Enabling security for communication with Infrastructure Management server

Use the information in this topic to enable security for the communication between the following channels:

  • Collection Station and TrueSight Infrastructure Management
  • Collection Agent and TrueSight Infrastructure Management
  • Search and TrueSight Infrastructure Management
Related topics

Communication ports and protocols

Security considerations

TLS considerations for IT Data Analytics

Integrating with Infrastructure Management and ProactiveNet

Integrating with Infrastructure Management and ProactiveNet cells

To successfully integrate the Infrastructure Management server and the TrueSight IT Data Analytics, you must import the Infrastructure Management server cell certificate into the truststore of TrueSight IT Data Analytics. The following section describes the steps in detail.

To apply Infrastructure Management server cell certificate to the Log Analytics

TrueSight IT Data Analytics components communicate with the Infrastructure Management server cell to collect event data into TrueSight IT Data Analytics and analyze it. Ensure that the Infrastructure Management server cell certificate is imported into the truststore of each of the following components of TrueSight IT Data Analytics if they are installed on separate host computers.

  • Collection Station: You need to import the Infrastructure Management server cell certificate into the cacerts truststore of collection station. The cacerts is located in the <ITDA installation directory>\jre\lib\security\cacerts directory location.
  • Collection Agent: You need to import the Infrastructure Management server cell certificate into the cacerts truststore of collection agent. The cacerts is located in the <ITDA installation directory>\agent\jre\lib\security\cacerts directory location.
  • KM Agent: You need to import the Infrastructure Management server cell certificate into the cacerts truststore of KM Agent. The cacerts is located as listed in the following section:
    • If jre is installed with the PATROL Agent, use the cacerts located in the $PATROL_HOME/jre64/lib/security/cacerts directory path.
    • If custom jre is used, use the cacerts located in the $JAVA_HOME/jre/lib/security/cacerts directory path.

      Note

      In the preceding directory path, $JAVA_HOME is set to point to the jre location that is used by the KM.

  • Search components: You need to import the Infrastructure Management server cell certificate into the cacerts truststore of all search components, if they are installed on separate host computers. The cacerts is located in the <ITDA installation directory>\jre\lib\security\cacerts directory location.

  • Standalone TrueSight IT Data Analytics server: If collection station, collection agent, search components, and KM Agent are all installed on a single host computer, then import Infrastructure Management server cell certificate into the cacerts truststore located in <ITDA installation directory>\jre\lib\security\cacerts directory location.

Perform the following sequence of steps to import Infrastructure Management server cell into each of the preceding TrueSight IT Data Analytics components:

  1. Log on to the host computer where the TrueSight IT Data Analytics is installed.
  2. The keytool utility that is used to import the certificate is present in the <IT Data Analytics Installation Directory>\jre\bin directory. Add this directory path to the PATH environment variable by running the following command:

    #Microsoft Windows

    set PATH=<IT Data Analytics Installation Directory>\jre\bin;%PATH%

    #Unix

    export PATH=<IT Data Analytics Installation Directory>/jre/bin:$PATH

  3. Copy the signed Infrastructure Management server cell certificate into a local directory of the host computer, for example, C:\temp. For step-by-step instructions to generate signed certificates for Infrastructure Management server cell, see Implementing private certificates in TrueSight Operations Management.
  4. Navigate to the directory where the cacerts truststore file is located.

  5. Take a backup of cacerts file and name it as cacerts-update.

  6. Copy the Infrastructure Management server cell certificate to this directory.

  7. List all the keys in the cacerts-update truststore by running the following command:

    keytool -list -keystore cacerts-update -storetype JKS -storepass changeit

    Note

    changeit is the default password for the cacerts-update truststore.

  8. Delete the existing certificate alias from the cacerts-update by running the following command:

    keytool.exe -delete -alias bmcitdacell -keystore cacerts-update -storepass changeit

    bmcitdacell is the default cell certificate alias name in the cacerts-update truststore. If the existing certificate alias name is different, use that name accordingly in the preceding command. If you don't have an existing certificate alias in the truststore, you can ignore this step and proceed to the next step.

  9. Import the Infrastructure Management server cell certificate into the cacerts-update truststore by running the following command:

    keytool -importcert -keystore cacerts-update -file mcell.crt -alias bmcitdacell -storepass changeit

    Note

    mcell.crt: Name of the Infrastructure Management server cell certificate.

     

  10. Verify that the certificate is successfully imported into the truststore by running the following command:

    keytool -list -v -keystore cacerts-update -storepass changeit


  11. Navigate to the directory where the cacerts file is located.

    • Microsoft windows: <ITDA installation directory>\jre\lib\security\cacerts

    • Linux: <ITDA installation directory>/jre/lib/security/cacerts
  12. Rename the cacerts file to cacerts.orig

  13. Copy cacerts-update to cacerts
  14. Restart the host computer.

Where to go from here

Configuring a secured connection

Was this page helpful? Yes No Submitting... Thank you

Comments