Configuring the TrueSight Network Automation connector
TrueSight Network Automation connector is used to establish a connection between TrueSight Network Automation and the TrueSight Server Automation Application Server. Automation Console sends notifications for jobs such as running
vulnerability jobs to the connector, which sends it to the TrueSight Network Automation. The connector ensures that even if the application server is in an air-gapped environment, communication between Automation Console and the application server is uninterrupted.
By default, the connector establishes a connection over the HTTPS protocol using out-of-the-box self-signed certificates. To ensure seamless communication, you must provide the connector information in the hosts file on TrueSight Network Automation server as mentioned below:
Hosts file location and connector name
- Windows: C:\Windows\System32\drivers\etc\hosts
- Linux: /etc/hosts
<IPaddress of the server where the connector is installed> tsna.connector.bmc.com
You create a service account [an user account used to retrieve necessary details from endpoint so that Automation Console can use it for processing] and specify the data refresh interval [set time interval after which Automation Console retrieves new details from endpoint] while configuring the connector. This service account is also used for change automation while obtaining approvals from BMC Remedy IT Service Management.
Important
When you edit the connector configuration, ensure that the server belongs to the Load Balancer setup or the Disaster Recovery setup in the same environment as the existing connector host. If you specify a new server outside of the Load Balancer setup or the Disaster Recovery setup, the existing data is duplicated leading to confusion and mismanagement.
Before you begin
Before running the connector, ensure that the connector is installed and run on Windows and Linux operating systems that match the following criteria:
- AdoptOpenJDK Runtime Environment 18.9 (build 11.0.19+7) is installed on the connector host.
Port requirement as below -
Port
Protocol
Source
Destination
Inbound /outbound
443
HTTPS
Connector
HAC SaaS and Internet
Outbound
443
HTTPS
Connector
TrueSight Network Automation
Outbound
443
HTTPS
TrueSight Network Automation
Connector
Inbound
- Connector's Outbound port 443 should be opened for ifm url mentioned in creds.json available in <connectorDirectory>/config/ folder. e.g.
"endpoints": { "ifm": "https://<url>"
}
- Connector's Outbound port 443 should be opened for ifm url mentioned in creds.json available in <connectorDirectory>/config/ folder. e.g.
Before configuring the connector, you must have created an account for a Cloud Native User in BMC Helix Automation Console service.
See Onboarding and implementing.
Configuring the TrueSight Network Automation connector for BMC Helix Automation Console
To configure the connector, perform the following steps:
- Go to BMC Helix Automation Console login page.
- Select the Login Profile as Cloud Native User and provide the credentials to login as a cloud user.
- Go to the
briefcase menu on the top right, and click Connectors > Add a Connector. From the on-premises connectors, select the TrueSight Network Automation connector, and click Configure.
- On the Add a connector page, provide the following details:
- Enter a name.
In the Application Server Configuration area, enter the host name, port, and realm name.
- In the Service Account Profile area, enter the username, password, realm for the service account.
This account is used to log on to BMC Helix Automation Console with a Network Automation user profile.
After entering the password, click Save. - In the Collection Mode area, specify the data collection interval.
By default, the time interval is 60 minutes. Minimum acceptable is 5 minutes and maximum is 10080 minutes.
- Click Continue and download the connector zip file on a local host.
- On the server where the connector file is extracted, go to the connector location, and run the following command to install and start the connector:
- Windows: run.bat
Linux: run.sh
- (Optional) To configure the TrueSight Network Automation connector as a service, follow these steps:
- Run the
bna-connector.exe installcommand. - A new service with the name of “BMC Network Automation Connector” will be created on the host and can be used as any other available service.
- Run the
The connector starts running successfully. You can view the connector status on the Connectors page in BMC Helix Automation Console.
Can I configure a connector with any other user profile?
No. You require a Cloud Native User profile only to configure connectors in BMC Helix Automation Console.
As a Network Automation user, on the Connectors page, you can view the connectors that are currently configured and running in your environment.
Enabling debug mode
BMC recommends that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.
Do this:
- Press CTRL+C twice to stop the connector, if its already running
Go to <ConnectorLocation>/config, open the application.properties file, add the following parameter and set it to debug, save the file
# #Logging related Properties # logging.level.com.bmc.dem.bna.connector=debug- Restart the connector.
To install the security certificate for the TrueSight Network Automation connector
In the older releases, the communication between TrueSight Automation Console and TrueSight Network Automation is not secured. Though the security certificate is present, it is not verified.
Starting with the 23.1 release, the communication between TrueSight Automation Console and TrueSight Network Automation is secured by default. The security certificate is verified based on the value of the tsna.ssl.check.ignore parameter.
- Verify the value of the
tsna.ssl.check.ignoreparameter in the application.properties file. By default, the value isfalse. This means, the communication is secured. - If you do not want the communication to be secured, update the value of the
tsna.ssl.check.ignoreparameter totrue.
Important
Before installing the security certificate, make sure the TrueSight Network Automation hostname configured in the connector is same as the certificate's host or domain name.
Perform the following steps to install the security certificate:
- Open the TrueSight Network Automation portal URL in a browser.
- Click Export.
- Save the certificate as a .crt file. While saving, rename the certificate as tsna.
Depending on your installation environment, copy the tsna.crt file to the following location:
Installation environment Copy the tsna.crt file to Automation Console is deployed using Stack Manager /opt/bmc/truesight/common/certs/ Automation Console is deployed on Kubernetes clusters /configs/external/certs BMC Helix Automation Console Windows Connector VM
Import the tsna.crt file manually using the following keytool command:
( ${JAVA_HOME}\keytool -import -keystore ${JAVA_HOME}\lib\security\cacerts -storepass changeit -noprompt -alias tsna -file tsna.crt)Linux Connector VM
run.sh takes care of importing tsna.crt file if its placed under /opt/certs folder.
- Restart the TrueSight Network Automation connector.
Where to go next?
Log in to Automation Console with the appropriate credentials to successfully verify the connector installation. See Accessing and navigating the interface for using with TrueSight Server Automation.
Comments
Log in or register to comment.