Configuring the TrueSight Network Automation connector

Related topics

TrueSight Network Automation connector is used to establish a connection between TrueSight Network Automation and BMC Helix Automation Console. BMC Helix Automation Console sends notifications for jobs such as running remediation jobs to the connector, which sends it to TrueSight Network Automation. The connector ensures that communication between BMC Helix Automation Console and the application server is uninterrupted even if it is in an air-gapped environment.

By default, the connector establishes a connection over the HTTPS protocol using out-of-the-box self-signed certificates. To ensure seamless communication, you must provide the connector information in the hosts file on TrueSight Network Automation server as mentioned below:

Hosts file location and connector name

- Windows: C:\Windows\System32\drivers\etc\hosts

- Linux: /etc/hosts

<IPaddress of the server where the connector is installed> tsna.connector.bmc.com

You create a service account which is, a user account used to retrieve necessary details from endpoint so that Automation Console can use it for processing, and specify the data refresh interval (set time interval after which Automation Console retrieves new details from endpoint) while configuring the connector. This service account is also used for change automation while obtaining approvals from BMC Remedy IT Service Management.

Important

When you edit the connector configuration, ensure that the server belongs to the Load Balancer setup or the Disaster Recovery setup in the same environment as the existing connector host. If you specify a new server outside of the Load Balancer setup or the Disaster Recovery setup, the existing data is duplicated leading to confusion and mismanagement.

Before you begin

Make sure that the following prerequisites are met:

An HSSO configured TrueSight Network Automation instance is running in your environment.
Create a realm in TrueSight Network Automation with no devices and access only to the Administrator role. For more information, see Adding or editing a realm.

Install and run the connector on Windows or Linux operating systems based on the following criteria:

AdoptOpenJDK Runtime Environment 17 is installed on the connector host.

Port requirements:

Port	Protocol	Source	Destination	Inbound /outbound
443	HTTPS	Connector	HAC SaaS and Internet	Outbound
443 OR <Customer configured port>	HTTPS	Connector	TrueSight Network Automation Server	Outbound
443	HTTPS	TrueSight Network Automation Server	Connector	Inbound

Connector's Outbound port 443 should be opened for ifm url mentioned in creds.json available in <connectorDirectory>/config/ folder. For example,
"endpoints": { "ifm": "https://<url>"
}

To configure the TrueSight Network Automation Console connector

In BMC Helix Automation Console, click Configuration and then click Connectors.
On the Manage Connectors page, click Add Connector.
On the Add Connector page, from the list of available Connector types, select the TrueSight Network Automation connector.
On the Add configuration page, provide the following details:
1. In the Application Server Configuration section, provide the following information:
  1. Truesight Network Automation Host Name
  2. Truesight Network Automation Application Port
  3. Truesight Network Automation Realm Name: Use the realm name configured during TrueSight Network Automation setup in your system. This value is case-sensitive.
2. In the Service Account Profile section, provide the following information for the service account:
  1. User name
  2. Password
  3. Realm
    Best practice
    BMC recommends using the same realm name as defined in the Application Server Configuration section.
    This account is used to log in to BMC Helix Automation Console with a TrueSight Network Automation user profile.
3. In the Collection Mode section, specify the data collection interval.
  By default, the time interval is 5 minutes. The minimum acceptable interval is 5 minutes, and the maximum is 10080 minutes.
Click Save.
The connector zip file is downloaded on a local host
From the connector location on the server where the connector file is downloaded and extracted, run the following command to install and start the connector:
- Windows: run.bat
- Linux: run.sh
(Optional) To configure the TrueSight Network Automation connector as a service, perform the following steps:
1. Run the bna-connector.exe install command.
2. A new service, BMC Network Automation Connector, is created on the host and can be used as any other available service.

The connector starts running successfully. You can view the connector status on the Connectors page in BMC Helix Automation Console.

Can I configure a connector with any other user profile?

Yes. All users who have appropriate permissions can configure connectors in BMC Helix Automation Console. However, different users cannot configure separate instances of the same connector.

All Network Automation users, who have appropriate permissions, can view the connectors that are currently configured and running in their environment on the Connectors page.

To enable debug mode

Best practice
We recommend that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

Press CTRL+C twice to stop the connector, if it's already running
Navigate to <ConnectorLocation>/config, open the application.properties file, add the following parameter, and set it to debug.
#
#Logging related Properties
#
logging.level.com.bmc.dem.bna.connector=debug
Save the file.
Restart the connector.

To install the security certificate for the TrueSight Network Automation connector

The communication with TrueSight Network Automation is secured by default. The security certificate is verified based on the value of the tsna.ssl.check.ignore parameter.

Verify the value of the tsna.ssl.check.ignore parameter in the application.properties file. By default, the value is false. This means, the communication is secured.
If you do not want the communication to be secured, update the value of the tsna.ssl.check.ignore parameter to true.

Important

Before installing the security certificate, make sure the TrueSight Network Automation hostname configured in the connector is same as the certificate's host or domain name.

Perform the following steps to install the security certificate:

Open the TrueSight Network Automation portal URL in a browser.
Click Export.
Save the certificate as a .crt file. While saving, rename the certificate as tsna.

Depending on your installation environment, copy the tsna.crt file to the following location:

Installation environment	Copy the tsna.crt file to
Automation Console is deployed using Stack Manager	/opt/bmc/truesight/common/certs/
Automation Console is deployed on Kubernetes clusters	/configs/external/certs
BMC Helix Automation Console	Windows Connector VM Import the tsna.crt file manually using the following keytool command: ( ${JAVA_HOME}\keytool -import -keystore ${JAVA_HOME}\lib\security\cacerts -storepass changeit -noprompt -alias tsna -file tsna.crt) Linux Connector VM run.sh takes care of importing tsna.crt file if its placed under /opt/certs folder.

Restart the TrueSight Network Automation connector.

Where to go next?

Log in to BMC Helix Automation Console with the appropriate credentials to successfully verify the connector installation. For more information, see User interface fundamentals.