Password Profiles

For monitoring purposes, the tests run by eG agents sometimes need to be configured with the access credentials (user name and password) of the target servers/devices. In the real world however, more often than not, access credentials are changed! IT administrators keep changing the password for accessing critical servers and services in the environment, so as to protect such servers/services from malicious attacks by online predators. Once a password is changed, all tests that take that password as a parameter will stop working, until such time the administrator manually reconfigures each test and changes the password. In environments where a large number of servers/devices are managed, this could take days! To save administrators the time and effort involved in manually changing the password of eG tests, eG Enterprise allows the creation of one/more Password Profiles.

A Password Profile is characterized by a domain name, user name, and password. When configuring an eG test that takes access credentials as parameters, administrators no longer need to manually configure the credentials; instead, they only need to select the Password Profile that contains the credentials to be passed to the test. This means that if a password changes/expires subsequently, it would suffice to change the corresponding Password Profile alone. All eG tests configured with that Password Profile will automatically assume the new password. This way, Password Profiles serve as the central point of control of passwords across the monitored infrastructure.

Creating a Password Profile

To create a new password profile, do the following:

  1. Login to the eG administrative interface.
  2. In the Admin tile menu, follow the Miscellaneous -> Password Profiles menu sequence.
  3. Figure 1 will then appear. If one/more password profiles pre-exist, then Figure 1 will list the same. To add a new profile, click the Add Password Profile button in Figure 1.

    Existing Password Profiles

    Figure 1 : List of Password Profiles that pre-exist

  4. This will invoke Figure 2.

    Creating New Password Profile

    Figure 2 : Creating a new password profile

  5. In Figure 2, provide a unique Profile name. Optionally, you can provide a Domain name. Then, specify the User name and Password. Confirm the password by retyping it in the Confirm Password text box.
  6. A single profile can include more than one set of credentials. Such profiles are ideal for tests that typically support multiple user accounts. To add one more set of credentials to a profile, click the Add More button in Figure 2.
  7. This will bring up another row of specifications, where you can provide another set of credentials (see Figure 3) for the same profile.

    Adding Credentials to Profile

    Figure 3 : Adding another set of credentials to a single profile

  8. To remove a set of credentials from the profile, simply click the encircled ‘-‘ button in see Figure 3. To remove all specifications, click the Clear button.
  9. To save the profile, click the Update button in Figure 3.
  10. The profile that is created newly will be listed in the PASSWORD PROFILES page, as shown by Figure 4.

    New Profile Appearing in Profiles List

    Figure 4 : The new profile appended to the list of profiles

Associating a Password Profile with an eG Test

A password profile can be associated with either the Specific or the Default test configurations. To associate a password profile with an eG test, do the following:

  1. Open the test configuration page (default/specific) of the eG test that takes access credentials as parameters.
  2. You will find that a Password Profile parameter has been newly added to the test. From the Password Profile drop-down, select the profile that contains the user name and password that you want to pass to the test. Upon selection of a profile, the username and password parameters of the test get automatically populated with the credentials defined with the profile.

    Assigning Password Profile to eG Test

    Figure 5 : Assigning a Password Profile to an eG test

  3. Finally, Update the configuration.
  4. Once this is done, then the next time the domain, user name, or password is changed in the profile, the change will be automatically reflected in the test configuration.

Modifying a Password Profile

To modify a password profile, do the following:

  1. In the eG admin interface, follow the Miscellaneous -> Password Profile menu sequence.
  2. Figure 6 will appear listing all the password profiles that pre-exist. To modify a profile, click on the Modify Icon icon corresponding to the profile to be modified.

    Existing Profiles

    Figure 6 : List of profiles that pre-exist

  3. Doing so will open Figure 7, where the details of the selected profile will be displayed.

    Modifying Password Profile

    Figure 7 : Modifying a password profile

  4. You can change all the specifications of a profile, except the Profile name. You can even add more sets of user credentials to a profile by clicking the Add More button, or remove any of the existing specifications by clicking the encircled ‘-‘.
  5. Click the Update button once you make all the changes you need.
  6. If a profile you change is already used by one/more tests, then the corresponding test configurations will be automatically updated with the changes you make. For instance, if you change the password of a user within a profile, then all tests that use that profile will automatically be updated with the password change.

