Important

   

Starting version 8.9.03, BMC Server Automation is renamed to TrueSight Server Automation. This space contains information about BMC Server Automation 8.9.02 and previous versions. For TrueSight Server Automation 8.9.03 and later releases, see TrueSight Server Automation 8.9.

Encrypting the connection to Yellowfin database used by Live Reporting

This topic describes steps for encrypting your connection to Yellowfin to secure information displayed by the Live Reporting dashboard. Depending on which database server Yellowfin runs on, perform either of the following procedures:

SQL Server database connection

Depending on your company policy, you can choose any third-party certificate authority (CA) to issue certificates for Server Authentication. Note that you cannot use self-signed certificates to encrypt a connection with an SQL Server database.

Important

BMC Server Automation does not support using an encrypted Microsoft SQL Server database connection at the time of installation or upgrade. However, after the product is installed or upgraded successfully, BMC Server Automation can use an encrypted connection to communicate with the Microsoft SQL Server database.

  1. Ensure that you copy the third-party CA file  (typically the pubkey.cer) to any temporary location on the Yellowfin SQL database server.
  2. Download the Microsoft jdbc driver from this Microsoft documentation site.

    Note

    Ensure that you select the correct architecture for the jar files based on your Yellowfin SQL Server database architecture

  3. Unzip the file to a temporary location and copy the mssql-jdbc-6.2.1.jre8.jar file under the lib folders of the Yellowfin installation directory and the system JRE instillation directory:

      Path
    Yellowfin <Yellowfin_Installation_Path>\appserver\lib
    JRE \Program Files\Java\jre1.8.0_141\lib
  4. To allow Windows to authenticate to the SQL Server database, copy the sqljdbc_auth.dll file under the bin folders of the Yellowfin installation directory and JRE installation directory.

      Path
    Yellowfin <Yellowfin_Installation_Path>\appserver\bin
    JRE \Program Files\Java\jre1.8.0_141\bin

   copy the "C:\Microsoft JDBC Driver 6.2 for SQL Server\sqljdbc_6.2\enu\auth\x64\sqljdbc_auth.dll" to "C:\Yellowfin 7.1\appserver\bin" and "C:\Program Files\Java\jre1.8.0_141\bin"

6. Import the 3rd party CA certificate (issued to DB Server) into yellowfin

                a) Go to the system_java/jre/bin to use the keytool command and import the 3rd party certificate to cacerts

                Below command is a smaple

                keytool -import -v -trustcacerts -alias <alias used to create certificate for DB Server> -file "C:\Users\Administrator\Documents\Third-Party.pubkey.cer" -keystore "C:\Program Files\Java\jre1.8.0_141\lib\security\cacerts"

                b) when prompted for password provide 'changeit' <it's default java password to import any certificate to it's cacerts>

                c) Trust this certificate? [no]:  yes

                d) Restart the YellowFin Tomcat service

Log on to the Live Reporting dashboard with your REPORT_ADMIN credentials.

8. Go to Administration - Admin Console - Data Sources - <your data source>

9. In the connection section select 'Generic JDBC Data Source' for 'Database' field

10. Change the JDBC driver to 'com.microsoft.sqlserver.jdbc.SQLServerDriver'

11. Change the Connection String to 'jdbc:sqlserver://<BSA_DB_SERVER_NAME>:<Port>;databaseName=<BSA_DB_NAME>;encrypt=true;trustServerCertificate=true;integratedSecurity=true'

12. Test the connection by clicking on the link 'Click here to test the connection.'

13. The connection should be successful and should return the BSA_DB tables

Enabling or disabling encryption in an Oracle database connection

You do not need to perform any configuration on the BMC Server Automation application server for enabling or disabling encryption in your Oracle database connection using Oracle Advanced Security. For detailed steps on enabling encryption using Oracle Advanced Security refer to the Oracle documentation.

See the following example for encrypting the connection to your Oracle 11g R2 database using the AES256 encryption algorithm. 

Oracle

1. For Oracle there is no specific change required at the yellowfin server.

2. Once the DB Server has been encrypted by following the steps mentioned here <link to enable Oracle encryption>, yellowfin needs to be restarted

Steps to Encrypt DB Server <The earlier link to BSA DB Server encryption>

Note: If DB Server has been modified to support encryption, yellowfin’s tomcat needs to be restarted for establishing fresh secure connection.

Was this page helpful? Yes No Submitting... Thank you

Comments