With the introduction of 9.x series there Lockbox security was created. This ensures secure communication between the Application Server, Device Server and the Report Server.
With the release of NCM 9.4.1 there is now the ability to switch between Advanced Security (Lockbox) to Standard Security (No Lockbox). Please follow the directions below to change them.
Switch from Standard Security to Advanced Security
1. Delete lockb.ekey file from NCMBase/data directory. (AS or CS setup)
2. Restart vcmaster services. (AS or CS setup)
Windows: NCMBase\bin\ncmmaster.pl restart
Linux: service vcmaster restart
3. If Device server or RA is deployed in different machines, delete existing lockb.ekey file from NCMBase/data directory
4. In Application Server m/c, add Device Server and RA hostnames to lockbox (lockb.clb) and copy it to respective machines under NCMBase/data directory.
Add distributed system hosts to the lockbox using the cstdriver utility:
./cstdriver -lockbox [Product directory]\data\lockb.clb -passphrase <passphrase> -addHost <FQDN of Report Advisor server>
./cstdriver -lockbox [Product directory]\data\lockb.clb -passphrase <passphrase> -addHost <FQDN of Device server>
5. Change permissions to root:cst (chown root:cst lockb.clb)
6. Restart vcmaster services in Device Server m/c and tomcat service in Report Advisor machine.
On the Device Server:
Windows: NCMBase\bin\ncmmaster.pl restart
Linux: service vcmaster restart
On the RA Server:
Windows: Restart tomcat service from Control Panel->Administrative Tools->services windows
Linux: service tomcat restart
Switch from Advanced Security to Standard Security
1. On the Combination Server m/c or Application Server m/c, create the ekey file by executing the following command:
NCMBase/bin/cstdriver -lockbox ../data/lockb.clb -passphrase <Passphrase> -createKeyFile2. Copy the lockb.ekey file from the NCMBase/bin directory to the NCMBase/data directory.
3. Change permissions to root:cst:
chown root:cst lockb.ekey
4. Restart vcmaster services.
Windows : NCMBase\bin\ncmmaster.pl restart
Linux : service vcmaster restart
5. If the Device server or RA is deployed on different machines, then copy the lockb.ekey file to the respective machines under the NCM Base\data directory.
6. Change permissions to root:cst (chown root:cst lockb.ekey)
7. Restart vcmaster services on Device Server m/c and tomcat service on RA machine.
On the Device Server:
Windows: NCMBase\bin\ncmmaster.pl restart
Linux: service vcmaster restart
On the RA Server:
Windows: Restart tomcat service from Control Panel->Administrative Tools->services windows
Linux: service tomcat restart