Chat now with support
Chat with Support

Foglight 5.9.5 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Running Foglight Management Server

Foglight® requires administrative privileges to configure the server to run as a service (a Windows® service or a UNIX®/Linux® init.d script). Once it is configured, the service can be launched with a regular user account.

Installing agent Components

Certain cartridges (for example, Foglight® for Java EE Technologies) include one or more executable agent installers. The Components for Download dashboard, accessible from the Administration Console, can be used to download agent installers from the Management Server to a remote machine.

Manual database configuration

When installing the Foglight® Management Server for use with an external database, the database can be set up later (that is, after the Management Server installation is complete). In this case, the database must be manually configured prior to starting the Management Server. This configuration requires executing the scripts in the <foglight_home>/scripts/sql directory as described in the Installation and Setup Guide applicable to the system and database. Some scripts must be run using an account with administrative privileges.

Controlling remote system access with credentials

Foglight® can control access to specific elements of a monitored system through a built-in credential management system. If an organization has specific policies in place regarding system access, such policies can be implemented using credentials managed by the Management Server.

Foglight supports a set of commonly used credentials such as:

Each credential can have one or more authentication policies associated with it, based on the desired usage count, failure rate, the time range during which the credential can be used, and the amount of time during which the credential information is cached locally. Credentials can apply to specific parts of the monitored environment, such as hosts and ports.

Foglight agents need access to this information when monitoring systems that require credential verification. Credentials are stored encrypted in lockboxes. Lockboxes are released to credential clients, such as agent managers.

Related Documents