Chat now with support
Chat with Support

Foglight 6.0.0 - Administration and Configuration Guide

Administering and Configuring Foglight Extending Your Monitoring Reach with Foglight Cartridges Administering Foglight Configure Rules and Metric Calculations to Discover Bottlenecks Customizing Your Foglight Environment with Tooling

Controlling System Access with Credentials

Foglight can monitor different resources in an organization. Some of these resources can be secured while others are not. Your organization has specific security policies for those resources that require authorized access. For example, Windows hosts are secured resources that require a Windows login. Unix hosts are also secured resources that require a valid Unix login. Foglight allows you to store system credentials for accessing secured resources in a central location.

A credential is a piece of information that an agent instance needs to gain access to the monitored system. For example, you can associate one client with a database server and another with a production server, and have an agent instance monitoring the database server connect using a user name and password. Another agent instance monitoring the production server can connect to it using Windows-based login information.

Different cartridges support different types of credentials. Some cartridges, for example, support the use of Windows and Unix credentials, while others can only authenticate local users. The credential type determines which parts of the monitored system are used to connect to a resource, such as host names or IP addresses. For complete information about cartridge-specific credential types, see your cartridge documentation.

Credentials are encrypted and stored in lockboxes. Lockboxes are released to credential clients, such as agent managers.

The Credentials dashboard provides quick access to credentials and lockboxes. This dashboard provides at-a-glance information about the current state of credentials, lockboxes, credential clients, the alarms they generate, and cartridge-specific credential views. Use it as a starting point for your credential management needs. To access this dashboard, on the navigation panel, click Dashboards > Administration > Credentials.

A credential is a piece of information required to gain access to system resources. Foglight agents need access to this information when monitoring systems that require credential verification.

Foglight supports a set of commonly used credentials such as currently logged in user, password-based, user name with or without password, and Windows credentials. Each credential can have one or more authentication policies, based on the desired usage count, failure rate, the time range during which the credential can be used, and the amount of time during which the credential information is cached locally. Credentials can apply to specific parts of the monitored environment, such as hosts and ports.

You create and manage credentials, as well as edit their type, authentication policies, and target resources, using the Manage Credentials dashboard. To access this dashboard, on the main Credentials dashboard, click Manage Credentials.

For more information, see the following topics:

Occasionally, credential clients may encounter errors. For example, a credential client can fail to start a monitoring agent due to a credential failure. The Monitor Credential Alarms dashboard lists all alarms that are raised by credential clients and provides additional information about each alarm, such as the severity, alarm message, event or rule that generated it, and other information. To access this dashboard, on the main Credentials dashboard, click Monitor Credential Alarms.

For more information, see the following topics:

A lockbox can be password-protected, and contains a collection of credential keys used for encryption and decryption.

You can create, edit, and manage lockboxes, change their passwords, and release them to credential clients using the Manage Lockboxes dashboard. To access this dashboard, on the main Credentials dashboard, click Manage Lockboxes.

For more information, see the following topics:

The View Clients dashboard lists all credential clients that exist in Foglight, and provides additional information about each client, such as its name, type, and assigned lockboxes, along with other information. To access this dashboard, on the main Credentials dashboard, click View Clients.

For more information, see Explore the View Clients dashboard.

In addition to the credential dashboards included with the Management Server, some cartridges may include their own credential views. If your system includes any domain-specific credential views, the links to these views are listed at the bottom of the Credentials dashboard.

 

 

Administering Foglight

This section focuses on recommended maintenance tasks that ensure optimal Foglight® performance. It also describes the starting points in Foglight administration.

The following standard maintenance tasks should be performed to ensure a stable Foglight system. This simple guidance can help Foglight administrators to optimally and consistently perform their administrative tasks. Successful ongoing management of an enterprise-class Foglight implementation requires formal Foglight administrator training from Quest professional services.

As a starting point, this topic assumes a stable installation which, at minimum, contains the following configuration components:

Finally, this topic addresses the ongoing maintenance tasks required to ensure your Foglight Management Server stays operationally healthy.

Generally speaking, most of the tasks required to ensure a stable installation can and should be automated. For example, there is not much value in asking a Foglight administrator to log in only to ensure it is running or check to see if there is enough memory when rules and automated emails can be generated to notify administrators of potentially worrisome conditions. As such, the first part of this topic identifies the automatable self-monitoring options that should be configured. The rest of the topic covers:

For more information, see the following topics:

Recommended Self-Monitoring Automation

A separate Remote Monitor process can be configured to watch the Foglight® High Availability (HA) process and notify an administrator in the event that the Foglight Management Server process unexpectedly shuts down. Configure the Remote Monitor process to ensure that an administrator is notified when the Foglight Management Server shuts down. For more information about the Remote Monitor process and running Foglight in HA mode, see the Foglight High Availability Field Guide.

A set of rules covering the critical health items for a Foglight Management Server is delivered with the Core-Monitoring Policy cartridge, included with the server install.This cartridge is installed and enabled during the server installation. Email notifications should be set-up for each of the rules delivered in this cartridge. To configure email notifications, use the Email Configuration dashboard. To access this dashboard, from the Administration dashboard, under Support, click Email.

Cyclic Maintenance

Each of the following tasks helps to ensure that the Foglight® Management Server is stable and is operating normally.

Assuming you automate self-monitoring as described in Recommended Self-Monitoring Automation, there is no need to perform the checks described below.

If you do not have automated self-monitoring in place, you must use the manual technique below, performing each item at least once daily.

For context on the key resource requirements and their effect on the Foglight Management Server, see the Foglight Performance Tuning Field Guide.

Perform the following tasks once every week:

Automated approach: Schedule this to generate weekly and email.
Manual approach: Manually create a report using the Report Manager and review it.

Perform the following tasks manually, once every month:

For more information about these dashboards, see the related online help topics.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating