Unsupported content

 

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Configuring the UI communication channels (Tomcat)

This page describes how to configure the communication channel (the Tomcat server). It includes the following sections:

Configuration overview

You configure the secure transport protocol and cipher suite in the Tomcat server's server.xml files for each of the following product UIs: BMC Atrium Orchestrator Grid Manager, Operator Control Panel, the repository, and the dashboards. 

  • The protocol and allowed cipher suites are defined in the Connector element in the file.
  • The cipher suite is listed in the ciphers attribute.

An example of the server.xml file is provided in the instructions in this page.

Note

If you change the protocol and cipher suite settings for the internal communication channel, BMC Software recommends that you use the same settings for all product UIs, such as the OCP, APs, LAPs, the repository, and dashboards.

Secure transport protocols

The following table lists the supported secure transport protocol values

Secure transport protocol value

Supported versions

Supported versions are based on the secure provider implementation configured for your environment.

TLSSupports some versions of TLS.
TLSv1Supports Supports RFC 2246: TLS version 1.0; may support other versions.
TLSv1.1Supports RFC 4346: TLS version 1.1; may support other versions.
TLSv1.2Supports RFC 5246: TLS version 1.2; may support other versions.

Cipher suites

For a list of cipher suites that you can use for SSL connections, see Cipher suites

The current BMC Atrium Orchestrator release installs Java SE Runtime Environment (build 1.7.0_07-b11). The cipher suites listed in Cipher suites are installed with the BMC Atrium Orchestrator release. Cipher suites listed as default are enabled. Unless a different list is defined for SSL, handshaking on an SSL connection will use one of these cipher suites. 

Before you begin

Before configuring the UI communication channel, ensure that you have completed the following:

  • Installed the BMC Atrium Orchestrator components, completed any post-installation configuration, and ensured that everything is working properly.
  • Configured BMC Atrium Orchestrator to use HTTPS (see Configuring BMC Atrium Orchestrator to use HTTPS).
  • Checked your web brower documentation for information about supported protocols and cipher suites. Ensure that the protocol you choose supports the cipher suites you use.
  • Checked with your network administrator to ensure that the chosen protocol and cipher suites are supported by your network environment.
  • Planned for a shutdown of your BMC Atrium Orchestrator environment, which occurs when you configure UI communication channels.
  • Made backup copies of the server.xml file for each BMC  Atrium Orchestrator component (such as the CDP, OCP, repository, or dashboards). See Configuring the UI communication channels for file locations. 

    Warning

    It is very important that you back up the server.xml files for each component, so that you can revert back to the original files if needed.

Configuring the UI communication channels 

When you configure the UI communication channel, you need to shut down the UI server, resulting in a shutdown of your BMC Atrium Orchestrator environment. Ensure that you plan for this shutdown.

The server.xml file that you modify in these instructions is stored in the following locations (AO_HOME represents the installation directory for the BMC  Atrium Orchestrator component, such as the CDP, HA-CDP, AP, LAP, OCP, repository, or dashboards):

  • Grid Manager (AO_HOME/CDP/tomcat/conf)
  • Operator Control Panel (AO_HOME/OCP/tomcat/conf)
  • Repository (AO_HOME/REPO/tomcat/conf)
  • Dashboards (AO_HOME/DASHBOARD/tomcat/conf)

To configure the UI communication channels

  1. Shut down the UI server for the product UI, such as Grid Manager CDP, OCP, repository, or dashboard (see Starting and stopping product components and services).
  2. Navigate to the appropriate tomcat/conf directory (listed above) and edit the server.xml file, making the following two changes in the <Connector> element (use the example server.xml file entry as a guideline) :

    <Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false" keystoreFile="E:\Program Files\BMC Software\BAO\AP\tomcat\conf\.keystore" maxThreads="150" port="38080" protocol="HTTP/1.1" scheme="https" secure="true"sslProtocol="TLS" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" />
    • Change the protocol string in the sslProtocol value if applicable.

    • Add the cipher suite name to the ciphers attribute value.

  3. Repeat this process for each UI. 
  4. Restart the UI server.
  5. Using a browser, connect to the UI and check that it is working.
  6. If you have any problems connecting to the UI, check the Tomcat log files (named localhost.date.log).

Troubleshooting

Check the Tomcat log files (named localhost.date.log) for errors related to unsupported cipher suites or handshake failure messages.

When installing a new AP or LAP, the installation will fail if the UI protocol is not SSL. The SSL protocol is hard-coded in the installer for the UI server connection verification. If the UI server protocol is not SSL, before installing an AP or LAP, change the protocol back to SSL and perform the installation.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments