Share:|

Secure certificates are required for TrueSight secure connections in many implementations, but who knew there were so many certificate options and instructions to follow, it can be overwhelming. While, certificates can seem to be troublesome and time consuming, they really are in place for your best interest. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to thereby making communication between TrueSight components more secure.

 

Security certificates play a significant role in securing the infrastructure environment. You must create and apply a security certificate on your servers to initiate a secure session with the browsers. This will help ensure your data is protected and those vulnerability scans will pass with flying colors! It is great that BMC takes your security into account, but why so many certificates? Well, you see there are many different components where data is being handed off to either be processed and used for alerting, or processed and stored, so we need to be sure to cover all areas where they may be potential security concerns. For example, when using ASSO or RSSO to authenticate to TrueSight, this is a key area where secure certificates are needed to ensure the safety of login credentials.

 

Users must be sure to setup the SSL certificate for RSSO used in TrueSight 11.0+ and ASSO which is used in TrueSight 10.7 and below. Before we jump in and look at the various places where certificates are needed, let’s talk about some security certificate deployment best practices.

 

Best practices include:

Protect keystore files - Treat your private keys as an important asset. Recommended policies include the following:

  • Generate private keys on a trusted computer.
  • Protect the keystore files with the help of passwords to prevent any compromise when they are stored in backup systems.
  • Keep auditing your certificates and ensure you renew before they expire.

 

Use strong certificate signature algorithms and 2048-bit keys - Certificate security depends on the strength of the private key that was used to sign the certificate, and the strength of the hashing function used in the signature. In our certificate documentation, the command that is used to generate private key pair specifies the algorithm that needs to be used. The following example illustrates the same:

keytool -genkey -alias itdaserver -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -keystore bmcitda-update.jks -storepass changeit -storetype JKS -providername SUN

 

Make a backup of your keystores and truststores - To ensure a smooth transition between the test setup and the production setup, make a backup of your existing keystores, truststores, and certificates. The certificate documentation guides you to create signed certificates and import them into the default keystores and truststores. Before you go ahead and work on the default keystores and truststores, ensure that you make a backup of these keystores and truststores. Complete the certification creation and importing before you copy these newly created certificates into the production keystore and truststores.

 

Upgrade scenario best practices - If you are planning to upgrade a component that already has the signed certificates imported in its keystore and truststore, ensure

the following for a smooth upgrade process:

  1. Make a backup of the default keystores and truststores that have the signed certificates.
  2. Upgrade the component.
  3. Restart the component.

Note

If you want to upgrade TrueSight Infrastructure Management that is already in TLS mode, ensure to run mmigrate for a smooth upgrade. This is to ensure that TLS settings in the mcell.conf are retained during the upgrade process.

 

Provide fully qualified domain name of the host machine while creating a key pair - Ensure that you provide a fully qualified domain of the host machine while creating a key pair that will be used to generate signed certificates for a component.

 

Let’s look at an overview of the various certificates between the basic TrueSight components so we can get a clear picture of what is needed. Here’s a diagram of all the potential components needing secure certificates:

tsom_cert_hierarchy.png

 

This diagram shows the possible certificates needed. *****Note: Your requirements may vary based on which components are installed.*****

I will not go over each and every area where the certificates are needed, but I will touch on the basics for the main TSPS, TSIM, and the ASSO/RSSO components. If it gets confusing, just remember to always start with your authentication component first (RSSO/ASSO) create the certificate for that component and apply it to the TSPS server, that’s always the first step. Then the next step is to create the TSPS certificate and install it on the other components like the TSIM server and the Integration Service nodes.

Overall the process is easy, it just has a lot of steps. So here’s a way to remember it:

 

Create a certificate for RSSO/ASSO
Apply the RSSO/ASSO cert to TSPS

Create a certificate for TSPS
Apply the TSPS certificate to the various components TSIM TrueSight Integration Service, etc. and so on and so on.

