Jan 30, 2020
02:11 PM
2 Kudos
Annette, Because there were no responses on the question, a support case was created automatically. It was acknowledged that the documentation is lacking in this area and I haven't needed to check if it was updated. As further deliberations occurred, the PCA integration was removed from scope so we got out of it but the artifacts requested remained unavailable. The following pieces of useful information was provided, however. The most detail I've found in previous cases is that READ permissions are required for all objects on the Oracle VM API.
My thinking would be this could be potentially restricted further, but I'd need the insight of the Engineering team there. API Function Name Usage login Provides authentication information to connect to the Web Service API logout Logs out of the Web Service connection at the end of each Session managerGetInfo or managerGet depending on OVM version Returns Manager object, which represents the Oracle VM Manager itself. This may be used to retrieve the VM Manager instance's current state, active time, UUID and version. clusterGetAll Returns a list of all Clusters available in the VM Manager; this can be used to retrieve individual Cluster timeout, File system IDs, heartbeat devices, associated servers, and the associated server pool. serverPoolGetAll Provides a list of all Server Pools; A grouping of associated Servers and VMs that may run on this server (also includes Affinity Groups). This can be used to gather data on Affinity Groups, the default keymap used for VMs in this Server Pool, settings such as whether Secure VM Migration is in use, associated VMs (assigned and unassigned) and the Server Pool's associated Zone if applicable serverGetAll Returns a list of all Servers, outlining Access Groups, the agent login account, BIOS information, Cluster information for that Server, hardware and CPU information, network information e.g. hostname and IP address, the current status of the server, version information for Oracle VM, network IDs, hosted VM and serial number information vmGetAll Returns all associated VMs. Can bee used to outline VM 'hardware', software and current VM status information, including Operating System information, allocated memory, communication information for said VM, and that VM's state serverPoolPolicyGetAll Returns all Server Pools' policy information; the ServerPoolPolicy controls DPM/DRS behaviour for VMs, based on processor usage - this can be used to confirm whether these settings are enabled, how often this is examined, which Servers are incorporated into this policy, policy modes and how the DPM/DRS is configured ethernetPortGetAll Lists all associated Ethernet ports; outlines IP Addresses, MAC information, the state and type of these ports, the associated Server of said ports, and interface information.
... View more
Aug 06, 2019
08:47 PM
1 Kudo
Hi Murray - Thank you. Yes I do recall that 9.2 worked with SCCM 2003 and I was hoping that something from the time might still be lying around, perhaps in the dusty attic. The database schema changed drastically from 2003 to 2007 hence the concern. The question originated from a customer saying - See what you can do integrate with my 2003 instance while we get up and running with the new one. Perhaps I can just say we will try it out as you suggest. I still have a couple days before I have to turn in my answer so more responses are certainly welcome. Many thanks. Regards, Pushkar
... View more
Aug 06, 2019
01:31 PM
Hello, I understand that the minimum version of SCCM supported is 2007. Is it possible to integrate with 2003 at all or will it need to be a custom inventory adapter? Regards, Pushkar
... View more
Jul 30, 2019
11:13 AM
Will it be more appropriate to create a support case?
... View more
Jul 25, 2019
09:43 PM
1 Kudo
Hello, When integrating with Oracle PCA, my understanding that there are two kinds of integrations needed. Integration with the Oracle VM Manager web services in order to enable full capacity calculations. Install inventory agent locally on VM hosts in order to enable subcapacity calculations. When integrating with Oracle VM Manager, may I have the following please - Full requirements to provide to the administrators. Documentation of what API calls are made. This need not be an elaborate discussion, a declaration of the webservice area being hit and the actual API being consumed alongwith a two-liner of description of what information is returned and how it is used. If this information can be supplied in a tabular format, even better. We will need these artifacts to structure our solution and pass any security reviews. Regards, Pushkar
... View more
Labels
Jul 16, 2019
02:23 PM
1 Kudo
Thank you, that makes a lot more sense. Going back to the documentation, I am now reading the information as it might have been intended after reading your notes. I suppose the confusion arises from the article - How to setup https SSL TLS to secure and encrypt internal FNMS. You need to copy/combine the content of all your SSL Certificates in a Base-64 encoded X.509 format (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- header and footer lines for each certificate) from all your https Beacons to the file. If you're using a Certificate issued by a Certificate Authority, you only need to include their certificate chain (which has a longer expire date than the actual certificate) starting from the Root Certificate on top then the Intermediate Certificate of the Certificate Authority after. An enhancement allowing usage of OS store would certainly be valuable, I will put one in.
