Security tab
There are several options available to you to tighten access to Observer . Many of the options are used in conjunction with OMS, but some can be used by Observer by itself.
To view and change the security settings for an Observer, in Observer choose Options > Observer General Options > Security tab. Use the information in Table 6 to configure the analyzer’s security and OMS options.
Table 6. Security options
Require Observer Login
When enabled, this option forces a user to provide a user name and password to open Observer . The user name can be stored locally if you are not using OMS, or maintained by OMS if the “Authenticate Observer login with OMS” option is enabled. This option is not visible unless you have a special license enabling it.
Caution: Do not lose this password! There is no way to recover a lost administrative password.
Observer Login Credentials—Type a user name and password. This information is encrypted and stored locally. Only one user account is allowed per system. If you want numerous people to have access to Observer with different user accounts, you must use OMS.
Administrative Credentials—A local administrative user account that allows you to create a non-administrator account and to set security options for OMS.
Use Observer Encryption Key file for secure connections
Strong encryption is available for Observer Expert and Suite users. Observer Encryption Key (.OEK) files let you use private encryption keys to ensure that unauthorized persons do not have access to the data flowing between Observer and probes.
To use Observer Encryption Key files, you must copy the encryption key file into the installation directory (usually C:\Program Files\Observer) of each probe or analyzer that you want to authorize. To generate a key file, click the “Launch Encryption Key Generator” button. Its online help explains its use and how to set up the keys it generates.
Each analyzer and each probe must have the .oek file. Observer encryption keys are required if you want to use OMS.
Authenticate users (for redirected Probe instances)
Forces users to authenticate with OMS before using remote probes. User accounts belong to user groups in OMS and through the user group's access to probe instances can be granted or restricted. Only probe instances to which the user has access will be visible in the analyzer. This option does not control whether users can open Observer. That is done through the “Authenticate Observer login with OMS” option.
Manage Observer /Probe license with OMS
An Observer or probe license can be stored and managed locally at each analyzer or probe, or it can be managed centrally by OMS. If unchecked, it is managed locally and you must provide a license for each analyzer/probe. If selected, then you can provide a pool of licenses in OMS and the analyzer or probe will take an available license when the analyzer or probe starts.
Get list of Probe Instances available for redirection from OMS
When selected all probe instances to which you the user has access to through group permissions set in OMS are available when connecting to a probe. When unchecked only the local probe instances are available and no probe instances are listed when connecting to a remote probe.
Share filters with OMS
When selected you may create filters and share them with others. You may also get any filters created by others. Whenever a filter is updated, other users can be informed and update their local version. The list is maintained by OMS.
Synchronize user protocol definitions through OMS
When selected you synchronize protocol definitions, including any derived applications definitions, automatically through OMS. If any protocol definitions are updated in another analyzer, you automatically receive those. If a protocol definition is updated in one analyzer, it is published to OMS and OMS pushes that new definition to all analyzers that choose to synchronize their protocol definitions.
Extra caution should be used with this setting because definitions are automatically propagated to all analyzers (assuming the setting is selected in Observer). If two users are updating the same protocol definition, the last user to save and close the window is whose definition is used. Only one user (or a small select group of users) should be responsible for maintaining the list of protocol definitions. This ensures that no inadvertent changes are made.
Primary/Secondary server
Provide the IP address of the primary OMS server. If you are also using a failover OMS server, type its IP address in the Secondary server box.
Allowed to modify shared filters
When selected, you can get a shared filter from someone else, modify it locally, then upload your modified version to OMS thereby making your new version available to everyone else. When disabled, you can only get filters from OMS and upload your own. You cannot modify any filters you get from OMS. This option requires that you have the ability to share filters with OMS.
Authenticate Observer login with OMS
This option works in conjunction with the “Require Observer Login” option. This forces Observer to use OMS to authenticate users rather than Observer’s local user list. A user list is maintained in OMS.
Require a password to change partial packet capture size
Select this option if you want to require someone to provide a password before they may change the partial packet capture size. This is a central password and all users must use the same password.
Launch Encryption Key Generator
Click this button to open the VIAVI encryption key generator. If you want the GigaStor payload to be encrypted using 256-bit AES encryption before it is stored, select the “Encrypt GigaStor network traffic…” option.
An encryption key is needed on the GigaStor (or a location accessible by the GigaStor) to encrypt and decrypt the data. The AES key is not needed on workstations, probes, or other collection points. A special license is required for this feature. ContactVIAVI for this license.