Configuring the Integration Service for extended security
After you install the Integration Service, you can configure it for extended security. This enables the PATROL Agent to connect only to the Integration Service that you specify and not to multiple Integration Services. If you have installed the Integration Service in a clustered setup , to configure for extended security, you must configure both the primary and the secondary Integration Services.
To configure the Integration Service for extended security
- Generate a key for the Integration Service by running the
pw remote generateiskey integrationServiceName
command. For example,pw remote generateiskey
IS-1
where IS-1 is the name of the Integration Service connected to the TrueSight Infrastructure Management Server. The key is generated in a .cfg file. After the key is generated, save the .cfg file in your computer.
Export the key to a particular location as follows:
pw remote exportiskey <integrationServiceName> -file <PathOnISMachine>\key1.cfg
- Apply the exported key to the PATROL Agent as follows:
(on Microsoft Windows)- In the computer on which the PATROL Agent is installed, go to the
HKEY_LOCAL_MACHINE\SOFTWARE\BMC Software\Patrol\SecurityPolicy_v3.0\PROXY\client registry entry.
- Add a new key by right-clicking and selecting New > Key.
- Name the key
security_mode
and set the value of the key toKNOWN_HOST
.
- In the computer on which the PATROL Agent is installed, go to the
(on UNIX)
- Add the following new property in the /etc/patrol.d/security_policy_v3.0/proxy.plc file (
[client]
section):
- Add the following new property in the /etc/patrol.d/security_policy_v3.0/proxy.plc file (
security_mode = KNOWN_HOST
Note
On an IPv6 system, restart the primary Integration Service after generating the security key.
To configure the secondary Integration Service for extended security
In a clustered setup, you must configure the primary and the secondary Integration Services.
- After configuring the primary Integration Service for extended security, copy the .db file from integrationServiceInstallationDirectory/pw/patrol/common/security/sks
to the corresponding location of the secondary Integration Service.
- Restart the secondary Integration Service.
To import the Integration Service key to the PATROL Agent
After generating a key to configure the Integration Service for extended security, you must import the key to the PATROL Agent. Save the key in a .cfg file.
To import the key:
- Log on to the TrueSight console.
- In the navigation pane, expand Configuration and select Infrastructure Policies.
- In the Infrastructure Policies page, ensure that the Monitoring tab is selected and then, click Create Policy.
- In the Create Monitoring Policy page, specify the general and Agent selection criteria and then, click the Configuration Variables tab.
- In the Configuration Variable page, click the common action menu in the table and select Import.
- Browse for and select the configuration file (.cfg) to be imported and click Open.
The key is imported and displayed in the Configuration Variables page.
Related topics
Installing the Integration Service and Cell
Managing an Integration Service cluster through Central Monitoring Administration
Comments
Log in or register to comment.