Using bind-address in mysql configuration prevents CA Spectrum Report Manager (SRM) from working

Article Id: 131226
Status: Published
Updated On: 23-03-2020 11:30
Products:
CA Spectrum
Issue/Introduction:

Adding "bind-address = x.x.x.x" to the my-spectrum.cnf to allow remote connections seems to have prevented OC SRM from working properly.

Cause:

Bind-address limits/allows connections from any/all devices from that same subnet as specified. For example, if bind-address = 19.2.168.0.1 is used, then any host on the 192.168.0.x subnet would be able to connect to mysql but outside that subnet would not work.

This generally is not recommended due to security issues.

Environment:

Spectrum 10.x

Resolution:

The suggested way to allow remote connections is to:

  1. Use a Secure SSH Tunnel.

    https://dev.mysql.com/doc/refman/5.7/en/windows-and-ssh.html

  2. Utilizing MySQL GRANT statements and limiting connection to IP/Username.

    For example:

    GRANT ALL ON reporting.* TO 'user123'@'192.168.0.1' IDENTIFIED BY 'password123';
    FLUSH PRIVILEGES;

The above will allow the user 'user123' to connect from 192.168.0.1 with all permissions to the reporting database.

Ideally the permissions would also be limited to those needed, I.e. SELECT, INSERT, etc.

By default Broadcom MySQL Server does NOT allow remote connections except for SSH as it is a secure tunnel.