Configuring an ObserveIT Windows Agent to Use SSL/TLS
After obtaining the digital certificate and configuring the ObserveIT Application Server to require usage of SSL/TLS, you need to configure the ObserveIT Agent to use SSL/TLS when communicating with the ObserveIT Application Server. This procedure is performed on all the servers on which the ObserveIT Agent is installed.
The following instructions apply to ObserveIT Agents that are deployed on Windows-based operating systems. For instructions on how to secure traffic on Unix/Linux-based platforms, see Configuring a Unix Linux Agent to Use SSL.
When deploying the ObserveIT Agent, you can use a manual installation method, or an automated one.
New ObserveIT Agent Installations
To configure the ObserveIT Agent to use SSL/TLS in a new installation
-
In the Server Configuration screen of the Agent installation process, specify a URL to the ObserveIT Application Server, the one with which the Agent will communicate.
Set the Type field to https.
Specify the server's FQDN in the Server Name field
If a non-default HTTPS port is used, specify it in the Port field
The Application Server that the Agent communicates with must be identified by an FQDN (Fully Qualified Domain Name). The URL should be in the format: HTTPS://<FQDN>/ObserveITApplicationServer.
ObserveIT default installations use TCP port 4884 for the Agent-to-Application Server communication. However, as soon as you enable SSL/TLS, the default port will be 443. You can use a different port for the SSL/TLS traffic. If you change the port from 443 to a different port number, make sure that this change is reflected in the URL by adding a ":port_number" to the URL.
For example, HTTPS://FQDN:port_number/ObserveITApplicationServer.Make sure that the server or computer that is running the ObserveIT Agent trusts the source of the digital certificate. Also make sure that the ObserveIT Application Server FQDN exactly matches the FQDN entered in the digital certificate, so that the Agent can initiate a secure channel connection to the Application Server
Existing ObserveIT Agent Installations
In existing ObserveIT Agent installations, when configuring SSL/TLS traffic between the ObserveIT Application Server and ObserveIT Agents, you must make changes in the ObserveIT Database, which will propagate to the existing ObserveIT Agents, and will configure them to use SSL/TLS when communicating with the ObserveIT Application Server.
To make changes to the ObserveIT Database for enabling SSL/TLS on the Agents
-
Run the following script in the SQL Server Query Analyzer or Management Studio (depending on the version of SQL Server you are using):
Use ObserveIT UPDATE dbo.ServerConfiguration SET PropertyValue = 'NEW_APP_SERVER_URL' WHERE PropertyId = 4 AND PropertyValue = 'OLD_APP_SERVER_URL'
For example:
Use ObserveIT
UPDATE dbo.ServerConfiguration
SET PropertyValue = 'https://oitsrv1.oit-demo.local:10443/ObserveITApplication'
WHERE PropertyId = 4
AND PropertyValue = 'http://oit-srv1.oit-demo.local:4884/ObserveITApplication'
-
To check the PropertyValue value, run the following query:
Use ObserveIT select * from dbo.ServerConfiguration WHERE PropertyId = 4
OLD_APP_SERVER_URL is the old ObserveIT Application Server URL in the format: HTTP://FQDN/ObserveITApplicationServer (PropertyValue is taken from the selected query) and NEW_APP_SERVER_URL is the new ObserveIT Application Server URL in the format: HTTPS://FQDN/ObserveITApplicationServer.
Related Topics: