AppDynamics for Databases
2.9.x Documentation
If you run AppDynamics for Databases on a publicly accessible server, or if you'd like to lock down its usage internally, then the simplest solution is to username/password protect access to the UI.
When you have security enabled, users must enter the security credentials to access the AppDynamics for Database (AppD4DB) GUI.
If the wrong username/password combination is entered, a security violation error appears. If you try to access a page not accessible to the role to which your username has been assigned, you will also receive a security violation error.
You have the option to setup basic security, best for an environment where very few users will have access to the AppD4DB GUI, or you can integrate AppD4DB with your LDAP server to grant many users and groups access. Once you have implemented security for AppD4DB, you can then monitor log on attempts for purposes such as to determine if AppD4DB is being used to its full potential or to thwart any hack attempts into AppDB before they are successful.
AppD4DB has three predefined users:
AppD4DB has three predefined security roles:
At the bottom of <AppDInstallDir\apache-tomcat\conf\web.xml, look for the following code:
1. Remove the closing XML comment tag before </web-app>. The closing XML comment tag is "-->".
2. Insert a closing XML comment tag after "<--Password protect AppDynamics for Database pages"
3. Restart the AppD4DB UI service.
When you have Tomcat security enabled, users must enter the security credentials to access the AppDynamics for Database (AppD4DB) GUI.
If the wrong username/password combination is entered, a security violation error appears.
You have the option to setup basic security, best for an environment where very few users will have access to the AppD4DB GUI, or you can integrate AppD4DB with your LDAP server to grant many users and groups access. Once you have implemented security for AppD4DB, you can then monitor log on attempts for purposes such as to determine if AppD4DB is being used to its full potential or to thwart any hack attempts into AppDB before they are successful.
In a browser, go to the security page. For example, http://<hostname>:8090/security.
The following dialog appears where you can setup basic security or enable LDAP integration for AppD4DB:
2. Enter the passwords for the admin and readonly users and then click Modify Password.
Windows: Restart the Windows service named: "DBTuna GUI".
Linux: From the AppD4DB home directory, run "./stop.sh", followed by "./start.sh".
To change the password of a user, enter the password twice in the boxes provided and then click Modify Password.
You can change the role name of any of the resources by entering the new Role Name and then clicking Modify Role Name.
If you scroll down the Security Setup page, you will see the following sections that you must complete and then click Save Config to integrate your LDAP server with AppD4DB. When LDAP is integrated, your LDAP users will be granted AppD4DB permissions.
The following helps you understand the requirements of the values for each Property Name field of the LDAP/Active Directory Authentication section:
To log failed and successful login attempts, add the following code to the end of AppD4DBInstallDir\conf\logging.properties.
org.apache.catalina.realm.level = ALL org.apache.catalina.realm.useParentHandlers = true org.apache.catalina.authenticator.level = ALL org.apache.catalina.authentical.useParentHandlers = true
You can check to see who has been successful and unsuccessful attempts to log into the AppD4DB UI in the catalina.date.log file located in. AppD4DBInstallDir\apache-tomcat-logs.