Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring the Integration Service for extended security

After you install the Integration Service, you can configure it for extended security. This allows the BMC PATROL Agent to connect only to the Integration Service that you specify and not to multiple Integration Services. If you have installed the Integration Service in a clustered setup, to configure for extended security, you must configure both the primary and the secondary Integration Services.

Configuring the Integration Service for extended security

  1. Generate a key for the Integration Service by running the pw remote generateiskey integrationServiceName command. For example, pw remote generateiskey IS-1 where IS-1 is the name of the Integration Service connected to the BMC TrueSight Infrastructure Management Server. The key is generated in a .cfg file.
  2. After the key is generated, save the .cfg file in your computer.

  3. Export the key to a particular location as follows:

    pw remote exportiskey <integrationServiceName> -file <PathOnISMachine>\key1.cfg
  4. Apply the exported key to the BMC PATROL Agent as follows:

    (on Microsoft Windows)
    1.  In the computer on which the BMC PATROL Agent is installed, go to the HKEY_LOCAL_MACHINE\SOFTWARE\BMC Software\Patrol\SecurityPolicy_v3.0\PROXY\client registry entry.
    2. Add a new key by right-clicking and selecting New > Key.
    3. Name the key security_mode and set the value of the key to KNOWN_HOST.

(on UNIX)


    1. Add the following new property in the /etc/patrol.d/security_policy_v3.0/proxy.plc file ([client] section):
security_mode = KNOWN_HOST 

Note

 On an IPv6 system, restart the primary Integration Service after generating the security key.

Configuring the secondary Integration Service for extended security

In a clustered setup, you must configure the primary and the secondary Integration Services.

  1. After configuring the primary Integration Service for extended security, copy the .db file from integrationServiceInstallationDirectory/pw/patrol/common/security/sks to the corresponding location of the secondary Integration Service.
  2. Restart the secondary Integration Service.

Importing the Integration Service key to the BMC PATROL Agent

After generating a key to configure the Integration Service for extended security, you must import the key to the BMC PATROL Agent. To import the key:

  1. On the navigation pane of the Central Monitoring Administration UI, click Policies > Monitoring > All.
  2. Click the Add icon to add a monitoring policy.
  3. In the Monitoring Policy Configuration screen, click Configuration Variables.
  4. In the Configuration Variables screen, click the Import icon.
  5. Select the location of the .cfg file that contains the key and click Open.
    The key is imported and displayed in the Configuration Variables screen.

Related topics

Installing-the-Integration-Service-and-Cell

Managing an Integration Service cluster through Central Monitoring Administration

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*