Managing connectors

The onboarding interface allows you to take the following actions on connectors that you have previously onboarded:

Note

BMC recommends you perform these procedures during a maintenance window to avoid impacting user activities.

Connector versions

Periodically SecOps Response provides new versions of connectors. When you log on as a SecOps Response administrator and new connectors are available, a warning message is displayed. You can update connectors using the Manage Connectors page, which lets you download the most recent version of the connector.

In addition, on the Connectors page, the tile representing each installed connector shows its version number. A message appears at the bottom of a tile if an updated version is available. The following image highlights the message.

Editing the configuration of a connector

Use this procedure to modify the configuration of an existing connector.

  1. Log on to SecOps Response as a SecOps Response administrator with your registered credentials.
    The Connectors page opens. It shows connectors that you have already onboarded or partially onboarded. 
  2. For the connector with the configuration to be edited, select ACTIONS
    A list of options appears. 
  3. Select Edit Configuration.
    The Edit Connector Configuration page appears. 
  4. Provide the required information for the connector. Refer to the following pages for an explanation of the required fields for each type of connector: 
    Onboarding BMC BladeLogic Server Automation
    Onboarding BMC Network Automation
    Onboarding SCCM
    Onboarding BMC Atrium Orchestrator
    Onboarding BMC Discovery 

  5. Click Save.

Disabling a connector

Use this procedure to disable a running or suspended connector. Disabling a connector stops communication between the connector in a local environment and SecOps Response.

  1. Log on to SecOps Response as a SecOps Response administrator with your registered credentials.
    The Connectors page opens. It shows connectors that you have already onboarded or partially onboarded.
  2. For the connector to be disabled, select ACTIONS
    A list of options appears. 
  3. Select Disable.
    A confirmation message appears. After you click Yes, the connector is disabled and its status changes to Disabled (in gray).

Enabling a connector

Use this procedure to enable a disabled connector, which restarts communication between the connector and SecOps Response.

  1. Log on to SecOps Response as a SecOps Response administrator with your registered credentials.
    The Connectors page opens. It shows connectors that you have already onboarded or partially onboarded.
  2. For the connector to be enabled, select ACTIONS
    A list of options appears. 
  3. Select Enable.
    A confirmation message appears. After you click Yes, the connector status changes to Running (in green).

Downloading a connector again 

Use this procedure to download a connector after a connector has already been downloaded and is currently in a Running or Suspended state.

If a connector is in the Downloaded state, you do not have to disable the existing connector before downloading again.

Warning

When you download a new connector, you must not run the old connector again. If you do run the old connector, it can potentially lock the old as well as the new connector. In that situation, contact BMC Support.

Note

  • For all types of connectors, you must have the Java Runtime Environment (JRE) 1.8 installed on your local machine
  • If you are downloading a connector for SCCM, some preliminary configuration is required.
  • When onboarding connectors, a single machine cannot host more than one connector of the same type. For example, if you have onboarded a connector for BSA on a host, you cannot successfully onboard another BSA connector on the same machine.

  1. Log on to SecOps Response as a SecOps Response administrator with your registered credentials.
  2. The Connectors page opens. It shows the connectors that you have already onboarded or partially onboarded.
  3. For the connector that should be downloaded again, select ACTIONS and then select Disable.
    A message prompts you to confirm the new download. After you click Yes, the status of the connector is set to Disabled (in gray).
  4. On your local computer, stop the connector service for which you want to download a connector again.
    Use one of the following commands:
    • Windows<product>-connector.exe stop
    • Linuxsystemctl stop <product>-connector

    Note

    To delete the files associated with an old connector, you must first uninstall or remove the service.

    • (Windows) After stopping the service, uninstall the connector by entering the command: <product>-connector.exe uninstall
    • (Linux) After stopping the service, perform the following steps:
      1. Remove the connector files by entering the command: \rm /etc/systemd/system/<product>-connector.service 
      2. Reload generators by entering the command: systemctl daemon-reload


  5. Using the onboarding interface, select ACTIONS and then select Download again.
    A message prompts you to confirm the new download. After you click Yes, the connector is downloaded locally.
  6. Select ACTIONS and then select Enable.
    A message prompts you to confirm. After you click Yes, the status of the connector is set to Running (in green).
  7. In the local environment where the connector was downloaded, extract the downloaded ZIP file using any standard compression tool.
  8. SCCM only: For SCCM, you may need to configure parameters in the application.properties file. 
    Note that you can always choose to modify the properties in the application.properties file at a later time and then re-run the connector program (as described in the next step).
  9. Depending on the operating system, take the following actions:
    1. (Windows) Perform the following steps:
      1. Using a command line, cd to the location of the extracted ZIP file contents.
      2. Install the connector by entering the command: <product>-connector.exe install
      3. Start the connector by entering the command: <product>-connector.exe start
        To stop the connector, enter the command: <product>-connector.exe stop
    2. (Linux) Perform the following steps as the root user or using sudo:
      1. Cd to the location of the extracted ZIP file contents.
      2. Grant execute permissions to the install.sh file by entering the command: chmod +x install.sh
      3. Install the connector by running the command: ./install.sh file. 
      4. Start the connector by entering the command: systemctl start <product>-connector
        To stop the connector, enter the command: systemctl stop <product>-connector
  10. Refresh the browser page where you are managing connectors.

