Managing security

The security mode determines the security level of the HTTP connection between the different BMC Application Diagnostics components (server, agent, and console). When you install the BMC Application Diagnostics Portal (a part of the server), you must select the system security mode. After you select the security mode, all components are configured in the selected security mode. It might take up to 10 minutes for the system to be secured, depending on the collectors and agents handshake interval.

• • Setting the security mode
    • To change the security mode after installation
  • Changing the portal address in the BMC Application Performance Management console
    • To change the portal address
  • Using your own certificates
    • Security files for the BMC Application Diagnostics Agent
    • Security files for the BMC Application Diagnostics Portal
    • Security files for the BMC Application Diagnostics Collector
    • Security files for the BMC Application Performance Management Console
  • Changing encrypted passwords
    • To encrypt a password
    • Encrypted password locations

Setting the security mode

The security mode determines the security level of the HTTP connection. The following modes are available:

• Not Secured. Select this option to set the communication protocol to HTTP.
• Encrypted. Select this option to set the communication protocol to HTTPS.
   The BMC Application Diagnostics Portal and Collector authenticate the BMC Application Performance Management console and BMC Application Diagnostics Agent.
• Encrypted Authenticated. Select this option to set the communication protocol to authenticated HTTPS.
   All components authenticate one another.

During BMC Application Diagnostics Server installation, select the security mode in the BMC Application Diagnostics Portal installation utility.

To change the security mode after installation

1. On the computer on which the Portal is installed, navigate to <InstallationDirectory>\portal\properties (for Windows) or <InstallationDirectory>/portal/properties (for Linux).
2. Open the portal.properties file.
3. Set the connection.security.level property to one of the three options:
   • not_secured
   • encrypted
   • encrypted_authenticated

Changing the portal address in the BMC Application Performance Management console

If the BMC Application Diagnostics Portal is working in one of the secured modes (encrypted or encrypted-authenticated), then the portal’s address in the BMC Application Performance Management Console properties file must be changed accordingly to use the correct HTTP or HTTPS port number.

To change the portal address

For more information, see Manually-Configuring-BMC-Application-Diagnostics-on-the-BMC-Application-Performance-Management-Console.

Using your own certificates

By default, BMC Application Diagnostics uses pregenerated self-signed certificates for authentication. If you prefer to use your own certificates, you need to edit each of the following files to create new keystore and truststore files that point to the correct location for each component.

Security files for the BMC Application Diagnostics Agent

Security files for the BMC Application Diagnostics Portal

Security files for the BMC Application Diagnostics Collector

Security files for the BMC Application Performance Management Console

Refer to the Java Keytool documentation on the Oracle website.

Changing encrypted passwords

Passwords are encrypted to improve security. Before you change a password, you must first encrypt it. Use the following procedure to encrypt a password.

To encrypt a password

For Windows

1. Open a command prompt, and run the following command:
   <InstallationDirectory>\portal\bin\passwordEncrypt.bat <NewPassword>
    A message is displayed while the password is encrypted.
    When encrypted, the secret password is displayed.
2. Copy the encrypted secret password and paste it in the relevant properties file.

For Linux

1. Run the following command:
   <InstallationDirectory>/portal/bin/passwordEncrypt.sh <NewPassword>
    A message is displayed while the password is encrypted.
    When encrypted, the secret password is displayed.
2. Copy the encrypted secret password and paste it in the relevant properties file.
    Keystore passwords are located in the following locations.

• Agent password: portal.connection.properties
  If you change any of the properties, save the file, and restart the Agent.

Encrypted password locations

The various components' passwords are located as follows.

• Portal password: located in portal.properties
   If you change any of the properties, save the file, and restart the Portal.

• Collector password: located in collector.properties
   If you change any of the properties, save the file, and restart the Collector.

• BMC Application Performance Management Console password: located in adops_rest.properties
   If you change any of the properties, save the file, and restart the application server where the BMC Application Performance Management Console is installed.