Advanced portal configuration

In certain circumstances, you may want to configure the underlying infrastructure of BladeLogic Portal to improve its performance or to make other types of low-level modifications. 

Below is a list of infrastructure issues you may encounter and the recommended response. This page describes all of these actions.

IssueSuggested response
The portal server is experiencing sluggish behavior.
Scan files for Vulnerability Manager are being imported too slowly.
Increase memory (that is, heap size) for the portal server. See Increasing the maximum heap size.

The SecOps Dashboard is exhibiting poor performance.
You are using Vulnerability Manager to examine a large number of records. (A vulnerability on a server is one record. Ten vulnerabilities on two servers equals 20 records.) 

Increase memory (that is, heap size) for the DCA Index Server. See Increasing the maximum and minimum heap size for the DCA Index Server.

When importing scan files, I want to import larger file sizes. 

Increase the size limit for scan files being imported. To ensure best performance, the size of scan file imports are limited. An administrator can increase that limit.

When importing Rapid7 scan files, I want to change how vulnerabilities are categorized (such as severity 4 or 5). You can customize the scheme used for categorizing vulnerabilities into severity levels.
The DCA Index Server is using an HTTP port for monitoring purposes. For security reasons you want to close that port.See Disabling or enabling HTTP traffic with the DCA Index Server.
During startup, the portal was unable to connect to the DCA Index Server. If such a failure occurs, you can manually specify a communication port.Manually specify the port used to communicate with the DCA Index Server. See Specifying a communication port for the DCA Index Server.
I want to view the results of network remediation operations within BladeLogic Portal.Although you can enable the display of network remediation results within the portal, be aware that there may be performance issues.
The Activity Status window is showing too much information.You can configure how long the Activity Status window displays information.
I want to set up automatic importing of scan data but I did not enable that capability during installation.You must enable automatic imports of scan data.
I want to change how often data is obtained from BMC Discovery.You can configure the interval for gathering data from BMC Discovery. You can also enable or disable the automatic refreshing of data.

Increasing the maximum heap size

If the behavior of the portal server is sluggish or you are experiencing slow scan file imports for Vulnerability Manager, you can try increasing the portal's heap size.

By default, the maximum heap size is 2 GB. The maximum heap size should be no more than 8 GB.

  1. Open the wrapper.conf file for editing.
    Typically, this file resides at <install_location>/portal/wrapper/conf/wrapper.conf.
  2. In the file, search for wrapper.java.additional.1.
    By default that value is defined as follows, which translates to 2 GB maximum heap size: 
    wrapper.java.additional.1 =  -Xmx2048m
  3. To add additional heap size, set it as follows:

    wrapper.java.additional.1 = -Xmx4096m
    4 GB
    wrapper.java.additional.1 = -Xmx8192m
    8 GB
  4. Save wrapper.conf.
  5. Restart the DCA Index service:
    • (Windows): From the Windows Control Panel on the portal server, select  Administrative Tools > Services. Find and right-click the BMC DCA Index Service 1.7.3 (DCAIndexService) service, and then select Restart.
    • (Linux): On the portal server, enter the following commands:
      /etc/init.d/DCAIndexService stop
      /etc/init.d/DCAIndexService start
  6. Restart the portal service:
    • (Windows): From the Windows Control Panel on the portal server, select  Administrative Tools > Services. Find and right-click the BladeLogic Portal service, and then select Restart
    • (Linux): On the portal server, enter the following command:  /etc/init.d/BladeLogic_Portal restart

Increasing the maximum and minimum heap size for the DCA Index Server

If the performance of the DCA Index Server degrades as it handles larger quantities of data, you can allocate more memory using the following procedure. The procedure sets the maximum and minimum amount of heap for the DCA Index server to be the same. This configuration prevents problems with heap being swapped out.

By default the maximum and minimum heap sizes are set to 8 GB.

Do not allocate more than 32 GB of memory to the DCA Index Server.

Note

On Windows servers, BMC recommends you turn off virtual memory to avoid problems with memory swapping. For Linux, no comparable action is necessary.

  1. Open one of the following files for editing:
    • (Linux): <install_location>/portal/DCAIndexService/bin/elasticsearch.in.sh
    • (Windows):  <install_location>\portal\DCAIndexService\bin\elasticsearch.in.bat
  2. In the file, search for this string: set ES_MIN_MEM
    You should see an entry like the following:

    if "%ES_MIN_MEM%" == "" (
    set ES_MIN_MEM=8g
    )

    if "%ES_MAX_MEM%" == "" (
    set ES_MAX_MEM=8g
    )

  3. Modify this entry by changing the memory setting to the value you want. For example, in the entry shown above, both values set to 8g. When performing these edits, make sure ES_MIN_MEM and ES_MAX_MEM are set to the same value. 

