Using the web-browser interface

You can use the BMC AMI Enterprise Connector for Illumio product on a web-browser.

Before you begin

To use the web-browser interface, you must configure an HTTPServer statement in BMC AMI Resident Security Server. To configure an HTTPServer statement, see "Server member (SRVSYS1)" in Sample RSS configuration parameters. For more information about the HTTP server parameters, see "Server member configuration parameters (SRVSYS1)" in RSS server configuration parameters.

Related topics

Using

Using-the-TSO-ISPF-user-interface

To log on to EC for Illumio

Your system might vary depending on the installed products.

  1. In a web browser, enter https://systemName:port , substituting the values as determined by your installation and the RSS configuration.

  2. In the BMC AMI Security Logon window, enter your TSO user ID and password, and click Log On.
    The Product Selection menu is displayed.

    Important

    If you do not have the required level of authority to log on to RSS, your connection might be rejected, even if your user ID and password are correct.

  3. Click the EC for Illumio Launch button.
    The EC for Illumio dashboard displays the instance that you are running.
    (SPE2410)The footer of the EC for Illumio UI displays information such as the current user ID, the product name, and the current release and version details. 
    illumioWebDashboard_SPE2404.png
    You can use the menus and buttons at the top of the dashboard to perform the following actions:

    Menu/Button

    Action

    Display

    Display System Status, Illumio Devices, and Illumio Workloads options

    Policies

    Display Manage Policies and Backout Promoted Policy options

    Manage

    Display Logs, Refresh Illumio Data, Export Interface/Service Data, and Create Illumio API Token options

    zERT Records

    (SPE2404)

    Display Show Summary of ZERT Summary Records, Show All ZERT Summary Records, and Show Observed Ports options

    Menu

    Return to the Product Selection menu

    Log Off

    Exit EC for Illumio and the BMC AMI Security product group, and return to the BMC AMI Security Logon window

To copy or download a table

You can copy and download the tables on the product by using the Copy, XLSX, CSV, and PDF buttons on the dashboard.

Action

Task

To copy a table to the clipboard

Click Copy.

To download the table as a spreadsheet

Click XLSX.

To download the table as plain text

Click CSV.

To download the table as a PDF

Click PDF.

Important

If you click the Copy, XLSX, CSV, or PDF buttons after performing a sort or search on the table, then the download or copy actions are performed only on the search results and not on the whole table.

To promote a policy to production

  1. On the Policies > Manage Policies window, click Promote on the Action column, to the right of the table row containing the policy that you want to promote to production.
  2. Perform one of the following actions:
    • To refresh the Policy Agent dynamically, click Yes.
    • To refresh the Policy Agent manually, click No.
  3. Click Submit.

To delete a policy

  1. On the Policies > Manage Policies window, click Delete on the Action column, to the right of the table row containing the policy that you want to delete.
  2. Click Confirm on the delete confirmation window.

To view a policy

On the Policies > Manage Policies window, click View on the Action column, to the right of the table row containing the policy that you want to view.

The content of the policy file is displayed.

To restore a policy to its previous level

  1. Navigate to the Policies > Backout Promoted Policy window and enter the stack name on the TCPIP Stack Name field.
  2. Perform one of the following actions:
    • To refresh the Policy Agent dynamically, click Yes.
    • To refresh the Policy Agent manually, click No.
  3. Click Submit.

To view system status

To see the status of systems connected to Illumio PCE, navigate to Display > System Status.

To view devices

To see a list of devices that are detected on the Illumio PCE, navigate to Display > Illumio Devices.

To view workloads

To see a list of workloads that are detected on the Illumio PCE, navigate to Display > Illumio Workloads.

To refresh Illumio data

To refresh the Illumio PCE data, navigate to Manage > Refresh Illumio Data.

To export interface and service data

  1. Navigate to Manage > Export Interface/Service Data.
  2. In the Export Dataset field, enter the output data set location.

  3. In the Export Volume/SMS field, enter the export volume for the data set.

    Important

    If you do not enter a value in the Export Volume/SMS field, the default is SMS.

