Security Considerations

By default, the Central Administration server does not impose security restrictions. That is, it is not automatically configured to use SSL connections or to require login credentials from users. However, you can configure the server to require user credentials, to use SSL when connecting with EMS servers, and to use HTTPS when accepting web browser connections.

Note: The Central Administration server uses the same username and password to log in to the EMS server as was used to log in to the Central Administration web interface. When JAAS authentication is not configured, the Central Administration server uses the default credentials of user admin with no password.

Central Administration Server Connection to the EMS Server

The Central Administration server connects to the EMS server when:

  • The EMS server is added to Central Administration.
  • A user refreshes the EMS server configuration stored in Central Administration.
  • A user deploys a configuration change.

Credentials

The margin headings are now section headings/ titles in the body of the page.

Each time it connects to the EMS server, the Central Administration server presents the credentials passed to it by the user when he or she logged on to the web interface.

  • If JAAS authentication is not configured, the Central Administration server uses the admin user, with no password, to authenticate with all the EMS servers.
  • If JAAS authentication is configured, the Central Administration server presents the user ID and password presented when the current user logged on. If the user is attempting to deploy configuration changes but does not have the necessary administrative privileges for the EMS server, the deployment fails.

SSL

When SSL is configured on the EMS server, the Central Administration server can optionally use SSL to communicate with the EMS server. In addition, the Central Administration server can use an identity certificate to authenticate itself to the EMS server.

Note: When Central Administration uses SSL connections to communicate with an EMS server, neither the host nor hostname are validated by Central Administration.