Change Auditor - For Advanced Users 7.0.1

Table 6. Quest.ChangeAuditor.Repository SCP
Attribute	Attribute Syntax	Function	Default Value
CN	String	SCP Name	CN=ChangeAuditor.Repository
keywords	Multi-Value	Storage for the product GUIDs to facilitate location of only Change Auditor SCPs	{766B42F4-67C9-ADEF-CAAD- 119B62170DAE} <InstallationName> 06662872-CDFA-41b5-B907-E3CE0B3930E8 307e6593-bc62-454c-bb4e-0631e7ea1aab 877B42F4-67C9-49ed-ADDC-119B62170EBF 8E8E04C4-7EF0-4882-B670-82B8FA61026A ED469B3D-D500-423c-A3A7-70983961992A ChangeAuditor.Repository
serviceBindinginformation	Multi-Value	Contains Agent Port (Legacy 5.x Agents) and the InstallationName	<XML>
serviceClassName	String	Used to store the service class for authentication	NPRepository4
serviceDNSName	String	FQDN of the computer running the coordinator service	<Server FQDN>
serviceDNSNameType	String	The DNS record type of the host listed in the serviceDNSName	A

Ports and protocols

Change Auditor uses the following incoming communications ports (listening ports) to establish communication:

Table 7. Change Auditor incoming communication ports

Change Auditor client

None

Change Auditor agents

None

Change Auditor coordinators

The coordinator uses the following listening ports that can be dynamically or statically assigned.

•

Client Port

•

Public SDK Port

•

Agent Port (Legacy (5.x) agents)

•

Agent WCF Port (6.x agents)

NOTE: By default, the incoming ports are dynamically assigned by Windows. However, you can use the Coordinator Configuration Tool to specify static ports for each of these listening ports. To access the Coordinator Configuration Tool, right-click the coordinator system tray icon and select Coordinator Configuration.

The following table describes each segment of communication that occurs in the Change Auditor system along with technical details of each type of communication.

Table 8. Change Auditor communication segments
From/To	Description	Originating Port	Protocol	Destination Port
Client to Coordinator Service	WCF (Windows Communication Foundation)	Dynamic	TCP	Dynamic
Client to Agents (server and workstation agents)	WCF (Windows Communication Foundation) for configuration refresh If WCF call fails, falls back to WMI (DCOM)	Dynamic	TCP	135
Client to Agents (server and workstation agents)	SCM (ServiceControlManager) for Agent Service Start\Stop	Dynamic	TCP	135
Client to SQL Server Database	Connection for archive databases only	Dynamic	TCP	1433
Legacy (5.x) Agent to Coordinator Service	Configuration updates and/or event proxy	Dynamic	TCP	Dynamic
Agent (6.x) to Coordinator Service	WCF (Windows Communication Foundation)	Dynamic	TCP	Dynamic
Agent to SharePoint SQL Server database	OLEDB SQL Client	Dynamic	TCP	1433
Agent to vCenter server or ESX/ESXi host	VMware Web Service	Dynamic	TCP	443
SDK User\Service to Coordinator Service	WCF (Windows Communication Foundation)	Dynamic	TCP	Dynamic
Coordinator to SQL Server Database	.NET SQL	Dynamic	TCP	1433
Coordinator to Agents (server and workstation agents)	SMB File Share for Agent Deployment	Dynamic	TCP	445
Coordinator to Agents (server and workstation agents)	Remote Registry for Agent Deployment (RPC)	Dynamic	TCP	135
*Coordinator to Active Directory LDAP	.NET Directory Services	Dynamic	TCP	389
*Coordinator to Active Directory	Kerberos authenticated connections	Dynamic	TCP	88
*Coordinator to Active Directory GC (Global Catalog)	.NET Directory Services	Dynamic	TCP	3268
Coordinator to DNS Server	DNS name resolution for .NET Directory Services	Dynamic	TCP	53
Web Client to Coordinator	WCF (Windows Communication Foundation)	Dynamic	TCP	Dynamic
Internet Browser (for example, Chrome™ and Internet Explorer) to web client	HTTP/HTTPS	Dynamic	TCP	80/443

*The coordinator requires connectivity to domain controllers in the domain that the server is a member of and also the forest root domain.

Network encryption

Change Auditor uses the following different types of network encryption to protect sensitive information.

•

Secure password storage

•

Client to coordinator connection

•

Legacy (5.x) agent to coordinator connection

•

Agent to coordinator connection

•

Coordinator to SQL Server connection

Secure password storage

Certain aspects of Change Auditor auditing require storing passwords and other confidential data. Examples of such data include access credentials to NetApp, VMware, and SharePoint. To safeguard this data, Change Auditor uses RSA encryption.

On startup, the agent generates a private/public key pair and stores the public key in the database. When the agent is configured to audit another network device using the supplied credentials, these credentials are encrypted using the agent’s public key. This way, it is impossible for anyone but the agent itself to decrypt them.

The coordinators also store public keys in the database which are used to decrypt SMTP passwords to send alerts.

For user authentication and local password storage of user identities, Change Auditor uses CryptProtectData from http://msdn.microsoft.com/en-us/library/aa380261.aspx.

Change Auditor uses CryptProtectData with a key length that is variable-dependent upon input phrase. This encryption is symmetric. This encryption is automatically enabled. This encryption cannot be used outside of Change Auditor.

For user authentication and database password storage of external SMTP services, SRS Server templates, NetApp Filer, and EMC Celerra credentials, Change Auditor uses PROV_RSA_FULL from http://msdn.microsoft.com/en-us/library/aa387448(VS.85).aspx.

Change Auditor uses PROV_RSA_FULL with a key length that is variable-dependent upon input phrase. This encryption is symmetric. This encryption is automatically enabled. This encryption cannot be used outside of Change Auditor.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Change Auditor - For Advanced Users 7.0.1 - Technical Insight Guide

CN=ChangeAuditor.Repository

Ports and protocols

Network encryption

Secure password storage