Microsoft Operations Manager 2005 Security Guide
Welcome to the Microsoft Operations Manager 2005 Security Guide. This guide has been created for final release of Microsoft Operations Manager (MOM) 2005.
Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied.
Document Revisions
Revisions, June 2005
Section |
New or Updated |
Title |
Description |
|---|---|---|---|
New |
Action Account |
Added section identifying Action Account permissions for monitoring IIS logs. |
|
New |
Using MOM 2005 with a Disjointed DNS Namespace. |
Changed organization of content to provide clarity. |
|
Updated |
To use client certificates and SSL with MCF or MMPC |
Updated procedure to clarify tasks. |
Revisions, April 2005
Section |
New or Updated |
Title |
Description |
|---|---|---|---|
New |
Secure Credential Storage |
Added section describing how MOM 2005 stores credentials. |
|
Updated |
Security Groups |
Updated sub-section to clarify information about the MOM Users group. |
|
New |
Using MOM 2005 with a Disjointed DNS Namespace. |
Added note to clarify mutual authentication statement. |
|
New |
Discovery-Based Deployment |
Added note to identify exception for MsMgmtAuxillary.exe program. |
|
Updated |
Using MOM with Non-Trusted Domains or Workgroups |
Updated table to clarify non-trusted domain compatibility list. |
|
New |
Using Active Directory through a Firewall |
Added section describing a MOM Database Server that is beyond a firewall. |
|
Updated |
Secure Sockets Layer Encryption |
Updated section to describe the use of SSL for securing traffic sent to the Web console. |
In This Guide
Security Changes in MOM 2005 - This section talks about the specific security-related changes that have been made in MOM 2005 since MOM 2000 SP1.
Security for New Installations - This section talks about the specific security-related issues and requirements for installing MOM 2005 for the first time, as opposed to upgrading from MOM 2000 SP1.
Security for Upgrades - This section talks about the specific security-related issues and requirements for upgrading from MOM 2000 SP1to MOM 2005 as opposed to installing MOM 2005 for the first time.
Security for Agent Deployment - This section talks about the specific security-related issues and requirements for deploying MOM 2005 agents in your environment.
Management Server Security - This section talks about the specific security-related information that pertains to MOM Management Servers that is not covered in the deployment and upgrade sections.
MOM Database and Reporting Database Security - This section talks about the specific security-related information that pertains to the MOM Database and the Reporting Database that is not covered in the deployment and upgrade sections.
Agent Security - This section talks about the specific security-related information that pertains to agents that is not covered in the deployment and upgrade sections.
Using Additional Security - This section provides general information for using additional security measures with MOM 2005 including firewalls, IPSec, SSL, and SMB Packet Signing.
Best Practices - This section lists the security best practices for further securing and monitoring the security of, your MOM environment. This section does not cover how to use MOM to monitor the security of your IT environment.
Security Tasks - This section lists, hierarchically, all the security-related tasks in this guide with detailed procedural steps for completing them.
Additional Resources - This section lists additional resources and is organized according to the sections of this guide.
Important
The information in this chapter is based on the assumption that you have installed MOM 2005 on Microsoft Windows 2000 with the latest updates and service packs or Windows Server 2003, using the NTFS file system, and running Microsoft SQL Server 2000 with the latest service pack. Most of the information assumes an Active Directory environment. For more information about installation requirements and supported configurations, see the MOM 2005 Deployment Guide.
Note
This guide does not provide information specific to Windows Server 2003 SP1 or Windows XP SP2. This information will be provided elsewhere.