RHQ, the common services project for infrastructure management

  Dashboard > RHQ-Project > Home > Configuring RHQ
  RHQ-Project Log In | Sign Up   View a printable version of the current page.  
  Configuring RHQ
 Browse Space
Added by John Mazzitelli , last edited by John Mazzitelli on Mar 12, 2008  (view change)
Labels: 
(None)

Configuring RHQ

This page will describe how to configure RHQ to run in your environment.

Index

RHQ Agent

See Configuring the Agent for instructions on how to configure your RHQ Agents.

RHQ Server

See Configuring the Server for instructions on how to configure your RHQ Server.

Agent-Server Communications

RHQ Agents talk to the RHQ Server over a common communications framework. See Communications Configuration to set up this communications channel between agents and server.

Communications Security

Out-of-box, RHQ does not secure the communications between the RHQ Server and RHQ Agent. Here are some issues that are of concern when running RHQ without secure communications - please make sure you understand these issues before deciding to run RHQ with an unsecured communications channel between server and agent:

  • It is possible for an unauthorized person to install a rogue RHQ Agent and have that agent register with the RHQ Server. A rogue agent is one in which the RHQ administrator did not install or give permission to register into the RHQ system.
  • It is possible for an intruder to silently sniff the communications between the RHQ Agent and RHQ Server, possibly obtaining very sensitive data about the machines they are running on.
  • It is possible for an intruder to capture and manipulate the communications traffic between the RHQ Agent and RHQ Server as part of a man-in-the-middle attack, possibly being able to do very damaging things to the machines they are running on.

Running RHQ without securing the communications should only be done under the following circumstances, and only when you understand the full implications of doing so (as explained above):

  • If you are installing the RHQ Server and all RHQ Agents on a fully secured network, with firewalls and/or a VPN limiting access to your entire network to only authorized and trusted personnel.
  • If you are running a demo of RHQ. When demo'ing RHQ, you typically want to get the system installed and running as quickly and easily as possible; you don't normally want to concern yourself with securing the communications which involves manual, time-consuming steps.

Setting Up Secure Communications

If you do not wish to be vulnerable to the issues described above, you must secure the server-agent communications. To learn the details on how to secure the communications channel between your RHQ Servers and RHQ Agents, see the Securing Communications page.
Powered by a free Atlassian Confluence Open Source Project License granted to Hyperic HQ. Evaluate Confluence today.
Powered by Atlassian Confluence 2.7.1, the Enterprise Wiki. Bug/feature request - Atlassian news - Contact administrators