ERPM integrates with third-party applications through its Event Sink feature, and through an SDK that is provided at no additional charge.
Event Sinks
The ERPM Event Sink feature is used to communicate with third-party applications.
Communication through log file values, Registry values, Named Pipes, Com Calls, Email and Event Logging is supported.
Event Sinks allow you to view ERPM events in other application consoles; enable ERPM to trigger other products' help desk, trouble ticketing, and other workflows;
and let you to receive email and other alerts when configured ERPM events occur.
To access the Event Sink Configuration window:
In the ERPM Settings menu, in the Extension Components group, click Configure Event Sinks. This action opens the Event Sink Definitions window.
Click the New button to open the Event Sink Configuration window.
Click Filter events to only the ranges listed below to open the Select Event Sink Event Range window and then click OK. This action makes event IDs and Event Actions visible in the Recognized Events panel.
Microsoft SCOM Integration
The Microsoft System Center Service Manager Integration allows users to monitor the status of the ERPM application from within the SCOM interface, and to recover passwords from systems that are visible in the SCOM Computers pane. The integration is available as a Management Pack at no additional charge.
If you have configured the SCOM integration you can view ERPM application health and recover system passwords from the SCOM interface:
In the left-hand Monitoring pane of the SCOM interface you can expand the Lieberman Software – Enterprise Random Password Manager node to view the status of the ERPM application.
In the left-hand Monitoring pane you can click the Computers node, select a system in the center Computers pane, and click Enterprise Random Password Manager – Recover Privileged Password to recover a password.
Microsoft SCSM Integration
The Microsoft System Center Service Manager Integration allows users to access the privileged accounts managed by ERPM through the Microsoft System Center Service Manager interface. When enabled, ERPM verifies trouble ticket information so that only users who provide valid ticket data can retrieve passwords allowing them to access sensitive systems. ERPM does so by:
Verifying that the ticket exists
Confirming that the ticket number is for the requested system
Validating that the ticket is currently open
Authenticating that the user who opened the ticket has permission to log into the ERPM/RPM console
Once these criteria have been established, the trouble ticket is logged into ERPM and the privileged account password released to the requestor. The products work together to record privileged account access as part of the BMC Remedy trouble ticket life cycle.
The Microsoft SCSM Integration allows users to access privileged accounts through the SCSM interface. This feature can be configured to grant privileged access only to the extent needed to resolve each IT service issue, and only if authorized through SCSM. The products work together to record privileged account access as part of the SCSM trouble ticket life cycle.
To access the System Center Service Manager Configuration Settings window:
In the ERPM Settings menu, in the Extension Components group, click System Center Service Manager.
Note: the settings are configured for an account on an SCSM host machine. You can access the ERPM integration features by following the steps outlined below.
Click Cancel to close the window.
Accessing the ERPM Integration in SCSM
The Microsoft System Center Configuration Manager Integration allows users to request, recover, check in, and change passwords on any system selected in SCSM, and to add new ERPM accounts. To access ERPM integration features in the SCCM console:
In the left-hand pane expand the Site Database node and select the All Systems node. This action makes a system list visible in the center panel.
Click a system in the center pane, and in the context menu that appears when you right-click, in the Password Management group, click Recover Privileged Password.
Enter your login credentials when prompted. This action opens the ERPM window.
In the ERPM window you can request, recover, check in, and change passwords on any system you select in SCSM; you can also add new ERPM accounts.
Note: you can perform any of these operations, and verify them by accessing the selected computer.
ArcSight Integration
The ArcSight Integration makes ERPM operations – including console, password, Web Application, file store, and scheduler service events – visible from within the ArcSight ESM application.
If you have configured this integration you can view ERPM events in the ArcSight monitor web application window.
In the ArcSight Logger web application you can view ERPM event and configuration information.
BMC Remedy Integration
The BMC Remedy Integration allows users to access the privileged accounts managed by ERPM through the BMC Remedy interface. When enabled, ERPM verifies trouble ticket information so that only users who provide valid ticket data can retrieve passwords allowing them to access sensitive systems. ERPM does so by:
Verifying that the ticket exists
Confirming that the ticket number is for the requested system
Validating that the ticket is currently open
Authenticating that the user who opened the ticket has permission to log into the ERPM/RPM console
Once these criteria have been established, the trouble ticket is logged into ERPM and the privileged account password released to the requestor.
The products work together to record privileged account access as part of the BMC Remedy trouble ticket life cycle.
The BMC Remedy Integration allows users to access privileged accounts through the BMC Remedy interface. This feature can be configured to grant privileged access only to the extent needed to resolve each IT service issue, and only if authorized through BMC Remedy. The products work together to record privileged account access as part of the BMC Remedy trouble ticket life cycle.
To access the BMC Remedy Configuration Settings window:
In the ERPM Settings menu, in the Extension Components group, click BMC Remedy.
Note: in the BMC Remedy Configure Settings window you can configure ERPM to access the BMC remote API for integration with the trouble ticketing system. Refer to the "BMC Remedy" section of the Enterprise Random Password Manager Admin Guide for further information.
SDK Integration
A Client Agent SDK is provided that allows other programs to access the password store on the ERPM web application and, if configured, on local systems. If ERPM has been configured to push encrypted passwords to the local system Registry, programs can use the SDK to access passwords even when the local system is offline or the ERPM web application is unreachable.
The Client Agent SDK can programmatically input new passwords for accounts, add new accounts and corresponding passwords, enroll new systems and accounts, retrieve existing stored password for an account, or get the locally cached copy of a local account's current password, if enabled.
Common uses for the Client Agent SDK include:
Automating enrollment of new systems as part of a build process.
Recovering the local Administrator password for an offline local system
Replacing hard-coded passwords in ASP pages and web applications
Setup instructions and example code for each use case is provided in the Integrate Using the SDK section of the Enterprise Random Password Manager Admin Guide.