Configuring the TrueSight Environment for the BMC Helix Service Resolution integration

Do the following to configure the TrueSight environment for the BMC Helix Service Resolution integration:

  1. Import certificates into the TrueSight Infrastructure Management server.
  2. Configure the Helix Client Gateway.
  3. Configure the BMC Helix Service Resolution integration in TrueSight Infrastructure Management.
  4. Verify the integration.

This section explains each procedure in detail.


Related topics

BMC Service Resolution documentation Open link

Troubleshooting Open link

Step 1: Importing certificates into the TrueSight Infrastructure Management server

Do the following:

  1. Obtain the certificates from the Helix Network team or use the following URL to download them:
    https://testssl.onbmc.com/
    The following certificates are required:

    • Name: digicert_global_root.cer
      Alias: rootCA

    • Name: digicert_sha_256.cer
      Alias: intermediateCA

    • Name: onbmc_wildcard.cer
      Alias: onbmc_wildcardCA

      Keystore location

      The cacerts keystore is located at <TrueSight Infrastructure Management Installation Directory>/pw/jre/lib/security.

      The pnserver.ks keystore is located at <TrueSight Infrastructure Management Installation Directory>/pw/pronto/conf.

  2. On the computer where the TrueSight Infrastructure Management server is installed, back up the following files:

    • <TrueSight Infrastructure Management Installation Directory>/pw/jre/bin/lib/security/cacerts
    • <TrueSight Infrastructure Management Installation Directory>/pw/jre/bin../../pronto/conf/pnserver.ks
  3. Run the following commands in the order shown below:
    1. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../lib/security/cacerts -storepass changeit -noprompt -alias rootCA -file digicert_global_root.cer

    2. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../lib/security/cacerts -storepass changeit -noprompt -alias intermediateCA -file digicert_sha_256.cer

    3. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../lib/security/cacerts -storepass changeit -noprompt -alias onbmc_wildcard -file onbmc_wildcard.cer

    4. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../../pronto/conf/pnserver.ks -storepass get2net -noprompt -alias rootCA -file digicert_global_root.cer

    5. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../../pronto/conf/pnserver.ks -storepass get2net -noprompt -alias intermediateCA -file digicert_sha_256.cer

    6. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../../pronto/conf/pnserver.ks -storepass get2net -noprompt -alias onbmc_wildcard -file onbmc_wildcard.cer

  4. Restart the TrueSight Infrastructure Management server.

Step 2: Configuring the BMC Helix client gateway

  1. Install the Helix client gateway. For information, see the BMC Helix documentation Open link .
  2. Back up the kwic_config.xml file. <Where is the file located?>
  3. Copy the kwic_config.xml file to the proper location. <Need info. From where do you copy it? What is the proper location to paste?>

<This example has the name of a different company. Can we remove it and then use the file? If not, I don't think it can be used for BMC documentation.>

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<!--

 

    Copyright (c) 2007-2013, Kaazing Corporation. All rights reserved.

 

--><gateway-config xmlns="http://xmlns.kaazing.com/2012/09/gateway">

<properties>

 

     <property>

      <name desc="Local client gateway host name">gateway.hostname</name>

      <value>localhost</value>

    </property>

       

    <property>

      <name desc="Local client gateway IP">gateway.ip</name>

                                      <value>127.0.0.1</value>

         </property>

       

       

    <property>

      <name desc="Local client gateway management port">gateway.base.port</name>

      <value>8000</value>

    </property>

 

    <property>

      <name desc="BMC End Port">bmc.port</name>

      <value>443</value>

    </property>

       

</properties>

 

 

  <service>

    <name>commandcenter-directory</name>

    <description>Directory service for the Command Center files</description>

    <accept>http://${gateway.hostname}:${gateway.base.port}/commandcenter</accept>

    <type>directory</type>

    <properties>

      <directory>/commandcenter</directory>

      <welcome-file>index.html</welcome-file>

      <error-pages-directory>/error-pages</error-pages-directory>

      <options>indexes</options>

    </properties>

  </service>

 

 

  <service>

    <name><customer name>-tsom-api-chi.onbmc.com</name>

    <accept>pipe://customer name>-tsom-api-chi.onbmc.com</accept>

    <connect>tcp://<TSIM FQDN>:443</connect>

    <type>proxy</type>

    <accept-options>

      <pipe.transport>socks://<customer name>-api-chi.onbmc.com:443</pipe.transport>

      <socks.mode>reverse</socks.mode>

      <socks.retry.maximum.interval>10 seconds</socks.retry.maximum.interval>

      <socks.transport>wss://<customer name>-api-chi.onbmc.com:443/tsom</socks.transport>

      <ws.inactivity.timeout>55 seconds</ws.inactivity.timeout>

    </accept-options>

  </service>

 

  <!-- Security configuration -->

  <security>

    <!--

    The keystore element is used to configure the keystore that contains

    encryption keys for secure communications with Kaazing WebSocket Gateway.

    -->

    <keystore>

      <type>JCEKS</type>

      <file>keystore.db</file>

      <password-file>keystore.pw</password-file>

    </keystore>

 

    <!--

    The truststore element is used to configure the truststore that

    contains digital certificates for certificate authorities

    trusted by Kaazing WebSocket Gateway.

    -->

    <truststore>

      <file>truststore.db</file>

    </truststore>

 

    <!--

    This is the element that associates an authenticated user with a set

    of authorized roles.

