• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight Infrastructure Management 10.0

    Page tree

    Unsupported content

     

    This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

    Recommendation

    BMC recommends that you perform custom changes to already defined properties in the custom/pronet.conf file to retain the changes for upgrades.

    This topic lists security considerations and recommendations that ensure maximum security while using Infrastructure Management.

    BMC TrueSight Infrastructure Management Server security considerations

    Running Infrastructure Management over HTTPS interface

    To disable HTTP interface and run Infrastructure Management over HTTPS, configure the Apache configuration file httpd.conf and remove entries for port 80. httpd.conf is located in the following directories, depending on your operating system:

    • (Solaris or Linux): InstallationDirectory/pw/apache/conf
    • (Microsoft Windows): InstallationDirectory\pw\ApacheGroup\Apache

    Location of the HTTPS/SSL private key on BMC TrueSight Infrastructure Management Server

    • (Solaris or Linux): InstallationDirectory/pw/apache/conf/
      Read only by the root user (Infrastructure Management Install User)
    • (Windows): InstallationDirectory\pw\ApacheGroup\Apache which can be read only by the root (Infrastructure Management install User) user.

    Setting automatic log out of users after a certain period of inactivity

    By default, inactive users are logged out of the Operations Console after 24 hours. However, you can customize Infrastructure Management globally for all users:

    1. Set the pronet.html.globalsession.timeout property in the pronet.conf file located in the InstallationDirectory/pw/custom/conf directory.

    2. If you change this property, make sure to set the same log out period in the Tomcat configuration file InstallationDirectory/pw/tomcat/conf/web.xml (line 321).

      <session-config>
<session-timeout>1440</session-timeout>
</session-config>

    3. Restart the TrueSight Infrastructure Management server process by running the command:
      pw system start

      Note

      When the TrueSight Infrastructure Management server is restarted, all users will be logged out.

    Configuring Apache server to accept only SSL v3 requests

    Add the entry SSLProtocol +SSLv3 just above the directive SSLEngine on, in the Apache httpd-ssl.conf configuration file. httpd-ssl.conf is located in the following directories, depending on your operating system:

    • (Solaris or Linux): InstallationDirectory/pw/apache/conf
    • (Microsoft Windows): InstallationDirectory\pw\ApacheGroup\Apache

    Integration Service security

    Restricting the Integration Service to receive connections from a specific IPAddress

    Use the following property in pronet.conf:
    pronet.apps.agent.authorizedcontrolleraddress=<ipaddress>

    Configuring agent controller to present a specific IP Address to an Integration Service if server has more than one NIC

    Set the following property in the custom/pronet.conf file:
    pronet.apps.agentcontroller.useIPForAgentConnection=<ipaddress>
    If the server's computer has more than one IP (more than one NIC), set this property to the IP address that the agent controller will present while connecting to the agent.

    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.