Configuring the TrueSight Network Automation connector

TrueSight Network Automation connector is used to establish a connection between TrueSight Network Automation and the TrueSight Server Automation Application Server. Automation Console sends notifications for jobs such as running

vulnerability jobs to the connector, which sends it to the TrueSight Network Automation. The connector ensures that even if the application server is in an air-gapped environment, communication between Automation Console and the application server is uninterrupted. 

By default, the connector establishes a connection over the HTTPS protocol using out-of-the-box self-signed certificates. To ensure seamless communication, you must provide the connector information in the hosts file on TrueSight Network Automation server as mentioned below:

Hosts file location and connector name

- Windows: C:\Windows\System32\drivers\etc\hosts

- Linux: /etc/hosts

<IPaddress of the server where the connector is installed>  tsna.connector.bmc.com

You create a service account [an user account used to retrieve necessary details from endpoint so that Automation Console can use it for processing] and specify the data refresh interval [set time interval after which Automation Console retrieves new details from endpoint] while configuring the connector. This service account is also used for change automation while obtaining approvals from BMC Remedy IT Service Management. 

Important

When you edit the connector configuration, ensure that the server belongs to the Load Balancer setup or the Disaster Recovery setup in the same environment as the existing connector host. If you specify a new server outside of the Load Balancer setup or the Disaster Recovery setup, the existing data is duplicated leading to confusion and mismanagement.

Before you begin

Before running the connector, ensure that the connector is installed and run on Windows and Linux operating systems that match the following criteria:

  • Port requirements: 

    Port

    Protocol

    Source

    Destination

    Inbound /outbound

    443 OR <Customer configured port>

    HTTPS

    Connector

    TrueSight Network Automation

    Outbound

    443

    HTTPS

    TrueSight Network Automation (web services port)

    Connector

    Inbound

To update the TrueSight Network Automation connector for TrueSight Automation Console

When you install TrueSight Automation Console, the TrueSight Network Automation connector is already configured and running. From the Briefcase.pngbriefcase menu, go to Connectors and the TrueSight Network Automation connector is shown as running. 

On the Connectors > Manage Connectors page do the following:

  1. Click the image2020-7-7_13-33-33.png option against the TrueSight Network Automation connector and then click Edit.
    On the Update a Connector page, the TrueSight Network Automation server details, service account user details, and the data refresh interval is displayed. 
    By default, the time interval is 60 minutes. Minimum is 5 minutes and maximum is 10080 minutes.

  2. Make changes as per your requirement and save the connector configuration. 
    After entering the password, click Save.

    Can I provide a different TrueSight Server Automation host details while editing the connector?

    Yes, in case of failure of the existing Application Server, you can specify another Application Server.

  3. Click image2020-7-7_13-33-33.png> Enable to run the connector with the new changes. 

To enable debug mode

BMC recommends that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

Do this:

  1. #
    #Logging related Properties
    #
    logging.level.com.bmc.dem.bna.connector=debug

    Press CTRL+C twice to stop the connector, if its already running

  2. Go to <ConnectorLocation>/config, open the application.properties file, add the following parameter and set it to debug, save the file
  3. Restart the connector.

To install the security certificate for the TrueSight Network Automation connector

In the older releases, the communication between TrueSight Automation Console and TrueSight Network Automation is not secured. Though the security certificate is present, it is not verified.

Starting with the 23.1 release, the communication between TrueSight Automation Console and TrueSight Network Automation is secured by default. The security certificate is verified based on the value of the tsna.ssl.check.ignore parameter.

  • Verify the value of the tsna.ssl.check.ignore parameter in the application.properties file. By default, the value is false. This means, the communication is secured.
  • If you do not want the communication to be secured, update the value of the tsna.ssl.check.ignore parameter to true
Important

Before installing the security certificate, make sure the TrueSight Network Automation hostname configured in the connector is same as the certificate's host or domain name.

Perform the following steps to install the security certificate:

  1. Open the TrueSight Network Automation portal URL in a browser.
  2. Click Export
  3. Save the certificate as a .crt file. While saving, rename the certificate as tsna.

  4. Depending on your installation environment, copy the tsna.crt file to the following location and perform the actions as mentioned: 

    Installation environment

    Copy the tsna.crt file to

    Actions to be performed

    Automation Console is deployed using Stack Manager


    /opt/bmc/truesight/common/certs/

    1. Set the permission tsna.crt file to 644 if not already using the following command:
      chmod 644 tsna.crt.
    2. Execute the following command to verify if the keystore file cacerts of TrueSight Network Automation docker container of Automation Console node contains an entry for alias named tsna. The keystore password is changeit.
      keytool -v -list -keystore ${JAVA_HOME}\lib\security\cacerts -alias tsna
    3. If the alias named tsna not present, then import the tsna.crt certificate manually using the following command into the TrueSight Network Automation docker container of Automation Console node:
      ${JAVA_HOME}\keytool -import -keystore ${JAVA_HOME}\lib\security\cacerts -storepass changeit -noprompt -alias tsna -file tsna.crt

    4. Restart the TrueSight Network Automation docker container after importing.

    5. Try logging to Automation Console node using the url <TSAC-hostname:<portnumber>/tsna/login>

    Automation Console is deployed on Kubernetes clusters

    /configs/external/certs

    NA

    BMC Helix Automation Console

    • Windows Connector VM
    • Linux Connector VM
    • For Windows Connector VM
      • Import the tsna.crt file manually using the following keytool command:
        ( ${JAVA_HOME}\keytool -import -keystore ${JAVA_HOME}\lib\security\cacerts -storepass changeit -noprompt -alias tsna -file tsna.crt)
         
    • For Linux Connector VM
      • run.sh takes care of importing tsna.crt file if it is placed under /opt/certs default folder of docker TrueSight Network Automation container.


  5. Restart the TrueSight Network Automation connector.

Where to go next?

Log in to Automation Console with the appropriate credentials to successfully verify the connector installation. See Accessing-and-navigating-the-Automation-Console-interface



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*