Configuring the Infrastructure Management Server to TrueSight Operations Management Reporting communication to enable TLS 1.2

Perform the following steps to enable the Infrastructure Management server main cell to Reporting engine communication to be TLS compliant:

Note

If the Reporting Engine is in TLS mode, it cannot communicate with any of the remote cells or Infrastructure Management server cells operating in Non-TLS mode.

 

Infrastructure Management server cells in TLS mode

Infrastructure Management server cells in Non-TLS mode

Remote cellsin TLS mode

Remote cells in Non-TLS mode

Reporting Engine in TLS mode

✅️

❌️

✅️

❌️

 

To configure the Infrastructure Management server cell component

  1. Using a text editor, open the mcell.dir file on the BMC TrueSight Infrastructure Management Server host computer. The file is located in the <Infrastructure Management server Install Directory>\pw\server\etc directory.

  2. Check for the instance of the code line having encryption key value as shown in the following code block:

    gateway.reportengine bpre.<fullyQualifiedHostName> <encryptionKey> <fullyQualifiedHostName>:<3783>

    #Example

    gateway.reportengine bpre.vs-pun-tsim-bp03.bmc.com mc vs-pun-tsim-bp03.bmc.com:3783

  3. Modify the existing value of encryption key to *TLS as shown in the following example:

    gateway.reportengine bpre.vs-pun-tsim-bp03.bmc.com *TLS vs-pun-tsim-bp03.bmc.com:3783
  4. Save and close the file.

  5. Reload the mcell.dir file by entering the following command from a command line:

    #Syntax

    mcontrol -n cellName reload dir

    #Example

    mcontrol -n pncell_vm-w23-rds1016 reload dir

    Note

    pncell_vm-w23-rds1016 is the name of the cell.


To configure the Report Engine component

  1. Navigate to the reportsCLI directory by running the following command:

    # Microsoft Windows operating system

    CurrentDirectory>cd <TrueSight Operations Management Reporting Install directory>\bin\reportsCLI

    # Unix operating system

    $cd <TrueSight Operations Management Reporting Install directory>/bin/reportsCLI

  2. Initiate the configuration settings by running the following command:

    #Syntax

    tls_config init -truststore <truststore file> -truststorepassword <truststore password> [-keystore <keystore file> -keystorepassword <keystore password>][-SqlAnywhereCert <trust certificate path>]

    #Example

    tls_config init -truststore cacerts -truststorepassword <truststore password> -keystore cacerts -keystorepassword <keystore password> -SqlAnywhereCert <BMC TrueSight Operations Management Report Engine Install Directory>\ReportEngine\tools\jre\bin

    When you run the tls_config script, you are prompted to confirm the restart of the Reporting Engine. The TLS configurations are applied only when the Reporting Engine restarts.

    Parameter description

     The following notes describe the key parameters used in the preceding command:

    • cacerts: Name of the keystore and truststore file of the Report Engine.
    • <truststore password>: Password for the keystore/truststore. changeit is the default password for the cacerts keystore. If you have changed this password, use the current password.
    • <BMC TrueSight Operations Management Report Engine Install Directory>\ReportEngine\tools\jre\bin: The directory path where the cacerts truststore file is located.

  3. Enable the TLS configuration by running the following command:

    tls_config enable -component cell

 

Where to go from here

For more information about how to configure other communication channels to enable TLS 1.2, see Configuring-TrueSight-Infrastructure-Management-to-enable-TLS-1-2.

To know how to configure other Reporting components to enable TLS, see Configuring TrueSight Operations Management Report Engine to enable TLS.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*