×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Operations Management 11.3 ... Installing Securing communication among Infrastructure Management components Configuring TrueSight Infrastructure Management to enable TLS 1.2

Rolling back to SSL configuration

By default, TrueSight Infrastructure Management and its associated components use Transport Layer Security (TLS) versions earlier than TLS 1.2 to communicate with each other. BMC provides an option to upgrade the security in your enterprise environment by using TLS 1.2 to communicate with TrueSight Infrastructure Management components. If you have configured the system to be TLS 1.2 compliant and subsequently want to roll back to the default configuration the following section guides you to achieve the same. 

There are different communication channels established between the components of the TrueSight Infrastructure Management components. Perform the roll back operations per communication channel. Select the communication channel which you want to roll back and perform the tasks accordingly. To roll back to default configuration, complete the procedures by navigating the following tabs. The following table lists the abbreviations and their definitions used in the tabs.

AbbreviationDefinition
TSIMTrueSight Infrastructure Management
TSPSTrueSight Presentation Server
ISTrueSight Integration Service
PABMC PATROL Agent
IIWSBMC Impact Integration Web Services
PSBMC Publishing Server


Perform the following steps to roll back the Infrastructure Management Server to the Presentation Server communication to default configuration:

To configure the Presentation Server

  1. Navigate to the <Presentation Server Install Directory>\truesightpserver\bin directory, and run the following command to check whether the TrueSight Presentation Server is running. 

    tssh server status

    Note

    Ensure that the TrueSight Presentation Server is running before proceeding further.

  2. Log on to the TrueSight console and select Administration> Components.

    Displays the components that are registered with the Presentation Server. Ensure that no TrueSight Infrastructure Management Server is registered with the TrueSight Presentation Server. If a TrueSight Infrastructure Management Server is registered delete the same. For more information, see To delete a component Open link

  3. Set the property in the database by running the following command:

    tssh properties set tsps.cell.conntype tcp
tssh properties set pronet.jms.conntype tcp

  4. Using a text editor, open mcell.dir file located in <Presentation Server Install Directory>\confdirectory.

  5. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                              <name>             encryption key           <host>/<port>
#gateway.gateway_subtype	   ts_event_gateway	           *TLS	               localhost:1900
#cell                         pncell_tsim_server1          *TLS            tsim_server1.bmc.com:1828

  6. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key         <host>/<port>
gateway.gateway_subtype	     ts_event_gateway	        mc	               localhost:1900
cell                         pncell_tsim_server1        mc            tsim_server1.bmc.com:1828

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • Replace the localhostbythe computer name on which the Presentation Server is running
    • tsim_server1 is the name of TrueSight Infrastructure Management Server registered with the TrueSight Presentation Server. If there are multiple Infrastructure Management Server entries in the mcell.dir file, change the encryption key to mc for all such entries.

  7. Save and close the file.

  8. Stop the Presentation Server by running the following command:

    tssh server stop

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Navigate to the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory location.

  3. Open the tcp.activemq-rar.rar file and extract the amq-broker-config.xml file.

  4. Take a backup of the amq-broker-config.xmlfile.

  5. In the amq-broker-config.xml file, update the URI attribute of transportConnector property to the new port number as shown in the following example:

    Note

    In the preceding example the port number is set to 8093. If you are using a different port, then set the port number accordingly.

  6. After the change, save the amq-broker-config.xml file and add it to the tcp.activemq-rar.rar file in the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory again.

  7. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory by running the following command:

    # Microsoft Windows operating system 
$cd <Infrastructure Management Server Install Directory>\pw\pronto\bin 
# Unix operating system 
$cd <Infrastructure Management Server Install Directory>/pw/pronto/bin


  8. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:

    #Syntax perl switchTLSMode.pl -<on/off> -flow <communication channel> -tsps <TrueSight Presentation Server name> 

#Example
perl switchTLSMode.pl -off -flow event_and_data -tsps myserver.bmc.com

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • -on/off: off option disables TLS configuration and enables the defaulttcp/ssl configuration.
    • -flow: If the flow is set to event_and_data, the Infrastructure Management Server to Presentation Server is communication channel is selected.

    • TrueSight Presentation Server name: This is the fully qualified domain name (FQDN) of the computer where the Presentation Server is installed.

    • -h: This is an optional parameter, it displays the help for the the switchTLSMode.pl command

To start the servers

  1. Start the Presentation Server by running the following command:

    tssh server start

  2. Start the Infrastructure Management Server by running the following command:

    pw system start

To register the Infrastructure Management Server with the Presentation Server

  1. Ensure that all the processes of the Infrastructure Management Server are up by running the following command:

    pw p l

  2. Register the Infrastructure Management Server with the Presentation Server. For more information, see Registering the component products with the Presentation Server Open link .

