The purpose of this Tech Doc is to address a concern about potential security issues associated with the default configuration of the SiteMinder OneView Monitor component.
CA currently has no plans to change the installation and deployment procedures for the SiteMinder OneView Monitor component. All SiteMinder deployments, including web agents, and the optional OneView Monitor component, require manual configuration and recommended measures to secure the installations.
The optional OneView Monitor component is not installed by default. When installing and deploying OneView Monitor, the administrator must create a SiteMinder policy, as described in the SiteMinder Admin Guide, to protect OneView Monitor.
Please review the solution below to ensure that you have implemented an appropriate SiteMinder policy to protect the OneView Viewer.
The default installation/configuration of OneView Monitor does not implement Oneview Monitor protection.
To secure the OneView Viewer, create a SiteMinder policy that protects the resources in sitemindermonitor.
Follow these steps to create the SiteMinder policy:
- Install Webagent on the webserver where OneView Monitor is being configured.
- Configure the webagent with your Policy Server.
- Create a Policy Domain, and add a User Directory to it.
- Create a realm to protect sitemindermonitor. Create the resource filter as:
- Create a rule under the above realm.
- Create a policy, and add the users from the user directory and the above rule. Save the policy.
The resource /sitemindermonitor should now be properly protected.