Customizing the BMC AMI Ops user interface

You use the Installation System to install and configure BMC AMI Ops user interface(BMC AMI Ops UI).

Best Practice

BMC recommends that you have TLS certificates ready before you run the installation.
After the installation and configuration process, import SSL certificates and then complete the additional procedures (as needed) to make sure the component receives data as expected.

To configure SSL certificates to a keystore as a local file

The BMC AMI Ops UI component uses TLS authentication to communicate between the BMC AMI Ops UI client and the BMC AMI Ops UI server. Digital certificates are required.

  1. Add a keystore file with the default name, amiops.keystore, to the default directory, installationDirectory/amiops/tomcat/conf, on the BMC AMI Ops UI server.
    If you want to rename or relocate the keystore file, update the SERVXMLA member of the &INSTALLHLQ.BMCSAMP data set.

    Tip

    For advanced certificate configuration instructions, see the documentation for Apache Tomcat version 9 SSL/TLS configuration .

  2. Restart the server: In the spool (SDSF), use the /S MUXTCJCL command. (The default procedure name is MUXTCJCL. Replace the name with the procedure name you specified when you installed the component.)

    If the server does not start, confirm the settings in the STDERR task of the MUXTCJCL job.

To configure SSL certificates using a SAF keystore

You can configure HTTPS connection with keyring support for system authorization facility (SAF) user IDs.

  1. Configure your keystore with SAF.

    Example

    For RACF, perform the following steps:

    1. Create a keyring.
    2. Obtain a CA certificate.
    3. Create a server certificate.
    4. Connect the keyring with a server certificate.
    5. Connect the keyring with a CA certificate.

    The following image displays how the keyring looks after it is configured for RACF:

                    RACF - List Ring Names
    COMMAND ===> _
                                                                    More:
    
    Ring:
     Keyring.AMIOPSK
    
    
     Certificate Label Name              Cert Owner  USAGE       DEFAULT
    ---------------------------------   -----------  --------    --------
      amiopsServer                       ID(STCUSER)  PERSONAL   NO
      amiops                             CERTAUTH     CERTAUTH   NO
  2. Configure the TLS connector in the SERVXMLA member of the &INSTALLHLQ.BMCSAMP data set by adding the following attributes in the server XML file:

    • keyAlias—label name of the server certificate    
    • keystorePass—must be set as password
    • keystoreType—must be set as JCERACFKS
    • keystoreFile—file in the following format: safkeyring://opsUIuserID/keyringName
      The value of opsUIuserID is the user ID that runs BMC AMI Ops UI.
      The value of keyringName is the name you gave to the keyring.

    Example

    The following code shows a connector for SAF:

    <Connector port="&sslPort;" scheme="https" secure="true"        
               maxThreads="150" SSLEnabled="true" clientAuth="false"
               useSendfile="false" enableLookups="false"            
               sslProtocol="TLS"
               relaxedQueryChars='|"'
               keystorePass="password"                     
               keyAlias="server_certificate_label" 
               keystoreType="JCERACFKS"            
               keystoreFile="safkeyring://STCUSER/Keyring.AMIOPSK" >
    </Connector>   

    Tip

    For advanced certificate configuration instructions, see the documentation for Apache Tomcat version 9 SSL/TLS configuration .


  3. Restart the server: in the spool (SDSF), use the /S MUXTCJCL command. (The default procedure name is MUXTCJCL. Replace the name with the procedure name you specified when you installed the component.)

    If the server does not start, confirm the settings in the STDERR task of the MUXTCJCL job.

To change the port number and host name on the BMC AMI Ops UI server

After you import certificates into a keystore, you can optionally change the port number and host name for the BMC AMI Ops UI server.

  1. Edit the SERVVARA member of the &INSTALLHLQ.UBBSAMP data set.
  2. To change the HTTPS port number, replace the sslPort value as displayed in italics in the following example:

    <!ENTITY sslPort  "18443">   <!-- if SERVXML configured   

                                                for SSL/TLS -->

  3. (For HTTP) To change the HTTP port number, replace the httpPort value as displayed in italics in the following example:

    <!ENTITY httpPort "15565">   <!-- the Tomcat HTTP port   

                                                            -->

    See To enable BMC AMI Ops UI use with HTTP later in this topic.

  4. To change the host name to a name other than the LPAR where BMC AMI Ops UI is configured, replace the hostname value as displaed in the italics in the following example:

    <!ENTITY hostname "localhost">   <!-- normally don't need    

                                                 to change  -->
  5. Restart the server: in the spool (SDSF), use the /S MUXTCJCL command. (The default procedure name is MUXTCJCL. Replace the name with the procedure name you specified when you installed the component.)

(iPad only) To enable BMC AMI Ops UI use with HTTPS

Perform the following steps to enable messages over TCP and TLS for an object that coordinates network data transfer tasks. This is disabled by default.

  1. In the iPad settings, select the Safari browser.
  2. In the Safari browser settings, select Advanced > Experimental Features.
  3. Turn on NSURLSession WebSocket.

To enable BMC AMI Ops UI use with HTTP

By default, the BMC AMI Ops UI server is set to run with HTTPS. If you want to run BMC AMI Ops UI with HTTP, perform the following steps:

Warning

Running BMC AMI Ops UI with HTTP poses a security vulnerability. 

BMC recommends running the component with HTTPS only.

  1. On the BMC AMI Ops UI server, open the application.properties file, located on the BMC AMI Ops UI server in the installationDirectory/amiops/config directory.
  2. Change the value of secure.cookie to false and save the file.
  3. Open the SERVXMLA member of the &INSTALLHLQ.BMCSAMP data set.
  4. Uncomment the HTTP connector by removing the <!-- and --> comment markers from before and after the connector and save the file.

    The following code sample shows the connector:

    <Connector 	port="&httpPort;" protocol="HTTP/1.1"
    			connectionTimeout="20000"
    			redirectPort="&sslPort;" />
  5. Restart the server: in the spool (SDSF), use the /S MUXTCJCL command. (The default procedure name is MUXTCJCL. Replace the name with the procedure name you specified when you installed the component.)

To verify the maintenance level

Messages are issued to the BMC AMI Ops UI server job log that indicate the maintenance level of the BMC AMI Ops UI executables. 

Example
AMIOPSWAR PTF Level: None

In this example, the PTF level of AMIOPSWAR is None.


To log into the BMC AMI Ops UI client

After the server starts, you can log in to BMC AMI Ops UI.
In any browser, go to https://host:port/amiops/login .

  • For  host, use the IP address or name of the system on which the BMC AMI Ops UI server is running.
  • For  port, use the networking port number.

Where to go from here

To log in to BMC AMI Ops UI and start using its features, see Logging in and viewing the Overview in the BMC AMI Ops UI.

If you are not seeing the data you expect, see Troubleshooting the BMC AMI Ops user interface.

Was this page helpful? Yes No Submitting... Thank you

Comments