  4. Save the file.
  5. Restart the DCA Index service:
    • (Windows): From the Windows Control Panel on the portal server, select  Administrative Tools > Services. Find and right-click the BMC DCA Index Service 1.7.3 (DCAIndexService) service, and then select Restart.
    • (Linux): On the portal server, enter the following commands:
      /etc/init.d/DCAIndexService stop
      /etc/init.d/DCAIndexService start

  6. Restart the portal service:
    • (Windows): From the Windows Control Panel on the portal server, select  Administrative Tools > Services. Find and right-click the BladeLogic Portal service, and then select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Changing the maximum file size to be imported

Use this procedure to increase the size limit for scan files being imported. BMC recommends the maximum file size be no larger than 1 GB.

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for the appropriate section. The term you search for varies depending on whether you are working with Qualys, Nessus, or Rapid7 files:
    • Qualys: Search for the section that includes QualysConfigManager. That section appears as follows:

      "com.bmc.dcaportal.vulnerability.core.QualysConfigManager": {

          "qualys.management.max.file.size" : 1024

          },

    • Nessus: Search for the section that includes NessusConfigManager. That section appears as follows:

      "com.bmc.dcaportal.vulnerability.core.NessusConfigManager": {

           "nessus.management.max.file.size" : 1024

          },

    • Rapid7: Search for the section that includes Rapid7ConfigManager. That section appears as follows:

      "com.bmc.dcaportal.vulnerability.core.Rapid7ConfigManager": {

           "rapid7.management.max.file.size" : 1024

          },

  3. In the sections for Qualys, Nessus, or Rapid7, enter a maximum file size for the appropriate file sources by modifying the following entry:

    "<file_source>.management.max.file.size" : 1024

    <file_source> must be Qualys, Nessus, or Rapid7.
    BMC recommends that the maximum file size be no larger than 1 GB (or 1024 MB). 

  4. Save bmc-config.json.
  5. Restart the portal server:
    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Changing how Rapid7 vulnerabilities are categorized

Use this procedure to change how Rapid7 vulnerabilities are categorized as they are imported into BladeLogic Portal.

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for Rapid7ConfigManager. That section appears as follows:

    "com.bmc.dcaportal.vulnerability.core.Rapid7ConfigManager": {

       "rapid7.management.max.file.size" : 1024
       "severity.normalization.1" : "1,2",
       "severity.normalization.2" : "3,4",
       "severity.normalization.3" : "5,6",
       "severity.normalization.4" : "7,8",
       "severity.normalization.5" : "9,10"
       },
  3. Provide the following values, as necessary:

    OptionExplanation
    severity.normalization.1 severity.normalization.2 severity.normalization.3 severity.normalization.4 severity.normalization.5 Lets you customize how the severity of vulnerabilities imported from Rapid7 into BladeLogic Portal are categorized. The previous step shows the default scheme used for data imported from Rapid7. If you prefer to categorize data using a different scheme, adjust these entries accordingly.
  4. Save bmc-config.json.
  5. Restart the portal server:
    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Disabling or enabling HTTP traffic with the DCA Index Server

The DCA Index Server uses an HTTP port for monitoring purposes. If you do not want to leave an HTTP port open for security reasons, use this procedure to disable HTTP traffic with the DCA Index Server.

Note

The HTTP port must be enabled if you are using the web-based front end to perform a data restore procedure for the DCA Index Server or to configure a cluster of DCA Index Servers.

  1. Open the elasticsearch.yml file for editing.
    Typically, this file resides at <install_location>/portal/DCAIndexService/config/elasticsearch.yml.
  2. Take one of the following actions:
    • To disable HTTP traffic:
      1. In the file, search for a line that includes http.enabled.
        The line should be commented out. 
      2. Remove the comment from the line so it reads:
        http.enabled: false
      3. Find the following line:
        http.port: 9200
      4. Comment out the line so it reads:
        #http.port: 9200 
    • To enable HTTP traffic:
      1. In the file, add a comment in front of the line that says:
        http.enabled: false
        The line should now read:
        # http.enabled: false
      2. Find the following line and remove the comment so it reads:
        http.port: 9200

  3. Save elasticsearch.yml.
  4. Restart the DCA Index service:
    • (Windows): From the Windows Control Panel on the portal server, select Administrative Tools > Services. Find and right-click the BMC DCA Index Service 1.7.3 (DCAIndexService) service, and then select Restart.
    • (Linux): On the portal server, enter the following commands:
      /etc/init.d/DCAIndexService stop
      /etc/init.d/DCAIndexService start
  5. Restart the portal service:
    • (Windows): From the Windows Control Panel on the portal server, select Administrative Tools > Services. Find and right-click the BladeLogic Portal service, and then select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Specifying a communication port for the DCA Index Server

By default, BladeLogic Portal communicates with the DCA Index Server using port 9300. In some situations, the DCA Index Server can pick another port for communication. The port it picks will be within the range of 9300 to 9400. If this occurs, after installation the portal service may not start correctly or you may see a message saying the portal was unable to connect to the DCA Index Service. If such a failure occurs, you can manually specify a communication port using the following procedure.

