Configuring the TrueSight Environment for the BMC Helix CMDB integration

As a TrueSight Operations Management administrator, do the following:

  1. Import certificates into the TrueSight Infrastructure Management server.
  2. Configure the Helix Client Gateway.
  3. Configure the BMC Helix Change Management integration in TrueSight Infrastructure Management.
  4. Verify the integration.

This section explains each procedure in detail.


Step 1: Importing certificates into the TrueSight Infrastructure Management server

Do the following:

  1. Obtain the certificates from the Helix Network team or use the following URL to download them:
    https://testssl.onbmc.com/
    The following certificates are required:
    • Name: digicert_global_root.cer
      Alias: rootCA
    • Name: digicert_sha_256.cer
      Alias: intermediateCA

    • Name: onbmc_wildcard.cer
      Alias: onbmc_wildcardCA

      Keystore location

      The cacerts keystore is located at <TrueSight Infrastructure Management Installation Directory>/pw/jre/lib/security.

      The pnserver.ks keystore is located at <TrueSight Infrastructure Management Installation Directory>/pw/pronto/conf.

  2. For TrueSight Operations Management version 11.3.02 or later, do the following to install the certificates in the TrueSight Operations Management keystore/truststore.
    1. On the TrueSight Presentation Server run the following command:
      pw certificate import BSR
    2. Enter the BMC Service Resolution server details <host:port> to download the certificates. 
      The port number is optional. If you do not enter the port number, the default port 443 is used.
  3. For TrueSight Operations Management version 11.3.01 or earlier, do the following to install the certificates in the TrueSight Operations Management keystore/truststore.
    1. On the computer where the TrueSight Infrastructure Management server is installed, back up the following files:

      • <

        TrueSight Infrastructure Management

         Installation Directory>/pw/jre/bin/lib/security/cacerts

      • <

        TrueSight Infrastructure Management

         Installation Directory>/pw/jre/bin/pw/pronto/conf/pnserver.ks

    2. Run the following commands in the order shown below:
      1. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../lib/security/cacerts -storepass changeit -noprompt -alias rootCA -file digicert_global_root.cer
      2. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../lib/security/cacerts -storepass changeit -noprompt -alias intermediateCA -file digicert_sha_256.cer
      3. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../lib/security/cacerts -storepass changeit -noprompt -alias onbmc_wildcard -file onbmc_wildcard.cer
  4. Back up the <TrueSight Infrastructure Management Installation Directory>/pw/pronto/conf/messagebroker.ts file.
  5. Run the following commands in the order shown below:

      1. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../../pronto/conf/pnserver.ks -storepass get2net -noprompt -alias rootCA -file digicert_global_root.cer
      2. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../../pronto/conf/pnserver.ks -storepass get2net -noprompt -alias intermediateCA -file digicert_sha_256.cer
      3. keytool -printcert -sslserver <helix server name:port> -rfc | keytool -importcert -keystore ../../pronto/conf/pnserver.ks -storepass get2net -noprompt -alias onbmc_wildcard -file onbmc_wildcard.cer
  6. Restart the TrueSight Infrastructure Management server.


Step 2: Configuring the BMC Helix client gateway

  1. Install the Helix client gateway. For information, see the BMC Helix documentation.

  2. Back up the <gateway installed location>\<gateway_name>\kwic-5.9.13\conf\kwic_config.xml file.

  3. Copy the kwic_config.xml file to the proper location that you obtain from the BMC Helix network team.

    Click here to see an example of the kwic_config.xml file...
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <!--

        Copyright (c) 2007-2013, Kaazing Corporation. All rights reserved.

    -->    <gateway-config xmlns="http://xmlns.kaazing.com/2012/09/gateway">
    <properties>

        <property>
         <name desc="Local client gateway host name">gateway.hostname</name>
         <value>localhost</value>
       </property>

       <property>
         <name desc="Local client gateway IP">gateway.ip</name>
    <value>127.0.0.1</value>
    </property>


       <property>
         <name desc="Local client gateway management port">gateway.base.port</name>
         <value>8000</value>
       </property>

       <property>
         <name desc="BMC End Port">bmc.port</name>
         <value>443</value>
       </property>

    </properties>


     <service>
       <name>commandcenter-directory</name>
       <description>Directory service for the Command Center files</description>
       <accept>http://${gateway.hostname}:${gateway.base.port}/commandcenter</accept>
       <type>directory</type>
       <properties>
         <directory>/commandcenter</directory>
         <welcome-file>index.html</welcome-file>
         <error-pages-directory>/error-pages</error-pages-directory>
         <options>indexes</options>
       </properties>
     </service>
      
      
     <service>
       <name><customer name>-tsom-api-chi.onbmc.com</name>
       <accept>pipe://customer name>-tsom-api-chi.onbmc.com</accept>
       <connect>tcp://<TSPS FQDN>:8043</connect>
       <type>proxy</type>
       <accept-options>
         <pipe.transport>socks://<customer name>-api-chi.onbmc.com:443</pipe.transport>
         <socks.mode>reverse</socks.mode>
         <socks.retry.maximum.interval>10 seconds</socks.retry.maximum.interval>
         <socks.transport>wss://<customer name>-api-chi.onbmc.com:443/tsom</socks.transport>
         <ws.inactivity.timeout>55 seconds</ws.inactivity.timeout>
       </accept-options>
     </service>