Using the diagrams does help a lot to make sure you cover all your bases

The order of the creation and implementation of the certificates is important and you will always see the component documentation pages refer to whether you have already implemented an RSSO/ASSO certificate and a TrueSight Presentation Server certificate as those are the critical certificates to be installed first.

 

 

Let’s begin… the first step is to setup the certificate for the authentication server (RSSO or ASSO) depending on your version. You would need to create a signed certificate for the RSSO server based on the way you did your install, for example, you will need to create a certificate for RSSO if you used the Remedy installer and you will need to create a certificate for RSSO if you used the TrueSight Installer for Remedy SSO. The procedures are a little different depending on how RSSO was installed.

 

The process generally goes as follows– create the signed certificate, verify the certificate, and apply the Remedy SSO server certificate to the TrueSight components – TSPS/TSIM. These steps are documented for both RSSO and ASSO and should be followed accordingly. If you have a high availability mode setup, there are extra steps involved for each SSL certificate created. For example, here are the steps for RSSO certs in HA mode and here are the details ASSO certs in HA mode.

Then once you have the RSSO/ASSO component certificate, you can verify that certificate works. This process is standard and should not be skipped.  

 

1.     Close all windows. Open a new web browser window, and type the TrueSight Presentation Server URL.

Note:    If the newly generated certificates are applied appropriately, the https:// window displays secure sign as shown in the screenshot below

secure_sign.png

 

Verifying certificates for TrueSight Presentation Server in High Availability mode

    To verify if the newly generated certificates are applied appropriately:

        Open a new web browser window and type the URL of the primary TrueSight Presentation Server, and verify that https:// window displays secure sign

        Open a new web browser window and type the URL of the secondary TrueSight Presentation Server, and verify that https:// window displays secure sign

 

2.    Log on to the TrueSight Presentation Server, and execute the following command:

On Microsoft windows operating system, navigate to the <TrueSight Presentation Server Installation Directory>\truesightpserver\bin directory, and run the following command:

    cmapolicymigration export -d <Directory to export policies to> all

Linux operating system, navigate to the <TrueSight Presentation Server Installation Directory>/truesightpserver/bin directory, and run the following command:

    ./cmapolicymigration.sh export -d <Directory to export policies to> all

 

Note:

If the newly generated certificates are applied appropriately, policies will be migrated successfully.

If the Presentation Server is operating in high-availability mode, run the preceding command from the computer that operating as primary Presentation Server

Now that you have verified the certificates it is time to apply these same certificates to the TrueSight Presentation Server.

 

Now that you have verified the certificates it is time to apply these same certificates to the TrueSight Presentation Server.

 

RSSO - Instructions to apply the RSSO certificate on the TSPS server - TrueSight Presentation Server 11.0

 

ASSO - Instructions to apply the ASSO certificate on the TSPS server - TrueSight Presentation Server 10.x

 

These instructions are specific to your installation environment scenario so be sure to follow the steps according to your setup.

 

Now, once that is done, then it is time create a secure certificate for the TrueSight Presentation Server. This is the certificate which will be applied to the various components which will communicate with the Presentation Server. These steps are documented here for TSPS 11.0 and TSPS 10.7 The process is somewhat long but it is well documented in our online docs. Be sure to follow each step. As with the RSSO/ASSO certificates there are instructions on how to setup HA certificates as well as how to verify the TSPS certificates created.

Seems daunting right? No problem, take a look at the process below:

 

To create a signed certificate for the TrueSight Presentation Server

1.    Log on to the host computer where the Presentation Server is installed.

2.    The keytool utility that is used to generate, and import the certificates is present in the <TrueSight Presentation Server Installation Directory>\jre\bin directory. Add this directory path to the PATH environment variable by running the following command:

Microsoft Windows

set PATH=<TrueSight Presentation Server Install Directory>\truesightpserver\modules\jre\bin;%PATH%

Linux

export PATH=<TrueSight Presentation Server Install Directory>/truesightpserver/modules/jre/bin:$PATH

3.    Navigate to the directory where the loginvault.ks keystore is located.

Windows operating system: <TrueSight Presentation Server Installation Directory>\truesightpserver\conf\secure

Linux: <TrueSight Presentation Server Installation Directory>/truesightpserver/conf/secure

 

Note: Take a backup of the \conf\secure folder and save it in a location that is not in the TrueSight Presentation Server install path. If you need to reinstall the Presentation Server in case the server stops processing, you can restore this backed up folder.