Perform the following steps to roll back the Integration Service to Infrastructure Management Server communication to default configuration. Select the steps based on the type of the Integration Service.

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop

  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\confdirectory.

  3. Comment out the instance of the code line having the conntype value as ssltcpas shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp

  4. Set the conntype value to tcp as shown in the following code block:

    #Configuration settings to roll back the default configuration between Infrastructure Management Server to Local Integration Service
pronet.apps.agent.conntype=tcp

    Note

    Modify the file present in the pw\custom\confdirectory, if it is a local Integration Service.

  5. Save and close the file.

To configure the remote Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop

  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\confdirectory.

  3. Comment out the instance of the code line having the conntype value as ssltcp as shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp

  4. Set the conntype value to tcp as shown in the following code block:

    pronet.apps.agent.conntype=tcp

  5. Save and close the file.

  6. Stop the Integration Service. For more information, see Starting and stopping the TrueSight Operations Management components. Open link

  7. Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\pronto\confdirectory.

  8. Comment out the instance of the code line having the conntype value as ssltcp as shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp

  9. Set the conntype value to tcp as shown in the following code block:

    pronet.apps.agent.conntype=tcp

    Note

    Modify the file present in the agent\pronto\conf directory, if it is a remote Integration Service.

  10. Save and close the file.

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start

  2. Start the Integration Service. For more information, see  Starting and stopping the TrueSight Operations Management components. Open link

The following section guides you to configure the Integration Service to Cell communication to enable default configuration. Choose the appropriate configuration steps based on the type (local / remote) of the Integration Service and the cell used.

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop

  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\confdirectory.

  3. Comment out the instance of the code line having the encryptionkey value as *TLS as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=*TLS

  4. Set the encryptionkey value to mc as shown in the following code block:

    pronet.apps.is.cell.encryptionkey=mc

  5. Save and close the file.

  6. Using a text editor, open mcell.dir file located in <Infrastructure Management Server Install directory>\pw\server\etc directory.

  7. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>               encryption key               <host>/<port>
#cell_1                     pncell_tsim_server1           *TLS                   cell_1.bmc.com:1828
#cell                            HA_Cell                  *TLS                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

  8. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key            <host>/<port>
cell_1                     pncell_tsim_server1           mc                 cell_1.bmc.com:1828
cell                            HA_Cell                  mc                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following notes:

    • cell_1is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary High Availability cell host names.

To configure the remote Integration Service

  1. Log in to the computer where the remote Integration Service is installed, and stop the Integration Service. For more information, see  Starting and stopping the TrueSight Operations Management components. Open link

  2. Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\pronto\confdirectory.

  3. Comment out the instance of the code line having the encryptionkey value as *TLS as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=*TLS

  4. Set the encryptionkey value to mc as shown in the following code block:

    pronet.apps.is.cell.encryptionkey=mc

    Note

    Modify the file present in the agent\pronto\conf directory, if it is a remote Integration Service.

  5. Save and close the file.

  6. Using a text editor, open mcell.dir file located in <Integration Service Install directory>\Agent\server\etc directory.

  7. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>               encryption key              <host>/<port>
#cell_1                     pncell_tsim_server1           *TLS                 cell_1.bmc.com:1828
#cell                            HA_Cell                  *TLS                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

  8. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key            <host>/<port>
cell_1                     pncell_tsim_server1           mc                 cell_1.bmc.com:1828
cell                            HA_Cell                  mc                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following section:

    • cell_1is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary High Availability cell host names.

  9. Save and close the file.

To configure the default Infrastructure Management Cell

  1. Stop the cell service (Unix) by running the following command:

    mkill -n cellname

  2. To stop the cell service (Microsoft Windows), navigate to Start > Settings > Control Panel.

    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop

    3. Click Yes to close the warning message that is displayed. 
      The status for the cell service changes from Started to (blank).

  3. Using a text editor, open mcell.conf file located in <Infrastructure Management Server Install Directory>\pw\server\etc\pncell_<TSIM_MACHINE_NAME>directory.

  4. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls

  5. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
ServerCertificateFileName=mcell.crt
ServerPrivateKeyFileName=mcell.key

  6. Save and close the file.

To configure a remote Cell

  1. Logon to the computer where the remote cell is installed.

  2. Stop the cell service

    • (Unix) Run the following command:

      mkill -n cellname

    • (Microsoft Windows) Go to Start > Settings > Control Panel,

      1. Double-click the Services icon to launch the Services dialog box.
      2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop

      3. Click Yes to close the warning message that is displayed. 
        The status for the cell service changes from Started to (blank).