Note

No configuration is necessary when you use this procedure to download a connector again. However, you can optionally configure a connector, if necessary.

Deleting a connector

As an endpoint administrator, ensure that all security groups are deleted from SecOps Response.
You cannot delete a connector if any security groups exist for that implementation of SecOps Response.

  1. Log on to SecOps Response as a SecOps Response administrator with your registered credentials.
    The Connectors page opens. It shows the connectors that you have already onboarded or partially onboarded.

  2. For the connector you want to delete, select ACTIONS and then select Disable.
    A confirmation message appears. After you click Yes, the connector is disabled and its status changes to Disabled (in gray).
  3. Select ACTIONS again and then select Delete.
    A message prompts you to confirm the deletion. After you click Yes, another message confirms that data created by the connector is retained. 


Note

To delete the files associated with a connector, you must first stop the connector service and then uninstall or remove the service.

(Windows) Perform the following steps:

  • Using a command line, cd to the location of the connector files.
  • Stop the connector by entering the command: <product>-connector.exe stop
  • Uninstall the connector by entering the command: <product>-connector.exe uninstall

(Linux) Perform the following steps as the root user or using sudo:

  • Cd to the location of the extracted connector files
  • Stop the connector by entering the command: systemctl stop <product>-connector
  • Remove the connector files by entering the command: \rm /etc/systemd/system/<product>-connector.service 
  • Reload generators by entering the command: systemctl daemon-reload


Enabling proxy support

If you want a connector to communicate to the Internet by means of a proxy server, some configuration of an XML file is necessary. For every type of connector, an XML file is included in the files that you download to the on-premise host as part of the onboarding process. The XML file is named <connector_type>-connector.xml, such as bsa-connector.xml or sccm-connector.xml.

By default, one tag in the <connector_type>-connector.xml file reads as follows:

<arguments>-Xrs -Xmx1024m -jar "%BASE%\lib\<connector_type>-connector.jar" --spring.config.location=classpath:/config</arguments>

Modify that tag to include new arguments, as shown in the highlighted text below. The added arguments enable a basic authentication scheme in case your proxy requires authentication.

<arguments>-Xrs -Xmx1024m  -Dhttps.proxyHost=<ip/hostname> -Dhttps.proxyPort=<port>
   -Dhttps.proxyUser=<user> -Dhttps.proxyPassword=<password>
   -Djdk.http.auth.tunneling.disabledSchemes=""
   -Dhttp.nonProxyHosts=“<Endpoint Host/IP address>" 
   -Dhttps.nonProxyHosts=“<Endpoint Host/IP address>"
 
   -jar "%BASE%\lib\<connector_type>-connector.jar"
     --spring.config.location=classpath:/config</arguments>

In the new arguments:

  • <ip/hostname> – provides the IP address or host name of the proxy server. 
  • <port> – Provides the port number of the proxy server.
  • <user> – Identifies the proxy user.
  • <password> – Provides the proxy user's password. 
  • The Djdk.http.auth.tunneling.disabledSchemes argument must have an empty value, as shown above.
  • <Endpoint Host/IP address> – Provides the host name or IP address of the endpoint that the connector is configured to communicate with, such as the BSA Application Server, the BNA server, the SCCM server, or the Discovery instance.

Remember to restart the connector after making modifications to the XML file.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Tony Stevens

    For configuring the Proxy, the arguments should be:

    -Dhttps.proxyHost=<ip/hostname> -Dhttps.proxyPort= -Dhttps.proxyUser= -Dhttps.proxyPassword= -Djdk.http.auth.tunneling.disabledSchemes="" -Dhttp.nonProxyHosts=“<Endpoint Host/IP address>" -Dhttps.nonProxyHosts=“<Endpoint Host/IP address>"

    Dec 12, 2017 09:49
    1. Dave Wicinas

      Tony, thanks for the comment.

      I checked with Development. They felt we just needed to change Dhttp to Dhttps. I've done so above. 

      Let us know if you still have concerns.

      Dec 12, 2017 03:40
      1. Dave Wicinas

        I've revised the proxy documentation again, based on more guidance from the development team.

        Jan 04, 2018 07:06