 

4.    Copy loginvault.ks keystore file and rename it as  loginvault-update.ks

5.    List all the keys in the loginvault-update.ks keystore file by running the following command:

keytool -list -keystore loginvault-update.ks -storepass changeit

   Note:   changeit is the default password for the loginvault-update.ks keystore.

6.    Delete the existing certificate aliases: root, intermediateCA, and truesightserver from the loginvault-update.ksby running the following command:

keytool -delete -alias root -keystore loginvault-update.ks -storepass changeit

keytool -delete -alias intermediateCA -keystore loginvault-update.ks -storepass changeit

keytool -delete -alias truesightserver -keystore loginvault-update.ks -storepass changeit

 

Parameter description

  • root: Alias name for the root certificate. If the alias name of the root certificate is different, then use the relevant name in the preceding command.
  • intermediateCA: Alias name for the intermediate certificate. If the alias name of the intermediate certificate is different, then use the relevant name in the preceding command.
  • truesightserver: Alias name for the presentation server certificate. If the alias name of the presentation server certificate is different, then use the relevant name in the preceding command.

7.    Run the list command again to verify that the aliases are deleted:

keytool -list -keystore loginvault-update.ks -storepass changeit

8.    Generate a new key pair within the loginvault-update.ks keystore by running the following command.

Warning:The following command prompts you to enter a key password, you must press Enter to set a blank password. If a non-blank value is set as the password, you cannot restart the TrueSight Presentation Server.

keytool -genkey -alias truesightserver -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -keystore loginvault-update.ks -storepass changeit -storetype JKS -providername SUN

This command prompts you to enter the details such as name, organization details as shown in the following code block. Type the details appropriately.

    Answer the questions:

    What is your first and last name?

    [Unknown]: <FQDN of TSPS Load balancer if exists if not then use Primary TSPS FQDN>

    What is the name of your organizational unit?

    [Unknown]: <organizational unit>

    What is the name of your organization?

    [Unknown]: <company>

    What is the name of your City or Locality?

    [Unknown]: <city>

    What is the name of your State or Province?

    [Unknown]: <state>

    What is the two-letter country code for this unit?

    [Unknown]: <country code>

    Is CN=<FQDN of TSPS>, OU=<organizational unit>, O=<company>, L=<city>, ST=<state>, C=<country code> correct?

    [no]: yes

    Enter key password for <truesightserver>

    (RETURN if same as keystore password): <ENTER>

 

Parameter description

The various parameters and values used in the genkey command in the preceding example are described here:

  • truesightserver: keystore alias name
  • RSA: Specifies the algorithm to be used to generate the key pair.
  • SHA256withRSA: Specifies the algorithm that should be used to sign the self-signed certificate. This algorithm must be compatible with keyalg
  • 2048: Specifies the size of each key to be generated
  • loginvault.ks: Specifies the keystore name.
  • JKS: Specifies the keystore file format.
  • SUN: Specifies the identify of a cryptographic service provider's name.
  • changeit : Default password of the logivault-update.ks keystore.

9.    Generate the certificate signing request (CSR) by running the following command:

    Generate certificate signing request

    #Syntax

keytool -v -certreq -alias <alias name> -keystore <keystore name> -storepass <keystore password> -storetype JKS -dname "CN=<TSPS_Server.FQDN>,OU=<Organizational Unit name>,O=<Organization Name>,L=<City>,ST=<State>,C=<2LetterContryCode> -ext "san=dns:<TSPS_Server.FQDN>" -file <CSR file name>

   #Example

keytool -v -certreq -alias truesightserver -keystore loginvault-update.ks -storepass changeit -storetype JKS -dname "CN=TSPS_Server.bmc.com,OU=Customer Engineering,O=BMC Software Inc,L=Houston,ST=Texas,C=US" -ext "san=dns:TSPSHost.bmc.com" -file truesightPS.csr

