Managing security

During installation of the BMC Application Diagnostics Server and Agents you select the security level for communication between the components. Ensure that you select the same security level for all the components.

Note

After any manual configuration, you must restart the BMC Application Diagnostics component.

The following topics are presented:

Setting the security level

BMC Application Diagnostics provides the following security levels for communication between server and agents.

  • Not secured
     All communication between components is done over HTTP.
  • Encrypted authenticated
     All communication between components is done over encrypted HTTPS and all components are authenticated to one another.

Set the security level during installation of the components. You must set the same security level for all components: server (portal and collector) and agent.

To change the portal security level after installation

Click to see steps
  1. On the computer with the portal installation, navigate to the portal.properties file, located in the following directory:
    • (Windows) <InstallationDirectory>\portal\properties
    • (Linux) <InstallationDirectory>/portal/properties
  2. Open the file and set the connection.security.level property to one of the following options:
    • not_secured
    • encrypted_authenticated

       

      connection.security.level=encrypted_authenticated
  3. Restart the portal.

To change the collector security level after installation

Click to see steps
  1. On the computer with the collector installation, navigate to the collector.properties file, located in the following directory:
    • (Windows) <InstallationDirectory>\collector\properties
    • (Linux) <InstallationDirectory>/collector/properties
  2. Open the file and set the portal.connection.protocol property to one of the following options:
    • If the portal security level is not_secured, set to http
    • If the portal security level is encrypted_authenticated, set to https

       

      portal.connection.protocol=https
  3. Set the portal.connection.port property to one of the following options:
    • If the portal security level is not_secured, set to match the port used for portal HTTP
    • If the portal security level is encrypted_authenticated, set to match the port used for portal HTTPS

       

      portal.connection.port=8243
  4. Restart the collector.

To change the agent security level after installation

Click to see steps
  1. On the computer with the agent installation, navigate to the appropriate file:

    • The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

      Agent for Java EE
      • (Windows) <InstallationDirectory>\properties\portal.connection.properties
      • (Linux) <InstallationDirectory>/properties/portal.connection.properties

    • The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

      Agent for .NET
      • (Windows, only) <InstallationDirectory>\properties\agent.properties
  2. Open the file and set the portal.connection.protocol property to one of the following options:
    • If the portal security level is not_secured, set to http
    • If the portal security level is encrypted_authenticated, set to https

       

      portal.connection.protocol=https
  3. Set the portal.connection.port property to one of the following options:
    • If the portal security level is not_secured, set to match the portal HTTP port
    • If the portal security level is encrypted_authenticated, set to match the portal HTTPS port

       

      portal.connection.port=8243
  4. Restart the agent.

Changing the portal address in the BMC Application Performance Management console

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Using your own certificates

By default, BMC Application Diagnostics uses pregenerated self-signed certificates for authentication. If you prefer to use your own certificates, you need to edit each of the following files to create new keystore and truststore files that point to the correct location for each component.

Security files for the BMC Application Diagnostics Portal
Security files for the BMC Application Diagnostics Collector
Security files for the BMC Application Diagnostics Agent for Java
Security files for the BMC Application Diagnostics Agent for .NET

Windows, only:

Configuration file name

agent.properties

configuration file location

<InstallationDirectory>\properties

Relevant configuration options

key.store.file.name=<KeystoreFileName>.p12
trust.store.file.name=<TruststoreFileName>.cer
key.store.password.enc=<encrypted_password>

Notes

  1. If the paths to the certificate files (<KeystoreFileName>.p12 and/or <TruststoreFileName>.cer) are relative, they are treated as relative to the <InstallationDirectory>\properties directory.
  2. <KeystoreFileName>.p12 file should be in X.509/PKCS #12 format.
  3. <TruststoreFileName>.cer file should be in X.509/PKCS #7 format.
Security files for the BMC Application Performance Management Console

Refer to the Java Keytool documentation on the Oracle website.

Changing encrypted passwords

Passwords are encrypted to improve security. Before you change a password to a different password, you must first encrypt the new password and then copy the encrypted password to the relevant location in the properties file. Use the following procedure to encrypt a password.

To encrypt a password

Windows

  1. Open a command prompt, and run the following command:
    <InstallationDirectory>\portal\bin\passwordEncrypt.bat <NewPassword>
     A message is displayed while the password is encrypted.
     When encryption is complete, the encrypted password is displayed.
  2. Copy the encrypted password and paste it in the relevant properties file.

Linux

  1. Run the following command:
    <InstallationDirectory>/portal/bin/passwordEncrypt.sh <NewPassword>
     A message is displayed while the password is encrypted.
     When encryption is complete, the encrypted password is displayed.
  2. Copy the encrypted password and paste it in the relevant properties file.
     Keystore passwords are located in the following locations.

Encrypted password locations

The various components' passwords are located in the following files. Changes to any of the property files requires a restart of the component.

  • Agent password:
     Save the file and restart the agent.
    • (Java EE) located in portal.connection.properties
    • (.NET) located in agent.properties
  • Portal password: located in portal.properties
     Save the file and restart the portal.
  • Collector password: located in collector.properties
     Save the file and restart the collector.
  • BMC Application Performance Management Console password: located in adops_rest.properties
     Save the file and restart the application server where the BMC Application Performance Management Console is installed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*