[App_Service]
The [App_Service] stanza is used to configure the TMTM Application Service.
Parameter | Description |
|---|---|
| The domain name of the Active Directory domain. Example: |
| This was used when configuring Active Directory Legacy mode security; this mode is no longer supported. |
| Active Directory Fully Qualified Domain Name Example : This must match the distinguishedName of your Active Directory Domain. |
| This was used when configuring Active Directory Legacy mode security; this mode is no longer supported. |
| This was used when configuring Active Directory Legacy mode security; this mode is no longer supported. |
| Active Directory Security Trust Policy. Used when configuring Active Directory Delegate mode security. Defines the way security certificates are processed when connecting to an Active Directory Domain Controller. The value The value |
| Active Directory Security Host Name. Used when configuring Active Directory delegate mode security. Defines the DNS names of one or more Active Directory Domain Controllers, or if the Active Directory Domain Controllers are referenced by the domain name, that domain name. The SecurityConfig program sets this based on your configuration information. |
| Active Directory Security Maximum Group Recursion. Used when configuring Active Directory delegate mode security. Defines the depth limit that is searched to find a user's group affiliation. This can be set if there are large numbers of AD groups and the response time to AD Domain Controllers is slow. Defaults to 3. |
| Active Directory Security Monitor Delay. Used when configuring Active Directory Delegate mode security. Controls the length of time (in seconds) between checks on the health of an Active Directory Domain Controller. Defaults to 30 seconds. This is a tuning parameter and generally should not be modified. |
| Active Directory Security Monitor Thread Count. Used when configuring Active Directory Delegate mode security. Controls the number of threads used to monitor the Active Directory Domain Controllers. Defaults to 10. This is a tuning parameter and generally should not be modified. |
| Used when configuring Active Directory Delegate mode security. Must be set to 636 if using SSL (recommended) to connect to Active Directory Domain Controllers; set to 389 if not using SSL. The SecurityConfig program sets this based on your configuration information. |
| Active Directory Security Transport Type. Used when configuring Active Directory Delegate mode security. Set to NONE, SSL, SASL, or SSL+SASL. Controls the protocol used to connect to Active Directory Domain Controllers. The SecurityConfig program sets this based on your configuration information. |
| Default: 5. Time, in seconds, to delay agent status updates. Before editing this setting, contact BMC Support. |
| Default: 8. Number of threads in the agent status executor pool. Before editing this setting, contact BMC Support. |
| Used with the execution key to determine product licensing. |
| Default:15005. Defines the port that the Monitor Console client connects to. |
| Defines the config files used to configure jetty. By default it starts the main TMTM Application Service applications including the apache LDAP server. When running with Active Directory authentication, the jetty/apache-ds.xml can be removed. |
| This allows a user to override the location of the online Documents directory. It defaults to the install directory. |
| Used with the company_name to determine product licensing. |
| When set to TRUE, forces clients to use the server's timezone. Useful for instances where clients are in a different timezone than the server to avoid gaps in queried report data. The timezone in use by the client is displayed on the clock in the lower right-hand corner of the client window. |
| Default: localhost. Defines the host name or IP address of the computer on which the TMTM Application Service runs. |
| This allows a user to override the name of the Java JAAS config file used for configuring java application security. It defaults to the configuration for the IETF user authentication. The user overrides this in order to set up Active Directory authentication. The name refers to a file in the jetty directory. |
| Defines the password used to start and stop the LDAP service. It needs to be changed whenever the user runs the setadminpw script to match the new password. |
| Defines the internal user id used to start and stop the LDAP service. It should not normally be changed. |
| Default: ldapsTruststore.jks This is a java keystore containing certificates of trusted directory servers. The LDAP Directory Service internal to the product always has an entry in this keystore. A trusted entry for the self-signed certificate is added when the certificate is generated (see The Security Config tool can be used to populate this keystore. |