 

Note: TrueSight Presentation Server operating in high-availability mode - If the TrueSight Presentation Server is operating in high-availability mode, then modify the preceding command as shown below

keytool -certreq -keystore loginvault-update.ks -alias truesightserver -storepass changeit -ext SAN=dns:<primaryTSPSFQDN>,dns:<secondaryTSPSFQDN>,dns:<loadbalancerFQDN>,dns:<primaryTSPS>,dns:<secondaryTSPS>,dns:<loadbalancer> -file truesightPS.csr

 

Parameter description

  • CN: Common Name. Specify the fully qualified domain name of the server.
  • OU: Name of the Organizational Unit. For example: BMC_IT
  • O: Name of the Organization. For example: BMC
  • SAN: Subject Alternative Name. You can specify additional host names (sites, IP addresses, common names, etc.)
  • truesightPS.csr: Certificate Signing Request file name.
  • TSPS_Server.FQDN: Replace this with the fully qualified domain name of the computer where the Presentation Server is installed.
  • loadbalancerFQDN: Replace this with the fully qualified domain name of the computer where the load balancer is installed.
  • primaryTSPS_Server.FQDN: Replace this with the fully qualified domain name of the computer where the primary Presentation Server is installed.
  • secondaryTSPS_server.FQDN: Replace this with the fully qualified domain name of the computer where the secondary Presentation Server is installed.
  • loadbalancer: Replace this with the load balancer name.

 

10.    Send the CSR to the certificate authority (CA) of your organization for signing.

   Note: Request the CA to use base64 encoding and send the signed file in .cer format.

        Request the CA to provide the CA certificate, and also the intermediate certificates, if any.

11.    The CA sends the newly generated certificates in the .p7b file format. Perform the following steps from 12-19 to extract the certificate files from the .p7b file. Ideally, the set of CA signed certificates contain a root CA certificate, an intermediate CA certificate, and the certificate generated for the truesightPS.csr request.

12.    Double-click the .p7b file and navigate to the Certificates folder as shown in the following figure:

certificate_folder.png

Note

        BMC-CA: Name of the root CA certificate.

        BMC Issuing CA Phx: Name of the intermediate CA certificate.

        xyz.bmc.com: Name of the private certificate for which the truesightPS.csr was created.

13.    Double-click BMC-CA certificate and a Certificate dialog box is displayed

14.    Click the Details tab, and click Copy to File as shown in the following figure:

cert_details_tab.png

15.    Certificate Export Wizard dialog box is displayed. Click Next as shown in the following figure:

cert_export_1.png

16.    You are prompted to select an export file format from a list of file formats. Select Base-64 encoded X.509 (.CER) format and click Next as shown in the following figure:

cert_export_2.png

17.    Specify a file name, and click Browse to specify the directory location where you want to export this certificate file as shown in the following figure:

cert_export_3.png

18.    Click Next after specifying file name details as shown in the following figure.

cert_export_5.png

19.    Click Finish to complete the certificate export process as shown in the following figure:

cert_export_6.png

20.    Repeat steps 12-19 to extract the remaining two certificates.

Note:    The certificate file names may vary depending on the CA signing authority.

21.    Generally, after extracting these certificates, you will have the following certificates:

     a. RootCA.cer: Root CA signed certificate

     b. intermediateCA.cer: Intermediate certificate

     c. truesightPS.cer: Certificate specifically generated for the truesightPS.csr certificate signing request.

