The BMC Bladelogic for Servers RSCD Agent has three configuration files which are key to enabling remote users or Application Servers to interact with the agent.  There are two locations where such files are placed:

  1. For Linux/UNIX Systems, these files are under /usr/lib/rsc
  2. For Windows Systems, these files are under C:\Windows\rsc

 

The files are:

  1. exports – defines who can connect to the agent
  2. users – defines the Roles and Users (ACL-based) that can interact with the agent, and the account those users should impersonate into
  3. users.local – static definition (supersedes the users file) of Roles and Users (Non-ACL driven) that must always have access to the agent.

 

The typical configuration is as follows:

  • exports – should define at a minimum the BBSA application server that can communicate with this agent.  This is how you secure and prevent unauthorized AppServers from talking to the RSCD Agent

 

10.10.10.10   rw,user=Administrator

Where:

  1. 10.10.10.10 is the IP address of the BBSA Application Server
  2. rw is the permission (read-write) that system has.
  3. Administrator is the impersonated user on the local system.  This can also be root on a linux/unix system.

 

  • users – is populated by performing an ACL Push Job from Bladelogic.  Applies the RBAC model assigned in BBSA to the target system’s RSCD Agent.
  • users.local – must have at a minimum three entries which allow BBSA Application Server (defined in #1) to properly communicate to the target system for mundane fundamental actions:

     

    RBACAdmins:RBACAdmin   rw,map=Administrator
    BLAdmins:BLAdmin               rw,map=Administrator
    System:System                           rw,map=Administrator

    Where:

    1. RBACAdmins:RBACAdmin is the default user in BBSA to manipulate Roles and Permissions.
    2. BLAdmins:BLAdmin is the default Administrator user in BBSA
    3. System:System is an undocumented requirement.  BBSA App servers historically have used this built in role/user for functional communications to with the RSCD Agent. I believe mostly this is needed for communicating with the RSCD agent on the File Server.

    You do not need to restart the RSCD agent for these changes to take effect.

    About the author:

    Vinnie Lima

    Vinnie Lima is the Managing Director for VVL Systems & Consulting, a small business focusing on IT Optimization for Cloud, Infrastructure, and End Users. Based out of Baltimore, Maryland, Vinnie Lima has over 21 years in IT Automation, Orchestration, and Cloud. Mr. Lima’s career has been focusing on helping customers drive value from their IT investments through the use of leading edge technologies and approaches, driving innovation in a wide spectrum of industries such as DoD, Federal, Health Care, and Financial.

    facebook twitter linkedin instagram

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Subscribe to our Newsletter
    Stay informed with the latest technology news, industry events, and training offered by VVL Systems for free! Fill out this form and receive our newsletter delivered straight to your inbox.

    See how VVL has helped clients leverage the latest technologies and agile capabilities.

    Latest VVL and Industry News

    BMC Helix: Know the Unknowns

    Modern enterprise is moving at a speed and scale never seen before. Leaders in the IT industry are expected to…

    Cloud Cost Surprises

    Nobody has time for that Many organizations move to the cloud in hopes of saving money. However, this isn’t always…

    Upcoming VVL and Industry Events

    AWS re:Invent 2019

    Join us for deep technical sessions, hands-on bootcamps, hackathons, workshops, chalk talks, keynotes, and of course, some uniquely Amazonian fun!…