IT Operations Management (ITOM)
Showing results for 
Search instead for 
Do you mean 

Transport Layer Security in OMi 10.10, Simplified Setup

Ian_Bromehead ‎05-12-2016 01:39 AM - edited ‎05-18-2016 11:55 PM

This blog post was created by and submitted for guest blogger Ian Glover (ian.glover@hpe.com), Technical Marketing Manager, HPE Operations Bridge.

The connection between the browser of a user and the OMi web server or load balancer clearly needs to be secure because of various reasons:

You don't want unauthorized personnel to have sight of where you have problems in your IT environment, which servers are down temporarily, which business services are impacted, as they might use this information for attacks.

OMi operators can run tools on business critical systems and of course whatever tools they use need to be protected as well, to avoid man-in-the-middle attacks.   

Therefore HTTPS using Transport Layer Security (TLS) was introduced early in OMi’s evolution.

However until the OMi 10.10 release the process of setting up TLS, covered in the Hardening section of the Administration Guide, consisted of a multitude of manual steps. Enabling this important functionality was seen as onerous and error prone.

Now there is a GUI based interface as part of the OMi Configuration Wizard which makes things a lot easier. The setup is accessed as the third option in the Wizard as follows:

Cert11.jpg

There is also the facility to deal with the situation where certificates have been issued by intermediate CAs.

If you do not have to use a certain CA to generate certificates, you can also use OMi’s own Certification Authority as seen here:

 

Cert2.jpg

As you can see, there is scope to customize the settings.

By using certificates for the OMi server you achieve the following

  • Encrypted communication
    • Encrypts the communication between the client and the server using a variety of ciphers.
  • Data integrity
    • Helps ensure that the information sent by one side over TLS is the same information received by the other side.

The last step – which is optional - is to configure the Client Certificate Authorization.

If this is used, then instead of logging in using their user name and password, OMi users have to authenticate using a certificate.

This can be configured at a web server or load balancer lever as appropriate.

Cert3.jpg

Here we can also set the revocation check method and the attribute used within the certificate to identify users.

In summary, use of Transport Layer Security (TLS) in OMi 10.10 provides, via its simple setup wizard:

  • Server authentication
    • Authentication of the OMi server/Load Balancer used for communication.
    • Encrypted communication
      • Encrypts the communication between the client and the server using a variety of ciphers.
    • Data integrity
      • Helps ensure that the information sent by one side over TLS is the same information received by the other side.
    • Optional Client authentication
      • Authentication of the client communicating with the OMi The client could be an application user or a data collector.
      • Smart card authentication (optional). In this case client certificates must be stored on smart cards

 

You can join us to get sneek peeks at some of our new OpsBridge capabilities in Berlin and learn more about evolving to OpsBridge from your peers who have already begun, as well our experts.

The HPE EMEA BSM Customer Forum in Berlin May 11-13th 2016 is now open to registrations Berlin

You can see more details in this blog and enroll here or click on the image below:

Berlin footer.jpg

 Try OMi now! OMi 10.10 comes pre-loaded with a number of Management Packs that you can try out without the hassle of getting management pack software or evaluation license.

Read more:

HPE Operations Bridge
HPE Live Network: Operations Bridge Evolution
HPE Live Network: Operations Manager i
HPE Live Network: OMi Management Pack development kit

You can also see demonstrations and find out more details of this and other features of our HPE Operations Bridge solution in our sessions and at our booths during HPE Discover Las Vegas. Click on the image below or here to register.

HPDiscover LV 16.jpg

 

0 Kudos
About the Author

Ian_Bromehead

Comments
ramesh9
on ‎06-10-2016 01:28 AM

Hi

Is there any possibility of generating certificates manually using command line.

Thanks
Ramesh Hari

Events
June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Apr 18, 2017
Houston, TX
HPE Tech Days - 2017
Follow a group of tech bloggers for a new HPE Tech Day, a full day of sessions about how to create a hybrid IT, from hyperconverged to Composable Infr...
Read more
View all
//Add this to "OnDomLoad" event