AppDynamics for Databases


AppDynamics for Databases

2.9.x Documentation

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

If you run AppDynamics for Databases on a publicly accessible server, or if you'd like to lock down its usage internally, then the simplest solution is to username/password protect access to the UI. 

When you have security enabled, users must enter the security credentials to access the AppDynamics for Database (AppD4DB) GUI.

If the wrong username/password combination is entered, a security violation error appears.

You have the option to setup basic security, best for an environment where very few users will have access to the AppD4DB GUI, or you can integrate AppD4DB with your LDAP server to grant many users and groups access.  Once you have implemented security for AppD4DB, you can then monitor log on attempts for purposes such as to determine if AppD4DB is being used to its full potential or to thwart any hack attempts into AppDB before they are successful.

Setup Basic Security

AppD4DB has three predefined users:

  • admin: The administrator is has the permissions of all three roles, Administration Access, masterUser Access, and Read-Only access.
  • readonly: The readonly user has the permissions of only the Read-Only Access Role.
  • master: The master user has the permissions of the masterUser role.

AppD4DB has three predefined security roles:

  • Administration Access: Provides total control over AppDynamics for Databases. Users created with this role can perform all functions.
  • masterUser Access: Provides 
  • Read-Only Access:  Provides read-only access  to AppD4DB. Users created with this role cannot change settings, add collectors, or perform such tasks as create reports, add widgets,

To implement authentication:

At the bottom of <AppDInstallDir\apache-tomcat\conf\web.xml Look for the following

<!--
	Password protect AppDynamics for Database pages

	<security-constraint>
	 <web-resource-collection>
	   <web-resource-name>
		 Administation Access
	   </web-resource-name>
	   <url-pattern>/agentinstall/*</url-pattern>
	   <url-pattern>/alerts/addalert.jsp</url-pattern>
	   <url-pattern>/alerts/edit_activityalert.jsp</url-pattern>
	   <url-pattern>/alerts/edit_cmdalert.jsp</url-pattern>
	   <url-pattern>/alerts/edit_cpualert.jsp</url-pattern>
	   <url-pattern>/alerts/edit_customalert.jsp</url-pattern>
	   <url-pattern>/alerts/edit_netappalert.jsp</url-pattern>
	   <url-pattern>/alerts/edit_statisticsalert.jsp</url-pattern>
	 </web-resource-collection>
	 <auth-constraint>
		 <role-name>admin</role-name>
	 </auth-constraint>
	</security-constraint>

	<security-constraint>
	 <web-resource-collection>
	   <web-resource-name>
		 Read-Only Access
	   </web-resource-name>
	   <url-pattern>/*</url-pattern>
	 </web-resource-collection>
	 <auth-constraint>
		 <role-name>readonly</role-name>
	 </auth-constraint>
	</security-constraint>

	<login-config>
	 <auth-method>BASIC</auth-method>
	 <realm-name>Admin Users Only</realm-name>
	</login-config>
	-->
</web-app>

1.  Remove the closing XML comment tag before </web-app>.  The closing XML comment tag is "-->"

2.  Insert a closing XML comment tag after "<--Password protect AppDynamics for Database pages"

3. Restart the AppD4DB service. Go to the Windows services manager and restart "DBTuna GUI".

In a browser, go to the security page.  For example,  http://<hostname>:8090/security

The following dialog appears where you can setup basic security or enable LDAP integration for AppD4DB:

2. Enter the passwords for the admin and readonly users and then click Modify Password.

    Windows: Restart the Windows service named: "DBTuna GUI". 

    Linux: From the AppD4DB home directory, run "./stop.sh", followed by "./start.sh".

To change the password of a user, enter the password twice in the boxes provided and then click Modify Password.

You can change the role name of any of the resources by entering the new Role Name and then clicking Modify Role Name.

Setup LDAP/Active Directory Integration

If you scroll down the Security Setup page, you will see the following sections that you must complete and then click Save Config to integrate your LDAP server with AppD4DB. When LDAP is integrated, your LDAP users will be granted AppD4DB permissions.

To complete the fields in the LDAP/Active Directory Authentication section:

The following helps you understand the requirements of the values for each Property Name field of the LDAP/Active Directory Authentication section:

  • masterUsername: The AppD4DB user name of the master user or of an administrator. 
  • masterPassword: The password for the master user.
  • connectionName: The user name AppD4DB uses to log on to the LDAP or Active Directory server.
  • connectionPassword: The password for the user AppD4DB uses to log on to the LDAP or Active Directory server.
  • connectionURL: The URL of the LDAP or Active Directory server
  • userBase: The starting point for the search for users in the LDAP directory tree. You can specify the search base using the following comma-separated objects:
    • cn: common name
    • ou: organizational unit
    • o: organization
    • c: country
    • dc: domain
  • userSubtree:
  • roleSearch: 
  • roleName:
  • roleSubtree:
  • roleBase:

Enable Authentication Tracking

To log failed and successful login attempts, add the following code to the end of AppD4DBInstallDir\conf\logging.properties.

logging.properties
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authentical.useParentHandlers = true

Monitor Access Attempts

You can check to see who has been successful and unsuccessful attempts to log into the AppD4DB UI in the catalina.date.log file located in. AppD4DBInstallDir\apache-tomcat-logs.  

  • No labels


Have a question about the topic on this page? Ask the AppDynamics Community.

Privacy Statement | Change Settings