22. The keytool utility that is used to generate, and import the certificates is present in the <TrueSight Presentation Server Installation Directory>\truesightpserver\modules\jre\bin directory. Add this directory path to the PATH environment variable by running the following command:

Microsoft windows

set PATH=<TrueSight Presentation Server Install Directory>\truesightpserver\modules\jre\bin;%PATH%

Linux

export PATH=<TrueSight Presentation Server Install Directory>/truesightpserver/modules/jre/bin:$PATH

23.    Copy the RootCA.cer, intermediateCA.cer, and truesightPS.cer to the current directory, and import these certificates into the loginvault-update.ks keystore by running the following command:

keytool -importcert -trustcacerts -alias root -keystore loginvault-update.ks -storepass changeit -file RootCA.cer

You are prompted with the Trust this certificate question, type Yes

keytool -importcert -trustcacerts -alias intermediateCA -keystore loginvault-update.ks -storepass changeit -file intermediateCA.cer

You are prompted with the Trust this certificate question, type Yes

keytool -importcert -alias truesightserver -keystore loginvault-update.ks -storepass changeit -file truesightPS.cer

24.    Navigate to the directory where the cacerts keystore is located.

Windows operating system: <TrueSight Presentation Server Installation Directory>\truesightpserver\modules\jre\lib\security

Linux:<TrueSight Presentation Server Installation Directory>/truesightpserver/modules/jre/lib/security

25.    Copy cacerts keystore file and rename it as cacerts-update.

26.    List all the keys in the cacerts-update by running the following command:

keytool -list -keystore cacerts-update -storepass changeit

Note   changeit is the default password for the cacerts-update keystore.

27.    Delete the existing certificate aliases: root, intermediateCA, and truesightserver from the cacerts-update by running the following command:

keytool -delete -alias root -keystore cacerts-update -storepass changeit

keytool -delete -alias intermediateCA -keystore cacerts-update -storepass changeit

keytool -delete -alias truesightserver -keystore cacerts-update -storepass changeit

28.    Copy the RootCA.cer, intermediateCA.cer, and truesightPS.cer certificates to the current directory, and import these certificates into the cacerts-updade.ks keystore by running the following command:

 

keytool -importcert -trustcacerts -alias root -keystore cacerts-update -storepass changeit -file RootCA.cer

You are prompted with the Trust this certificate question, type Yes

keytool -importcert -trustcacerts -alias intermediateCA -keystore cacerts-update -storepass changeit -file intermediateCA.cer

You are prompted with the Trust this certificate question, type Yes

keytool -importcert -alias truesightserver -keystore cacerts-update -storepass changeit -file truesightPS.cer

29.    Navigate to the directory where the loginvault.ks keystore is located.

Windows operating system: <TrueSight Presentation Server Installation Directory>\truesightpserver\conf\secure

Linux:<TrueSight Presentation Server Installation Directory>/truesightpserver/conf/secure

30.    Rename the loginvault.ks file as loginvault.ks.orig

31.    Copy loginvault-update.ks keystore file and rename it as loginvault.ks

32.    Navigate to the directory where the cacerts keystore is located.

Windows operating system: <TrueSight Presentation Server Installation Directory>\truesightpserver\modules\jre\lib\security

Linux:<TrueSight Presentation Server Installation Directory>/truesightpserver/modules/jre/lib/security

33.    Rename the cacerts file as cacerts.orig.

34.    Copy cacerts-update keystore file and rename it as cacerts

35.    Restart the primary TrueSight Presentation Server

You are done with the TrueSight Presentation Server secure certificate! Now the fun truly begins.. no really.. we’ve gotten the basics down and now we need to cover each component being used. The next step is to implement private certificates in TrueSight Operations Management components.

 

The following diagram shows us which certificates to add and where.  There are links to the process to create and apply private certificates for various TrueSight Operations Management components. To establish a secure communication between any two components, ensure that you complete creating and importing certificates for those specific components.

cert_links.png

 

The certificates needed will vary depending on your usage and which components are in play. The most commonly used components in my area are the TrueSight Infrastructure Management Server and the TrueSight Integration Service. So in this case our next steps would be to import the TrueSight Presentation Server Secure Certificate to these components. I'll outline the application of the TSPS certificate to the TSIM server.

 

Always remember to verify the certificates once they are created and to be sure to check for special steps to perform when using a High Availability configuration. Each documentation section has instructions on how to do this for the various components.

