SAND CDBMS Administration Guide
The SAND Enterprise Service

 

Previous Topic:
The SAND Enterprise Service (SES)
Chapter Index
Next Topic:
Administering the SAND Enterprise Service

 

The SAND Enterprise Service (SES)


The SAND Enterprise Agent (SEA)

The SAND Enterprise Service spawns a SAND Enterprise Agent (SEA) to perform work on its behalf. Specifically, an SEA is responsible for:

The SAND Enterprise Service may spawn multiple Agents at any given time, depending on the client requirements.


The Security Context of SEA

Because SEA is responsible for some system sensitive operations, the SAND Enterprise Service runs SEA within the security context of a specific user known to the operating system. The user that SEA"impersonates" depends on the operation being performed.

The SAND Enterprise Service maintains two accounts, which are used when launching an Agent (SEA): the administrator account is used to provide secure access to the system, while the system account is stored by the system to perform operations that are not assigned to a specific user.

The administrator (SEM) login account is used when connecting to and administering the client Windows-based SAND Enterprise Manager. It must be a valid account in the Windows network domain where SEM is installed, and it must correspond to the user name specified during the SAND CDBMS installation process on the UNIX host. This user�s password must be supplied each time the user logs in to the SEM system. When the user logs in, an Agent process is created on the user's behalf. This process is used when browsing the directory structure of the remote machine.

The system (SAND Enterprise Service) built-in account is used by the SAND Enterprise Service to perform database operations. Because the account exists even when a user is not logged into the system, both the user name and password are stored by the SAND Enterprise Service. When the administrator logs in to SEM for the first time, the built-in account is automatically set to the credentials of the SEM login account. The built-in account can be changed at any time. Note, however, that the server machine must be restarted after the changes have been made. This account is used by the SAND Enterprise Service to create a single Agent process for performing database operations.