     <!-- Security configuration -->
     <security>
       <!--
        The keystore element is used to configure the keystore that contains
        encryption keys for secure communications with Kaazing WebSocket Gateway.
        -->
       <keystore>
         <type>JCEKS</type>
         <file>keystore.db</file>
         <password-file>keystore.pw</password-file>
       </keystore>

       <!--
        The truststore element is used to configure the truststore that
        contains digital certificates for certificate authorities
        trusted by Kaazing WebSocket Gateway.
        -->
       <truststore>
         <file>truststore.db</file>
       </truststore>

       <!--
        This is the element that associates an authenticated user with a set
        of authorized roles.
        -->
       <realm>
         <name>demo</name>
         <description>Kaazing WebSocket Gateway Demo</description>

         <!--
          This is the element that specifies how authentication of users
          is undertaken for the realm.
          -->
         <authentication>

           <!--
            Specifies how the Gateway issues HTTP challenges when
            unauthorized connections are made. Standard HTTP "Basic"
            and "Negotiate" are supported, with the Application variants:
            "Application Basic", and "Application Negotiate".  For custom
            HTTP challenge schemes, use "Application Token".
            -->
           <http-challenge-scheme>Application Basic</http-challenge-scheme>

           <!--
            The HTTP items below specify how the Gateway accepts credentials
            when connections are made.  In addition to the standard HTTP
            "Authorization" header, the Gateway can access credentials sent in
            custom HTTP headers, query parameters and cookies.
            -->

           <!--
                <http-header>Custom-Header-Name</http-header>
                <http-query-parameter>Query-Parameter-Name</http-query-parameter>
                <http-cookie>Cookie-Name</http-cookie>
            -->

           <!--
            The period of time for which authorized connections
            remain valid without re-authorizing.
            -->
           <authorization-timeout>1800</authorization-timeout>

           <!--
            The login modules below specify how the Gateway communicates
            with a "user database" to validate user credentials, and
            to determine a set of authorized roles.
            -->
           <login-modules>
             <!--
              The login module communicates with a user database to
              validate user's credentials and to determine a set of
              authorized roles. By default, the file-based module is used.
              -->
             <login-module>
               <type>file</type>
               <success>required</success>
               <options>
                 <file>jaas-config.xml</file>
               </options>
             </login-module>
                                   </login-modules>
         </authentication>
       </realm>

       <!--  
        The realm used by the Command Center for authentication. The SNMP
         management service should be the only one to use this realm.  
        -->
       <realm>
         <name>commandcenter</name>
         <description>Command Center</description>

         <authentication>
           <http-challenge-scheme>Application Basic</http-challenge-scheme>

           <http-cookie>kaazingCommandCenter</http-cookie>

           <authorization-timeout>1800</authorization-timeout>

           <login-modules>
             <!--
              The login module communicates with a user database to
              validate user's credentials and to determine a set of
              authorized roles. By default, the file-based module is used.
              -->
             <login-module>
               <type>file</type>
               <success>required</success>
               <options>
                 <file>jaas-config.xml</file>
               </options>
             </login-module>
           </login-modules>
         </authentication>
       </realm>
     </security>



     <!--  
      JMX Management service.
      -->
     <service>
       <name>JMX Management</name>
       <description>JMX management service</description>

       <type>management.jmx</type>

       <properties>
         <connector.server.address>jmx://${gateway.hostname}:2020/</connector.server.address>
       </properties>

       <realm-name>demo</realm-name>

       <authorization-constraint>
         <require-role>ADMINISTRATOR</require-role>
       </authorization-constraint>
     </service>

     <!--
      SNMP Management service.

          <service>
            <name>SNMP Management</name>
            <description>SNMP management service</description>
            <accept>ws://${gateway.hostname}:${gateway.base.port}/snmp</accept>

            <type>management.snmp</type>

            <realm-name>commandcenter</realm-name>

            <authorization-constraint>
              <require-role>ADMINISTRATOR</require-role>
        </authorization-constraint>

            <cross-site-constraint>
              <allow-origin>*</allow-origin>
        </cross-site-constraint>
      </service>

      <!--
      #############################################################################
      #############################################################################
                                Do not remove closing element
      #############################################################################
      #############################################################################
      -->

    </gateway-config> 
  4. Restart the BMC Helix client gateway.


Step 3: Configure the BMC Helix CMDB integration TrueSight Operations Management

  1. Open the TrueSight console.
  2. Click Administration > Integrations.
  3. Under Remedy ITSM, BMC Helix ITSM and BMC CMDB Integrations, click the Configure TrueSight Presentation Server with ITSM Change Management menu and then click Edit.
  4. On the Change Management Integration page, do the following:
    1. Add the following information:
      1. CMDB user name and password
      2. UDDI host name
      3. CMDB UDDI port number, user name, and password
    2. Select the HTTP or HTTPS protocol for the mid-tier server.'
    3. Select Activate Integration. If you do not want to active the integration at this time, you can do it later.
  5. Click Save.
    You can see the integration added on the Change Management Integration page.


Step 4: Verifying the integration

  1. Log in to the BMC Helix MidTier Server as the user given to you by the BMC Helix team.
  2. Go to Atrium Core > Atrium Core console.
  3. Execute the Impact module designer.
  4. Create a test model in the Impact module designer.
  5. Verify that the test model is published in the TrueSight Infrastructure Management.












 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*