Securing the solution

Security is important within the IBM® Intelligent Operations Center because the solution is central to essential operations. To ensure security, it is important that you are aware of the default settings and that you manage users of the solution to give all users the correct level of access.

Default passwords

Your first task in securing the solution is to ensure that all default passwords are changed. For more information about the default passwords, see the link at the end of the topic.

Secure connection

The IBM Intelligent Operations Center is HTTPS enabled by default. You can change HTTPS settings for the business monitoring service that processes key performance indicators (KPIs).

Any change to the HTTPS setting for an individual service must be accompanied by an update to the corresponding port setting. For more details on changing the settings in the system properties, see the link at the end of the topic.

User authentication

User authentication is associated with authorization rights that give the user access to the appropriate features. IBM Intelligent Operations Center supports integration to the existing security infrastructure for single sign-on.

IBM Intelligent Operations Center user permissions are managed through WebSphere® Portal users and groups. WebSphere Portal uses the Lightweight Directory Access Protocol (LDAP) database that is provided by the Tivoli® Directory Server, which runs on the data server.

The security system that is provided with the IBM Intelligent Operations Center can accommodate many user groups, roles, and permissions. Accommodating many user groups, roles, and permissions can lead to a security regime that is difficult to manage. It is recommended that administrators restrict the number of groups and permissions.

User roles and permissions

Membership of a role-based user group provides a way of controlling access to the IBM Intelligent Operations Center. The users in a group have access only to the features of the solution that correspond to their role. Being a member of a role-based user group also helps users to focus on the appropriate tasks. The standard roles are CityWideSupervisor, CityWideOperator, CityWideExecutive, and CityWideAdmin.

To add a user to IBM Intelligent Operations Center:

Choose a group that is appropriate to the role of the user in the organization, and make the user a member of that group.
Complete a profile for the user and include at least the user ID, name, and password.

Data sources and permissions

Access to a feature in IBM Intelligent Operations Center does not mean that a user can view all the data sources that it contains. To ensure that users see only the appropriate data, access is determined during the configuration of individual data sources. An administrator can assign access to a data source to both user groups, and to individual users.

WebSphere Portal Enable

WebSphere Portal Enable provides a platform that can be scaled to accommodate the required set of users. It also provides role-based access that can be adjusted to reflect the required organization structure. You can view, create, and delete users or user groups with the Manage Users and Groups portlet. You can also change group memberships. For more information about this portlet, see the link at the end of the topic to the WebSphere Portal product documentation.

User roles and access
IBM Intelligent Operations Center implements security by limiting access to features based on user roles.
User role groups and authorization permissions
In IBM Intelligent Operations Center, a set of permissions for accessing views and the features that they contain is associated with each user role group.
Defining IBM Intelligent Operations Center groups
The IBM Intelligent Operations Center security service returns only IBM Intelligent Operations Center groups. You can configure IBM Intelligent Operations Center to identify what other LDAP groups are IBM Intelligent Operations Center groups by configuring the IocGroupList system property.
Adding a user
You can add users to IBM Intelligent Operations Center.
Adding a group
You can add groups to IBM Intelligent Operations Center.
Viewing or modifying group membership
View or modify group membership to manage the access permissions of users in IBM Intelligent Operations Center.
Viewing or editing a user profile
View or edit the profile of a user to set or reset any of the user profile attributes, including the password. You cannot change the user ID.
Deleting a user or group
You can delete a user or group from IBM Intelligent Operations Center.
Importing users and groups
You can import users in bulk into IBM Intelligent Operations Center through the portal administration console.
Defining standard operating procedure roles
The standard operating procedure component obtains the current authentication credentials to determine what actions each user is authorized to do. Each user is authorized to do standard operating procedure actions that are based on the LDAP Roles that the user is assigned to, and must match the distinguished name (DN) that is used in association with the standard operating procedure objects.
Configuring taskbar access
In the Operations view, users access features, such as the KPI dashboard and the analytics tool, through buttons that are on the taskbar. An administrator can configure which features users and groups can access by configuring taskbar access privileges.
Importing SSL certificates for HTTPS connections
If any of the servers in the solution need to communicate with external servers by using a secure HTTPS connection, you must import the relevant SSL certificate into the WebSphere Application Server truststore.

Related concepts:

Password information for a standard environment

Related tasks:

Configuring system properties

Related information

IBM WebSphere Portal 8 product documentation