Discovery:  How do I deploy BMC Remedy Encryption Premium Security to a BMC Discovery Appliance?

Version 10
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Discovery


    COMPONENT:

    BMC Atrium Discovery and Dependency Mapping


    APPLIES TO:

    BMC Atrium Discovery and Dependency Mapping



    QUESTION:

    Question:

    The doc at https://docs.bmc.com/docs/display/disco102/System+communications says:

    "The encryption that comes with the AR Server is the Standard Encryption 512-bit public key/56-bit DES encryption on the wire. If a customer acquired the higher levels of Remedy Encryption (a separate product), then the customer could obtain either 1024-bit public key/128-bit RC4 or 2048-bit public key/2048-bit RC4 encryption."

    The documentation at https://docs.bmc.com/docs/display/public/ars81/Installing+encryption+on+non-BMC+Remedy+applications explains that modified AR libraries have to be deployed to client applications, such as ADDM, to use BMC Remedy Encryption.

    How do I deploy BMC Remedy Encryption Premium Security to an ADDM Appliance?


    ANSWER:

     

    Legacy ID:KA391351

    Instructions for ADDM/Discovery 10.2 and Later:

      
    Note: Make sure that access is available to the AR server from mid-tier as well as from AR client without any error.
     
    To deploy the "BMC Remedy Encryption Client" libraries to the ADDM client, perform the following.
     
    1) From the EPD site, download "BMC Remedy Encryption Premium Security" (required version) for Linux. The file name is PremiumSecurityLinux[version].tar.gz.

    2) Upload the file to a temp directory on the ADDM appliance. Use gunzip and tar to extract the "PremiumSecurity" directory and its contents.

    3) Create the directory "/usr/tideway/PremiumSecurity". Inside that directory, create the file "options.txt" containing the following lines:

    -P installLocation=/usr/local/PremiumSecurity
    -J ENCRYPTION_SYSTEM_JRE_PATH=/usr/local/java/jre
    -J DATAIMPORTTOOL_FOR_ENCRYPTION=true
      
    4) su - root

    5) Stop the ADDM services from the command line as user root:

        /sbin/service tideway stop

    6) Make /tmp executable, as follows:
    cd /etc
    vi fstab  (edit fstab)
    remove "noexec" option from the /tmp entry
    Save fstab file and exit the editor

    ## Now, remount /tmp to make the change effective:
    mount -o remount,exec /tmp
     
    7) Still as root, navigate to the temp directory created in step 2. From here, cd to PremiumSecurity/Disk1 and run the installer as follows:
     

    ./setup.bin -i silent -DOPTIONS_FILE=/usr/tideway/PremiumSecurity/options.txt
     
    Note: You must specify the full path to the option file you created in step 3.
     
    The installation process populates files including the following in directory /usr/local/PremiumSecurity:  
    Libraries: libarencrypt.so, libcrypto.so
    Java “JAR” files: jsafeJCEFIPS.jar, bcprov-jdk15-133.jar

     
    The installer copies 4 .so and 2 .jar files under /usr/local/PremiumSecurity/PremiumEncryption

    8) Modify the permissions of the .jar files below:
     

    The installer copies jsafeJCEFIPS.jar and bcprov-jdk*.jar normally under: /usr/local/java/jre/lib/ext
    You need to change their permissions to: rw-r--r—

    chmod 644 jsafeJCEFIPS.jar
    chmod 644 bcprov-jdk*.jar
     
    Also, the installer copies local_policy.jar and US_export_policy.jar to: /usr/local/java/jre/lib/security
     
    Follow the same procedure fir these policy files:
     
    chmod 644 local_policy.jar
    chmod 644 US_export_policy.jar

    9) Perform the following steps: 
      

     cp /usr/local/PremiumSecurity/PremiumEncryption/lib*.so /usr/tideway/java/integrations/lib
     cp /usr/local/PremiumSecurity/PremiumEncryption/ldap/*.so /usr/tideway/java/integrations/lib
     
    In order to verify the .so files that were copied, go to that directory (cd /usr/tideway/java/integrations/lib) and run $ ls -ltr , which will list the files according to the time/date they were modified.
     
    Once the new files are copied, their owner:group should be changed to tideway:tideway and permissions to 644, again using:
    $ chown tideway:tideway <filename.so> and: $ chmod 644 <filename.so>
     
    10) Exit root and reboot the appliance as tideway user:
     $ sudo reboot


      
    Instructions for ADDM/Discovery 10.1 and Earlier:
      
    (This earlier version uses the "java32" directory instead of "java")
      
    Note: Make sure that access is available to the AR server from mid-tier as well as from AR client without any error.
     
    To deploy the "BMC Remedy Encryption Client" libraries to the ADDM client, perform the following.
     
    1) From the EPD site, download "BMC Remedy Encryption Premium Security" (required version) for Linux. The file name is PremiumSecurityLinux[version].tar.gz.

    2) Upload the file to a temp directory on the ADDM appliance. Use gunzip and tar to extract the "PremiumSecurity" directory and its contents.

    3) Create the directory "/usr/tideway/PremiumSecurity". Inside that directory, create the file "options.txt" containing the following lines:

    -P installLocation=/usr/local/PremiumSecurity
    -J ENCRYPTION_SYSTEM_JRE_PATH=/usr/local/java32/jre
    -J DATAIMPORTTOOL_FOR_ENCRYPTION=true
      
    4) su - root

    5) Stop the ADDM services from the command line as user root:

        /sbin/service tideway stop

    6) Omit / Nothing to do for this step
     
    7) still as root,  navigate to the temp directory created in step 2. From here, cd to PremiumSecurity/Disk1 run the installer as follows:
     

    ./setup.bin -i silent -DOPTIONS_FILE=/usr/tideway/PremiumSecurity/options.txt

    Note: You must specify the full path to the option file you created in step 3.
     
    The installation process populates files including the following in directory /usr/local/PremiumSecurity:
    Libraries: libarencrypt.so, libcrypto.so
    Java “JAR” files: jsafeJCEFIPS.jar, bcprov-jdk15-133.jar
    These files will be used copied to their correct locations in the following steps

    8) Modify the permissions of the .jar files below:
     

    The installer copies jsafeJCEFIPS.jar and bcprov-jdk*.jar normally under: /usr/local/java/jre/lib/ext
    You need to change their permissions to: rw-r--r—

    chmod 644 jsafeJCEFIPS.jar
    chmod 644 bcprov-jdk*.jar
     
    Also, the installer copies local_policy.jar and US_export_policy.jar to: /usr/local/java/jre/lib/security
     
    Follow the same procedure fir these policy files:
     
    chmod 644 local_policy.jar
    chmod 644 US_export_policy.jar

    9) Perform the following steps: 
      

     cp /usr/local/PremiumSecurity/PremiumEncryption/lib*.so /usr/tideway/java/integrations/lib
     cp /usr/local/PremiumSecurity/PremiumEncryption/ldap/*.so /usr/tideway/java/integrations/lib
     
    In order to verify the .so files that were copied, go to that directory (cd /usr/tideway/java/integrations/lib) and run $ ls -ltr , which will list the files according to the time/date they were modified.
     
    Once the files were copied, their owner:group should be moved to tideway:tideway and permissions to 644, again using:
    $ chown tideway:tideway <filename.so> and: $ chmod 644 <filename.so>
     

    10) Exit root and reboot the appliance as tideway user:
     $ sudo reboot

     

     


    Article Number:

    000028313


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles