Share This:

TrueSight Operations Management users have the option to use https or http when working with the communication between the TrueSight Components. Depending on your environment and security needs, you may be able to go with our http option. This would help you avoid the dreaded secure certificate installation for each component. However, if it is not an option in your environment, you would have to stick with https and the ssl certificates.

 

There are some benefits to using http vs https, one being the certificate factor, which is costly and time consuming. Some users report that SSL may cause performance issues and slow things down depending on what you are accessing, however, the encryption used with https sometimes is required. Perhaps the best reason, beyond system load, is that it breaks name-based virtual hosting. With SSL, it's one site - one IP address which adds cost and makes administration a nightmare. So for those who run and will only run with https, my apologies, but this may not be the post for you. BMC wanted to give TrueSight users the options so we default to https, but there are instructions for switching to http.

 

We do have the option to set http mode for RSSO/ASSO, and TSPS components, these are considered core components, additional components may have the same option, but I will focus on these components mentioned. It really is not that hard to make the switch. The TSIM server is configured for both http and https by default.

 

Let's take a look at what is involved in the configuration of http mode for the Remedy Server and TrueSight Presentation Server. Since these components go hand in hand, if you switch one to http, you will need to switch the other to http as well.

 

 

To configure Remedy SSO to use HTTP

 

Do the following:

 

    1. Log in to the Remedy SSO host computer, and navigate to the following directory:

        (Windows): <installationDirectory>\rsso\tomcat\conf

        (Linux): <installationDirectory>/rsso/tomcat/conf

 

    2. Edit the web.xml file, and comment the following section of code and save the file:

 

    The commented code lines:

   <!--

    <security-constraint>

         <web-resource-collection>

            <web-resource-name>Secure context</web-resource-name>

            <url-pattern>/*</url-pattern>

         </web-resource-collection>

         <user-data-constraint>

             <transport-guarantee>CONFIDENTIAL</transport-guarantee>

         </user-data-constraint>

    </security-constraint>

    -->

  3.  Edit the server.xml file, delete the redirectPort parameter from the following code line, and save the file:

http_conversion.png

The code line after deleting the redirectPort parameter:<Connector connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="2048" port="8088" protocol="HTTP/1.1"/>

 

    4.   Navigate to the <Remedy SSO Installation Directory>\rsso\bin directory, and restart the Remedy SSO server by running the following command

    • (Windows) rsso.bat server start
    • (Linux) ./rsso server start

 

 

To configure TrueSight Presentation Server to enable HTTP mode

 

Do the following:

 

  1. Log in to the Presentation Server host computer, and navigate to the following directory:
    • (Windows): <Presentation Server installation directory>\truesightpserver\modules\tomcat\conf
    • (Linux): <Presentation Server installation directory>/truesightpserver/modules/tomcat/conf
  2. In a text editor, edit the \web.xml file and comment out the security constraint section so that it reads as follows:

<!--

<security-constraint>

        <web-resource-collection>

            <web-resource-name>Secure context</web-resource-name>

            <url-pattern>/*</url-pattern>

            </web-resource-collection>

           

            <user-data-constraint>

            <transport-guarantee>CONFIDENTIAL</transport-guarantee>

            </user-data-constraint>

    </security-constraint>

-->

     3.  In a text editor, edit the <Presentation Server installation directory>\truesightpserver\modules\tomcat\conf\server.xml file:

          a. Modify the following line:

<Connector connectionTimeout="20000" enableLookups="false" port="80" protocol="HTTP/1.1" redirectPort="443"/>

     Then, remove the redirectPort information so that it reads as follows:

<Connector connectionTimeout="20000" enableLookups="false" port="80" protocol="HTTP/1.1" />

Note: The default port for Windows is 80 and Linux is 8080. If you specified a custom port during installation, enter that port number instead

         b. Comment out the following line so that it reads as follows:

<!-- <Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,
TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,
TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"
clientAuth="false" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json" compression="on" compressionMinSize="1024" keystoreFile="C:/Program Files/BMC Software/TrueSightPServer/truesightpserver/conf/secure/loginvault.ks" keystorePass="changeit" maxThreads="150" port="4435" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLSv1.2" useServerCipherSuitesOrder="true"/>
-->

  4.  From the <Presentation Server installation directory>\truesightpserver\truesightpserver\bin folder, use a command prompt to run the following command:

tssh properties set tspsPreferredWebServiceProtocol http

  5.  If you want to use the TrueSight console to deploy and install packages on a PATROL Agent, from the <Presentation Server installation directory>\truesightpserver\truesightpserver\bin folder, use a command prompt to run the following command:

tssh properties set server.port.websrv.protocol http

  6.  (Fresh installation only) In a text editor, edit the <Presentation Server installation directory>\truesightpserver\conf\ha\ha.conf file and add the following line:

ha.server.protocol=http

  7.  Restart the TrueSight Presentation Server

  8.  On each Infrastructure Management server connected to the TrueSight Presentation Server, add the following property to the <Infrastructure Management installation directory>\pw\custom\conf\pronet.conf file:

tsps.tsim.http.enabled=true

  9.  Restart each Infrastructure Management server that you changed.

 

For your TSIM servers, the default protocol for this connection to the Operator Console is HTTP. To log on using a secure HTTPS connection, click the link Switch to Secure Mode on the logon page. If you use HTTPS, Infrastructure Management encrypts the information relay from the Web interface for additional security. Secure connection mode is indicated by the text You are using a secure connection now.

