Configuring the TrueSight Server Automation connector


TrueSight Server Automation connector is used to establish a connection between Automation Console and the TrueSight Server Automation Application Server. Automation Console sends notifications for jobs such as updating catalogs, and running patching jobs to the connector, which sends it to the TrueSight Server Automation. The connector ensures that even if the application server is in an air-gapped environment, communication between Automation Console and the application server is uninterrupted. 

By default, the connector establishes a connection over the HTTPS protocol using out-of-the-box self-signed certificates. To ensure seamless communication, you must provide the connector information in the hosts file on the Server Automation server as mentioned below:

Hosts file location and connector name

- Windows: C:\Windows\System32\drivers\etc\hosts

- Linux: /etc/hosts

<IPaddress of the server where the connector is installed> tssa.connector.bmc.com

While configuring the connector, you create a service account and specify the data refresh interval. The Data Refresh capability monitors jobs that affect the status of the missing patches and managed assets and regularly updates the job data in Automation Console. This service account is also used for change automation while obtaining approvals from BMC Remedy IT Service Management. 

If you have multiple Application Servers (MAS) set up in your TrueSight Server Automation environment, if one of the instances fails, you can edit the connector configuration and specify a different TrueSight Server Automation server. 

Important

When you edit the connector configuration, ensure that the server belongs to the Load Balancer or Disaster Recovery setup and is in the same environment as the existing connector host. If you specify a new server outside of these setups, the existing data is duplicated, leading to confusion and mismanagement.

Before you begin

Before running the connector, ensure that the connector is installed and run on Windows and Linux operating systems that match the following criteria:

  • AdoptOpenJDK Runtime Environment 17 is installed on the connector host.

  • Port requirements:

    Port

    Protocol

    Source

    Destination

    Inbound /outbound

    443

    HTTPS

    Connector

    HAC SaaS and Internet

    Outbound

    9843 OR <Customer configured port>

    HTTPS

    Connector

    TSSA Application Server 

    Outbound

    443

    HTTPS

    TSSA Application Server

    Connector

    Inbound

    • Connector's Outbound port 443 should be opened for ifm url mentioned in creds.json available in <connectorDirectory>/config/ folder. e.g.
      "endpoints": {        
              "ifm": "https://<url>"
          }

    Port

    Protocol

    Source

    Destination

    Inbound /outbound

    443

    HTTPS

    Connector

    HAC SaaS and Internet

    Outbound

    9843 OR <Customer configured port>

    HTTPS

    Connector

    TSSA Application Server 

    Outbound

    443

    HTTPS

    TSSA Application Server

    Connector

    Inbound

    • Connector's Outbound port 443 should be opened for ifm url mentioned in creds.json available in <connectorDirectory>/config/ folder. e.g.
      "endpoints": {        
              "ifm": "https://<url>"
          }

     

To configure the Server Automation connector for BMC Helix Automation Console

  1. In BMC Helix Automation Console, click Configuration and then click Connectors.
  2. On the Manage Connectors page, click Add Connector.
  3. On the Add Connector page, from the list of on-premises connectors, select Server Automation Connector.
  4. Click Add Configuration
  5. On the Add Connector page, perform the following steps: 
    1. In the Application Server Configuration section, enter the following information:
      1. Truesight Server Automation Host Name
      2. Truesight Server Automation Application Port
      3. Truesight Server Automation Role Name

        Can I provide a different TrueSight Server Automation host details while editing the connector?

        Yes, in case the existing Application Server fails, you can specify another Application Server only if it belongs to a multiple Application Servers (MAS) set up.

    2. In the Service Account Profile section, enter the user name, password, role, and the authentication method for the service account. 
      This account is used to log in to BMC Helix Automation Console with a Server Automation user profile. 
    3. In the TSSA properties field, enter comma-separated TSSA properties which will be managed as Managed Asset Tags in the Automation Console. For more information on Managed Asset Tags, see Importing Server Automation asset properties as managed tags.

      Important

      • The tags specified here will override the tags specified in the CSV, if they already exist. The latest data import takes precedence and overrides the existing tags. The import could be through a CSV file or by the tags that are specified while configuring the TSSA connector.
      • TSSA properties that are entered on the TSSA connector page should only be of the simple property type such as a string, an integer, a decimal, or a boolean value defined in Server Automation. Additionally, their default values should also be plain strings, without being selected by a macro.
    4. In the Collection Mode section, specify the data collection interval. 
      The time interval is 60 minutes by default. The minimum acceptable is 5 minutes, and the maximum is 10080 minutes.
  6. Click Create.
  7. Click Continue and download the connector zip file on a local host. 
  8. On the server where the connector file is extracted, go to the connector location, and run the following command to install and start the connector: 

    • Windows: run.bat
    • Linux: run.sh

    The connector starts running successfully. You can view the connector status on the Connectors page in BMC Helix Automation Console.

  9. (Optional for Windows) To configure the TrueSight Server Automation connector as a service, perform the following steps:
    1. Make sure the bsa-connector.xml file is available in a folder where the connector zip file is unzipped.
    2. Run the bsa-connector.exe install command. 
    3. A new service with the name BMC Server Automation Connector is created on the host and can be used as any other available service.
  10. (Optional for Linux) To configure the TrueSight Server Automation connector as a service, run the install.sh command. A new service with the name tssa-connector.service is created on the host and can be used as any other available service.

Can I configure a connector with any other user profile?

Yes. All users who have appropriate permissions can configure connectors in BMC Helix Automation Console. However, different users cannot configure separate instances of the same connector.

All Server Automation users who have appropriate permissions, can view the connectors that are currently configured and running in their environment on the Connectors page.

To import Server Automation asset properties as Managed Asset Tags into BMC Helix Automation Console

As a security compliance analyst, you can import Truesight Server Automation asset properties by specifying values in the TSSA properties field, while configuring the Truesight Server Automation connector. Upon successful connector sync operation, BMC Helix Automation Console loads all the specified TSSA properties as Managed Asset Tags along with the asset metadata.

Bu using the Managed Asset Tag filter in Advance filters in the Patch dashboard and Managed Assets page, you can filter the imported  Truesight Server Automation asset data based on their properties such as supplier name, system environment, customer, location, and so on to generate a customized reports for respective stakeholders to perform remediation actions.

To enable debug mode

Best practice
We recommend that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

  1. Press CTRL+C twice to stop the connector.
  2. Go to <ConnectorLocation>/config, open the application.properties file, and change the logging option to debug.

    #
    #Logging related Properties
    logging.level.com.bmc.dem=DEBUG
  3. Start the connector.

To enable web proxy support

After configuring the TrueSight Server Automation connector, perform the following steps to enable web proxy support:

  1. Download the connector.
  2. Download the Proxy certificate der file. Make sure the der file is imported to the cacerts of the connector machine and the jks file used for Helix Single Sign-On (HSSO).
  3. If the proxy is https enabled, download and import the certificate of the proxy server into the cacerts file of the connector machine.
    keytool -importcert -file "<file name>" -keystore "<path_to_java_installation_dir>\lib\security\cacerts" -alias "<name>"
  4. Navigate to the application.properties file of the connector and provide the following information:
    • proxyHost= bcx-pun-xxxxx.bmc.com
    • proxyPort=3129
    • proxyProtocol=https

Where to go next

Log in to Automation Console with the appropriate credentials to successfully verify the connector installation. See Accessing-and-navigating-the-Automation-Console-interface

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*