Secure communication and system user

During installation of the LoadRunner Enterprise servers and hosts, a Communication Security passphrase is defined which enables secure communication between the LoadRunner Enterprise components. LoadRunner Enterprise also creates a default system user for use by the LoadRunner Enterprise server, hosts and the Load Generator standalone machines.

Update the Communication Security passphrase

This task describes how to update the Communication Security passphrase on the LoadRunner Enterprise system components. The Communication Security passphrase must be identical on all of the components of the system.

Update the Communication Security passphrase on the LoadRunner Enterprise components

The System Identity Utility is installed on the LoadRunner Enterprise server. You use this utility to update the Communication Security passphrase on the LoadRunner Enterprise server and hosts from one centralized location.

  1. From the LoadRunner Enterprise server installation's bin directory, open the System Identity Utility (<LoadRunner Enterprise server installation directory>\bin\IdentityChangerUtil.exe).

  2. Note: You can run this utility from any one of the LoadRunner Enterprise servers in the system.

  3. The System Identity Utility opens. For user interface details, see System Identity Utility Window.

  4. In the Communication Security Passphrase section, select Change, and enter the new Communication Security passphrase.

  5. Click Apply.

Back to top

Change the LoadRunner Enterprise system user

During installation of the server and hosts, a default LoadRunner Enterprise system user, IUSR_METRO (default password P3rfoRm@1nceCen1er), is created in the Administrators user group of the server/host machines.

The LoadRunner Enterprise server is installed with the System Identity Utility that enables you to manage the LoadRunner Enterprise system user on the LoadRunner Enterprise server and hosts from one centralized location. Use this utility to update the LoadRunner Enterprise system user name and password.

Note: To prevent security breaches, you can replace LoadRunner Enterprise's default system user by creating a different local system user, or by using a domain user.

When you change the system user, or a user's password, the System Identity Utility updates the LoadRunner Enterprise server and hosts.

To change the system user:

  1. Prerequisites

    • When changing the system user, LoadRunner Enterprise must be down. That is, all users must be logged off the system and no tests may be running.

    • When changing the user password:

      • Ensure that each host is listed in the Machines table under one alias only.

      • In the case of a domain user, when the domain IT team notifies you that the password is to be changed, you need to temporarily change the LoadRunner Enterprise system user on the LoadRunner Enterprise server and hosts to a different user. After the domain IT team has changed the password of the domain user and has notified you of this change, you need to change the LoadRunner Enterprise system user back to the domain user on the LoadRunner Enterprise server and hosts.

    Note:  

    • This utility does not apply changes to UNIX machines, Standalone load generators, or machines that are located over the firewall.
    • This utility does not apply changes to UNIX machines, Standalone load generators, or machines that are located over the firewall.

  2. Launch the System Identity Utility on the LoadRunner Enterprise server

    In the LoadRunner Enterprise server installation's bin directory, open the System Identity Utility (<LoadRunner Enterprise server installation directory>\bin\IdentityChangerUtil.exe).

    The System Identity Utility opens. For user interface details, see System Identity Utility Window.

  3. Change the details of the LoadRunner Enterprise user

    1. Enter the relevant details to update and click Apply. The utility updates the LoadRunner Enterprise server and hosts, starting with the LoadRunner Enterprise server.

    2. In the lower part of the utility window, the Machines table displays the status of each machine during the configuration process.

    3. If the utility is unable to change the user on the LoadRunner Enterprise server, it stops the configuration, rolls back the change, and issues a message explaining why the change cannot be made. Correct the error and click Apply again.

    4. When configuration completes successfully on the LoadRunner Enterprise server, the utility proceeds with the configuration of the hosts. The utility attempts to configure all the hosts, even if the configuration on one or more hosts is unsuccessful. In this case, after the utility has attempted to configure all the hosts, correct the errors on the failed hosts, and click Reconfigure. The utility runs again on the whole system.

    For details on troubleshooting System Identity Utility issues, see Troubleshooting System Identity Utility and system user issues.

  4. Verify that the system user was changed on the LoadRunner Enterprise server

    1. Open IIS Manager. Under Sites > Default Web Site, choose a virtual directory.

    2. Under Authentication select Anonymous Authentication. Verify that the anonymous user defined was changed for the following virtual directories: PCS, LoadTest and Files (a virtual directory in LoadTest).

    3. Check in the PCQCWSAppPool and LoadTestAppPool application pools that the identity is the LoadRunner Enterprise user.

System Identity Utility Window

This utility enables you to update the LoadRunner Enterprise Communication Security passphrase, as well as the LoadRunner Enterprise system user and/or password on the LoadRunner Enterprise server and hosts from one centralized location.

You can open the System Identity Utility from <LoadRunner Enterprise server installation directory>\bin\IdentityChangerUtil.exe.

UI Elements

Description


Applies the selected changes on the LoadRunner Enterprise server and hosts, starting with the LoadRunner Enterprise server.


If, when applying a change, there are errors on any of the LoadRunner Enterprise hosts, troubleshoot the problematic host machines, then click Reconfigure. The utility runs again on the LoadRunner Enterprise server and hosts.

LoadRunner Enterprise User

The LoadRunner Enterprise system user details.

  • Change. Enables you to select which detail to change.

    • None. Do not change the user's name or password.

    • Password Only. Enables you to change only the LoadRunner Enterprise system user's password.