Importing the TrueSight Presentation Server Certificate to the TrueSight Infrastructure Management Server

 

apply_tsps_tsim.png

 

To successfully integrate the TrueSight Presentation Server, and the TrueSight Infrastructure Management, you must import the Presentation Server’s certificate to the TrueSight Infrastructure Management truststore.

 

The following section provides step-by-step instructions to apply the TrueSight Presentation Server certificate to the TrueSight Infrastructure Management Server.

1. Ensure that the Presentation Server installed.

2. Ensure that the TrueSight Infrastructure Management Server is installed.

3. Obtain a TrueSight Presentation Server private certificate by performing the following sequence of steps:

 

Important information

If the Presentation Server certificate is already available, then skip the certificate creation step and directly proceed to import the certificate into the keystore.

Perform the following sequence of steps to create signed certificate for the Presentation Server - Instructions 10.7 and 11.0

 

BMC Recommendation

BMC recommends you to keep the obtained certificates in a central location on the computer where the Infrastructure Management Server is installed. For example, copy the Presentation Server certificate in the c:\temp\certificates directory location.

 

4.    Import the Presentation Server certificate into the Infrastructure Management server truststore by performing the following sequence of steps:

          1. Log on to the host computer where the Infrastructure Management server is installed.

          2. The keytool utility that is used to import the certificates is present in the <Infrastructure Management Server Installation Directory>\pw\jre\bin directory.                Add this directory path to the PATH environment variable by running the following command:

               Microsoft Windows

               set PATH=<Infrastructure Management Server Installation Directory>\pw\jre\bin;%PATH%

               Unix

               export PATH=<Infrastructure Management Server Installation Directory>/pw/jre/bin:$PATH

          3.  Navigate to the directory where the pnserver.ks file is located.

               Microsoft windows: <Infrastructure Management Server Installation Directory>\pw\pronto\conf

               Linux: <Infrastructure Management Server Installation Directory>/pw/pronto/conf

          4.  Take a backup of pnserver.ks file and name it as pnserver-update.ks

          5.  Copy the TrueSight Presentations Server certificates to this directory.

          6.  List all the keys in the pnserver-update.kskeystore by running the following command:

    keytool -list -keystore pnserver-update.ks -storetype JKS -storepass get2net

              Note:   By default, the preceding command lists the following key: alias:truesightserver

    get2net is the default password for the pnserver-update.ks keystore.

          7. Delete any existing certificate alias of the Presentation Server certificate from the pnserver-update.ks by running the following command:

keytool.exe -delete -alias truesightserver -keystore pnserver-update.ks -storepass get2net

Note:    truesightserver is the Presentation Server certificate alias name.

            If the existing certificate alias name is different, use the name accordingly.

If you don't have any existing Presentation Server certificate alias in the pnserver-update.ks keystore, you can ignore this step and proceed to the next step that guides you to import the certificate.

          8. Import the Presentation Server certificates into the pnserver-update.ks keystore by running the following command:

#Import the root certificate

keytool -importcert -trustcacerts -alias root -keystore pnserver-update.ks -file RootCA.cer -storetype JKS -storepass get2net

You are prompted with the Trust this certificate question, type Yes

#Import the CA-intermediate certificate

keytool -importcert -trustcacerts -alias intermediateCA -keystore pnserver-update.ks -file intermediateCA.cer -storetype JKS -storepass get2net

#You are prompted with the Trust this certificate question, type Yes

#Import the TrueSight Presentation Server certificate

keytool -import -alias truesightserver -keystore pnserver-update.ks -file truesightPS.cer -storetype JKS -storepass get2net

#You are prompted with the Trust this certificate question, type Yes

           RootCA.cer: Root certificate name

           intermediateCA.cer: Intermediate certificate file name

           truesightPS.cer: Name of the Presentation Server certificate.

           pnserver-update.ks: Name of the TrueSight Infrastructure Management server truststore.

