Configuring the access list

This topic describes the access details that you require depending on type of configuration that you are using.

Note: Configuring the access list does not apply to the script-based or asynchronous discovery mode, because WebSphereScriptSensor requires only an OS-level user in the TADDM access list.

To configure the access list, complete the following steps:

  1. If security is disabled, no user accounts are needed.
  2. If security is enabled, specify the following details:
    1. For the component type, specify Application Server.
    2. For the vendor, specify WebSphere.
    3. Specify the username and password of WebSphere® Application Server.
    4. In SSL Settings, upload two certificates, trust, and keystores, with their passphrases. The default passphrase is WebAS.
  3. For the WebSphere JDBC driver sensor, complete the following steps:
    1. For the component type, specify Application Server.
    2. For the vendor, specify WebSphere SSH.
    3. Specify the username and password of a system account with appropriate privileges. If the WebSphere SSH access list is not specified, the WebSphere JDBC driver sensor will try to log in with ComputerSystem credentials.
  4. The WebSphere Application Server user can have monitor, operator, configurator, or administrator role. Any of these roles can discover all the information. Only the administrator role discovers security configuration information for WebSphere Application Server.
  5. Disabling security does not mean that you are not using SSL. Check whether you are prompted for a password when you connect to the WebSphere Application Server Admin Console.
    • If you need only a user name to log on to the Admin Console, security is disabled.
    • If you need a user name and password to log on to the Admin Console, security is enabled.
    • If the connection to the Admin Console is through https (look at the URL in your web browser), you need the certificates.

Access to Configuration Files

  • In general, the WebSphere Application Server sensor captures the following configuration files:
    • WebSphere Application Server cell
    • WebSphere Application Server node
    • WebSphere Application Server server

    This information is made available for the change history over time. It is also made visible in the Discovery Management Console (Configuration files tab of the Details panel) for each of the preceding configuration items.

  • When the sensor starts, it also uses the following two files to make key decisions about the discovery of WebSphere Application Server:
    • $WAS_ROOT/config/cells/cell_name/cell.xml

      This helps to determine if the system is ND or stand-alone WebSphere Application Server. If read access to this file is not available, the sensor continues and uses JMX to determine whether it is an ND or stand-alone WebSphere Application Server.

    • $WAS_ROOT/config/cells/cell_name/nodes/node_name/serverindex.xml (for ND, node_name is the dmgr's node, for stand-alone mode, there is only one node)

      This helps to determine the port on which the JMX SOAP connector is listening. If read access to this file is not available, the sensor attempts to set up a JMX connection by cycling through all the listen ports of the WebSphere Application Server server/dmgr being discovered. The ports are tried in ascending order since this method results in quicker identification of the JMX port.