Skip to Content

Default language.

Using external DVM communication

The BMC Remedy AR System server and BMC Remedy Mid Tier provide encrypted user password protection for secure external DVM communication. The following two forms store and display encryption data for secure key exchanges:

  • AR System Key Store
  • AR System Server to Key Map

An RSA 2048-bit asymmetric encryption algorithm in the server creates a public and private key pair, using the ARSYS.ARF.RSAKEYPAIRGENERATOR plugin. During installation, the server exports the key pair to the AR System Key Store form (the following figure) and the AR System Server to Key Map form (the following figure.) The key pair is protected with 128-bit Advanced Encryption Standard (AES) encryption.

AR System Key Store form
 (Click the image to expand it.)

serverkeystoreform.gif


AR System Key Store form fields



Only authorized administrators have access to the AR System Key Store form, which displays the key pair. Public key data for a particular server is distributed to consumers in the AR System Server to Key Map form. The public key is presented in clear text, as shown in the following figure; the private key is stored in an encrypted hexadecimal string. The mid tier uses the private key to decrypt the user password by checking the custom header for X-Encyrpted-Pwd. If the header is present, the mid tier:

  • Selects the password in the header field as opposed to the passwords sent through other means, such as a URL parameter.
  • Retrieves the private key from the AR System Key Store form.
  • Retrieves private key associated with the server name that is sent. The server name that is sent should match the server name string from the server name field in the Server to Key Map form. If the field contains the server's fully qualified name, such as myserver.company.com, the fully qualified name must be sent. If the server name field contains an IP address, the IP address must be sent. The mid tier requires the matching server name to locate the private key.
  • Decrypts the key, using an AES symmetric key algorithm.
  • Constructs the private key.
  • Decrypts the password, using RSA 2048-bit decryption.

 AR System Server to Key Map form
 (Click the image to expand it.)

servertokeymapform.gif


AR System Server to Key Map form fields


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

Remedy Action Request System 20.02