Preparing for the App Visibility server installation

As a system administrator, you must prepare the environment before you install the App Visibility server components:

Preinstallation tasks for the App Visibility server components


To prepare for the App Visibility proxy component

To enable the App Visibility proxies to collect data from end users, and the clustered and embedded storage engines to communicate and operate at optimal efficiency, ensure that your system conforms to the following requirements.

Client certificate for the App Visibility proxy

As the system administrator, configure your network to ensure that the App Visibility proxy can collect end-user browser data, and pass it on to the App Visibility collector and portal.

Before you install the App Visibility proxy, configure the following items:

  1. Define a host name that resolves to the App Visibility proxy’s IP address, or to a Virtual IP on a load balancing server.
  2. Create a certificate in which the Common Name matches the defined host name.
  3. Configure the load balancing server to do the following actions:
    • Negotiate HTTPS using the certificate created in Step 2.
    • Redirect end-user HTTP/HTTPS requests from this host name to the  host:port  of the App Visibility proxy.

Storage Transport certificate 

Storage Transport certificate ensures a secure connection is established between the storage nodes. You can install App Visibility Proxy with the custom certificate files. However, the files must be compatible with Searchguard plugin for Elasticsearch. 

Ensure that you have verified the required Search Guard security files (node-keystoreadmin-keystoretruststore) and their passwords are available with you before you proceed to replace the App Visibility Proxy storage transport certificate.

For more information, see https://docs.search-guard.com/latest/.

To replace App Visibility Proxy Storage Transport certificate

  1. Stop the App Visibility Proxy services and storage engine in all nodes. For details, see  Starting and stopping the App Visibility server services.
  2. Log on to the target host computer where the App Visibility proxy is to be installed.
  3. Copy the node-keystoreadmin-keystoretruststore files to a temporary directory on the target host.
  4. Edit the adop-installer.properties file under Disk1 and specify the following:

    Notes

    - Use forward slash in file paths for both Linux and Windows.

    - Ensure that the following configuration files on Linux are accessible to only users with the root account privileges.

    • searchguard_ssl_transport_keystore_filepath= <full path of transport node-keystore  file> Examplec:/tmp/CN=apm.bmc.com-keystore.jks>
    • searchguard_ssl_transport_keystore_password= <node-keystore password>
    • searchguard_ssl_transport_truststore_filepath= <full path of transport truststore file>  Example: c:/tmp/truststore.jks>
    • searchguard_ssl_transport_truststore_password= <truststore password>
    • searchguard_ssl_transport_sgadmin_filepath= <full path of transport truststore file>  Example: c:/tmp/CN=sgadmin-keystore.jks>
    • searchguard_ssl_transport_sgadmin_password= <Admin-keystore password>

      Warning

      The adop-installer.properties file is used only for installation and contains passwords in plain text. Ensure that you secure this file. You can delete the file after installation.

  5. Stop the App Visibility Proxy services and storage engine in all nodes.

Private Certificate for the App Visibility Components

If you are adding a new proxy to an existing App visibility setup that uses private certificate (not the OOTB certificate),  you must configure the custom truststore and keystore files used by the existing App Visibility Manager components, along with their password and alias names.

  1. Log in to the target host computer where you want to install the App Visibility proxy.
  2. Copy the <myTruststoreFileName>.jks and <myKeystoreFileName>.jks  files to a temporary directory on the target host.
  3. Edit the adop-installer.properties file under Disk1, and specify the following:

Note

Use forward slash in file paths for both Linux and Windows.

  • keystore_type= <keystore type: JKS (default) or PKCS12>
  • keystore_filepath= <Full path of the keystore file>
  • keystore_password= <keystore password in plain text>
  • keystore_alias= <alias (default = selfsigned)>
  • truststore_type=< truststore type: JKS (default) or PKCS12>
  • truststore_filepath= <Full path of the truststore fie>

Warning

The adop-installer.properties file is used only for installation and contains passwords in plain text. Ensure that you secure this file. You can delete the file after installation.

App Visibility proxy prerequisites for Linux and Unix systems

Before you install the App Visibility proxy, ensure that your Linux or Unix system is prepared.

Element Description
Swapping settings On Linux systems, BMC recommends setting the sysctl value vm.swappiness to 0 (preferred) or 1. The setting disables or minimizes RAM swapping on the computer and enables the storage engine to run more efficiently.
System V (SysV) operating systems

For SysV init processes, ensure the following settings before you begin the installation process:

  • Ensure that Elasticsearch, as a non-root user, can run at least 2048 threads (4096 recommended).
    For details, see Elasticsearch configuration documentation for the number of threads

  • Set the vm.max_map_count parameter to 262144.
    For details, see Elasticsearch configuration documentation for virtual memory .
seccomp installation

Ensure that seccomp, a system call filter, is installed on your system. This defense mechanism is a requirement for the storage engine.

Seccomp is not supported in Linux kernel version 3.5 and earlier, therefore you cannot install the App Visibility proxy on such systems.



Troubleshooting the App Visibility deployment

For information and possible solutions to issues that you might encounter during the TrueSight App Visibility Manager, see Troubleshooting an App Visibility Manager deployment.

Where to go from here

If you are installing the product, perform the other preinstallation tasks listed in the Preparing to install the TrueSight Operations Management solution page. 

Was this page helpful? Yes No Submitting... Thank you

Comments