SSH or Telnet Credentials
SNMP – Read Community

Mac OS

SSH or Telnet Credentials
SNMP – Read Community

Novell
SNMP Credentials

Hyper-V

User Permission - 'Administrator’ privileges to the root OS

Database Servers

MySQL Database Server

In the MySQL database (that you are trying to monitor), ensure that the user name assigned to IT360 has the permission to access the MySQL database from the host where IT360 is running. Else, give a relevant user who has the privileges to do the same.
Minimum User Privileges : The user should have privileges to execute SELECT, SHOW DATABASES, REPLICATION commands in the MySQL server. Also, IT360 machine should be allowed to access the MySQL database server.
For enabling the privileges, execute the below commands in the remote MySQL Server
INSERT INTO user (Host,User) VALUES('<host>','<user>');
GRANT SELECT,SHOW DATABASES,REPLICATION CLIENT ON *.* TO '<user>'@'<host>';
FLUSH PRIVILEGES;
(Host -> IT360 Server machine)

Oracle Database Server

For you to create a new Oracle database monitor, you should have admin privileges. Minimum User Privileges -> user with CONNECT and SELECT_CATALOG_ROLE roles

MS SQL Database Server

Minimum User Privileges : User should be permitted to access MASTER database & In MASTER database
Roles : public + db_datareader should be selected
For MS SQL 2005 user role,
Database Accessed: Master
Permit in Database Role : db_datareader & Requires VIEW SERVER STATE permission on the server
 To grant VIEW SERVER STATE you can use any of the following methods :
 1) Execute the following query,
GRANT VIEW SERVER STATE TO username;
2) In SQL management studio for user choose Properties -> Securables -> Click Add ( under securables ) -> choose "All objects of the Types..." -> choose Servers -> choose Grant for "View server state" permission.

IBM DB2 Database Server

IBM DB2 ver.8 and ver.9 monitoring is supported. And also, you should be able to access the SYSPROC procedures.
The user name specified for collecting the data from DB2 Server should have either System Administrator role or the user should be the DB owner for master database.

Sybase Database Server

The user name specified for collecting the data from Sybase should have either System Administrator role or the user should be the DB owner for master database.

Application Servers

JBoss Server

Supported versions of JBoss Server: 3.2.x, 4.x, 4.0.x, 5, 5.1
For IT360 to monitor JBoss, it should be able to access the host where JBoss server runs and vice versa.
To monitor JBoss, the http-invoker.sar should be deployed in the JBoss Server. The application (http-invoker.sar) is by default deployed in the JBoss server.

If the http port of the JBoss server is changed then the port number in the attribute InvokerURLSuffix should also be modified in jboss-3.2.0/server/default/deploy/http-invoker.sar/META-INF/jboss-service.xml file.
 To monitor JBoss 5.0.0 version and above jbossagent.sar should be deployed in JBoss server.
To deploy, follow the steps below
Copy jbossagent.sar from location <IT360 home>/applications/working/resources and paste under <JBOSS_HOME>/server/default/deploy. If you are running JBoss in different domain like all, then deployment target folder would be <JBOSS_HOME>/server/all/deploy

Tomcat Server

The supported versions of Tomcat Servers are 3.x, 4.x, 5.x, 6.x. For Tomcat Server 3.x and 4.x, agent has to be deployed for monitoring.
In case of Tomcat 5.x, an application named Manager must be running in it for IT360 to monitor the Tomcat server. By default, this application will be running in the server. Moreover, the user role to access the server must also be manager. To add a role as "manager" for any of the users such as tomcat, role1, or both, you need to make changes in tomcat-users.xml file located in the /conf directory.

Mail Server

Exchange Server

Supported versions are Exchange 2003, Exchange 2000, Exchange 2007, Exchange 2010, Exchange 5.5.
Provide the authentication details User Name\ Domain Name and Password for the system in which Exchange server is running.
Only if IT360 is running in Windows System, monitoring of Exchange Server is possible. Also Exchange Server Monitor will work only if WMI is enabled in the remote machine in which Exchange Server is running.

Web Servers

Apache

Enabling the Server status and the Extended-status will give additional information for the Apache server.
 To enable the Server Status, follow the steps given below:

  • In Apache's httpd.conf file, locate "Location /server-status" tag.
  • Remove the comment in the Location/Server-status tag, to Enable SetHandler server-status.
  • Change the attribute "deny from all" to "Allow from all".
  • Remove the comment in "LoadModule status_module modules/mod_status.so".
  • Save the conf file and restart the Apache Server.

To enable the Extended-status, follow the steps given below:

  • Locate "ExtendedStatus" Attribute in httpd.conf file.
  • Remove the comment to enable the status.
  • Save the conf file and restart the Apache Server.

IIS Server

WMI Credentials for detailed statistics.

(Local Administrator or a Domain Administrator user account has to be used)

Network Devices

Routers, Switches, Firewalls, Load balancer, etc.

For SNMP v1/v2, provide the SNMP Read and Write community information

For SNMP v3, provide the username, Authentication protocol and password, encryption protocol and password [the other fields like SNMP Port, Timeout, Retries, etc., are not related to access privileges]

 

 

Notes:



Copyright © 2013, ZOHO Corp. All Rights Reserved.