Changing the Authentication Method

Subsequent changing of the authentication method involves considerable effort. The Automation Engine and all agents must be restarted regardless of the authentication method you select.

To Change the Authentication Method from NO to LOCAL (Server)

1. End all agents.
2. End all server processes.

3. Export the Authentication Key to a file. You do so in batch mode using the AE.DB Load utility (see Start Parameters - Utilities).

   The Authentication Key has not yet been set in the database.
   

4. Make this file available to all agents. For this purpose, enter the following in the agents' INI files:

   1. In InitialPackage= ([AUTHORIZATION] section), enter the path and name of the Authentication Key file.
   2. In KeyStore=, enter the path and name of the file in which the agent should store the Authentication Key information.

   Make sure that both files are stored in protected directories.

5. Set the Authentication Method (in this case, LOCAL) and the Authentication Key in the database. Again, you do this in batch mode using the AE.DB Load utility.
   
6. Start all server processes.

7. For security reasons, Automic recommends withdrawing the authentication from all agents.

   The LOCAL Authentication Method is based on the principle that the agents will be manually authenticated in the Administration Perspective to guarantee that the agent is not a program of a potential hacker.

   You can skip this step if you are sure you want to make the changeover without this security measure.

   To withdraw the agent authentication:

   1. In the Agents list in the Administration Perspective, select all agents.
   2. Right-click and select Withdraw Authentication.
8. Start all agents.
9. The agents read the Authentication Key file and store the information in their KeyStore files. Then, they delete the Authentication Key file automatically.

10. If you followed our recommendation and withdrew the authentication from the agents, you must authenticate them now:

    1. In the Agents list in the Administration Perspective, select all agents.
    2. Right-click and select Authenticate Agent.

    Remember, authenticated agents that are not authenticated cannot log on to the Automation Engine system.

To Change the Authentication Method from NO to LOCAL_REMOTE (Server and Agent)

With the LOCAL_REMOTE method the agents require a file in which the Authentication Package is stored. As this file differs for each agent, it must be generated individually and made available to the corresponding computers.

1. End all agents.
2. End all server processes.

3. Change the Authentication Method to LOCAL_REMOTE. You do so in batch mode using the AE.DB Load utility (see Start Parameters - Utilities).

   The Authentication Key is now written to the database. Please bare in mind that subsequently changing the Authentication Key is a very complex procedure!
   

4. Start all server processes.
5. Log on to system client 0000 ans switch to the Administration Perspective.
6. Open the list of Agents. Upon accessing the Agents list, the filter pane is open by default. This allows you to immediately perform a search using the Agent Name field, thus simplifying the work with the list.

7. For security reasons, Automic recommends withdrawing the authentication from all agents.

   The LOCAL_REMOTE Authentication Method is based on the principle that the agents will be manually authenticated in the Administration Perspective to guarantee that the agent is not a program of a potential hacker.

   You can skip this step if you are sure you want to make the changeover without this security measure.

   To withdraw the agent authentication:

   1. In the Agents list in the Administration Perspective, select all agents.
   2. Right-click and select Withdraw Authentication.

8. Export an Authentication Package for each individual agent:

   1. In the Agents list, select all agents.
   2. Right-click and select Download Authentication Package.

   You need W (Write) permissions for the Agent object to be able to export the Authentication Package.

9. Save the Authentication Package in a secure folder on the agent's computer.

10. In the INI file of each agent:

    • In InitialPackage= ([AUTHORIZATION] section) enter the path and name of the Authentication Package.
    • In KeyStore= enter the path and name of the agent's KeyStore file in which the agent will store the information retrieved from the Authentication Package.

    Make sure that both files are stored in protected directories.

11. Start all agents.
12. The agents read the Authentication Package files and store the information in their respective KeyStore files. Then they delete the Authentication Package file automatically.

To Change the Authentication Method from LOCAL to LOCAL_REMOTE (Server to Server and Agent)

As the agents have already been authenticated, you can easily switch from LOCAL to LOCAL_REMOTE and viceversa. You do it in the UC_AS_SETTINGS variable. (See UC_AS_SETTINGS - Advanced Security).

1. Log in to system client 0000.

2. Enter UC_AS_SETTINGS in the Global Search field:

   

3. A dropdown list with a link to the variable opens up. Click it.

   The UC_AS_SETTINGS variable is displayed:

   

4. Select the AUTHENTICATION key to activate it.
5. Click the file icon in the Value 1 column to open the Cell Editor, where you can enter LOCAL_REMOTE.
6. Save your changes.
7. End all server processes.

8. Start all server processes.

   Agents will automatically connect after the time (in seconds) specified in the RECONNECT_TIME parameter (See UC_HOSTCHAR_DEFAULT - Host Characteristics.

To Change the Authentication Method from LOCAL (Server) or LOCAL_REMOTE (Server and Agent) to NO

With Authentication Method "NO", the agents do not require the Authentication Key that is stored in the Automation Engine database. Therefore, the agents' keystore files must be deleted. You do it in the UC_AS_SETTINGS variable. (See UC_AS_SETTINGS - Advanced Security).

1. End all agents.
2. Log in to system client 0000.

3. Enter UC_AS_SETTINGS in the Global Search field:

   

4. A dropdown list with a link to the variable opens up. Click it.

   The UC_AS_SETTINGS variable is displayed:

   

5. Select the AUTHENTICATION key to activate it.
6. Click the file icon in the Value 1 column to open the Cell Editor, where you can enter NO.
7. Save your changes.
8. End all server processes.

9. Delete the Authentication Key from the database.

   For this purpose, process the following SQL statement in a transaction: delete from oha.

10. Start all server processes.

11. Delete the KeyStore file in each agent. Its path and name are stored in the KeyStore= parameter of their respective INI files.
12. Start all agents.

See also:

• Advanced Security: Encryption and Authentication
• Authenticating the Agents