Configuring Integration Service to cell communication to enable TLS 1.2


The following section guides you to configure the Integration Service to Cell communication in TLS 1.2. Choose the appropriate configuration steps based on the type (local / remote) of the Integration Service and the cell used.

To configure the local Integration Service

Info

CLI commands are TLS compliant. All the CLI commands read the mcell.dir file. If the encryption key is set to *TLS in the mcell.dir file, CLI commands operate in TLS mode, else CLI commands operate in non-TLS mode.

 

  1. Stop the Infrastructure Management Server by running the following command:  

    pw system stop
  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the encryptionkey value as mc as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=mc

  4. Set the encryptionkey value to *TLS as shown in the following code block:

    pronet.apps.is.cell.encryptionkey=*TLS
  5. Save and close the file.
  6. Using a text editor, open mcell.dir file located in <Infrastructure Management Server Install directory>\pw\server\etc directory.

  7. Comment out the instances of the code lines having the encryption key value as mc as shown in the following code block:

    #Type                            <name>              encryption key           <host>/<port>
    #cell                             cell_1                  mc              cell_1.bmc.com:1828
    #cell                             HA_Cell                 mc              primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

  8. Set the encryption key value to *TLS as shown in the following code block:

    #Type                            <name>              encryption key           <host>/<port>
    cell                             cell_1                  *TLS              cell_1.bmc.com:1828
    cell                             HA_Cell                 *TLS              primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following section:

    • cell_1 is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary HA cell host names.

To configure the remote Integration Service

Info

CLI commands are TLS compliant. All the CLI commands read the mcell.dir file. If the encryption key is set to *TLS in the mcell.dir file, CLI commands operate in TLS mode, else CLI commands operate in non-TLS mode.

 

  1. Logon to the computer where the remote Integration Service is installed, and stop the Integration Service (Unix) by running the following command: 

    pw is stop
  2. To stop the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.
    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Stop
    3. Click Yes to close the warning message that is displayed. 
      The status for the Integration Service changes from Started to (blank).
  3. Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\pronto\conf directory.

  4. Comment out the instance of the code line having the encryptionkey value as mc as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=mc

  5. Set the encryptionkey value to *TLS the following code block:

    pronet.apps.is.cell.encryptionkey=*TLS

    Note

    Modify the file present in the agent\pronto\conf directory, if it is a remote Integration Service. 

  6. Save and close the file.
  7. Using a text editor, open the mcell.dir file located in <Integration Service Install directory>\Agent\server\etc directory.

  8. Comment out the instances of the code lines having the encryption key value as mc as shown in the following code block:

    #Type                            <name>             encryption key         <host>/<port>
    #cell                             cell_1                 mc              cell_1.bmc.com:1828
    #cell                             HA_Cell                mc              primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

  9. Set the encryption key value to *TLS as shown in the following code block:

    #Type                            <name>             encryption key         <host>/<port>
    cell                             cell_1                 *TLS              cell_1.bmc.com:1828
    cell                             HA_Cell                *TLS              primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following section:

    • cell_1 is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary HA cell host names.
  10. Save and close the file.

To configure the local Cell

Info

CLI commands are TLS compliant. All the CLI commands read the mcell.dir file. If the encryption key is set to *TLS in the mcell.dir file, CLI commands operate in TLS mode, else CLI commands operate in non-TLS mode.

 

  1. Stop the cell service (Unix) by running the following command:

    mkill -n cellname
  2. To stop the cell service (Microsoft Windows), navigate to Start > Settings > Control Panel.
    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop
    3. Click Yes to close the warning message that is displayed. 
      The status for the cell service changes from Started to (blank).
  3. Using a text editor, open mcell.conf file located in <Infrastructure Management Server Install Directory>\pw\server\etc\pncell_<TSIM_MACHINE_NAME> directory.

  4. Comment out the instance of the code line having ServerTransportProtocol value as tcp as shown in the following code block:

    #ServerTransportProtocol=tcp

  5. Set the properties as shown in the following code block:

    ServerTransportProtocol=tls
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  6. Save and close the file.

To configure the remote Cell

Info

CLI commands are TLS compliant. All the CLI commands read the mcell.dir file. If the encryption key is set to *TLS in the mcell.dir file, CLI commands operate in TLS mode, else CLI commands operate in non-TLS mode.

 

  1. Logon to the computer where the remote cell is installed.

  2. Stop the cell service (Unix) by running the following command:

    mkill -n cellname
  3. To stop the cell service (Microsoft Windows), navigate to Start > Settings > Control Panel.
    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop
    3. Click Yes to close the warning message that is displayed. 
      The status for the cell service changes from Started to (blank).
  4. Using a text editor, open mcell.conf file located in <Remote Cell Install Directory>\Agent\server\etc\cell_name directory.

  5. Comment out the instance of the code line having ServerTransportProtocol value as tcp as shown in the following code block:

    #ServerTransportProtocol=tcp

  6. Set the properties as shown in the following code block:

    ServerTransportProtocol=tls
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  7. Save and close the file.

To start the servers

  1. Start the cell service (Unix) by running the following command:

    mcell -n cellname
  2. To start the cell service (Microsoft Windows), navigate to Start > Settings > Control Panel.
    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Restart
    3. Click Yes to close the warning message that is displayed. 
      The status for the cell service changes to Started from (blank).

  3. Start the Integration Service (Unix) by running the following command:

    pw is start
  4. To start the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.
  5. Double-click the Services icon to launch the Services dialog box.
  6. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Restart
  7. Click Yes to close the warning message that is displayed. 
    The status for the Integration Service changes to Started from (blank).

Note

The Integration Service restart is applicable only to the remote Integration Service. The local Integration Service is restarted automatically along with the Infrastructure Management Server.

Where to go from here

For more information about how to configure other communication channels to enable TLS 1.2, see Configuring-TrueSight-Infrastructure-Management-to-enable-TLS-1-2.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*