On this page:

If you run AppDynamics for Databases on a publicly accessible server, or if you'd like to lock down its usage internally, then the simplest solution is to username/password protect access to the UI. You have the option to setup basic security, best for an environment where very few users will have access to the AppDynamics for Databases GUI, or you can integrate AppDynamics for Databases with your LDAP server to grant many users and groups access.

Setup Basic Security

AppDynamics for Databases has three predefined users:

AppDynamics for Databases has three predefined security roles resources:

Note: The role name in the Security Roles section has to match an LDAP Group that the LDAP user belongs to.  For example, if I log into AppDynamics for Databases with user = "Bob" and "Bob" belongs to the LDAP group "AppD4DB-readonly" then the name "AppD4DB-readonly" has to be a role name within one of the Security Roles.

These users and roles are initially configured in <AppD4DB install dir>\apache-tomcat\conf\tomcat-users.xml and <AppDInstallDir>\apache-tomcat\conf\web.xml, respectively. Passwords are encrypted. You can change the passwords and rolenames on the AppDynamics for Databases Security window. 

<role rolename="admin"/>
<role rolename="readonly"/>
<role rolename="appd4db-admin"/>
<user password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" roles="admin,readonly,appd4db-admin" username="admin"/>
<user password="8171bacf32668a8f44b90087ad107ed63170f57154763ba7e44047bf9e5a7be3" roles="readonly" username="readonly"/>
<user password="280d44ab1e9f79b5cce2dd4f58f5fe91f0fbacdac9f7447dffc318ceb79f2d02" roles="appd4db-admin" username="master"/>

Note: Do not change the contents of tomcat-users.xml.

Implement authentication

  1. At the bottom of <AppD4DB install directory>\apache-tomcat\conf\web.xml, look for the following code:
    Note: Do not change the contents of web.xml except as instructed below.
  2. Insert a closing XML comment tag after "Password protect AppDynamics for Database pages". The closing XML comment tag is "–>".
  3. Remove the closing XML comment tag before "</web-app>".  The closing XML comment tag is "–>".
  4. Save the file and then restart the AppDynamics for Databases UI service.
  5. In a browser, go to the security page.  For example,  http://<hostname>:8090/security.  
    The following dialog appears where you can setup basic security or enable LDAP/Active Directory Service integration for AppDynamics for Databases:
  6.  Enter the passwords for the admin and readonly users and then click Modify Password
    To change the password of a user, enter the password twice in the boxes provided and then click Modify Password.
  7. You can change the role name of any of the security roles resources by entering the new Role Name and then clicking Modify Role Name.

When you have security enabled, users must enter the security credentials to access the AppDynamics for Database GUI.  The appearance of the logon dialog differs depending on the browser used to access the AppDynamics for Databases GUI. The following is the logon dialog as it appears in Windows Internet Explorer9.

If you enter the wrong username/password combination, the uncompleted logon dialog reappears so you can re-enter your credentials.  

If you try to access a page not accessible to the role to which your username has been assigned, you will receive a security violation error.

Setup LDAP/Active Directory Integration

When LDAP/Active Directory is integrated, your LDAP and Active Directory users matching the filters defined in this section, will be granted AppDynamics for Databases permissions.

Prerequisite: Setup Basic Security

  1. Open <AppD4DB install directory>\apache-tomcat\conf\server.xml, locate the line beginning with <!--Realm adCompat...  and remove the comment tags from the beginning and end of that line.
  2. Save the file and then restart the AppDynamics for Databases UI service.
  3.  In a browser, go to the security page.  For example,  http://<hostname>:8090/security.
  4. Scroll down the Security Setup window, you will see the following sections that you must complete and then click Save Config to integrate your LDAP or Active Directory Service server with AppDynamics for Databases. 

To complete the fields in the LDAP/Active Directory Authentication section

Your LDAP/Active Directory server administrator should provide you with the values you need to complete this section.

The following helps you understand the requirements of each property name field of the LDAP/Active Directory Authentication section:

Enable Authentication Tracking

To log failed and successful logon attempts, add the following code to the end of <AppD4DB install directory>\conf\logging.properties.

org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authentical.useParentHandlers = true

Monitor Access Attempts

You can check to see who has been successful and unsuccessful attempts to log on to the AppDynamics for Databases UI in the catalina.<date>.log file located in <AppD4DB Install directory>\apache-tomcat\logs.  The contents of this file can help you determine whether you have correctly configured the LDAP/Active Directory settings; if the user cannot log on, their logon attempts will show in this file.