Configuring the Integration Service for extended security

After you install the Integration Service, you can configure it for extended security. This enables the PATROL Agent to connect only to the Integration Service that you specify and not to multiple Integration Services. If you have installed the Integration Service in a clustered setup , to configure for extended security, you must configure both the primary and the secondary Integration Services.

To configure the Integration Service for extended security

  1. Generate a key for the Integration Service by running the pw remote generateiskey integrationServiceName command. For example, pw remote generateiskey IS-1 where IS-1 is the name of the Integration Service connected to the TrueSight Infrastructure Management Server. The key is generated in a .cfg file.
  2. After the key is generated, save the .cfg file in your computer.

  3. Export the key to a particular location as follows:

    pw remote exportiskey <integrationServiceName> -file <PathOnISMachine>\key1.cfg
  4. Apply the exported key to the PATROL Agent as follows:

    (on Microsoft Windows)
    1.  In the computer on which the PATROL Agent is installed, go to the 

      HKEY_LOCAL_MACHINE\SOFTWARE\BMC Software\Patrol\SecurityPolicy_v3.0\PROXY\client registry entry.

    2. Add a new key by right-clicking and selecting New > Key.
    3. Name the key security_mode and set the value of the key to KNOWN_HOST.

(on UNIX)

    1. Add the following new property in the /etc/patrol.d/security_policy_v3.0/proxy.plc file ([client] section):
security_mode = KNOWN_HOST 

Note

 On an IPv6 system, restart the primary Integration Service after generating the security key.

To configure the secondary Integration Service for extended security

In a clustered setup, you must configure the primary and the secondary Integration Services.

  1. After configuring the primary Integration Service for extended security, copy the .db file from integrationServiceInstallationDirectory/pw/patrol/common/security/sks 

    to the corresponding location of the secondary Integration Service.

  2. Restart the secondary Integration Service.

To import the Integration Service key to the PATROL Agent

After generating a key to configure the Integration Service for extended security, you must import the key to the PATROL Agent. Save the key in a .cfg file.
To import the key:

  1. Log on to the TrueSight console.
  2. In the navigation pane, expand Configuration and select Infrastructure Policies.
  3. In the Infrastructure Policies page, ensure that the Monitoring tab is selected and then, click Create Policy
  4. In the Create Monitoring Policy page, specify the general and Agent selection criteria and then, click the Configuration Variables tab.
  5. In the Configuration Variable page, click the common action menu in the table and select Import.
  6. Browse for and select the configuration file (.cfg) to be imported and click Open.
    The key is imported and displayed in the Configuration Variables page.

Related topics

Installing the Integration Service and Cell

Managing an Integration Service cluster through Central Monitoring Administration

Was this page helpful? Yes No Submitting... Thank you

Comments