Remote Action Security Policies

A node can run a remote automatic action on another node by sending a message to a management server. The message specifies the automatic action and a target node.

By default, any node can send a message with a remote automatic action, and the management server runs that action on the remote node. However, you can configure a management server to allow or deny remote automatic action requests. You do this using a remote action security policy. The policy can contain exceptions, so that the management server allows or denies remote automatic action requests for specific nodes.

For example, you might want to restrict remote automatic actions in the following situations:

• If local administrators of managed nodes cannot be trusted, you may want to deny remote automatic actions from these nodes.
• If you are managing multiple customers, organizations, or departments, you may want to allow automatic actions only between nodes in the same domain.

After you create a remote action security policy, you must deploy it to the management server that you want to configure.

In previous versions of HPOM, you could configure remote action security using registry keys. After you upgrade the management server, these registry keys still take effect. You can reconfigure them using the Server Configuration dialog. However, if you deploy a remote action security policy to the management server, this will override the existing registry keys.

Related Topics:

• Create a remote action security policy
• Set exceptions for a remote action security policy
• Reconfigure registry keys for remote action security
• Configuring user roles
• Configure automatic actions for duplicate messages