Encrypting your database connection
TrueSight Server Automation – Data warehouse does not support using an encrypted Microsoft SQL Server database or Oracle database connection at the time of installation or upgrade. However, after the product is installed or upgraded successfully, TrueSight Server Automation – Data warehouse can use an encrypted connection to communicate with the Microsoft SQL Server database or Oracle database.
This topic describes the steps for encrypting your database connection to TrueSight Server Automation – Data warehouse:
Enabling encryption in SQL Server database connection
Enabling encryption in a SQL Server database connection using third-party CA certificates
Depending on your company's policy, you can choose any third-party certificate authority (CA) to issue certificates for Server Authentication.
Step 1: Install certificate and configure the SQL Server to accept encrypted connections
Refer to the Microsoft documentation for the detailed steps on Enabling Encrypted Connections to the Microsoft SQL Server Database Engine.
Step 2: Configure the TrueSight Server Automation Data Warehouse server
Perform the following steps on all your TrueSight Server Automation Data Warehouse server to communicate with encrypted database:
- Obtain the third-party CA certificate of Database Server and copy to the TrueSight Server Automation Data Warehouse server to a temporary location.
- Navigate to the <TSSADW_install_dir>\shared\ConfigurationManagement and open the bds.properties file and change value of SSL_DATABASE_CONNECTION to true, and save the changes
From the command prompt navigate to <TSSADW_install_dir>\jre\bin and enter the following command to import the public key certificate file into the TrueSight Server Automation - Data Warehouse keystore.
keytool -import -v -trustcacerts -alias <alias_name> -file <path_where_3rd_party_cert_is_copied> -keystore <tssadw_installation_directory>/jre/lib/security/cacerts- When prompted for a password, enter the password that is set for JRE cacerts keystore in TrueSight Server Automation - Data Warehouse. The default password set for cacerts is typically changeit.
- Restart the following services:
- TrueSight Server Automation - Data Warehouse Web Server
- BMC SARA Authentication
Enabling encryption in Oracle database connection
Perform the following steps for encrypting the connection to your Oracle database.
Step 1: Configure Oracle database to accept encrypted connections
For detailed steps on enabling encryption on your Oracle database server, using Oracle Advanced Security, refer to the Oracle Database documentation.
Step 2: Configure the TrueSight Server Automation - Data Warehouse server
Perform the following steps on all your TrueSight Server Automation - Data Warehouse server to communicate with TCPS encrypted database:
- Obtain the Database Server certificate and copy to the TrueSight Server Automation Data Warehouse server to a /tmp location.
- Navigate to the <TSSADW_install_dir>/shared/ConfigurationManagement and open the bds.properties file.
- Modify the following parameters and save the changes.
- SSL_DATABASE_CONNECTION=true
- BSA_DATABASE_PORT=<tcps_port>
- {{code language="none"}}
BSA_SITEx_SOURCE_DATABASE_PORT=<tcps_port>
{{/code}}
From the command prompt navigate to <TSSADW_install_dir>/jre/bin and enter the following command to import the public key certificate file into the TrueSight Server Automation - Data Warehouse keystore:
./keytool -import -v -trustcacerts -alias <alias_name> -file <path_where_oracle_wallet_cert_is_copied> -keystore <tssadw_installation_directory>/jre/lib/security/cacerts- When prompted for a password, enter the password that is set for JRE cacerts keystore in TrueSight Server Automation - Data Warehouse. The default password set for cacerts is typically changeit.
- Login as DWAdmin.
- Go to Configuration > Database Details
- Click Modify for TrueSight Server Automation - Data Warehouse connection.
Enter the password and save.