 

Since TSIM handles both and will accept http by default, the option to set communication to https exists for the TSIM server(s).

 

Configuring the Apache web server to accept HTTPS connection only

 

If your site does not need a HTTP connection, follow these steps to reconfigure Apache.

To configure the Apache web server to accept HTTPS connections

 

    Access the appropriate directory for your operating system:

        (Windows) \pw\Apache\conf

        (Solaris or Linux) /usr/pw/apache/conf

    Save a copy of the httpd.conf file.

    Edit the httpd.conf file to comment out the 'Listen 80' line, so the line reads as '#Listen 80'.

    Restart httpd by running the following command:

    pw process restart httpd

 

Note: Switching Apache server from HTTP to HTTPS mode requires restarting the system.

 

All these details are documented in our product documentation:

 

Configuring the Presentation Server for non-secure (HTTP) mode1

11.3.01

11.0

10.7

10.5

 

 

Configuring the Apache web server to accept HTTPS connection only

11.3.01

11.0

10.7

10.5

 

AMIGO.jpg

 

Have you upgraded to 11.3.01 yet? What are you waiting for?

 

The BMC Assisted MIGration Offering, or AMIGO, is a program designed to assist our customers in planning and preparing for product upgrades from an older, to a newer supported version.  By engaging with BMC Technical Support Analysts, you will be provided with materials containing guidelines and best practices to aid in compiling your own upgrade plan.  An upgrade expert will then review your plan, and offer advice and suggestions to ensure success through proper planning and testing.

 

The AMIGO program consists of a Starter Phase and a Review Phase.  Each phase is initiated by opening a support case, and ends when the case is closed.

 

In the Starter Phase, an AMIGO Starter case is opened.  Reference material will be provided and a call with a Technical Support Analyst will take place to discuss the details of your upgrade, and address any questions you may have.  The AMIGO Starter case will be closed, and the next step will be for you to prepare a documented upgrade plan.

 

In the Review Phase, an AMIGO Review case is opened preferably two weeks prior to a set upgrade date.  A call will be scheduled with an upgrade expert to review your detailed plan, providing feedback and recommendations, along with answers to any outstanding questions.  As needed, a follow up discussion with a Technical Support Analyst may take place for feedback after the upgrade is performed.

 

The AMIGO program includes:

» A “Question and Answer” session before you upgrade

» A review of your upgrade plan with Customer Support

» An upgrade checklist

» Helpful tips and tricks for upgrade success from previous customer upgrades

» A follow-up session with Customer Support to let them know how it went. This will help BMC to enhance the process.

 

To get started, please review the details here:

https://docs.bmc.com/docs/TSOperations/113/amigo-checklist-for-truesight-operations-management-814553031.html

 

Then open a BMC Support issue containing your environment information (product, version, OS, etc.) and the planned date of the installation, if known. We will contact you promptly, and work with you to ensure a successful and timely outcome.

 

Computer.png

 

 

New Knowledge Added over the last month:  We strive to share our experiences in order to help others

 

000156330 How to set Patrol config variables automatically via CMA Policy

 

000156341 Running dataUpgrade.bat gives the error “Data upgrade failed! See the logs at DataUpgradeUtility/logs. Please contact BMC support!

 

000156343 Error 1001 occurred during processing of TSIM event <event_handle>: Evaluation of function tf_next_start(Production) failed

 

000156363 TSIM performance is very slow and jserver is consuming high levels of CPU when attempting to navigate through the GUI

 

000156512 TSPS 11.0 installation cannot connect to RSSO 18.05

 

000156725 Does TrueSight accept Rest API call credentials in plain text?

 

000156840 Messages from Global Thresholds do not have prop spacing

 

000156914 "java.rmi.server.ExportException: Port already in use: 0" seen in the TrueSight.log & the jserver process does not start

 

000157022 How can I turn off the 'Enable KPI' defaults in the Global Thresholds found under the Configuration options in the TrueSight Console?

 

000157171 Unable to add new Patrol Agent to BPPM Operation console, but it appears fine in the CMA console

 

Feedback.jpg

 

 

Looking for a previous blog posting? Find it here:  BMC TrueSight Pulse Blogs