Brief maintenance outage Tuesday, August 20

This site,, will undergo a brief maintenance outage on Tuesday, August 20 at 6 pm CDT. Downtime will be less than five minutes.

    Page tree
    Skip to end of metadata
    Go to start of metadata

    To establish data security and protect sensitive information, BMC Real End User Experience Monitoring Software Edition provides the following features:

    Data storage

    By encrypting traffic, the system protects both traffic data and end-users' private data. To provide additional security, you can create data storage rules to specify what pages and objects the system should store, and how long they are retained.

    By default, the system applies the data confidentiality policies on the traffic and then stores all traffic data until the maximum capacity (configurable value) is filled.

    Data confidentiality

    The system hides or deletes private data according to traffic confidentiality policies.

    By default, the system deletes all key/value pairs received from cookies, URI query, POST, and PATH parameters, except the following:

    • jsessionid
    • aspsessi*
    • asp.net_sessionid
    • sid
    • uid
    • *tltuid*
    • phpsessid
    • crd_*
    • udm_*

    Confidentiality policies page

    Users with Security-level access can configure confidentiality rules in conformity with your organization's privacy policies to ensure that the system does not retain private information derived from monitored traffic (such as credit-card numbers or dates of birth).

    For more information, see the Securing sensitive data with confidentiality policies section.

    Data export security

    BMC recommends that you limit access of data-export APIs (Bulk data export, Watchpoint Summary export, Watchpoint streaming export, and so forth) to system services like data export, Watchpoint streaming, and non-secure data transfer.

    Use the data export security options to permit or refuse the API access (see the Data export section on the Analyzer's Administration > Security settings > Services page).

    Cross-domain policies

    For security reasons, some applications (notably Adobe Flash Player) prevent cross-domain loading of data by default.

    Because BMC Real End User Experience Monitoring has Flash widgets embedded in the UI, you must manage the cross-domain data loading to secure the system. Using a cross-domain policy file, enable Flash to permit or deny content from particular domains.

    For more information, see the  Cross-domain data loading  section.

    Custom fields

    With custom fields, users can extract sensitive or confidential information from the traffic. Security users must be careful while enabling the use of custom fields.

    For more information, see the Using custom fields on the Analyzer to filter traffic, export data, or monitor error conditions section.

    SSL encryption

    Only users with Security-level access can upload and delete stored decryption (SSL) keys. Uploaded keys cannot be viewed or downloaded.

    BMC recommends that you review the confidentiality policy when adding new keys, because the new services might not be visible before the policy is reviewed.

    For more information, see the Configuring Cloud Probe SSL keys and settings for traffic decryption section.

    Network monitoring

    The use of the network taps or mirror/span ports prevents traffic injection into monitored networks. Therefore, the system can be securely connected to external/DMZ networks, assuring that monitored networks are not affected by the presence of this type of traffic capture device.

    Capture ports on the Real User Cloud Probe must be connected to either a network tap or mirror/span port on a network switch. The capture ports operate in promiscuous mode only. They do not have any IP networking capabilities and cannot inject traffic into monitored networks.

    For additional information, see Traffic capture and tapping points for BMC Real End User Experience Monitoring Software Edition and Network ports.

    Related topics

    Access security for BMC Real End User Experience Monitoring Software Edition

    Network ports

    Securing the end-user experience monitoring system and restricting access to traffic data