Securing communication between product components

You can secure communication between the TrueSight Capacity Optimization components by using Transport Layer Security (TLS) version 1.2 with server certificate validation. 

The components might act as a client or a server based on the context of communication. To achieve TLS mode of communication, the security certificates need to be authenticated between a client and a server. If a component is operating as a client, it requires a truststore to verify a server certificate.

The server certificate must be a certificate that is signed by a certification authority (CA) that your organization recommends. The security administrator of your organization can provide you the required CA-signed certificate or you can create a request to obtain a signed certificate from a CA.

Important

You can enable TLS version 1.3 between BMC Helix Continuous Optimization Agents and Gateway Server, and use these components with TrueSight Capacity Optimization version 20.02.02 for improved security. For details, see Enabling-TLS-server-certificate-validation-between-BMC-Helix-Continuous-Optimization-Agents-and-the-Gateway-Server.

Related topics

TLS-considerations-for-TrueSight-Capacity-Optimization

Disabling-TLS

Installing

Administering

You can switch from the default inter-component security configuration to TLS 1.2 configuration after you install the product components. There are different communication channels established between the TrueSight Capacity Optimization components. You must perform the TLS configurations per communication channel. 


 For detailed instructions, see the following topics:

The Remedy Single Sign-On Server and Presentation Server require on installation of a proper certificate chain setup when using the HTTPS protocol. The certificates from the remote listener must be imported into the truststore file of products, that is the default cacerts file. For details, see Implementing private certificates in TrueSight Operations Management.  The default security configuration of TrueSight Capacity Optimization does not require certificates from the remote TLS listener, until TLS 1.2 protocol version is enabled.

Where to go from here

Installing-a-CA-signed-certificate-into-the-embedded-web-server


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*