Configuring the PATROL Agent to Integration Service communication to enable TLS 1.2
Perform the following steps to enable the Remote Integration Service to PATROL Agent communication to be TLS 1.2 compliant:
- Step 1:To configure the Integration Service to enable TLS 1.2
- Step 2:To configure the PATROL Agent to enable TLS 1.2
- Step 3:To start the servers
To configure the Integration Service to enable TLS 1.2
The following set of steps guide you to configure both the local or remote Integration Services.
To configure the remote Integration Service and the PATROL Agent communication to enable TLS 1.2
Stop the Integration Service by running the following command:
pw is stop- To stop the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.
- Double-click the Services icon to launch the Services dialog box.
- Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Stop.
- Click Yes to close the warning message that is displayed.
The status for the Integration Service changes from Started to (blank). Navigate to the <Remote Integration Service Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:
# Microsoft Windows operating system
$cd <Remote Integration Service install directory>\agent\patrol\common\security\config_v3.0
# Unix operating system
$cd <Remote Integration Service install directory>/agent/patrol/common/security/config_v3.0Run the following command:
#Syntax
set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
#Example
$set_unset_tls_IS.cmd <Remote Integration Service Install Directory> SET_TLS 3 -serverDbPath "C:\Certificates\server_db" -identity bmcpatrol
To configure the local Integration Service and the PATROL Agent communication to enable TLS 1.2
Stop the Infrastructure Management Server by running the following command:
pw system stopNavigate to the <Infrastructure Management Server Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:
# Microsoft Windows operating system
$cd <Infrastructure Management Server Install Directory>\pw\patrol\common\security\config_v3.0
# Unix operating system
$cd <Infrastructure Management Server Install Directory>/pw/patrol/common/security/config_v3.0Run the following command:
#Syntax
set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
#Example
$set_unset_tls_IS.cmd <Infrastructure Management Server Install Directory>\pw SET_TLS 3 -serverDbPath "C:\Certificates\server_db" -identity bmcpatrol
To configure the PATROL Agent to enable TLS 1.2
Perform the following steps to make the PATROL Agent to Integration Service communication TLS 1.2 compliant:
Navigate to the config_v3.0 folder by running the following command:
# Microsoft Windows operating system
$cd <PATROL Agent installation directory>\common\security\config_v3.0
# Unix operating system
$cd <PATROL Agent installation directory>/common/security/config_v3.0Verify your PATROL Agent's installation directory. If the PATROL Agent's installation directory is not same as the default installation directory that is C:\Program Files (x86)\BMC Software, perform the following sequence of steps:
Using a text editor, open the tls_agent.reg registry file located in the <PATROL Agent Installation Directory>\config_v3.0\config_v3.0 directory location, and update the entries to reflect the PATROL Agent's actual installation path as shown in the following example code:
#Original entry"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, C:\\\\Program Files (x86)\\\\BMC Software\\\\common\\\\security\\\\keys\\\\sample.bin"
"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, C:\\\\Program Files (x86)\\\\BMC Software\\\\common\\\\security\\\\keys\\\\sample.bin"#Modified entry"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, <PATROL Agent Installation Directory>\\\\common\\\\security\\\\keys\\\\sample.bin"
"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, <PATROL Agent Installation Directory>\\\\common\\\\security\\\\keys\\\\sample.bin"Using a text editor, open the tls_esi.reg registry file located in the <PATROL Agent Installation Directory>\config_v3.0\config_v3.0 directory location and update the entries to reflect the PATROL Agent's actual installation path as shown in the following example code:
#Original entry"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, C:\\\\Program Files (x86)\\\\BMC Software\\\\common\\\\security\\\\keys\\\\sample.bin"#Modified entry"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, <PATROL Agent Installation Directory>\\\\common\\\\security\\\\keys\\\\sample.bin"Using a text editor, open the tls_proxy.reg registry file located in the <PATROL Agent Installation Directory>\config_v3.0\config_v3.0 directory location and update the entries to reflect the PATROL Agent's actual installation path as shown in the following example code:
#Original entry"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, C:\\\\Program Files (x86)\\\\BMC Software\\\\common\\\\security\\\\keys\\\\sample.bin"#Modified entry"password"="17fa9e37f011ec79ef0b32d00cbc98c4f4ca367272714f6b, <PATROL Agent Installation Directory>\\\\common\\\\security\\\\keys\\\\sample.bin"
Run the script to enable TLS mode as shown in the following code block:
#Syntax
set_unset_tls.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -clientDbPath <clientDbPath> -identity <identity>
#Example
$set_unset_tls.cmd "C:\Program Files (x86)\BMC Software" SET_TLS 3 -serverDbPath "C:\Certificates\server_db" -clientDbPath "C:\Certificates\client_db" -identity bmcpatrol
To start the servers
Perform the following set of steps after the configuration changes are completed.
To edit the Integration Service's properties
- Logon to the TrueSight console, and access Configuration > Managed Devices. Managed Devices page displays the BMC TrueSight Infrastructure Management components that are displayed in a hierarchical order as shown in the following diagram.
- Click the action menu
of the Integration Service for which the TLS configurations need to be applied. When the Integration Service is in the disconnected state, the action menu displays the options: Edit, Delete, View, Connect.
- Select the Edit option.
- The Integration Service properties are displayed. Set the Connection to Infrastructure Management Server property to Direct access using SSL TCP/IP.
- Click Save.
To start the local Integration Service
Start the Infrastructure Management Server by running the following command:
pw system start
To start the remote Integration Service
Start the remote Integration Service (Unix) by running the following command:
pw is start- To start the remote Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.
- Double-click the Services icon to launch the Services dialog box.
- Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Restart.
- Click Yes to close the warning message that is displayed.
The status for the Integration Service changes from blank to (started).
To start the PATROL Agent
Start the PATROL Agent by running the following command:
patrolagent -p 9090