Managing security

During installation of the BMC Application Diagnostics Server and Agents you select the security level for communication between the components. Ensure that you select the same security level for all the components.

Note

After any manual configuration, you must restart the BMC Application Diagnostics component.

The following topics are presented:

Setting the security level

BMC Application Diagnostics provides the following security levels for communication between Server and Agents.

  • HTTP
    All communication between components is done over HTTP.
  • HTTPS
    All communication between components is done over encrypted HTTPS and all components are authenticated to one another.

Set the security level during installation of the components. You must set the same security level for all components: Server (Portal and Collector) and Agent.

To change the Portal security level after installation

Click to see steps.
  1. On the computer with the Portal installation, navigate to the portal.properties file, located in the following directory:
    • (Windows) <InstallationDirectory>\portal\properties
    • (Linux) <InstallationDirectory>/portal/properties
  2. Open the file and set the connection.security.level property to one of the following options:
    • not_secured
    • encrypted_authenticated
      Example
      connection.security.level=encrypted_authenticated
  3. Restart the Portal.

To change the Collector security level after installation

Click to see steps.
  1. On the computer with the Collector installation, navigate to the collector.properties file, located in the following directory:
    • (Windows) <InstallationDirectory>\collector\properties
    • (Linux) <InstallationDirectory>/collector/properties
  2. Open the file and set the portal.connection.protocol property to one of the following options:
    • If the Portal security level is not secured, set to http

    • If the Portal security level is encrypted HTTPS, set to https

      Example
      portal.connection.protocol=https
  3. Set the portal.connection.port property to one of the following options:
    • If the Portal security level is not secured, set to match the port used for Portal HTTP

    • If the Portal security level is encrypted HTTPS, set to match the port used for Portal HTTPS

      Example
      portal.connection.port=8243
  4. Restart the Collector.

To change the Agent security level after installation

Click to see steps.
  1. On the computer with the Agent installation, navigate to the appropriate file:
    • BMC Application Diagnostics Agent for Java
      • (Windows) <InstallationDirectory>\properties\portal.connection.properties
      • (Linux) <InstallationDirectory>/properties/portal.connection.properties
    • BMC Application Diagnostics Agent for .NET
      • (Windows, only) <InstallationDirectory>\properties\agent.properties
  2. Open the file and set the portal.connection.protocol  property to one of the following options:
    • If the Portal security level is not secured, set to http

    • If the Portal security level is encrypted HTTPS, set to https

      Example
      portal.connection.protocol=https
  3. Set the portal.connection.port  property to one of the following options:
    • If the Portal security level is not secured, set to match the Portal HTTP port

    • If the Portal security level is encrypted HTTPS, set to match the Portal HTTPS port

      Example
      portal.connection.port=8243
  4. Restart the Agent.

Changing the Portal address in the BMC Application Performance Management console

To perform this procedure, you must have Administrator-level access, or higher.

  1. In the BMC Application Performance Management Console, from the System Access tab, click Diagnostics Configuration > System Configuration.
  2. In the Portal Address panel, click the arrow in the upper-right corner and select Edit.

  3. Enter the Portal connection information.

  4. Click Save.

Using your own certificates

By default, BMC Application Diagnostics uses pregenerated self-signed certificates for authentication. If you prefer to use your own certificates, you need to edit each of the following files to create new keystore and truststore files that point to the correct location for each component.

Security files for the BMC Application Diagnostics Portal
Security files for the BMC Application Diagnostics Collector
Security files for the BMC Application Diagnostics Agent for Java
Security files for the BMC Application Diagnostics Agent for .NET

Notes

  1. If the paths to the certificate files (<KeystoreFileName>.p12 and/or <TruststoreFileName>.cer) are relative, they are treated as relative to the <InstallationDirectory>\properties directory.
  2. <KeystoreFileName>.p12 file should be in X.509/PKCS #12 format.
  3. <TruststoreFileName>.cer file should be in X.509/PKCS #7 format.
Security files for the BMC Application Performance Management Console

Refer to the Java Keytool documentation on the Oracle website.

Changing encrypted passwords

Passwords are encrypted to improve security. Before you change a password to a different password, you must first encrypt the new password and then copy the encrypted password to the relevant location in the properties file. Use the following procedure to encrypt a password.

To encrypt a password

Windows

  1. Open a command prompt, and run the following command:
    <InstallationDirectory>\portal\bin\passwordEncrypt.bat <NewPassword>
    A message is displayed while the password is encrypted.
     When encryption is complete, the encrypted password is displayed.
  2. Copy the encrypted password and paste it in the relevant properties file.

Linux

  1. Run the following command:
    <InstallationDirectory>/portal/bin/passwordEncrypt.sh <NewPassword>
    A message is displayed while the password is encrypted.
     When encryption is complete, the encrypted password is displayed.
  2. Copy the encrypted password and paste it in the relevant properties file.
     Keystore passwords are located in the following locations.

Encrypted password locations

The various components' passwords are located in the following files. Changes to any of the property files requires a restart of the component.

  • Agent password:
    Save the file and restart the Agent.
    • (Java) located in portal.connection.properties
    • (.NET) located in Agent.properties
  • Portal password: located in portal.properties
    Save the file and restart the Portal.
  • Collector password: located in collector.properties
    Save the file and restart the Collector.
  • BMC Application Performance Management Console password: located in adops_rest.properties
    Save the file and restart the application server where the BMC Application Performance Management Console is installed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*