Configuring the Infrastructure Management Server to Presentation Server communication to enable TLS 1.2

Perform the following steps to configure the Infrastructure Management Server to the Presentation Server communication to enable TLS 1.2 mode:

Step 1: To configure the Presentation Server
Step 2: To configure the Infrastructure Management Server
Step 3: To start the servers
Step 4: To register the Infrastructure Management Server with the Presentation Server

To configure the Presentation Server

Navigate to the <Presentation Server Install Directory>\truesightpserver\bin directory, and run the following command to check whether the TrueSight Presentation Server is running.
tssh server status
Note
Ensure that the TrueSight Presentation Server is running before proceeding further.
Log on to the TrueSight console and select Administration> Components.
Displays the components that are registered with the Presentation Server. Ensure that no TrueSight Infrastructure Management Server is registered with the TrueSight Presentation Server. If a TrueSight Infrastructure Management Server is registered delete the same. For more information, see To delete a component
Set the property in the database by running the following command:
tssh properties set tsps.cell.conntype ssl
tssh properties set pronet.jms.conntype ssl
Using a text editor, open the mcell.dir file located in <Presentation Server Install Directory>\conf directory.
Comment out the instances of the code lines having the encryption key value as mc as shown in the following code block:
#Type                            <name>             encryption key         <host>/<port>
#gateway.gateway_subtype   ts_event_gateway         mc             tsps_server1.bmc.com:1900
#cell                         pncell_tsim_server1        mc              tsim_server1.bmc.com:1828
Set the encryption key value to *TLS as shown in the following code block:
#Type                            <name>             encryption key         <host>/<port>
gateway.gateway_subtype     ts_event_gateway        *TLS          tsps_server1.bmc.com:1900
cell                         pncell_tsim_server1        *TLS              tsim_server1.bmc.com:1828
Parameter description
The following notes describe the key parameters used in the preceding command:
- tsps_server1 is the name of the computer where the TrueSight Presentation Server is installed.
- tsim_server1 is the name of TrueSight Infrastructure Management Server registered with the TrueSight Presentation Server. If there are multiple Infrastructure Management Server entries in the mcell.dir file, change the encryption key to *TLS for all such entries.
Save and close the file.
Stop the Presentation Server by running the following command:
tssh server stop

To configure the Infrastructure Management Server

Navigate to the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory location.
Open the ssl.activemq-rar.rar file and extract the amq-broker-config.xml file.
Take a backup of the amq-broker-config.xml file.
(Optional - If using a non-default JMS port) By default, the URI attribute of transportConnector property is set to the port number 8093. If a different JMS port is configured, then update the property in the amq-broker-config.xml file as shown in the following example.
Note
In the example, transportConnector is set to port number 8096.
After the change, save the amq-broker-config.xml file and add it to the ssl.activemq-rar.rar file in the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory again.
Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:
#Syntax perl switchTLSMode.pl -<on/off> -flow <communication channel> -tsps <TrueSight Presentation Server name>

#Example
perl switchTLSMode.pl -on -flow event_and_data -tsps myserver.bmc.com
Parameter description
The following notes describe the key parameters used in the preceding command:
- -on/off: on option enables TLS mode of communication. off option disables TLS mode of communication and enables the default tcp/ssl mode of communication.
- -flow: If the flow is set to event_and_data, the communication between the Infrastructure Management Server and the Presentation Server is TLS 1.2 enabled.
- TrueSight Presentation Server name: This is the fully qualified domain name (FQDN) of the computer where the Presentation Server is installed.
- -h: This is an optional parameter, it displays the help for the the switchTLSMode.pl command

Troubleshooting Cell connectivity issue

The Administrator console cannot connect to the Cell if the /usr/pw/pronto/conf/cell_info.list file does not contain the *TLS entry. To resolve this issue, perform the following actions:

Go to the the /<TSIM_Home>/pw/pronto/conf/cell_info.list file.
Replace the following entry as shown below:
Original entry:
cell.SIM pncell_<TrueSight_Infrastructure_Mangement_Cell_host_name> mc <TrueSight_Infrastructure_Mangement_Cell_host_name>:<port> Production *
Replace with:
cell.SIM pncell_<TrueSight_Infrastructure_Mangement_Cell_host_name> *TLS <TrueSight_Infrastructure_Mangement_Cell_host_name>:<port> Production *
Restart TrueSight Infrastructure Management.

To start the servers

Start the Presentation Server by running the following command:
tssh server start
Start the Infrastructure Management Server by running the following command:
pw system start

To register the Infrastructure Management Server with the Presentation Server

Ensure that all the processes of the Infrastructure Management Server are up by running the following command:
pw p l
Register the Infrastructure Management Server with the Presentation Server. For more information, see Registering-the-components-with-the-Presentation-Server.

Where to go from here

For more information about how to configure other communication channels to enable TLS 1.2, see Configuring-TrueSight-Infrastructure-Management-to-enable-TLS-1-2.