Active IQ Unified Manager Discussions
Active IQ Unified Manager Discussions
Any change to existing useradmin configuration on a storager system or vFiler could potentially cause a security hole (especially a misconfiguration), so its essential to track all changes.
Operations Manager 3.6 allows managing users, groups and roles (i.e. useradmin) on a storage system and vFiler units (See Management > Host Users in Ops Manager UI).
Operations Manager discovers all users, groups and roles on a system or vFiler and provides the following events that can help in tracking changes:
Event Name Severity Class host-user-deleted Information host-user.deleted host-user-discovered Information host-user.discovered host-user-modified Information host-user.modified host-usergroup-deleted Information host-usergroup.deleted host-usergroup-discovered Information host-usergroup.discovered host-usergroup-modified Information host-usergroup.modified{color} host-domainuser-modified Information host-domainuser.modified host-role-deleted Information host-role.deleted host-role-discovered Information host-role.discovered host-role-modified Information host-role.modified
You can create an alarm to track any changes :
$ dfm alarm create -h host-domainuser-modified -E <mail-id>
$ dfm alarm create -h host-user-modified -E <mail-id>
$ dfm alarm create -h host-user-discovered -E <mail-id>
On detecting any change, Ops Manager generate an alarm that looks like this (actual change mentioned in parantheses):
An Information event at 21 Mar 15:33 IST on Active/Active Controller circuit.lab.eng.btc.netapp.in:
Host User Modified.
Users Modified: snmpv3: (Usergroup Membership Added: g1).
We use the custom comment fields in OM: metadata about the project and the owner. All the other details are put on our wiki.
We would like to put more info and 'workflow', but this is today a little bit to difficult in OM: a request for storage for a project (initial need, grow rate, Tier of storage, how to backup, owner), approval for the request and an order to implement.
For me, this must be an add-on for provision manager, so that the last step can go automatically.
Most of the Operations Manager community I speak with use the custom comment fields to add additional data to their asset management reports. More flexibility is always welcome, but the ability to add these custom comments seems a heavily valued feature.
Oops ! Looks like something wierd happened
I started a new thread for posting this, but had an edit session open for the older thread in another window. The two got mixed up