... View more
Jul 12, 2019
04:03 PM
1 Kudo
The title is self explanatory. For non-windows agent deployment, we are required to export the certificate chain for SSL communication to work. Why can I not install the root certificates and have the agent communicate with the beacon without having to specify or install a certificate file? Why should you need to use your own trust store instead of using the OS trust store? The trigger for this question is that each time an identity certificate is renewed, this approach will require redistribution of the certificates which is a major administrative overhead. Please provide a full justification. If there is a way to make the agent use the OS trust store, please describe so that future implementations may remain immune to this problem.
... View more
Jun 29, 2019
02:54 PM
If you would be so kind to entertain some more questions on this subject. If the service exists solely as a wrapper, why is it called 'Flexera Inventory Manager security service' and what is meant by the term 'security agent'? What measures have been taken to ensure a rogue plugin will not be loaded by the service? Is there a penetration test report available for this service? Can you please provide a listing of the types of operations that can be expected and to what effect have they been included? Regards, Pushkar
... View more
Latest posts by pushkar_s
Subject | Views | Posted |
---|---|---|
971 | Jan 30, 2020 02:11 PM | |
635 | Aug 06, 2019 08:47 PM | |
657 | Aug 06, 2019 01:31 PM | |
1216 | Jul 30, 2019 11:13 AM | |
1243 | Jul 25, 2019 09:43 PM | |
1135 | Jul 16, 2019 02:23 PM | |
1184 | Jul 12, 2019 04:03 PM | |
2502 | Jun 29, 2019 02:54 PM |
Activity Feed
- Got a Kudo for Oracle VM Manager Service API Calls. Nov 17, 2020 07:17 AM
- Got a Kudo for Re: Oracle VM Manager Service API Calls. Feb 19, 2020 12:53 AM
- Got a Kudo for Re: Oracle VM Manager Service API Calls. Feb 03, 2020 06:06 AM
- Posted Re: Oracle VM Manager Service API Calls on FlexNet Manager Forum. Jan 30, 2020 02:11 PM
- Kudoed Transport Layer Security (TLS) 1.1 & 1.2 Configuration for dswann. Sep 12, 2019 04:16 PM
- Got a Kudo for Re: SCCM Versions. Aug 07, 2019 02:44 AM
- Posted Re: SCCM Versions on FlexNet Manager Forum. Aug 06, 2019 08:47 PM
- Posted SCCM Versions on FlexNet Manager Forum. Aug 06, 2019 01:31 PM
- Posted Re: Oracle VM Manager Service API Calls on FlexNet Manager Forum. Jul 30, 2019 11:13 AM
- Posted Oracle VM Manager Service API Calls on FlexNet Manager Forum. Jul 25, 2019 09:43 PM
- Got a Kudo for Re: Why is it necessary to supply certificate chain for non-windows agents?. Jul 17, 2019 07:13 AM
- Posted Re: Why is it necessary to supply certificate chain for non-windows agents? on FlexNet Manager Forum. Jul 16, 2019 02:23 PM
- Kudoed Re: Why is it necessary to supply certificate chain for non-windows agents? for tferguson. Jul 16, 2019 02:11 PM
- Got a Kudo for Why is it necessary to supply certificate chain for non-windows agents?. Jul 13, 2019 06:23 AM
- Posted Why is it necessary to supply certificate chain for non-windows agents? on FlexNet Manager Forum. Jul 12, 2019 04:03 PM
- Posted Re: What is the function of mgssecsvc on FlexNet Manager Forum. Jun 29, 2019 02:54 PM