Enhanced access to DEV environments

Maximo® SaaS Flex customers can order one or more Enhanced Access DEV environments. This type of environment is optional and available at an added cost.

IBM Maximo SaaS Flex - Enhanced Access DEV Environment - Description, Limitations & Restrictions

Enhanced Access DEV environments are designed to allow customers who will be performing configuration and customization work more flexibility and less dependence on the IBM® SRE team to execute back-end configuration tasks. The MAXDEV environment has the following architecture:
  • One Windows Maximo Application Server running WebSphere®.
  • One Linux® Database Server running IBM DB2® or Oracle if specifically provisioned

Customers gain direct access to the Maximo Application Server console via RDP (Windows Remote Desktop) by using CDS provided OpenVPN client software. This allows them to connect and login as a standard windows user. Up to five windows user accounts can be created per environment.

OpenVPN and Windows user accounts can be requested by submitting case in the IBM Support Community after the environment have been provisioned.

Features include:
  • Access to the Maximo Application Server file system by using File Manager or DOS command prompt (for running configdb, installing class file extensions, and so on)
  • IBM WebSphere user ID (Administrator Role) for direct management and deployment of EAR files via the WebSphere console
  • Database user IDs allowing read and write access to the corresponding DEV database by using IBM Data Studio or SQL tools.
    Note: Read access is provided by default. Write access must be specifically requested.
  • BIRT Report Designer setup (on a per-request basis - must be requested by customers by submitting a case ticket).

Limitations

It is important to note that customers will not have Windows Administrator access to the Maximo DEV Application Server. This restriction is required for IBM to maintain corporate ITSS cloud security and compliance guidelines. The IBM SRE team configures all DEV accounts with standard windows user access; meaning that customers cannot perform the following tasks:
  • Windows Server shutdown or restart.
  • Installing and uninstalling applications.
  • Use of IBM Installation Manager.
  • Stop and start or restart of Windows services.
  • Changing settings for Windows Firewall.
  • Running Registry Editor (REGEDIT).
  • Killing processes from the DOS command line.
  • Running an application as an administrator.
  • Changes to system-wide settings.
  • Changes to files in folders that standard users don't have permissions for (such as %SystemRoot% or %ProgramFiles% usually).
  • Changes to an access control list (ACL), commonly referred to as file or folder permissions.
  • Installing device drivers.
  • Installing ActiveX controls.
  • Changing UAC settings.
  • Configuring Windows Update.
  • Adding or removing user accounts.
  • Changing a user’s account type.
  • Turning on file sharing or media streaming.
  • Running Task Scheduler.
  • Restoring backed-up system files.
  • Viewing or changing another user’s folders and files.
  • Running Disk Defragmenter.
  • Change power settings, turning off Windows features, uninstall, change, or repair a program
Note: Requests for any of the preceding tasks requires review and IBM SRE approval. A case must be submitted in the IBM Support Community detailing the request along with justification.

Database Server Access

Direct access to the DEV database server console (i.e. Linux SSH login) is not permitted. Read/write access to the DEV database itself is allowed via SQL or related tools from a) the Maximo Dev App Server console or b) Customer remote client workstations via a properly configured OpenVPN account or site-to-site VPN. Setup of VPN access can be requested via service request (case) ticket submission. Database access accounts must then be created by the SRE team for customers to connect. For more information on Direct Database Access, click here

SFTP Access

Enhanced Access DEV environments do not have SFTP access. File transfers must be done by using the Remote Desktop Connection (RDC) 'Local Resources' tab.