        9. Navigate to the directory where the pnserver.ks file is located.

Microsoft windows: <Infrastructure Management Server Installation Directory>\pw\pronto\conf

Linux: <Infrastructure Management Server Installation Directory>/pw/pronto/conf

     10. Rename the pnserver.ks file to pnserver.ks.orig

     11. Copy pnserver-update.ks to pnserver.ks

     12. Restart the Infrastructure Management serverhats

 

The goal of this post was to show that while certificates can appear to be difficult, the processes for creating and applying the certificates needed to ensure secure communication are straightforward and somewhat repetitive, so once you create and apply one certificate, the rest should be fairly easy.

The final steps would be to apply certificates to the rest of the components TrueSight components

 

 

 

How-To Videos for TrueSight

https://www.youtube.com/watch?v=M6NWJ4pdyfU&list=PLr4ck07lc-F9dMeoSv9SL9GukQry-fDD9

 

AMIGO.jpg

The BMC Assisted MIGration Offering, or AMIGO, is a program designed to assist our customers in planning and preparing for product upgrades from an older, to a newer supported version.  By engaging with BMC Technical Support Analysts, you will be provided with materials containing guidelines and best practices to aid in compiling your own upgrade plan.  An upgrade expert will then review your plan, and offer advice and suggestions to ensure success through proper planning and testing.

 

The AMIGO program consists of a Starter Phase and a Review Phase.  Each phase is initiated by opening a support case, and ends when the case is closed.

 

In the Starter Phase, an AMIGO Starter case is opened.  Reference material will be provided and a call with a Technical Support Analyst will take place to discuss the details of your upgrade, and address any questions you may have.  The AMIGO Starter case will be closed, and the next step will be for you to prepare a documented upgrade plan.

 

In the Review Phase, an AMIGO Review case is opened preferably two weeks prior to a set upgrade date.  A call will be scheduled with an upgrade expert to review your detailed plan, providing feedback and recommendations, along with answers to any outstanding questions.  As needed, a follow up discussion with a Technical Support Analyst may take place for feedback after the upgrade is performed.

 

The AMIGO program includes:

» A “Question and Answer” session before you upgrade

» A review of your upgrade plan with Customer Support

» An upgrade checklist

» Helpful tips and tricks for upgrade success from previous customer upgrades

» A follow-up session with Customer Support to let them know how it went. This will help BMC to enhance the process.

 

To get started, please review the details here:

https://docs.bmc.com/docs/TSOperations/110/amigo-checklist-for-truesight-operations-management-724138985.html?src=search

 

Then open a BMC Support issue containing your environment information (product, version, OS, etc.) and the planned date of the installation, if known. We will contact you promptly, and work with you to ensure a successful and timely outcome.

 

Computer.png

 

New Knowledge Added over the last month:

 

000152573 Does TrueSight 11.0 support RSSO 9.1.04 (server)

 

000152422 Is there a way to change the TrueSight threshold duration setting?

 

000152222 Unable to add Patrol agents due to instances max limit in Truesight - No. of instances is above 100% of max limit 250000 on Infrastructure Management Server

 

000152219 Unable to edit a policy within ProactiveNet Performance Management Suite 9.6

 

000152502 Unable to enable or disable notification policy in Admin Console

 

000152124 Vulnerability scanners have detected an insecure version of the jackson-databind.jar detecting CVE-2018-5968

 

000152101 "Deploy failed" "Checksum mismatch" seen when attempting to deploy packages via the TSPS

 

000151787 Numeric digit in a top level domain (e.g. .a2z, instead of .com) will block the installation of TSPS

 

000152380 The Agent Query Tool on TSPS 10.7 FP2 gets hung on “Gathering results” when trying to reinitialize a Patrol Agent

 

000151443 BMC_DM8I Missing Resource Bundle error in the export log after attempts to run the cmapolicymigration.bat script to export TrueSight policies

 

000152176 When a log file is being monitored with the BPPM logfile adapter (mcxa) misses events

 

000151688 "ORA-01536: space quota exceeded for tablespace"Space quota exceeded for tablespace 'PNETTS' seen in the TrueSight.log

 

Feedback.jpg

 

 

Looking for a previous blog posting? Find it here: BMC TrueSight Pulse Blogs