×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Operations Management 11.0 ... Planning Planning the Presentation Server deployment

Security planning for Presentation Server

The TrueSight Operations Management solution can comprise several components. The following diagram provides an overview of the communication paths among the core Operations Management components. For more detailed descriptions about the architectural diagrams, see TrueSight Operations Management architecture.

This topic addresses the ways in which sensitive data and user information are secured among the Operations Management components. 

User authentication and authorization

The TrueSight Operations Management system uses Remedy Single Sign-On to authenticate and  manage users and user groups Open link . BMC Remedy Single Sign-On supports authentication with traditional systems, such as Active Directory, LDAP, and SAMLv2, and supports integration into existing single sign-on systems.

Following system installation and configuration, users access the TrueSight console Open link  from the TrueSight Presentation Server. Role-based access to the Operations Management components is then managed by  authorization profiles Open link , which are maintained by the Solution Administrator.  Users cannot directly access any of the components.


Security resources

Remedy Single Sign-On

Planning the Remedy Single Sign-On Server deployment

Installing Remedy SSO

Migrating internal user data from Atrium Single Sign-On to Remedy Single Sign-On

Configuring user authentication for the Presentation Server in Remedy SSO Open link

Role-based user access overviews

Managing users and access control Open link

TrueSight Infrastructure Management security

Security planning for Infrastructure Management

Security standards

BMC TrueSight Operations Management supports the following security standards.

StandardComponent

Remarks

HTTPS protocolTrueSight Presentation Server

Applicable when the App Visibility server sends events to the TrueSight Infrastructure Management component.

Uses packaged self-signed certificate, which exists on the TrueSight Presentation Server and App Visibility server.

To replace the self-signed certificates with signed certificates, see the following:

App Visibility server
TrueSight Infrastructure Impact Client API App Visibility server

Applicable when the App Visibility server sends events to the TrueSight Infrastructure Management component.

MultipleTrueSight Infrastructure ManagementFor details, see Security planning for Infrastructure Management.
Remedy Single Sign-OnTrueSight Presentation Server

Applicable when users log on to the TrueSight Presentation Server and launch TrueSight Infrastructure Management from the TrueSight console.

To review the security standards used in the BMC Remedy Single Sign-On product, see Key concepts Open link in the documentation.

Location of security certificates and Java KeyStore files

During installation of the TrueSight App Visibility Manager components, self-signed certificates are created in the following locations to handle authentication between the components. If you prefer to use your own certificates, follow the procedures detailed in

Error rendering macro 'link-window'

Failed to transform the HTML macro template for display. Nested message: The XML content could not be parsed. There is a problem at line 4, column 171. Parser message: Duplicate attribute 'the'. at [row,col {unknown-source}]: [4,171]

. For information about the security certificates used in the TrueSight Infrastructure Management server, see Location of the HTTPS/SSL private key on BMC TrueSight Infrastructure Management Server.

  • Location of the keystore files for for App Visibility component on the Presentation Server
    • Windows
      • %TRUESIGHTPSERVER_HOME%\truesightpserver\conf\secure\adopskeystore.jks
      • %TRUESIGHTPSERVER_HOME%\truesightpserver\conf\secure\adopstruststore.jks
    • Linux
      • $TRUESIGHTPSERVER_HOME/truesightpserver/conf/secure/adopskeystore.jks
      • $TRUESIGHTPSERVER_HOME/truesightpserver/conf/secure/adopstruststore.jks
    • Configuration file: tspsInstallationDirectory/conf/appVisCertificates.xml
  • Location of keystore file that secures communication between clients (browser) and the TrueSight Presentation Server
    • Windows
      %TRUESIGHTPSERVER_HOME%\conf\secure\loginvault.ks
    • Linux
      $TRUESIGHTPSERVER_HOME/conf/secure/loginvault.ks

Security certificates on App Visibility server components and App Visibility agents

Most App Visibility components require two-way authentication, requiring a network of certificates in keystores and truststores.

The following diagram illustrates an environment where you use a different custom certificate for each component. The truststore on each component requires a certificate for each component that communicates with it. Additionally, the diagram indicates the properties file for each component that you must update with the file names for the custom certificates. The arrows represent communication between the components.

Tip

The example in the diagram presents a different certificate on each component, but you can simplify your system by generating one file of each file type and using copies of the same certificates for all components: portal, collector, proxy, and agents. These same files have the same values on all the components: keystoreFileName.jks, truststoreFileName.jks, encryptedPassword, and keystoreAlias.

The examples in this topic use the same values for each component.


For more information, see Applying private certificates to App Visibility components Open link .

Security certificates on Synthetic TEA Agents

You can use custom certificates for the BMC Synthetic Transaction Execution Adapter (TEA) Agents for authentication with App Visibility Manager. You can update certificates before installing your TEA Agents, or you can update certificates on TEA Agents that are already installed. The TEA Agent installation files include a tool to help replace the certificates. For more information, see Applying private certificates to Synthetic TEA Agents Open link .

Data security

The App Visibility portal and App Visibility collector each include an App Visibility database, which is a PostgreSQL database that uses trust authentication. This authentication assumes that anyone who can access the App Visibility portal or collector computers is authorized to access the database.


For more information about maintaining App Visibility data security, see Changing the App Visibility database password Open link .

Open ports

For a complete list of ports used by the TrueSight Operations Management solution, see Network ports.

Related topics

Importing a keystore file or replacing the certificate for the App Visibility proxy

System requirements for Presentation Server

Access control for administrators of service providers Open link

Access control for SaaS administrators Open link

Was this page helpful? Yes No Submitting... Thank you
Last modified by Rashmi Gokhale on Jun 27, 2018
requirements security planning ports atrium_sso contributor-updated tsps certificates

Comments

  1. Ali Khoshkar

    Error rendering macro 'link-window' : [com.ctc.wstx.exc.WstxLazyException] Duplicate attribute 'the'. at [row,col {unknown-source}]: [4,143] .

    seems like a mistake in the documentation

    Jun 22, 2018 10:45

Log in or register to comment.

Sizing the Presentation Server for Infrastructure Management data collection
Network ports for Presentation Server
© Copyright 2015-2018 BMC Software, Inc. © Copyright 2013-2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.