Replace application installation account with domain joined account
search cancel

Replace application installation account with domain joined account

book

Article ID: 229603

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Does the DX NetOps Performance Management tool allow the install to be owned by an AD user? Can it be owned by a non-local external user?

We have used the local user accounts with sudo level access while installing the DX NetOps solution CAPM, the account is having permissions to the application directories/ files.

As per our organization security policy, password for the local user accounts needs to changed for every 30 days. Due to this we are facing issues at application end as well.

So we are planning to replace the local user accounts with Active Directory service accounts, because this account has an exception for password expiry.

Here, we need your support/ guidance to perform this activity as we are not aware about the list of changes to be done in order to achieve it [ i.e, configuration file modification, DB level modification, file permission  level modification etc., ]

How to replace the local user accounts with Active Directory service account

Environment

All supported DX NetOps Performance Management releases

Cause

Environmental restrictions prevent use of local OS level users.

Resolution

For all component systems external users are acceptable. They still are required to meet sudo user requirements for successful installation and operation of the software.

Portal, Data Aggregator and Data Collector systems

The DX NetOps Performance Management Portal, Data Aggregator and Data Collector install owners can be external users. There is no requirement to use a local OS level user as the install owner.

The install owner, if not using a root user, does still need to meet the sudo user access requirements in order to successfully install and operate the software on the server.

To move from a local user (root or sudo users) to a non-local external user for the install ownership we would run a reinstall on top of the existing installation. When running the install on top of the existing installation, when prompted for the install owner user specify the new external user. When doing so it will update the necessary files and configure the system to run as the new external or AD user.

Data Repository Vertica DB clusters

Here the external user will need to meet sudo user requirements. It will also need to be capable of successful node to node SSH commands in a multi-node cluster.

For the DR you can create a LDAP user for the dradmin (or whatever user owns the install) with the group (verticadba) for the user and it can use the LDAP account and remove the account in the /etc/passwd file.

Note the DR will complain on an upgrade as it requires a local user. Here is the workaround for DR upgrade.