Preparing for the App Visibility server installation

As a system administrator, you must prepare the environment before you install the App Visibility server components:

Preinstallation tasks for the App Visibility server components

• Ensure that your computer or computers meet the system requirements and sizing considerations.

• Ensure that you have the following privileges to perform the installation:

  • (Windows) You are a user who belongs to the Administrator group.
  • (Linux) 
    • You are logged on as a root user.
    • New file umask is set to 022.
      To confirm or change umask settings, refer to the operating system documentation.

• Download the installation files for App Visibility.

  Note: BMC Software recommends that you install the products or components from a local copy of the installation image and not from a network drive. Installing from a network drive can cause delays in completing the installation.

• Complete or review the planning worksheets and the installation worksheets for App Visibility components.

• Review known and corrected issues.

• Plan and prepare private certificates for App Visibility components. For details, see Applying private certificates to App Visibility components.

To prepare for the App Visibility proxy component

To enable the App Visibility proxies to collect data from end users, and the clustered and embedded storage engines to communicate and operate at optimal efficiency, ensure that your system conforms to the following requirements.

Client certificate for the App Visibility proxy

As the system administrator, configure your network to ensure that the App Visibility proxy can collect end-user browser data, and pass it on to the App Visibility collector and portal.

Before you install the App Visibility proxy, configure the following items:

1. Define a host name that resolves to the App Visibility proxy’s IP address, or to a Virtual IP on a load balancing server.
2. Create a certificate in which the Common Name matches the defined host name.
3. Configure the load balancing server to do the following actions:
   • Negotiate HTTPS using the certificate created in Step 2.
   • Redirect end-user HTTP/HTTPS requests from this host name to the  host:port  of the App Visibility proxy.

Storage Transport certificate 

Storage Transport certificate ensures a secure connection is established between the storage nodes. You can install App Visibility Proxy with the custom certificate files. However, the files must be compatible with Searchguard plugin for Elasticsearch. 

Ensure that you have verified the required Search Guard security files (node-keystore, admin-keystore, truststore) and their passwords are available with you before you proceed to replace the App Visibility Proxy storage transport certificate.

For more information, see https://docs.search-guard.com/latest/.

To replace App Visibility Proxy Storage Transport certificate

1. Stop the App Visibility Proxy services and storage engine in all nodes. For details, see  Starting and stopping the App Visibility server services.
2. Log on to the target host computer where the App Visibility proxy is to be installed.
3. Copy the node-keystore, admin-keystore, truststore files to a temporary directory on the target host.

4. Edit the adop-installer.properties file under Disk1 and specify the following:

   Notes

   - Use forward slash in file paths for both Linux and Windows.

   - Ensure that the following configuration files on Linux are accessible to only users with the root account privileges.

   • searchguard_ssl_transport_keystore_filepath= <full path of transport node-keystore  file> Example: c:/tmp/CN=apm.bmc.com-keystore.jks>
   • searchguard_ssl_transport_keystore_password= <node-keystore password>
   • searchguard_ssl_transport_truststore_filepath= <full path of transport truststore file>  Example: c:/tmp/truststore.jks>
   • searchguard_ssl_transport_truststore_password= <truststore password>
   • searchguard_ssl_transport_sgadmin_filepath= <full path of transport truststore file>  Example: c:/tmp/CN=sgadmin-keystore.jks>

   • searchguard_ssl_transport_sgadmin_password= <Admin-keystore password>

     Warning

     The adop-installer.properties file is used only for installation and contains passwords in plain text. Ensure that you secure this file. You can delete the file after installation.

5. Stop the App Visibility Proxy services and storage engine in all nodes.

Private Certificate for the App Visibility Components

If you are adding a new proxy to an existing App visibility setup that uses private certificate (not the OOTB certificate),  you must configure the custom truststore and keystore files used by the existing App Visibility Manager components, along with their password and alias names.

1. Log in to the target host computer where you want to install the App Visibility proxy.
2. Copy the <myTruststoreFileName>.jks and <myKeystoreFileName>.jks  files to a temporary directory on the target host.
3. Edit the adop-installer.properties file under Disk1, and specify the following:

• keystore_type= <keystore type: JKS (default) or PKCS12>
• keystore_filepath= <Full path of the keystore file>
• keystore_password= <keystore password in plain text>
• keystore_alias= <alias (default = selfsigned)>
• truststore_type=< truststore type: JKS (default) or PKCS12>
• truststore_filepath= <Full path of the truststore fie>

App Visibility proxy prerequisites for Linux and Unix systems

Before you install the App Visibility proxy, ensure that your Linux or Unix system is prepared.

Troubleshooting the App Visibility deployment

For information and possible solutions to issues that you might encounter during the TrueSight App Visibility Manager, see Troubleshooting an App Visibility Manager deployment.

Where to go from here

If you are installing the product, perform the other preinstallation tasks listed in the Preparing to install the TrueSight Operations Management solution page.