  1. Identify the new_port where the index service is running. On Linux use the ps command. On Windows, search the DCA index service logs and look for tcp port in the start of the logs.
  2. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  3. In the file, search for the section which includes ElasticSearchConfigManager
  4. Add an entry that identifies the port number you determined in the first step. The entry would appear as follows:
    "transport.tcp.port" : <port_number_in_use>,
  5. Save bmc-config.json.
  6. Restart the portal service:
    • (Windows): From the Windows Control Panel on the portal server, select  Administrative Tools > Services. Find and right-click the BladeLogic Portal service, and then select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Enabling display of network remediation operation results

By default, you cannot view job results for network remediation operations within BladeLogic Portal. Instead, you must view detailed results within BMC Network Automation itself. However, you can configure the portal so it does display results for network remediation operations (like other portal operations).

Note

Be aware that performance may be an issue when using this configuration to view network remediation operation results. 
  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for elementmanager.bna
  3. Insert this entry beneath elementmanager.bna: "showBNAResultsInPortal":"true". The elementmmanager.bna section appears as shown below:

    "elementmanager.bna": {
            "type":"BNA",
            "host":"myserver.com",
            "port":"443",
            "protocol":"https",
            "user":"sysadmin",
            "role":"Default",
            "adminUser":"sysadmin",
            "adminRole":"Default",
                   "showBNAResultsInPortal":"true"
    }
  4. Restart the portal server:

    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Configuring display of information in the Activity Status window

Using the bmc-config.json file, you can configure how long information is displayed in the Activity Status window.

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for ActivityService. The ActivityService section appears as shown below:

    "com.bmc.dcaportal.dcaportalprovider.activity.ActivityService": {
       "activityMonitorInterval": "86400",
       "activityExpirationTime": "2592000"
    }
  3. Provide the following values, as necessary:

    OptionExplanation
    activityExpirationTimeSpecifies the time period, in seconds, after which information in the Activity Status window expires. By default, this value is set to 30 days (in seconds).
    activityMonitorInterval  Specifies how frequently the Activity Status page checks for expired content. Content expires when it is older than the value of activityExpirationTime. Set the value of activityMonitorInterval in seconds. By default, the value is set to 24 hours (in seconds).
  4. Restart the portal server:

    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Enabling automatic imports of scan data

To enable automatic importing of scan data, a configuration process is required. However, in addition to that process, the capability to import scan data must also be enabled. Typically, this capability is enabled during installation, but you may decide to enable automatic imports sometime after installation. In that situation you must perform the following procedure to enable the capability. After the procedure is complete, perform the configuration procedure described in Setting up a scanner connection

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for data.refresh.bsa
  3. In the data.refresh.bsa entry, make sure the isScanImporter option is set to true, as shown below:

    "data.refresh.bsa": {
            "connections":[{
                   "user": "BLAdmin", 

                   "password": "NW012T6Tp4UPeCJO+Qo36sg==", 
                   "authenticationMethod": "SRP",
                   "roles": ["BLAdmins"],
                   "isScanImporter" : true
            }],

            "delayBetweenRefreshCycles": 3600
    }
  4. Restart the portal server:

    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart

Configuring the collection of data from BMC Discovery

Connecting to BMC Discovery lets you collect data about a computing environment and import that data into BladeLogic Portal. 

Using the bmc-config.json file, you can configure some aspects of how data is obtained from BMC Discovery.

  1. Open the bmc-config.json file for editing.
    Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
  2. In the file, search for "discovery". The discovery section appears as shown below:

    "data.refresh.discovery": {
       "delayBetweenRefreshCycles" : 86400,
       "discoveryDataRefreshEnable" : "true"
    }

  3. Provide the following values, as necessary:

    OptionExplanation
    delayBetweenRefreshCyclesSpecifies the time interval, in seconds, between updates from BMC Discovery. By default, this value is set to 24 hours (in seconds).
    discoveryDataRefreshEnable Enables or disables the automatic refreshing of data from BMC Discovery.
  4. Restart the portal server:

    • (Windows): On the portal server, open the Services window, find and right-click the BladeLogic Portal service, and select Restart
    • (Linux): On the portal server, enter the following command: /etc/init.d/BladeLogic_Portal restart


Was this page helpful? Yes No Submitting... Thank you

Comments