Active IQ Unified Manager Discussions

Restrict OnCommand Insight Report Access to HTTPS

MRJORDANG
5,689 Views

Hello,

Is there a way to restrict OnCommand Insight Report access to HTTPS?   Out of the box, both HTTP and HTTPS access are enabled.   I'd like to disable HTTP access to the Administration Console and the reports.

Thanks,

Jordan

1 ACCEPTED SOLUTION

yuvaraju
5,689 Views

Currently, report viewers will only have the ability to view reports over HTTP. We will look at adding complete support for https in the upcoming releases.

View solution in original post

8 REPLIES 8

yuvaraju
5,689 Views

Hi Jordan,

As of now, OnCommand Report does not have complete support for HTTPS. http access is required for the product to function.Disabling http will impact reporting connection.Only administration console has https support. We are looking at adding complete support for https in the upcoming releases.

Thanks,

Yuvraj

MRJORDANG
5,689 Views

Thank you for the response Yuvraj.   Specifically, I'd like to ensure that my "Report Viewers" authenticate and view reports over a secured (HTTPS) connection.   You said "Disabling httpwill impact reporting connection" - does this mean my "Report Viewers" only have the ability to view reports over HTTP?

Thanks again for the response. 

Jordan

yuvaraju
5,690 Views

Currently, report viewers will only have the ability to view reports over HTTP. We will look at adding complete support for https in the upcoming releases.

MRJORDANG
5,689 Views

Excellent.  That is what I needed to know.   HTTPS support would be great as company policies require HTTPS for various operations and types of data.   That being said, there probably are some reports we can make available to all internal users without authentication.   Typically, we prefer to keep things as secure as possible (require authentication and keep everything encrypted) so we don't have any concerns.

Thanks again for the response.  Please keep the OnCommand Insight Report community informed with regard to the future HTTPS enhancements.  

AOIMATSU00
5,689 Views

so, if we are authenticating with ldap for report viewing, that is sent unencrypted? 

MRJORDANG
5,689 Views

Great question.   Im guessing the Web Browser -> Insight Web Server traffic would be unencrypted, inluding your username and password since they dont support https.   However, I'm not sure if the Insight Server is Secure LDAP capable or not.  I've never played around with it.    Im just speculating.  Also, this is a pretty old thread so there may be updates to OnCommand Insight Report that address HTTPS and Secure LDAP.

AOIMATSU00
5,689 Views

It just seemed odd that you would turn on intergration with LDAP for ease of managing users, (specifically for logging into reporting functionality) and then not encrypt the authentication traffic for those users....Not so concerned about the report data but authentication. 

MRJORDANG
5,689 Views

Agreed.  If anything, the login credentials should be secured.   I personally hope they encrypt everything - login credentials and report data - so I can just tell our Security team that everything is using HTTPS.

Public