Session limits in SSMC

SSMC allows multiple users to log in and access the application concurrently. When not protected properly, an attacker could launch multiple sessions for same or different users, which in turn exhaust the physical system resources. The server might be unresponsive or be taken down by leading to a Denial-Of-Service (DoS) condition for all other users.

To protect against DoS, SSMC provides two switches to control the session limits. The administrator can access and alter their values as required from /opt/hpe/ssmc/ssmcbase/resources/ssmc.properties file.

NOTE:

Reboot the appliance for the changes in the ssmc.properties file to take effect.

Property	Description	Default Value	Maximum Value
`security.max.active.ui.sessions`	Maximum number of sessions allowed in SSMC across all users.	100	100
`security.max.active.ui.per.user.sessions`	Maximum number of sessions allowed in SSMC per user.	50	100

IMPORTANT:

If you plan to change these default settings, ensure that you set the maximum concurrent sessions per user (security.max.active.per.user.sessions) to a value less than the maximum number of concurrent sessions (security.max.active.ui.sessions). This action ensures that a single user cannot exhaust all the sessions.