Default Security
Default security consists of the built-in role-based accounts that are used to log into the TMC. This level of security controls access to the TMC only, and is appropriate for environments where all components, including the TMC, managed agents, and any custom Rich Internet Applications (RIAs), are on protected networks. An internal network behind a firewall, where all access is trusted, is one example of such an environment. Note that connections between the TMC and managed agents remain unsecured.
Optionally, integration with an LDAP or Microsoft Active Directory is also available. For more information, see
Initial Setup.
When TMS/TMC authentication is configured (whether with the .ini file, or LDAP or Active Directory), if a non-Administrator user logs into the TMS/TMC, that user is unable to see the Administration panel in the TMC or perform administrative tasks, such as shutting down a server. However, if a cluster is not secured, a non-Administrator user can use the TMS Rest API to perform administrative tasks on the cluster.
In other words, if you secure the TMS/TMC but do not secure your TSA cluster, any user can perform administrative tasks on the cluster through the Rest API. To prevent this, you must secure both the TMS/TMC and your cluster.
If you are unsure whether your cluster is secured, go to the Connections tab in the Settings window, and look for the locked padlock icon next to your connection.
For more information about TSA security, see the BigMemory Max Security Guide.