The BMC TrueSight Operations Management solution can comprise several components. The following diagram provides an overview of the communication paths between the core Operations Management components. For more detailed descriptions about the architectural diagrams, see BMC TrueSight Operations Management architecture.
This topic addresses the ways in which sensitive data and user information are secured among the Operations Management components.
User authentication and authorization
The BMC TrueSight Operations Management system uses BMC Atrium Single Sign-On to authenticate and manage users and user groups. BMC Atrium Single Sign-On supports authentication with traditional systems, such as Active Directory or other LDAP systems, and supports integration into existing single sign-on systems.
Following system installation and configuration, users access the TrueSight Operations Management console from the TrueSight Presentation Server. Role-based access to the Operations Management components is then managed by authorization profiles, which are maintained by the Solution Administrator. Users cannot directly access any of the components.
Upgrading from ProactiveNet or TrueSight Infrastructure Management 9.6?
If you did not use BMC Atrium Single Sign-On to manage users, you must install it and the TrueSight Presentation Server before you can upgrade the Infrastructure Management servers (or ProactiveNet servers). During the upgrade, you can choose from the following user migration options:
- Migrate the users for each ProactiveNet server to a separate tenant (Single Sign-On realm).
- Migrate all users to the default BmcRealm tenant.
Both of these options automatically import users and user groups into BMC Atrium Single Sign-On and configuration and PATROL Agent blackout policies and import roles into the TrueSight Presentation Server. For details about how to prepare to migrate this data, see Migrating the Infrastructure Management policies and user data to the Presentation Server in the TrueSight Infrastructure Management documentation.
Security resources
BMC Atrium Single Sign-On
Setting up LDAP or Active Directory users in BMC Atrium Single Sign-On
Role-based user access overviews
TrueSight Infrastructure Management security
Security standards
BMC TrueSight Operations Management supports the following security standards.
| Standard | Component | Remarks |
|---|---|---|
| HTTPS protocol | TrueSight Presentation Server | Applicable when the App Visibility server sends events to the TrueSight Infrastructure Management component. Uses packaged self-signed certificate, which exists on the TrueSight Presentation Server and App Visibility server. To replace the self-signed certificates with signed certificates, see Changing security certificates in App Visibility components. |
| App Visibility server | ||
| TrueSight Infrastructure Impact Client API | App Visibility server | Applicable when the App Visibility server sends events to the TrueSight Infrastructure Management component. |
| Multiple | TrueSight Infrastructure Management | For details, see
Security planning
in the TrueSight Infrastructure Management documentation. |
| BMC Atrium Single Sign-On | TrueSight Presentation Server | Applicable when users log on to the TrueSight Presentation Server and launch TrueSight Infrastructure Management from the Operations Management console. To review the security standards used in the BMC Atrium Single Sign-On product, see
Key concepts
|
Location of security certificates and Java KeyStore files
During installation of the App Visibility component, self-signed certificates are created in the following locations to handle authentication between the components. If you prefer to use your own certificates, follow the procedures detailed in Changing security certificates in App Visibility components. For information about the security certificates used in the TrueSight Infrastructure Management server, see Location of the HTTPS/SSL private key on BMC TrueSight Infrastructure Management Server.
| Component server | Location |
|---|---|
TrueSight Presentation Server
| KeyStore files for AppVisibility component in the Presentation Server Windows
Linux
|
KeyStore that secures communication between clients (browser) and the TrueSight Presentation Server Windows %TRUESIGHTPSERVER_HOME%\truesightpserver\conf\secure\loginvault.ks Linux $TRUESIGHTPSERVER_HOME/truesightpserver/conf/secure/loginvault.ks | |
| App Visibility server and App Visibility Agent | Windows AppVisibilityServerInstallation\serverType\security Linux AppVisibilityServerInstallation/serverType/security
|
Data security
The installation of the App Visibility portal and App Visibility collector includes a MySQL database.
- The database user name and password are stored in installationDirectory/conf/secure/dbvault.ks.
- The username is not encrypted, but the password is encrypted using a proprietary hashing algorithm.
- During the installation, or at any time after, you can change the MySQL root password.
- The database user name and password cannot exceed 30 characters.
- For databases installed on Microsoft Windows systems, if you do not use the default database port number, use port numbers between 1 and 65535.
- For databases installed on Linux systems, if you do not use the default database port number, use port numbers between 1024 and 65535.
For more information about maintaining App Visibility data security, see the following topics:
Open ports
For a complete list of ports used by the TrueSight Operations Management solution, see Network ports.
Related topics
Importing a KeyStore file or replacing the certificate
Presentation Server system requirements
Access control for administrators of service providers
Access control for SaaS administrators
Performing the Presentation Server installation
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks
2 Comments
Jens Hermann
Melody Locke