Manage Servers in Groups
Overview
You can group multiple servers to apply accessible accounts and policies at once. By creating server groups according to specific purposes, you can conveniently manage policies in bulk and grant the permissions for these grouped servers to individual users or user groups all at once.
It is recommended to pre-register the necessary resources for creating server groups.
Administrator > Servers > Connection Management > Server Account Templates
Administrator > Servers > Connection Management > SSH Key Configurations
Creating a Server Group
Navigate to the Administrator > Servers > Connection Management > Server Groups menu.
Click the
+ Create Group
button in the upper right corner.Enter the following information to create the group:
Name: Enter a name to distinguish the server group on the screen.
Description: Enter additional information about the server group.
Server Tags: Filter and add servers to be included in the server group using Server Tags.
Click the
Save
button to save the group.
Server groups can be managed based on tags. By specifying a specific tag in the Server Tags of the server group, all servers with that tag can be dynamically included in the server group.
Creating/Editing a Server Group
You can create a server group by entering the information below. Some items can be edited after creation.
1. Entering Basic Information and Add Servers Using Tags
Name: Enter the name of the server group.
Description: Enter a description that explains the server group. When multiple administrators are involved, it is recommended to enter the name and description in detail according to the purpose for easy identification of server groups.
Server Tags: Specify the tags of the servers you want to group to dynamically manage the targets in the server group. Servers added through tags cannot be manually deleted from the server table; you must modify the tags in Server Tags.
2. Adding Servers Manually
In the Servers section, you can check the servers belonging to the group or manually add servers to the group.
Click the
Add Server
button in the upper right corner to open a pop-up where you can view the server list.In the pop-up window, select the individual servers to add to the group and click the
Add
button.Use the filter function(:필터:) in the pop-up to filter servers by various criteria.
Confirm the servers added to the server group.
Even if you delete the tags related to manually added servers in the Information section of Server Tags, manually added servers are not excluded from the group. They can only be manually deleted from the Servers table by selecting them with the checkbox and clicking the
Delete
button.
3. Registering Accounts
Enter the account information required to access the connection. There are two ways to add accounts:
Click the
Copy
button to import already registered accounts from the Server Account Templates menu.Refer to Server Account Templates for instructions on how to register a server account template.
Or, use the
Add Account
to manually add an account.
The following information must be entered or configured for each account:
Account: Enter a name to distinguish the individual account.
Auto Login: You can set auto-login. If set to Off, only password authentication can be used.
Provisioning : Allows you to designate server accounts for automated password changes.
This option is available only when Password Provisioning is enabled under Administrator > General > Company Management > Security > Server Connection Security.
It will only appear when Secret Store is set to QueryPie.
Auth Type: Select the authentication method for the individual account. You can choose between Password and SSH Key methods. If you want to select the SSH Key method, first change the Auto Login setting to On.
Authority: If the authentication method is Password, enter the password for authentication. If it is an SSH Key, select a key already registered in SSH Key Configurations.
Protocols: Set whether to allow SSH or SFTP access with the account.
3-1. Configuring Authentication via Secret Store (HashiCorp Vault) in a Server Group
When registering account information in a server group, you can use Secret Store integration to connect to the connection using pre-configured Secret Store authentication information. Pre-stored server authentication information in the Secret Store enhances security by allowing users to connect to remote servers using stored server credentials. Servers defined in Server Groups are forced to use the same Secret Store as the Server Groups.
Navigate to the Administrator > Servers > Connection Management > Server Groups menu and click the
Create Group
button to create a new server group.This method is the same as the configuration in the Administrator > Servers > Connection Management > Server Account Templates menu.
In the Secret Store field, select a previously registered Secret Store.
Only K/V items from the Secret Engine types stored in the Secret Store are supported.
Click the
Add Account
button.In the Alias field, enter the server account name to be displayed to users.
Enter the Vault Path in the Account / Authority field.
The Path format can be entered as
prod_os/data/linux?account
.In the example, the actual path in Vault is
prod_os > linux
where the key is account.The
/data
path in the middle must be added.
Click the
Save
button to save the server group information.
4. Assigning a Server Group Owner
You can assign a server group owner and designate them as the approver for workflows.
Click the
Assign Owners
button in the upper right corner to open a pop-up displaying Users and User Groups.In the pop-up window, select the User or User Group to designate as the server group owner and click the
Save
button.You can confirm the User or User Group designated as the owner in the server group.
Click the
Save Changes
button to save.