  3. Using a text editor, open mcell.conf file located in <Remote Cell Install Directory>\pw\server\etc\cell_name directory.

  4. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls

  5. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
ServerCertificateFileName=mcell.crt
ServerPrivateKeyFileName=mcell.key

  6. Save and close the file.

To start the servers

  1. Start the cell service:

    • (Unix) Run the following command:

      mcell -n cellname

    • (Microsoft Windows) Go to Start > Settings > Control Panel,

      1. Double-click the Services icon to launch the Services dialog box.

      2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Restart

      3. Click Yes to close the warning message that is displayed. 
        The status for the cell service changes to Started from (blank).

  2. Start the Integration Service. For more information, see Starting and stopping the TrueSight Operations Management components. Open link

Perform the following steps to roll back the Infrastructure Management Server to Oracle database communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:

    #Syntax 
perl switchTLSMode.pl -<on/off> -flow <communication channel> -dbport <Oracle Database port> -dbver <Oracle Database version> 
 
#Example
perl switchTLSMode.pl -off -flow oracle –dbport 1521 -dbver 11G

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • -on/off: off option disables TLS mode of communication and enables the defaulttcp/ssl configuration.
    • -flow: oracle option will select the Infrastructure Management Server to Oracle database communication channel.
    • -dbport:Provide the port number that is configured for the Oracle database communication.
    • -dbver: Provide the Oracle database version. There are two compatible Oracle database versions: 11G, 12C

  3. Start the Infrastructure Management Server by running the following command:

    pw system start

Perform the following steps to roll back the PATROL Agent to Integration Service communication to default configuration.

To configure the remote Integration Service

  1. Stop the Integration Service (Unix) by running the following command: 

    pw is stop

  2. To stop the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.

  3. Double-click the Services icon to launch the Services dialog box.
  4. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Stop

  5. Click Yes to close the warning message that is displayed. 
    The status for the Integration Service changes from Started to (blank).

  6. Navigate to the <Remote Integration Service Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:

    # Microsoft Windows operating system
$cd <Remote Integration Service install directory>\agent\patrol\common\security\config_v3.0

# Unix operating system
$cd <Remote Integration Service install directory>/agent/patrol/common/security/config_v3.0

  7. Run the following command:

    #Syntax
set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
#Example
$set_unset_tls_IS.cmd <Remote Integration Service Install Directory> UNSET_TLS 2 -serverDbPath "C:\Certificates\server_db" -identity bmcpatrol

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Navigate to the <Infrastructure Management Server Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:

    # Microsoft Windows operating system
$cd <Infrastructure Management Server Install Directory>\pw\patrol\common\security\config_v3.0

# Unix operating system
$cd <Infrastructure Management Server Install Directory>/pw/patrol/common/security/config_v3.0

  3. Run the following command:

    #Syntax
set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
#Example
$set_unset_tls_IS.cmd <Infrastructure Management Server Install Directory>\pw  UNSET_TLS 2 -serverDbPath "C:\Certificates\server_db" -identity bmcpatrol

Parameter description

The following notes describe the key parameters used in the preceding command:

  • Use the set_unset_tls_IS.cmd script on the Microsoft Windows operating system, and the set_unset_tls_IS.shscript on the Unix operating system.

  • set_unset_tls.sh -h will display the help for the set_unset_tls_IS command.

  • There are six command line arguments for the set_unset_tls_IS script as explained in the following section:
    • $BMC_ROOT: The directory where the Integration Service is installed.
    • SET_TLS / UNSET_TLS: The second command line argument can either be SET_TLS, or UNSET_TLS. If you select SET_TLS, the Integration Service is configured in TLS mode. If you select UNSET_TLS, the Integration Service is configured in Non-TLS mode.
    • security_level: Applicable security levels are 2,3, and 4. The current value of this variable represents the security level at which the Integration Service is running.
    • serverDbPath: The directory where the server certificates are present. This argument is mandatory for all the security_levels of the Integration Service.
    • identity: The certificate identity. If you do not specify any value to this argument, the default value is set to bmcpatrol.

To configure the PATROL Agent

By default, the PATROL Agent uses either Transmission Control Protocol (TCP) or Secure Sockets Layer (SSL) protocol for communication. BMC provides an option to configure the PATROL Agent to enable TLS 1.2. If you have configured the system to be TLS 1.2 compliant and subsequently want to roll back to the default configuration the following section guides you to achieve the same. 

