APM uses a shared database login rather than Windows authentication to access the database. Consequently you may be required to change that password on a periodic basis. This is certainly a good practice from a security perspective and the process involved should be familiar to the APM software administrators in your organization. The database account that is used is called "Ivara".Before going into the specifics of the steps to be taken let us review the scope of such an exercise. Please note I will be excluding the Remote from this consideration. APM software can be run in 4 different way Application Server (usually running as a service), Server Manager, Smart Client, and a Thick Client. The Smart Client may be excluded from this discussion as it accesses the Application Server and does not access the database directly. The other 3 modes of running the software all access the database and how the software access the database is stored in configuration files stored on the hosting PC or Server. The password is part of that information and it is stored in encrypted form.Both the Application Server and Server Manager store these configuration files at the machine level. Therefore the password only needs to be changed once for each instance. The Thick Client, however, stores its configuration files by the user. There are two types of Thick Client that may be in use at your site. The first is a manually created Thick Client. This Thick Client is usually created on a server where the APM software is installed. Unfortunately there is no way of distributing a password change to these Thick Clients. Each domain account that accesses one of these Thick Clients will have to modify the password manually in their configuration settings. It should be noted that these kinds of Thick Clients are usually restricted to the servers themselves and are used by IT Administrators so manually changing these passwords should not be a large risk. The second kind of Thick Client is one created by the Thick Client Packager. The packager will be used on the server to create a Thick Client install package, and the package will include the password. These Thick Clients are often used by APM power users on their own laptops or workstations. Distributing new passwords to these Thick Clients is simply a case of repackaging the Thick Client once you have changed the password of the Application Server that the Thick Client is built against.
A suggested sequence of steps may be as follows:1.) Shutdown all the application servers (Windows services) that are accessing the database where you are changing the password (I will assume that you would have forewarned the user base of a planned outage).
2.) Stop any IIS instances that are accessing the same database.
3.) Log into the database and change the password for the login called "ivara".
4.) On each server where an application server or a server broker is being hosted run the application called "Configure APM"
5.) Assuming you have the rights the "Configure APM" program will allow you to change the password for any application server and server manager hosted on the machine you are on as well as any Thick Clients that have been configured for your Windows login. Change the "Type" to "Server/Service" and then go through each one of the relevant application servers listed in the drop down for "Name" (obscured in the image below) and modify the "Database User's Password" (highlighted). You may run the tests on the "Test Instance" tab to make sure that you have entered the password correctly.
6.) In the same "Configure APM" program change the "Type" to "APM Server Manager" and then go through each one of the relevant server managers listed in the drop down for "Name" and modify the "Database User's Password". Again run the tests to make sure your change is correct.
7.) If you have any manually configured Thick Clients accessing the same database for your Windows login then repeat the same step but setting the "Type" to "Thick Client".
8.) Re-start any IIS instances you stopped.
9.) Re-start any application servers you stopped.10.) Finally on the server where any distributed Thick Client was packaged run the "Thick Client Packager", open the Thick Client packaging project and simply step through the wizard and re-package the Thick Client install at the end. Once the packaging is complete you will be asked if you wish to deploy the Thick Client. Please respond by clicking "Yes".
This completes the process.
N.B. In the steps above I use the word "relevant" as a short-hand to mean any application server or server broker that access the database in question.