Application Health check by AIOps without awindows admin access

    • Karthik
      Participant
      2 years, 3 months ago #3365

      Context is:

      In one of our accounts, we have Cheetah implementation.
      we have healthchecks implemented for AMS\Infra applications (services, reboot etc Faults) using Ignio’s OOB capabilities which in-turn uses powershell scripts to check the server’s services status.
      This was via a windows generic user account with admin privileges on target server. Execution is from Ignio, Ignio remotely checks the services\fault healthchecks.

      Here, we need a solutioning help wherein,

      Can the OOB capabilities be executed without admin privileges. OR
      A way wherein instead of needing admin privileges to target server, can Ignio run the healthcheck directly on destination server locally with a generic user (as this will help us to get away without needing admin privileges).

      Can any one tell – without getting admin access, there cannot be healthchecks run via Ignio (for Windows OS) even though healthchecks are ‘read’ operations and not ‘self-heal’ (no write-operations). But customer’s compliance policies do not allow providing admin access, so needed help from someone who knows Ignio well and can provide a workaround for this ask.

    • arumuganainar.s
      Moderator
      2 years, 3 months ago #3367
      Up
      3
      Down
      ::

      Currently ignio needs local administrator privilege in the target servers in order for it to connect to the target servers. It does not need domain admin privilege. Though the health commands are read only, ignio needs local administrator privilege to connect to the target server through powershell remoting.

      From SP7, ignio will not need local administrator privilege as it can support Powershell JEA configuration.

      JEA Prerequisites (in short):
      List of things to be enabled in target machine(s):
      • PowerShell 5.0 or Windows Management Framework 5.1 or higher
      • Define Role capabilities
      • Define Session Configuration
      • Register the JEA Configuration

      In Connector Policy:
      • Configuration Name of JEA should be specified

    • Karthik
      Participant
      2 years, 3 months ago #3368
      Up
      0
      Down
      ::

      Thanks a lot Arumuganainar. Its very much helpful

Viewing 2 reply threads

You must be logged in to reply to this topic.