  1. Navigate to the config_v3.0 folder by running the following command:

    # Microsoft Windows operating system
$cd <PATROL Agent installation directory>\common\security\config_v3.0
 
# Unix operating system
$cd <PATROL Agent installation directory>/common/security/config_v3.0

  2. Run the script to disableTLS mode as shown in the following code block:

    #Syntax
set_unset_tls.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -clientDbPath <clientDbPath> -identity <identity>
#Example
$set_unset_tls.cmd "C:\Program Files (x86)\BMC Software" UNSET_TLS 0 -serverDbPath "C:\Certificates\server_db" -clientDbPath "C:\Certificates\client_db" -identity bmcpatrol

    Notes

    • Use set_unset_tls.cmd script on the Microsoft Windows operating system, and set_unset_tls.shscript on the Unix operating system.

    • When you run the set_unset_tls.sh script on AIX and HP-UX operating systems to enable TLS 1.2, the system creates symbolic links for Mozilla NSS v3.20 libraries in the default system library directory /usr/lib.

    • set_unset_tls.sh -h will display the help for the set_unset_tls command.
    • There are six command line arguments for the set_unset_tls script as explained in the following section:
      • BMC_ROOT: The directory where the PATROL Agent is installed.
      • SET_TLS / UNSET_TLS: The second command line argument can either be SET_TLS, or UNSET_TLS. If you select SET_TLS, the PATROL Agent is configured in TLS mode. If you select UNSET_TLS, the PATROL Agent is configured in Non-TLS mode.
      • security_level: Applicable security levels are 2,3, and 4.
      • serverDbPath: The directory where the server certificates are present. This argument is mandatory if the security_level is set to 3.
      • clientDbPath: The directory where the client certificates are present. This argument is mandatory if the security_level is set to 3.
      • identity: The certificate identity. If you do not specify any value to this argument, the default value is set to bmcpatrol.

To start the servers

Restart the following components.

To start the Integration Service

  1. Start the Integration Service:

    1. (Local Integration Service) Run the following command:

      pw system start

      The Integration Service is restarted along with the Infrastructure Management Server.

    2. (Remote Integration Service): Start the remote Integration Service. For details, see Starting and stopping the TrueSight Operations Management components. Open link

To start the PATROL Agent

Start the PATROL Agent by running the following command:

#If you do not specify the port number, the PATROL Agent will use the default port number, 3181. 
patrolagent -p <port number>

For more information, see Starting and stopping the PATROL Agent. Open link

Perform the following steps to roll back the Infrastructure Management Server to BMC Impact Integration Web Services (IIWS) communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\server\etcdirectory.

  3. Comment out the instance of the code line having the encryption key value as *TLS as shown in the following code block:

    #gateway.imcomm    IIWSGatewayServer    *TLS    IIWSGatewayServer.bmc.com:1859

  4. Set the encryption key as shown in the following code block:

    gateway.imcomm    IIWSGatewayServer    mc    IIWSGatewayServer.bmc.com:1859

    Note

    IIWSGatewayServer is the name of the host computer where the BMC Impact Integration Web Services is installed.

  5. Save and close the file.

To configure the BMC Impact Integrations Web Services server

  1. Navigate to the  <Impact Web Services installation directory>\tomcat\webapps\imws\WEB-INF\etc directory by running the following command:

    # Microsoft Windows operating system 
$cd <Impact Web Services installation directory>\tomcat\webapps\imws\WEB-INF\etc

# Unix operating system 
$cd <Impact Web Services installation directory>/tomcat/webapps/imws/WEB-INF/etc
  2. Using a text editor, open the mcell.dir file.

  3. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #type                                     Name                              encryption key                       <Host>:1828
#gateway.imcomm                         IIWSGatewayServer                       *TLS                           localhost:1859
#cell                                   pncell_tsim_server                      *TLS                           tsim_server.bmc.com:1828

  4. Set the encryption key value to mc as shown in the following code block:

    #syntax
#type                                     Name                            encryption key                       <Host>:1828
#example
gateway.imcomm                         IIWSGatewayServer                       mc                           localhost:1859
cell                                   pncell_tsim_server                      mc                           tsim_server.bmc.com:1828

    Note

    • Replace the localhost by the computer name where the IIWS server is installed.
    • tsim_server is the name of the host computer where the Infrastructure Management Server is installed.

  5. Save and close the file.

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start

  2. Restart the IIWS server by running the following commands:

    1. From the desktop or Start menu, navigate to Services.

    2. To stop the server, select the BMC Impact Integration Web Services service, and right-click to open the menu. The service name is BMCIWS, and the display name is Impact Integration Web Service.

    3. To stop the application server, select Stop.

Perform the following steps to roll back the Infrastructure Management Server to BMC TrueSight Operations Management Reporting communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\custom\confdirectory.

