The product architecture handles and provides security at various levels, as described in the following sections:
The product can securely transfer data:
Data flow | When encrypted |
---|---|
Browser to BMC TrueSight IT Data Analytics server | When HTTPS is configured in the BMC TrueSight IT Data Analytics server |
Console Server to Collection Station | |
CLI to BMC TrueSight IT Data Analytics server | When HTTPS is configured in the BMC TrueSight IT Data Analytics server and in the CLI client |
BMC TrueSight IT Data Analytics server to Search component | When HTTPS is configured in the Search component and the BMC TrueSight IT Data Analytics server client |
Collection Agent to Collection Station | When HTTPS is configured in Collection Station and encryption in Payload Service |
Collection Station to target hosts | When SSH remote collection is used |
SMTP send for email | When SMTP is configured with credentials, TLS is used |
BMC ProactiveNet Performance Management get and send data | When HTTPS connection type is used to configure BMC ProactiveNet Performance Management configuration |
For more information about the default communication ports and protocols, see Communication ports and protocols.
The following types of credentials are stored in encrypted form:
Credentials used for data collection are stored in encrypted form and are decrypted by the Collection Station or the Collection Agent just before passing the credentials to the external system for authentication. The product does not store or transfer the password in plain text. But the password is not encrypted when passed from the browser to the Console Server; to ensure complete security you need to enable security for the Console Server.
Note
The encryption and decryption keys are pre-configured in the product components. These keys are not visible to administrators and cannot be customized.