Automatically Logging in to Remote Systems
& Applications
Passwords of remote systems and applications are stored in PMP. Normally, to login to the systems and applications, you need to copy the password from PMP and paste it in the target system. PMP provides an option for automatically logging in to the target systems and applications directly from the PMP web interface eliminating the need for copying and pasting of passwords.
You need to configure 'helper scripts' by providing the remote login commands (specific to the operating system from which the PMP web interface would be connected).
Example 1
Assume you have 10 resources - Windows servers. You have stored the login accounts and passwords of these 10 resources in PMP. You want to directly login to these resources from PMP web-interface. You will connect the PMP web-interface from both Windows and Linux systems. For auto logon, you need to do the following:
Create a 'helper script' by providing the command to establish connection to the target system. The command has to be written specific to the operating system from where the PMP web-interface will be connected. That is, if you would connect the PMP web-interface in Windows, the command has to be Windows specific - enter the command that would normally use to invoke a MSTSC session in Windows. If you would connect the web interface from Linux, enter the command to invoke Remote Desktop (RDP) connection. By doing so, whether you connect the PMP web-interface from Windows or Linux, you will be able to establish the connection automatically.
Example 2
Assume you have 10 resources - Cisco devices and Unix servers. You have stored the login accounts and passwords of these 10 resources in PMP. You want to directly login to these resources from PMP web-interface. You will connect the PMP web-interface from Windows. For auto logon, you need to do the following:
Create a 'helper script' by providing the
command to establish connection to the target system. The command has
to be written specific to the operating system from where the PMP web-interface
will be connected. That is, if you would connect the PMP web-interface
in Windows, the command has to be Windows specific - enter the command
that would normally use to invoke a PuTTY session in Windows. Instead
of PuTTY, you can also enter the command for TELNET.
PMP will have no control over the command other than invoking it and also
does not process the result of the command. The helper script supplied
will be stored in the same database as the other information, which provides
security as well as backup, if it is configured for the PMP database.
The command is invoked with the same privileges as the user account running
the browser that is accessing the PMP application.
Go to "Admin" >> "Customize" >> and click "Auto Logon Helper"
In the UI that opens, click the button "Add Helper"
In the UI that pops-up, provide the details as detailed in the steps below.
The name that you enter here will be used
as the display name for the script and will be shown in the web-interface
to automatically log in to the remote systems or applications.
Entering the command for the helper script is the most important step in creating the script. PMP has no control on the commands entered by you. It will execute the commands as they are. So, exercise care while entering the command.
The following example will make you understand this step with ease:
Assume that your requirement is to connect to a remote system automatically from PMP by establishing a telnet connection, you need to do the following:
You need to write the command for establishing telnet connection to the target system. The command has to be written specific to the operating system from where the PMP web-interface will be connected. That is, if you would connect the PMP web-interface in Windows, the command has to be Windows specific - enter the command that would normally use to invoke a telnet session in Windows. However, it is advisable to enter the commands for establishing the connection from both Windows and from Linux separately. By doing so, whether you connect the PMP web-interface from Windows or Linux, you will be able to establish the connection automatically.
|
It is pertinent to take note of the following before creating your commands:
You can use the following place holders in your command string:
%RESOURCE_NAME% %DNS_NAME% %ACCOUNT_NAME% %PASSWORD%
These place holders will be replaced with respective values at the time of invoking of the commands. Also, the command configured will be invoked as is on the user machines and hence it is recommended to ensure that the PATH environment variable is properly set or the command be located in the same execution path in all the user machines.
Invoking Direct Connection to URLs
If you want to open connection to a URL automatically in a browser window, you can specify the URL for the same through 'Resource URL' field while adding the resource or by editing a resource. You can even specify the user name and password in the URL to directly login to the resource. For security reasons, PMP provides the option for using place holders to avoid the usage of user name, password etc in plain text in the URL. At the time of URL invocation, PMP replaces the respective data for the placeholders and submits the data by 'POST' method. Nowhere during the URL invocation, the password will be visible to the users.
The following four place holders are allowed: %RESOURCE_NAME%, %DNS_NAME%, %ACCOUNT_NAME%
and %PASSWORD% |
In the text field against "Command to invoke in Windows", enter the command for invoking auto logon from PMP web interface connected in Windows. For example, to establish telnet connection to a remote system automatically from the PMP web interface connected in Windows, enter the command as follows:
telnet %DNS_NAME% -l %ACCOUNT_NAME%
PMP will take care of replacing the values of the respective place holders.
Similarly, in the text field against "Command to invoke in Linux", enter the command for invoking auto logon from PMP web interface connected in Linux. For example, to establish telnet connection to a remote system automatically from the PMP web interface connected in Linux, enter the command as follows:
konsole -e telnet %DNS_NAME% -l %ACCOUNT_NAME%
After creating the required commands as detailed above, you need to select the 'Resource Types' for which you wish to map the helper commands.
For example, assume you have created helper script for connecting to remote systems via PuTTY (from PMP web-interface), you can map the command to the following resource types: All UNIX resources and Cisco devices. If you do so, the auto logon to remote systems via PuTTY will be enabled for all the resources belonging to the above three resource types. When you view those resources, you will find "Connect To" icon as shown below. The command names associated by you to that resource type will be visible in the list. (Complete Step 6 below before trying to check this step in your setup, otherwise the data entered in this UI till now will not be saved).
For a particular target system, there can be more than one method to connect (telnet, PuTTY, RDP etc.,) and hence you can map any number of commands to a single target system type. All the command names associated with the resource type will be displayed on "Connect To" icon.
As explained above, the helper script is invoked with the same privileges as the user account running the PMP server. To guard against potential risks associated with invoking arbitrary scripts/commands, a dual control mechanism is implemented, which will ensure two administrators see and approve the script before it is invoked by PMP.
The helper scripts can be added only by PMP administrators. The scripts thus added have to be approved by some other administrator. So, the helper script created will remain pending for approval. Select an administrator from the drop-down to send approval request. A mail will be sent to that administrator intimating the approval request.
If you are an administrator and requested by another admin to approve a script, you need to navigate to "Admin" >> "Customize" >> and click "Password Auto Logon" and click the link present under "Approval Status". Once it is approved, the helper script will take effect.
Click "Save". The required auto logon helper has been created. The helper script creation and approval events are all audited in PMP.
To automatically connect to a particular resource, navigate to the 'Resources' tab and click the required resource. Click the "Connect To" icon present against the required user account. A list containing the list of commands supported for that resource will be displayed. Click the required command.
For the first time of invocation alone, you will have to install browser plug-ins as explained below:
Due to the inherent security restrictions in the browsers, as a one-time activity, you need to download and install browser specific plug-ins to invoke operating system commands.
To install plug-in for Internet Explorer
When you click the 'Connect To' icon of a resource, you will get a security warning pop-up. The pop-up will ask if you want to install that plug-in with publisher name as AdventNet Inc.. Click 'Install'. The plug-in would be installed.
To install plug-in for Firefox
Go to Admin >>> General and click the icon "Plug-in for Firefox"
You will see an yellow band on top of the browser with the following wordings: "Firefox prevented this site (<your hostname>) from asking you to install a software in your computer". At the end of that you will find "Edit Options". Click that.
Click Admin >>> General >> "Plug-in for Firefox" again
Click "Download Software"
Click "Install"
Click the option "Restart Firefox"
Once you do this, you will be able to login automatically.
© 2007, AdventNet Inc. All Rights Reserved.