  3. Comment out the instance of the code line having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>             encryption key             <host>/<port>
 #cell	                      ts_event_gateway	        *TLS	                localhost:1900

  4. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key         <host>/<port>
 cell	                      ts_event_gateway	        mc	                localhost:1900

  5. Save and close the file.

To configure the BMC TrueSight Operations Management Reporting

  1. Stop the Reporting engine service. For more information, see Stopping the Reporting Engine service Open link .

  2. Navigate to the reportsCLIdirectory by running the following command:

    # Microsoft Windows operating system 
$cd <TrueSight Operations Management Reporting Install directory>\bin\reportsCLI

# Unix operating system 
$cd <TrueSight Operations Management Reporting Install directory>/bin/reportsCLI

  3. Run the command as shown in the following code block:

    TLSConfig disable -keystore <keystorefile> -keystorepassword <keystore password> -truststore <truststore file> -truststorepassword <truststore password>

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • <keystorefile>: The path and the file name of the keystore
    • <keystore password>: Password for the keystore
    • <truststorefile>: The path and the file name of the truststore
    • <truststore password>: Password for the truststore

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start

  2. Restart the TrueSight Operations Management Reporting component. For more information, see Starting the TrueSight Operations Management Reporting Engine service Open link

Perform the following steps to roll back the Publishing Server to Infrastructure Management server communication to default configuration.

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop

  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\custom\confdirectory.

  3. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>              encryption key                    <host>/<port>
#cell	                      pncell_hostname	         *TLS	                 pncell_hostname.bmc.com:1828
#gateway.imcomm              gw_ps_pncell_hostname       *TLS                      hostname.bmc.com:1839

  4. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key               <host>/<port>
 cell	                      pncell_hostname	        mc	                 pncell_hostname.bmc.com:1828
gateway.imcomm              gw_ps_pncell_hostname       mc                      hostname.bmc.com:1839

  5. Save and close the file.

  6. Using a text editor, open the smmgr.conf located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.

  7. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls

  8. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
ServerCertificateFileName=mcell.crt
ServerPrivateKeyFileName=mcell.key

  9. Save and close the file.

  10. Start the Infrastructure Management Server by running the following command:

    pw system start

Where to go from here

Securing communication among Infrastructure Management components

Was this page helpful? Yes No Submitting... Thank you
Last modified by Rashmi Gokhale on Jun 24, 2018
task security post-installation tsps configuration components integration_service network_service infra_management rollback

Comments

  1. Clint Hardman

    I have ran into issues with what looks to be step 4 of the TSIM steps. I initially went through and changed the jms broker port to 8096 from 8093 and after runningi the switchTLSmode perl script my TSIM wouldn't start. I am wondering if this step even needs to be done and included in the documentation as changing that port appeared to be what caused my TSIM to break and not be able to start again. If you are going to include this step the notes/explanations need to be more clear in regards to what changing that port really means. Also running that script will stop and start the TSIM and the next steps in the process say to start the TSPS back up and then start the TSIM which the script already tries to do.

    Dec 04, 2019 04:20
  2. Thurlow Caffey

    For the set_unset_tls.sh & set_unset_tls_IS.sh commands & related, for the parameters "serverDbPath" & "clientDbPath", are these the locations of the NSS databases i.e. the stuff created with certutil, openssl & pk12util? Please clarify. Thanks.

    Apr 07, 2020 06:15
    1. Rashmi Gokhale

      Hi,

      As per my discussion with the SME, the "serverDbPath" & "clientDbPath" are the locations of the NSS databases created using certutil.


      Thanks,

      Rashmi

      Apr 17, 2020 05:52
  3. Thurlow Caffey

    This document says that the "Integration Service" has security levels from 0 to 4 AND "Patrol Agents" have security levels from 0 to 3. How can the security levels between "Integration Service" and "Patrol Agents" be made to match up when they don't have the same range of security levels? Please clarify or correct this page.

    Apr 16, 2020 10:28
    1. Rashmi Gokhale

      Hi,

      I will discuss this with the SME and update the document if required.

      Thanks,

      Rashmi

      Apr 17, 2020 05:53
      1. Rashmi Gokhale

        Hi,

        I discussed this with the SME and as per their inputs have modified the applicable security levels as 2,3, and 4.


        May 04, 2020 07:21

Log in or register to comment.

Configuring the PATROL Agent to Integration Service communication to enable TLS 1.2
Implementing private certificates in TrueSight Operations Management
© Copyright 2013-2019 BMC Software, Inc. © Copyright 2013-2019 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.