      Note: See Prerequisites above.

    • User. Enables you to change the LoadRunner Enterprise system user name and password.

  • Domain\Username. The domain and user name of the LoadRunner Enterprise system user.

  • Password/Confirm Password. The password of the LoadRunner Enterprise system user.

  • Delete Old User. If you are changing the user, this option enables you to delete the previous user from the machine.

    Note: You cannot delete a domain user.

User Group

The details of the user group to which the LoadRunner Enterprise system user belongs.

Group type. The type of user group.

  • Administrator Group. Creates a user in the Administrators group with full administrator policies and permissions.

  • Other. Creates a local group under the Users group, granting policies and permissions as well as other LoadRunner Enterprise permissions.

Configuration User

If you are creating a non-administrative LoadRunner Enterprise system user, that is, if you selected Other under User Group, you need to configure a configuration user (a system user with administrative privileges) that the non-administrative LoadRunner Enterprise system user can impersonate when it needs to perform administrative tasks. For details, refer to Change the LoadRunner Enterprise system user.

If you selected Delete Old User in the LoadRunner Enterprise User area, ensure that the configuration user you are configuring is not the same as the system user you are deleting. Alternatively, do not delete the old user.

  • Domain\Username. The domain and user name of a system user that has administrator privileges on the LoadRunner Enterprise server and hosts.

  • Password/Confirm Password. The password of a system user that has administrator privileges on the LoadRunner Enterprise server and hosts.

Communication Security Passphrase

The Communication Security passphrase that enables the LoadRunner Enterprise servers and hosts to communicate securely.

  • Change. Enables you to change the passphrase.

  • New passphrase. The new Communication Security passphrase.

    Note: This passphrase must be identical on all LoadRunner Enterprise components. For details, refer to the Update the Communication Security passphrase.

Machines grid

The machine configuration settings:

  • Type. Indicates whether the machine type is a LoadRunner Enterprise server or a host.

  • Name. The machine name.

  • Configuration Status. Displays the configuration status on each of the LoadRunner Enterprise components.

    • Configuration complete. The system user configuration was completed.

    • Needs to be configured. The LoadRunner Enterprise server/host is pending configuration. Displayed only after the LoadRunner Enterprise server configuration is complete.

    • Configuring..... The LoadRunner Enterprise server/host is being configured.

    • Configuration failed. The LoadRunner Enterprise server/host configuration failed. The utility displays the reason for failure together with this status.

      Note: See Change the details of the LoadRunner Enterprise user above.

Back to top

Administer a LoadRunner Enterprise server and host remotely

To perform administrative tasks on the LoadRunner Enterprise server or hosts (such as adding, configuring, or resetting a LoadRunner Enterprise server/host), LoadRunner Enterprise must use a user with administrative privileges. This must be the LoadRunner Enterprise system user with administrative privileges or, if the LoadRunner Enterprise system user is non-administrative, a configuration user.

When the LoadRunner Enterprise system user has administrative privileges and is defined on the remote machine, tasks are performed upon request. After validating the LoadRunner Enterprise system user or configuration user, LoadRunner Enterprise can perform required tasks.

Back to top

Configure a non-administrator LoadRunner Enterprise system user

For stronger security, you can configure the LoadRunner Enterprise system to use a non-administrator user and a custom group (lockdown mode).

This system user has the same permissions granted to any user in the built-in ‘Users’ group with additional extended rights to Web services and the Micro Focus file system and registry as described below:

  • Added to the built-in system groups Performance Log Users and IIS_IUSRS (on LoadRunner Enterprise server only).
  • The custom group is added to the built-in system groups Distributed COM Users and Users.

With the above-mentioned permissions, a system user cannot perform all of the administrative system tasks. Therefore, when configuring the system to use non-administrator user, you will need to specify a configuration user (a user with administrative privileges that is defined on the LoadRunner Enterprise server and hosts).

This configuration user will be used by LoadRunner Enterprise when administrative tasks are required by system. For example, tasks for changing a system user, resetting IIS, restarting services, accessing IIS metadata, configuring DCOM.

After completing such tasks, the system user reverts back to the previous user with the limited LoadRunner Enterprise user permissions.

Note: The configuration user is saved in the database, so that whenever an administrative-level system user is required to perform a task, the system automatically uses the configuration user, without prompting for the user's credentials.

Back to top

Required policies for the LoadRunner Enterprise system user

This section describes the required policies LoadRunner Enterprise grants automatically to a system user.

Note: This section applies to:

  • An administrative or non-administrative LoadRunner Enterprise user.

  • All LoadRunner Enterprise servers and hosts.

The LoadRunner Enterprise user must be granted all of the following policies:

Policy Name

Reason

Create global object (SeCreateGlobalPrivilege)

For Autolab running Vusers on the Controller.

Batch logon rights (SeBatchLogonRight)

The minimum policies required to run Web applications.

Service logon rights (SeServiceLogonRight)

The minimum policies required to run Web applications.

Access this computer from the network (SeNetworkLogonRight)

The minimum policies required to run Web applications.

Log on locally (SeInteractiveLogonRight)

Required by infra services. For example, after reboot, the system logs in with the LoadRunner Enterprise system user.

Impersonate a client after authentication (SeImpersonatePrivilege) Required for running LoadRunner Enterprise processes under the LoadRunner Enterprise system user.

Back to top

See also: