DX Unified Infrastructure Management

 View Only
  • 1.  Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Posted Apr 15, 2019 03:00 AM

    Goodday Everybody,

     

    My company is at the moment researching if the UIM product is suitiable for puchase. We want to use the UIM to provide monitor services to our customers. We are already employing various CA products, such as the API Gateway which thusfar we successfully have been able to monitor with UIM.

     

    However we also use products that are not from CA. One of these products is the cloud service Dell Boomi. I've already researched that it is possible to monitor products with API with the use of the RESTMon of UIM. We have a company enforcement though, that every Dell Boomi account must be secured with two factor authentication based on TOTP with the google authenticator app. It is not possible to make a seperate account on which this authentication does not apply, since it is only enforceable to all or none.

     

    I've already tested the Dell Boomi API with postman, and I was able to run successful API questions. However, I did need to provide an extra header in which I had to fill in the temporary password provided by the Google authentication app. This also changes every 30 seconds, so practically I had to type in for every API call a new password.

     

    So the question comes down to this:

    Is it possible to monitor products with UIM which require a two factor authentication. And if so, how can this be accomplished?



  • 2.  Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Broadcom Employee
    Posted Apr 15, 2019 04:30 AM

    Hi,

    Does your question come to : whether or not UIM restmon probe supports MFA (multi factor authentication) ?



  • 3.  Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Posted Apr 15, 2019 04:36 AM

    In essence, Yes. I already contacted with CA Support which couldn't supply me with a clear awnser and suggested to ask communities.



  • 4.  Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Broadcom Employee
    Posted Apr 15, 2019 06:33 AM

    Thank you very much for reply.

    I don't think that there are probes that supports MFA.



  • 5.  Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Broadcom Employee
    Posted Apr 15, 2019 08:40 AM

    In our experience with RESTmon in these type of scenarios, we invariably are able to leverage a service account/mode so that normal MFA is not used.



  • 6.  RE: Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Posted Dec 09, 2020 10:46 AM
    Hi Rich: How does the configuring JSON for the RESTmon schema show the service-account userID and key (of the key/pair), please?

    I've not been able to find a document that lists the various authentication options that the probe support, and most of the supplied examples use either no auth, basic or digest.

    Thanks.


  • 7.  RE: Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Broadcom Employee
    Posted Dec 10, 2020 03:19 PM
    Glenn,
    got this in my notes and no point in asking for details since writing json files is unknown to me.

    Supported authentication mechanism is: basic; digest; ntlm; token; bearer; urltoken; Outh2

    token
    the parameters etc appear to be encoded in the token for example see https://auth0.com/learn/token-based-authentication-made-easy/

     in the schema you can have a header block you can specify the %token in there, We actually have 2 types of tokens, header tokens and url tokens

    this is a url block from the elasticsearch schema the little token bit is actually defining the token call clusterName so when you see %clusterName is it was actually something defined in the schema. You could define a token to store anything you want and call it anything you want.

    {
    "src": "",
    "xml_ns": "",
    "var": "",
    "id": "clusterstats",
    "url": "/_cluster/stats",
    "tokens": {
    "clusterName": "$['cluster_name']"
    }
    },

    %token the will hold the value of a token defined in the restmon.cfg
    so you create a token at the volumes level that stores the volume name and maybe we call it volumeName

    ------------------------------
    Support Engineer
    Broadcom
    ------------------------------



  • 8.  RE: Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Broadcom Employee
    Posted Dec 10, 2020 03:26 PM
    Also it might be more productive to post something in the APM forum since restmon development is mainly there.

    https://community.broadcom.com/enterprisesoftware/communities/communityhomeblogs?CommunityKey=be08e336-5d32-4176-96fe-a778ffe72115

    ------------------------------
    Support Engineer
    Broadcom
    ------------------------------



  • 9.  RE: Re: Is it possible with UIM to monitor a non CA product trough API which has double Authentication security?

    Posted Dec 11, 2020 02:33 AM
    Thanks David.
    I'm wary of using the APM forum for these questions, as I've already been burnt once by BC staff repeatedly telling me 'RESTmon probe can do <x>', when in fact it turned out that they meant the RESTmon capability of the DX-Gateway, which is entirely different.

    We can agree that the DX-Gateway's RESTmon capabilities were derived from the UIM RESTmon probe, but the two are now different and distinct and their usage is not interchangeable.  They also have different configuration mechanisms - DX-Gateway RESTmon has two JSON files - a schema and a profile.

    I've been posting here precisely because I have the UIM RESTmon probe to use and *not* the DX-Gateway.

    Thanks for your help with the other post.