Enabling security for the Collection Station

This topic provides instructions on enabling security for the Collection Station, as follows:

• Enable security for the Payload Service (data flow from the Collection Agent to the Collection Station). For more information, see Enabling security for the Payload Service.

• Enable security for the Configuration Channel (configuration data flow from the Collection Station to the Collection Agent). For more information, see Enabling security for the Configuration Channel.

Before you begin

• Ensure that you have generated a KeyStore and a TrustStore (in the JKS format). For more information, see Generating a KeyStore and TrustStore.
• Ensure that you have generated a self-signed certificate.

To enable security for the Payload Service

1. Configure the Collection Agent and the Collection Station, as follows:
   
   • Collection Agent:
     
     1. Navigate to the following directory, as appropriate:

1. • 1. • Windows: %PATROL_HOME%\bww\udc\conf

1. • 1. • Linux: $PATROL_HOME/bww/udc/conf

1. • 1. Perform the following actions:
        
        • Copy the server.jks file obtained while generating the TrustStore.

        • Locate the flume.conf file and open it in a text editor and set the directory path to the TrustStore that you generated earlier by adding the following lines:

          a1.sinks.k1.ssl = true

          a1.sinks.k1.truststore = <TrustStoreLocationPath>

          a1.sinks.k1.truststore-password = <TrustStorePassword>

          a1.sinks.k1.truststore-type = JKS

          where,

          <TrustStoreLocationPath> refers to the absolute path of the TrustStore location. On Windows, this path must be specified in the UNIX-style syntax (with forward slashes). For example, %PATROL_HOME%\bww\udc\conf.

          <TrustStorePassword> refers to the password that you provided while generating the TrustStore.

     2. Save your changes.
   • Collection Station:
     1. Navigate to the following directory, as appropriate:
        • Windows: %BMC_ITDA_HOME%\station\collection\custom\conf
        • Linux: $BMC_ITDA_HOME/station/collection/custom/conf/
     2. Locate the flume.conf file and open it in a text editor.

     3. Set the directory path to the KeyStore that you generated earlier by adding the following lines:

        a1.sources.r1.ssl=true

        a1.sources.r1.keystore=<KeyStoreLocationPath>

        a1.sources.r1.keystore-password=<KeyStorePassword>

        a1.sources.r1.keystore-type = JKS

        where, 

        KeyStoreLocationPath refers to the absolute path of the KeyStore location. On Windows, this path must be specified in the UNIX-style syntax (with forward slashes). For example, C:/Program Files/BMC Software/TrueSight/ITDA.

        KeyStorePassword refers to the password that you provided while generating the KeyStore.

     4. Save your changes.
2. Re-start the Collection Agent and the Collection Station. For more information, see Starting-or-stopping-product-services.

To enable security for the Configuration Channel

1. Configure the Collection Agent and the Collection Station, as follows:
   • Collection Agent:
     
     1. Navigate to the following directory, as appropriate:
        • Windows: %PATROL_HOME%\bww\udc\conf

1. • 1. • Linux: $PATROL_HOME/bww/udc/conf

1. • 1. Locate the agent.properties file and open it in a text editor.
     2. Add the property, stationprotocol=https.
     3. Save your changes.
   • Collection Station:
     1. Navigate to the following directory, as appropriate:
        • Windows: %BMC_ITDA_HOME%\station\collection\custom\conf\
        • Linux: $BMC_ITDA_HOME/station/collection/custom/conf/
     2. Locate the agent.properties file and open it in a text editor.

     3. Add the following properties:

        • stationprotocol=https
        • keystoreFilePath=<KeyStoreLocationPath>
        • keystoreFilePassword=<KeyStorePassword>

        In the preceding properties, the following values apply:

        • <KeyStoreLocationPath> refers to the directory path where the KeyStore is located. On Windows, this path must be specified in the UNIX-style syntax (with forward slashes) and with a forward slash at the beginning of the path.
        • <KeyStorePassword> refers to the KeyStore password that you provided while generating the KeyStore.
     4. Save your changes.
2. Re-start the Collection Agent and the Collection Station. For more information, see Starting-or-stopping-product-services.