Deleting a Password Profile

You can only delete those profiles that are not associated with any eG test. To delete a profile, do the following:

  1. In the eG admin interface, follow the Miscellaneous -> Password Profile menu sequence.
  2. Figure 8 will appear listing all the password profiles that pre-exist. To delete a profile, click on the icon corresponding to the profile to be deleted.

    Existing Profiles

    Figure 8 : List of profiles that pre-exist

    Note:

    The Delete Icon icon will be enabled for only those profiles that are yet to be mapped to a test. For all the other tests, this icon will be disabled.

  3. Doing so will open a message box that will prompt you to confirm the deletion of the chosen profile (see Figure 9).

    Confirmation for Password Profile Deletion

    Figure 9 : A message box prompting you to confirm profile deletion

  4. Click the Yes button in Figure 9 to delete the chosen profile. 

Adding a Password Profile Parameter to a New Component-Type or New Test

The component types that should support the Password Profile test parameter are configurable.

This implies that if you integrate a new component-type into the eG Enterprise system via the Integration Console plugin, then even if one/more tests mapped to that component type require access credentials for execution, the Password Profile parameter will not be available to that component type by default. You will have to explicitly enable Password Profile support for the new component-type.

Likewise, if you integrate a new test (requiring access credentials) into the eG Enterprise system and map that test to an existing component type, the Password Profile parameter will not be available to that test by default. . Here again, you will have to explicitly enable Password Profile support for that component-type.

To add a Password Profile parameter to new tests/component-types, do the following:

  1. Login to the eG manager host.
  2. Edit the eg_pwdprofile.ini file in the <EG_INSTALL_DIR>\manager\config directory (on Windows; on Unix, this will be the /opt/egurkha/manager/config directory).
  3. For the new test/component-type, append an entry of the following format to the [PARAMETER_SETS] section of the file:

    <Internal_name_of_ComponentType>=<Comma-separated list of test parameters representing access credentials>

    The <Comma-separated list of test parameters representing access credentials> is required to indicate which parameters of the test will be impacted by the Password Profile selection.

    For example, if you want to add the Password Profile parameter to the tests of the Maria Database server component-type, then do the following:

    Maria_server=user,password

    Here, user and password are the parameters that will be impacted by the Password Profile selection. The Password Profile parameter will be inserted above these two parameters in the test configuration page.

    Sometimes, a single test can take multiple sets of access credentials. For eg., any ‘inside-view’ test mapped to a VMware vSphere server requires credentials for accessing the hypervisor and separate credentials for accessing each VM. To make sure that you can set a Password Profile for accessing the hypervisor and another Password Profile for accessing the VMs, you need to append an entry of the following format in the [PARAMETER_SETS] section:

    <Internal_name_of_ComponentType>=<Comma-separated list of test parameters that allow access to hypervisor>~|~<Comma-separated list of test parameters that allow access to VMs>

    In the case of the vSphere example, this entry will be as follows:

    VmEsx_i_server=Esx_user,Esx_password~|~domain,admin_user,admin_password

    Here, Esx_user and Esx_password are the test parameters to which the credentials for accessing the hypervisor has to be input. domain, admin_user, and admin_password are the test parameters to which the credentials for accessing the VMs need to be input. ~|~ is the separator between the two sets of access credentials.

    If there are more sets of credentials, make sure that they are separated using ~|~.

  4. Finally, save the file.
  5. Once the changes are saved, the test configuration page of each test that supports the comma-separated list of parameters will now additionally support a Password Profile parameter (see Figure 10). This new parameter will be displayed above the parameters used for getting access credentials.

    Test with Password Profile Setting for Two Sets of Credentials

    Figure 10 : A sample test configuration page where Password Profile can be set for two sets of access credentials

Limitations of the Password Profile Feature

The following are the limitations of the Password Profile feature:

  • You cannot set a Password Profile at the component-level – i.e., you cannot assign a Password Profile when managing a component.
  • The Password Profile parameter is not supported in a pop-up window.
  • Password profiles are not supported for parameters such as SNMP Community, AccessKey, and SecurityKey.