Making Sense of ESP Passwords
This information applies to both new and experienced users of SAP Event Stream Processor. If you are looking for information on installing Smart Data Streaming, refer to the SAP HANA Smart Data Streaming: Installation and Update Guide.
If you have installed SAP Event Stream Processor, you may have realized that you’ve been creating quite a few passwords and administrative usernames.
- The cluster password
- The keystore password
- The cluster database admin user and password
- The Cockpit Agent administrator password
Are you wondering how to keep track of these passwords, and when exactly to use them? During my installation, I had these same lingering questions about the various passwords. So, here’s a short guide to understanding and using these credentials.
1. Cluster Password
- Username = SYS_STREAMING
- Password = <cluster-password>, e.g. clustpassword123
The cluster password is the most important password to remember when configuring ESP for the first time; you will be using this credential in your post-installation configuration when you log in and authenticate yourself as the special preconfigured admin user, SYS_STREAMING. You’ll be using the cluster password when you launch the streamingclusteradmin utility to set up user authorization policies (e.g. granting/revoking user roles and permissions). You’ll also use this password when you log in to the ESP Cockpit for the first time to manage users and set up authenticators.
Logging in as the SYS_STREAMING user allows you to have an avenue for administrative access to your ESP-related system and projects. SYS_STREAMING has the equivalent to the following permissions:
- Grant permission view all to user SYS_STREAMING
- Grant permission all system to user SYS_STREAMING
2. Keystore and Key Password
Use this password to encrypt and secure your digital certificates for ESP, such as passwords required to read and write to databases. You can find the keystore password element in the studio.xml file located in %STREAMING_HOME%\studio\clustercfg.
You will use this password when you are connecting to or administering clusters with RSA authentication, or when you need to encrypt or migrate passwords when using the SAP ESP Studio or the streamingencrypt, streamingclusterutil, and streamingclusteradmin command line utilities.
For more on the command and credential syntax for these utilities, see their respective topics in the SAP Event Stream Processor: Utilities Guide, and the “Encryption” Section of the SAP Event Stream Processor: Security Guide.
3. Cluster Database Password (and Username)
During the installation, you created a username for admin-level access to the ESP database (see screenshot below).
The cluster database stores configuration information for each node within the cluster, including:
- authentication types and other policy information
- data services
- cluster cache data persistence
Note: The cluster database lifecycle is distinct and separate from that of the cluster. If you set up the cluster database as a service, it can overlap or be completely separate. For more information on the cluster database, refer to the “Managing the Cluster Database” section in the SAP Event Stream Processor: Configuration and Administration Guide.
4. ESP Cockpit Agent Administrator
At the end of your ESP installation, you are asked to create a password for the “Sybase Control Center” administrator (see screenshot below). This is the password for SAP Control Center (SCC), where you can access the ESP Cockpit.
You will be using this password when you need administrative access to the ESP Cockpit (for instance if you are registering more than one node to a cluster, so that you can access all nodes from the same Cockpit).
Note: You log in as ESP’s pre-configured Cockpit Agent user ID, called “sccadmin”.
If you have any other tips you’d like to share regarding the four passwords I talked about, feel free to post them in the comments.