    -->

    <realm>

      <name>demo</name>

      <description>Kaazing WebSocket Gateway Demo</description>

 

      <!--

      This is the element that specifies how authentication of users

      is undertaken for the realm.

      -->

      <authentication>

 

        <!--

        Specifies how the Gateway issues HTTP challenges when

        unauthorized connections are made. Standard HTTP "Basic"

        and "Negotiate" are supported, with the Application variants:

        "Application Basic", and "Application Negotiate".  For custom

        HTTP challenge schemes, use "Application Token".

        -->

        <http-challenge-scheme>Application Basic</http-challenge-scheme>

 

        <!--

        The HTTP items below specify how the Gateway accepts credentials

        when connections are made.  In addition to the standard HTTP

        "Authorization" header, the Gateway can access credentials sent in

        custom HTTP headers, query parameters and cookies.

        -->

 

        <!--

        <http-header>Custom-Header-Name</http-header>

        <http-query-parameter>Query-Parameter-Name</http-query-parameter>

        <http-cookie>Cookie-Name</http-cookie>

        -->

 

        <!--

        The period of time for which authorized connections

        remain valid without re-authorizing.

        -->

        <authorization-timeout>1800</authorization-timeout>

 

        <!--

        The login modules below specify how the Gateway communicates

        with a "user database" to validate user credentials, and

        to determine a set of authorized roles.

        -->

        <login-modules>

          <!--

          The login module communicates with a user database to

          validate user's credentials and to determine a set of

          authorized roles. By default, the file-based module is used.

          -->

          <login-module>

            <type>file</type>

            <success>required</success>

            <options>

              <file>jaas-config.xml</file>

            </options>

          </login-module>

                                </login-modules>

      </authentication>

    </realm>

 

    <!--

    The realm used by the Command Center for authentication. The SNMP

     management service should be the only one to use this realm.

    -->

    <realm>

      <name>commandcenter</name>

      <description>Command Center</description>

 

      <authentication>

        <http-challenge-scheme>Application Basic</http-challenge-scheme>

 

        <http-cookie>kaazingCommandCenter</http-cookie>

 

        <authorization-timeout>1800</authorization-timeout>

 

        <login-modules>

          <!--

          The login module communicates with a user database to

          validate user's credentials and to determine a set of

          authorized roles. By default, the file-based module is used.

          -->

          <login-module>

            <type>file</type>

            <success>required</success>

            <options>

              <file>jaas-config.xml</file>

            </options>

          </login-module>

        </login-modules>

      </authentication>

    </realm>

  </security>

 

 

 

  <!--

  JMX Management service.

  -->

  <service>

    <name>JMX Management</name>

    <description>JMX management service</description>

 

    <type>management.jmx</type>

 

    <properties>

      <connector.server.address>jmx://${gateway.hostname}:2020/</connector.server.address>

    </properties>

 

    <realm-name>demo</realm-name>

 

    <authorization-constraint>

      <require-role>ADMINISTRATOR</require-role>

    </authorization-constraint>

  </service>

 

  <!--

  SNMP Management service.

 

  <service>

    <name>SNMP Management</name>

    <description>SNMP management service</description>

    <accept>ws://${gateway.hostname}:${gateway.base.port}/snmp</accept>

 

    <type>management.snmp</type>

 

    <realm-name>commandcenter</realm-name>

 

    <authorization-constraint>

      <require-role>ADMINISTRATOR</require-role>

    </authorization-constraint>

 

    <cross-site-constraint>

      <allow-origin>*</allow-origin>

    </cross-site-constraint>

  </service>

 

  <!--

  #############################################################################

  #############################################################################

                            Do not remove closing element

  #############################################################################

  #############################################################################

  -->

 

</gateway-config>

Step 3: Configure the BMC Helix Service Resolution integration TrueSight Infrastructure Management

  1. Edit the host's file. Add the IP address of the gateway, and point it to ONMBC-s as shown below: <Which file? where is it located?>
    <gateway ipaddress> ONMBC-s
  2. Enable BMC Server Resolution 3.5 on the TrueSight Infrastructure Management server. Do the following:
    1. Use the command prompt to navigate to the <InstallationDirectory>/integrations/EventIntegrator directory.
    2. Run the following command:
      (Windows) it30.bat enablebsr35
      (Linux) bash it30.sh enablebsr35
    3. Run the following command:
      pw jproperties reload
  3. Log in to the TrueSight Infrastructure Management console.
  4. In the top right corner, click Options and then click Administration.
  5. In the Integrations area, click Edit.
  6. Select the Service Desk Integration checkbox.
  7. Add information in the following fields for the Helix AR Server:
    • AR Server Hostname: ONBMC-s

    • AR Server Port: dev-4600, qa-4700, prod-4800

    • AR Server User

    • AR Server password

  8. Add information in the following fields for the Helix Midtier server:
    • MidTier Server Hostname: <customer name>-<dev or qa or prod>.onbmc.com

    • MidTier Server Port: 8080, 443

  9. Select a MidTier Server protocol.

  10. Click Apply and then click Close.

Step 4: Verifying the integration

  1. Log in to the TrueSight Infrastructure Management console.
  2. In the top right corner, click Options and then click Administration.
  3. In the One Click Validation area, click Test.
  4. Under Validate Intelligent Ticketing Integration With Single Click, click Test.
  5. If errors appear, click the Click here to see the resolution for validation test errors link.
Was this page helpful? Yes No Submitting... Thank you

Comments