Summary: This section describes how to secure GigaSpaces management tools
 Overview GigaSpaces has two management tools: the GigaSpaces Management Center (GMC) and the CLI. This section describes the ability to secure them and restrict access to them. GigaSpaces Management Center (GMC) The GigaSpaces Management Center (GMC) has several indications for secured Grid Service Manager (GSM) and Grid Service Container (GSC) services. These indications exist in several places in the GMC:
In the Services Tree
Within each GSC component
In the Deployment Wizard
Authentication Process There are two options to authenticate to the secured service:
- Passing two system properties with username and password to the GMC
- Using the Login dialog
Passing two system properties with a username and password to the GMC -Dcom.gs.security.userid -Dcom.gs.security.password Using the Login dialog
This dialog can be opened from several places:
File>Login
GSC Tree Table component
Popup menu that opened for the GSM or GSC
 |
When a service is secure, but not authenticated, it is not possible to perform deployment. Authentication must take place first. The Login dialog can be opened and used more than one time for entering user login details. All the details are saved for the current UI session. Each set of user/password login details, is authenticated against all the services. The UI will display the highest credentials acquired from within this set. |
Outcome of the Authentication Process The authentication process can have three possible outcomes:
- The authentication did not succeed
- The user has read-only credentials (indicated by READ)
- The user has full administrative credentials (indicated by ADMIN)
 |
If the authentication did not succeed, or the user has read-only credentials, then the user can only view services, and all destructive operations are prohibited. If the user acquired full administrative credentials, then the user can perform any operation, as in a regular (i.e. unsecured) service e.g. deployment, undeployment, relocation etc. |
The indications in each of these cases are: Authentication did not succeed
User has read-only credentials
User has full administrative credentials
Managing Users for Secured Services There is also an option to manage users for secured services. This can be done by using the Manage Users dialog from the popup menu. In this dialog, users can be added, edited or removed.
CLI The following operations in the CLI are prohibited for secured services that were not authenticated, since they are destructive operations:
- deploy
- pudeploy
- undeploy
- jconsole
- destroy
- all space operations
These operations are permitted only for users with Admin credentials, and there is only one place for secured services authentication: login CLI command. All required login details must be entered by using that operation before using the required CLI operation for a secured service. |