| Default: BMCSOFTWARE (stored in obfuscated format). The password for the javax.net.ssl.trustStore java keystore file. The password may be in plain text or obfuscated in "Cryptor" format using mqsusertool to encode a plain text password. The Security Config tool can be used to set this. |
| This allows a user to override the location of the jetty home directory. It defaults to the jetty directory in the install directory. |
| A java keystore file containing the keys and certificate used to secure the HTTPS port (15004 by default). Users may access the product launch page, reports or agent distributions using HTTPS. A self-signed certificate is generated when the Application Service starts if the keystore file does not already exist. See Post core component installation and configuration for more information. |
| Defines the keystore key password used for the jetty_keystore file. See Post core component installation and configuration for more information. |
| Defines the keystore password used for the jetty_keystore file. See Post core component installation and configuration for more information. |
| This allows a user to override the base LDAP fully qualified domain name. It needs to be changed when using Active Directory authentication. |
| Active Directory Security Bind DN pattern. Used when configuring Active Directory Delegate mode security. Overrides the default bind DN pattern used to access the LDAP server. Before editing this setting, contact BMC Support. |
| Active Directory Security User DN pattern. Used when configuring Active Directory Delegate mode security. Overrides the default user DN pattern used to access the LDAP server. Before editing this setting, contact BMC Support. |
| Active Directory Security Group DN pattern. Used when configuring Active Directory Delegate mode security. Overrides the default group DN pattern used to access the LDAP server. Before editing this setting, contact BMC Support. |
| Default: localhost. When using Microsoft Active Directory it defines the host name or IP address of the computer on which Microsoft Active Directory runs. Otherwise it defines the host name where the product is installed. When integrating with TSMA located on another host, network interfaces are used by default to determine a hostname or IP address to configure TSMA so that it can connect to TMTM. If for some reason the hostname or IP address used is not reachable from the TSMA machine you can specify a hostname or IP address yourself by changing this keyword from localhost to a reachable hostname or IP address. |
ldaps_keystore | Default : ldapsKeystore.jks A keystore that contains the key and certificate used for the LDAPS port. A self-signed certificate is generated when the Application Service starts if the keystore file does not already exist. |
ldaps_keystore_password | Default : BMCSOFTWARE (stored in obfuscated format). The password for the ldaps_keystore file. The password may be obfuscated in "Cryptor" format using mqsusertool to encode a plain text password. |
| Default:15008. Defines the port on which the TMTM Application Service connects to the internal directory service using LDAP. |
ldaps_port | Default:15011. Defines the port on which the TMTM Application Service connects to the internal directory service using LDAPS. |
| Default: "IETF", indicates the internal LDAP will be used for security. "Delegate" indicates Active Directory Delegate mode. |
| Default: 1000. Defines the maximum number of user entries that can be returned on an LDAP request. |
| Defaults to false. If set to true, permits only authenticated users access to the bootstrap agent distribution packages. |
secure_agent_distribution_rights | Defaults to "QPCONFIG_DISTRIBUTE_AGENT". Sets the rights required by authenticated users if secure_agent_distributions is set to true. |
ssl.KeyManagerFactory.algorithm=sunX509 | This is the Java KeyManager algorithm. It is specific to the platform's Java platform. |
| Default:15007. Defines the port on which the TMTM Application Service listens. |
| Default:15004. Defines the port on which the TMTM Application Service secure traffic travels. |
| Default: "TLSv1,TLSv1.1,TLSv1.2". Defines protocol used for clients. |
| Default: "TLS_DH_anon_WITH_AES_128_CBC_SHA". Whitelist of ciphers that can be used with clients. |
| No default. Used to define default JVM launch settings for Monitor Console clients, e.g. "-Dcom.bmc.mmpa.client_protocols=SSLv3" would restrict the initial client handshake to use SSLv3. Settings are cached on client machines. The client cache must be cleared to pick up changed settings (using the Java Control Panel). |
| Defaults to "256m". Defines the default client VM initial heap size. Can be no lower than the default. |
| Defaults to "512m". Defines the default client VM maximum heap size. Can be no larger than "8000m". |
| Defaults to true. Indicates if agent bootstrap packages should have the TS host name injected. If set to false, the TS host name is not set in agent bootstrap packages. Before editing this setting, contact BMC Support. |
Comments
Log in or register to comment.