Security planning

The product architecture handles and provides security at various levels, as described in the following sections:

Related topics

Where to find more information

Configuring-a-secured-connection

Architecture

Data transfer

The product can securely transfer data:

  • Between various product components
  • From product components to external system components. External systems include all products integrated with BMC TrueSight IT Data Analytics and BMC PATROL Knowledge Module (KM) for IT Data Analytics. For more information, see Integrating.

Data flow

When encrypted

Browser to BMC TrueSight IT Data Analytics server

When HTTPS is configured in the BMC TrueSight IT Data Analytics server

Console Server to Collection Station

CLI to BMC TrueSight IT Data Analytics server

When HTTPS is configured in the BMC TrueSight IT Data Analytics server and in the CLI client

BMC TrueSight IT Data Analytics server to Search component

When HTTPS is configured in the Search component and the BMC TrueSight IT Data Analytics server client

Collection Agent to Collection Station

When HTTPS is configured in Collection Station and encryption in Payload Service

Collection Station to target hosts

When SSH remote collection is used

SMTP send for email

When SMTP is configured with credentials, TLS is used

BMC ProactiveNet Performance Management get and send data

When HTTPS connection type is used to configure BMC ProactiveNet Performance Management configuration

For more information about the default communication ports and protocols, see Communication ports and protocols.

User authentication and authorization

  • Users assigned an administrator role can configure user authentication and role-based access control (RBAC) from the BMC TrueSight IT Data Analytics Console. For more information, see User roles and permissions.
  • User authorization is defined by the data access control setting that allows granular control over functions and data access for different users. For more information, see Managing-user-groups.

Credentials

The following types of credentials are stored in encrypted form:

  • BMC TrueSight IT Data Analytics user credentials
  • SMTP email credentials
  • BMC ProactiveNet Performance Management server credentials
  • Credentials specified as part of credential profile creation and data collector creation

Credentials used for data collection are stored in encrypted form and are decrypted by the Collection Station or the Collection Agent just before passing the credentials to the external system for authentication. The product does not store or transfer the password in plain text. But the password is not encrypted when passed from the browser to the Console Server; to ensure complete security you need to enable security for the Console Server.

Note

The encryption and decryption keys are pre-configured in the product components. These keys are not visible to administrators and cannot be customized.

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*