Audit Collection Services (ACS) on System Center Operations Manager 2012 SP1 with Dynamic Access Control
Setting up Audit Collection Services in SCOM 2012 SP1 is not much different from the 2012 RTM setup but still lots of problems arise when configuring ACS and implementing ACS reports so I thought why not show how to get ACS running on your SCOM 2012 SP1 environment. First you needs to know that there are three roles you must be aware off, ACS Database, ACS forwarder and the ACS collector and I will go in detail on the three components in just a bit.
New to ACS in the SP1 release will be Dynamic Access Control as enabled by Windows Server 2012. Windows Server 2012 enables business data owners to easily classify and label data allowing access policies to be defined for data classes that are critical to business. Compliance management in Windows Server 2012 becomes more efficient and flexible because access and audit policies can be based not only on user and group information but a richer set of user, resource and environmental claims, and properties from Active Directory and other sources. User claims such as roles, projects, organization, resource properties such as secrecy, and device claims such as health can be used in defining access and audit policies.
Windows Server 2012 enhances the existing Windows ACL model to support Dynamic Access Control where customers can define an expression based authorization access policy that includes conditions using user and machine claims, as well as resource (for example, file) properties. The following illustration is descriptive, and not an actual representation of an expression:
- Allow Read and Write access if User.Clearance >= Resource.Secrecy and Device. Healthy
- Allow Read and Write access if User.Project any_of Resource.Project
System Center 2012 SP1 contributes to the fulfilling these scenarios by providing enterprise-wide visibility into the use of the Dynamic Access Control, leveraging Operations Manager’s Audit Collection Services to collect events from the relevant machines (file servers, domain controllers) and providing reporting to enable auditors and compliance officers to report on the use of Dynamic Access Control – for example, audit changes in policies, object access (success and failure), and “what-if” assessment of what would happen if a certain policy were applied.
The three roles you want to install for ACS are:
- ACS database, where all security event data is collected for a period of time. Make sure you have a good understanding of how much data you want to collect and what the retention time over you data will be. The ACS database can quickly grow to an enormous unhand able size.
- ACS collector, The ACS collector receives and processes events from ACS forwarders and then sends this data to the ACS database.
- ACS forwarder, is the node where you are collecting you events from an operations manager agent must be installed on the machine.
For the complete install have a look at the installation and configuration video below:
Note: No configuration to ACS handling Dynamic Access Control information is required by the customer. The only interaction with this feature is through a set of reports. No additional monitoring is required.
Read Full Post | Make a Comment ( None so far )