Security planning

The BMC TrueSight Operations Management solution can comprise several components. The following diagram provides an overview of the communication paths between the core Operations Management components. For more detailed descriptions about the architectural diagrams, see BMC-TrueSight-Operations-Management-architecture.

authenticationFlowAllOverview.png

This topic addresses the ways in which sensitive data and user information are secured among the Operations Management components. 

User authentication and authorization

The BMC TrueSight Operations Management system uses BMC Atrium Single Sign-On to authenticate and manage users and user groups. BMC Atrium Single Sign-On supports authentication with traditional systems, such as Active Directory or other LDAP systems, and supports integration into existing single sign-on systems.

Following system installation and configuration, users access the TrueSight console from the TrueSight Presentation Server. Role-based-access to the Operations Management components is then managed by authorization profileswhich are maintained by the Solution Administrator. Users cannot directly access any of the components.

Upgrading from ProactiveNet or TrueSight Infrastructure Management 9.6?

If you did not use BMC Atrium Single Sign-On to manage users, you must install it and the TrueSight Presentation Server before you can upgrade the Infrastructure Management servers (or ProactiveNet servers). During the upgrade, you can choose from the following user migration options:

  • Migrate the users for each ProactiveNet server to a separate tenant (Single Sign-On realm).
  • Migrate all users to the default BmcRealm tenant.

Both of these options automatically import users and user groups into BMC Atrium Single Sign-On and configuration and PATROL Agent blackout policies and import roles into the TrueSight Presentation Server. For details about how to prepare to migrate this data, see Migrating-the-Infrastructure-Management-policies-and-user-data-to-the-Presentation-Server in the TrueSight Infrastructure Management documentation.

Security resources

BMC Atrium Single Sign-On

Setting-up-LDAP-or-Active-Directory-users-in-BMC-Atrium-Single-Sign-On

Role-based user access overviews

TrueSight Infrastructure Management security

Security planning

Security standards

BMC TrueSight Operations Management supports the following security standards.

Location of security certificates and Java KeyStore files

During installation of the App Visibility component, self-signed certificates are created in the following locations to handle authentication between the components. If you prefer to use your own certificates, follow the procedures detailed in Changing-security-certificates-in-App-Visibility-components. For information about the security certificates used in the TrueSight Infrastructure Management server, see Location of the HTTPS/SSL private key on BMC TrueSight Infrastructure Management Server.

Data security

The installation of the App Visibility portal and App Visibility collector includes an App Visibility database, a PostgreSQL database that uses trust authentication. This authentication assumes that anyone who can access the App Visibility portal or collector computers is authorized to access the database.

For more information about maintaining App Visibility data security, see Changing-security-certificates-in-App-Visibility-components.

Open ports

For a complete list of ports used by the TrueSight Operations Management solution, see Network-ports.

Related topics

Importing-a-KeyStore-file-or-replacing-the-certificate

Presentation-Server-system-requirements

Access-control-for-administrators-of-service-providers

Access-control-for-SaaS-administrators

 

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*