  4. Click Submit.

An example output of a configuration export follows:

*                               
* Exported at 04:39:15 on 26 Jan
*                               
* Sysid   RSM0                  
* Jobname ECRSI                 
*                               
Interface                       
   Host       RSM0              
   Stack      TCPIP             
   Name       VIPA35            
   Type       VIPA              
   IPAddress  172.12.34.35      
   Workload                     
      WorkloadName  RSM0-VIPA   
      Role          EC-QA2      
      Application   EC          
      Environment   Development
      Location      BMC         
   EndWorkload                  
EndInterface                    
                               
Interface                       
   Host       RSM0              
   Stack      TCPIP             
   Name       GIGF9             
   Type       OSA               
   IPAddress  172.12.34.31      
   Workload                     
      WorkloadName  RSM0-OSA    
      Role          EC-QA       
      Application   EC          
      Environment   Development
      Location      BMC         
   EndWorkload                  
EndInterface                    
                               
Interface                       
   Host       RSM0              
   Stack      TCPIP             
   Name       GIGF7             
   Type       OSA               
   IPAddress  0.0.0.0           
EndInterface

//lists all services

Service               
   Host       RSM0    
   Stack      TCPIP   
   Port       22      
   Protocol   TCP     
EndService            
                     
Service               
   Host       RSM0    
   Stack      TCPIP   
   Port       8155    
   Protocol   TCP     
EndService

//lists all agents connected

*                                  
* Agent on RSM1                    
*                                  
Interface                          
   Host       RSM1                 
   Stack      TCPIP                
   Name       GIGF9                
   Type       OSA                  
   IPAddress  172.12.34.28         
   Workload                        
      WorkloadName  RSM1-OSA       
      Role          EC-Dev         
      Application   EC             
      Environment   Development    
      Location      BMC            
   EndWorkload                     
EndInterface

//lists information for other agents

To manage log files

To view a log file, navigate to the Manage > Logs window, select the log file, and click View.

To delete a log file, navigate to the Manage > Logs window, select the log file, and click Remove.

To view a summary of zERT summary records

(SPE2404)

Click zERT Records and select Show Summary of ZERT Summary Records.

A table with a summary of all connections observed during the session is displayed. The table contains the following information:

Column name

Description

System

LPAR where the connection was observed

Client IP

IP address of the client connection

Client Name

Client name if the DNSResolve parameter is set to Yes in the configuration

Records

Number of connection records observed during the session

Server IP

IP address of the server

Jobname

Job name that initiated the connection

Userid

User ID that the job name ran under

In Bytes

Number of bytes transferred to the server

Out Bytes

Number of bytes transferred to the client

To view all zERT summary records

(SPE2404)

Click zERT Records and select Show All ZERT Summary Records.

A table with all summary records created during the session is displayed. The table contains the following information:

Column name

Description

System

LPAR where the connection was observed

Timestamp

Date and time the record was created

Stack Name

The TCP/IP stack name where the record originated

Server IP

IP address of the server

Server Port

Port number

Server Name

Name of the server if DNSResolve parameter is set to Yes in the configuration

Client IP

IP address of the client connection

Client Name

Client name if the DNSResolve parameter is set to Yes in the configuration

Jobname

Job name that initiated the connection

Userid

User ID that the job name ran under

Encryption

Encryption protocol observed: TLS/SSL, IPSec, SSH, or NONE

Protocol

TCP or UDP

Encryption Version

Version of encryption used

In Bytes

Number of bytes transferred to the server

Out Bytes

Number of bytes transferred to the client

Connections

Number of connections observed

To view all ports observed

(SPE2404)

Click zERT Records and select Show Observed Ports.

A table with all ports observed during the session is displayed. The table contains the following information:

Column name

Description

System

LPAR where the connection was observed

Port

Port observed

Server IP

IP address of the server

Encryption

Encryption protocol observed: TLS/SSL, IPSec, SSH, or NONE

Jobname

Job name that initiated the connection

Userid

User ID that the job name ran under

Server Name

Name of the server if DNSResolve parameter is set to Yes in the configuration

Client IP

IP address of the client connection

Client Name

Client name if the DNSResolve parameter is set to Yes in the configuration



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*