Web Console Security in Operations Manager 2007
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
The Web console server provides a browser-based alternative to the Monitoring pane of the Operations Manager 2007 Operations console. The Web console server is commonly used when you want to access Operations Manager 2007 management group monitoring data in the following ways:
From the Internet
Without installing the Operations console
From a location with low-bandwidth connectivity
When notifications are configured to contain hyperlinks to the relevant alerts in the Web console
Installing the Web console results in the installation of a new Web site, and a new application pool into Internet Information Services (IIS). The new Web site is named Operations Manager 2007 Web console, and the new application pool is named OPWebConsoleApp. The default port for accessing the Web console from a browser using Windows-based authentication is 51908.
During the installation of the Web console, you are prompted to select either Windows Authentication or Forms Authentication. With Windows Authentication, Microsoft strongly recommends using SSL. With Forms Authentication, SSL is required.
Windows Authentication can be used if all of your users access Operations Manager from within the intranet.
The Web console server must be installed on the root management server if you select Windows Authentication.
If your users will be accessing the Web console from the Internet, select Forms Authentication.
The best practice for accessing the Web console from the Internet is to use forms-based authentication with SSL with the Web console.
With either forms-based or Windows-based authentication, the credentials you provide must be a member of a user role in Operations Manager 2007.
Exposing the Web Console to the Internet
The best practice for implementing Internet access to the Web console is to place the Web console server in an Internet-facing perimeter network. Configure the Web console to use forms-based authentication, and install an SSL/TLS certificate on IIS. You will need to open port 5724 between the Web console server and Operations Manager 2007. The channel between the Web console server and the root management server is encrypted.