• Spaces
  • People
  • Help
    • BMC Support Central BMC Communities BMC.com
    ×
    BMC TrueSight Operations Management 10.7

    Page tree
    Skip to end of metadata
    Go to start of metadata

    The BMC TrueSight Operations Management solution can comprise several components. The following diagram provides an overview of the communication paths among the core Operations Management components. For more detailed descriptions about the architectural diagrams, see TrueSight Operations Management architecture.

    This topic addresses the ways in which sensitive data and user information are secured among the Operations Management components. 

    User authentication and authorization

    The BMC TrueSight Operations Management system uses BMC Atrium Single Sign-On to authenticate and manage users and user groups. BMC Atrium Single Sign-On supports authentication with traditional systems, such as Active Directory or other LDAP systems, and supports integration into existing single sign-on systems.

    Following system installation and configuration, users access the TrueSight console  from the TrueSight Presentation Server.  Role-based access  to the Operations Management components is then managed by authorization profiles , which are maintained by the Solution Administrator.  Users cannot directly access any of the components.


    Security resources

    BMC Atrium Single Sign-On

    BMC Atrium Single Sign-On 9.0 documentation

    Setting up LDAP or Active Directory users in Atrium Single Sign-On

    Role-based user access overviews

    TrueSight Infrastructure Management security

    Security planning for Infrastructure Management

    Security standards

    BMC TrueSight Operations Management supports the following security standards.

    StandardComponent

    Remarks

    HTTPS protocolTrueSight Presentation Server

    Applicable when the App Visibility server sends events to the TrueSight Infrastructure Management component.

    Uses packaged self-signed certificate, which exists on the TrueSight Presentation Server and App Visibility server.

    To replace the self-signed certificates with signed certificates, see the following:

    App Visibility server
    TrueSight Infrastructure Impact Client API App Visibility server

    Applicable when the App Visibility server sends events to the TrueSight Infrastructure Management component.

    MultipleTrueSight Infrastructure ManagementFor details, see Security planning for Infrastructure Management.
    BMC Atrium Single Sign-OnTrueSight Presentation Server

    Applicable when users log on to the TrueSight Presentation Server and launch TrueSight Infrastructure Management from the TrueSight console.

    To review the security standards used in the BMC Atrium Single Sign-On product, see Key concepts in the documentation.

    Location of security certificates and Java KeyStore files

    During installation of the App Visibility component, self-signed certificates are created in the following locations to handle authentication between the components. If you prefer to use your own certificates, follow the procedures detailed in Changing security certificates in App Visibility components . For information about the security certificates used in the TrueSight Infrastructure Management server, see Location of the HTTPS/SSL private key on BMC TrueSight Infrastructure Management Server.

    • Location of the keystore files for for App Visibility component on the Presentation Server
      • Windows
        • %TRUESIGHTPSERVER_HOME%\truesightpserver\conf\secure\adopskeystore.jks
        • %TRUESIGHTPSERVER_HOME%\truesightpserver\conf\secure\adopstruststore.jks
      • Linux
        • $TRUESIGHTPSERVER_HOME/truesightpserver/conf/secure/adopskeystore.jks
        • $TRUESIGHTPSERVER_HOME/truesightpserver/conf/secure/adopstruststore.jks
      • Configuration file: tspsInstallationDirectory/conf/appVisCertificates.xml
    • Location of keystore file that secures communication between clients (browser) and the TrueSight Presentation Server
      • Windows
        %TRUESIGHTPSERVER_HOME%\conf\secure\loginvault.ks
      • Linux
        $TRUESIGHTPSERVER_HOME/conf/secure/loginvault.ks

    Security certificates on App Visibility server components and App Visibility agents

    The following table lists the file paths and file names of the properties files for the App Visibility server components. By default, the keystore and truststore files are located in the installationDirectory/component/security directory. In the properties files, you must provide a relative path to the keystore and truststore files in the security directory.

    App Visibility server security files and parameters

    Properties fileParameter*

    portalInstallationDirectory/portal/properties/portal.properties

    key.store.file.path=relativePath/keystoreFileName.jks
    trust.store.file.path=relativePath/truststoreFileName.jks
    key.store.password.enc=encryptedPassword
    key.store.alias=keystoreAlias

    collectorInstallationDirectory/collector/properties/collector.properties

    		key.store.file.path=relativePath/keystoreFileName.jks
    trust.store.file.path=relativePath/truststoreFileName.jks
    key.store.password.enc=encryptedPassword
    key.store.alias=keystoreAlias

    proxyInstallationDirectory/apm-proxy/properties/apm-proxy.properties

    		key.store.file.path=relativePath/keystoreFileName.jks
    trust.store.file.path=relativePath/truststoreFileName.jks
    key.store.password.enc=encryptedPassword
    key.store.alias=keystoreAlias

    * Use a forward slash (/) for file paths, even on Windows systems.

    Tip

    Use the same file with the same values for all the components: keystoreFileName.jks, truststoreFileName.jks, encryptedPassword , keystoreAlias .

    Security certificates on Synthetic TEA Agents

    You can use custom certificates for the BMC Synthetic Transaction Execution Adapter (TEA) Agents for authentication with App Visibility Manager. You can update certificates before installing your TEA Agents, or you can update certificates on TEA Agents that are already installed. The TEA Agent installation files include a tool to help replace the certificates. For more information, see Changing security certificates on Synthetic TEA Agents .

    Data security

    The App Visibility portal and App Visibility collector each include an App Visibility database, which is a PostgreSQL database that uses trust authentication. This authentication assumes that anyone who can access the App Visibility portal or collector computers is authorized to access the database.

    For more information about maintaining App Visibility data security, see Changing the App Visibility database password .

    Open ports

    For a complete list of ports used by the TrueSight Operations Management solution, see Network ports.

    Related topics

    Importing a keystore file or replacing the certificate for the App Visibility proxy

    System requirements for Presentation Server

    Access control for administrators of service providers

    Access control for SaaS administrators

     

     

     

    © Copyright 2005-2020 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.