eAC 12.5 - Configure Enterprise Management to listen on a specific interface in a multihome environment

Article Id: 52192

Status: Published

Updated On: 21-03-2018 06:15

Legacy Id: TEC511646

Products:

CA Virtual Privilege Manager , CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction:

Description:

By default, the JBoss installed with AC Enterprise Management 12.5 listens universally on 0.0.0.0. However, the Enterprise Management and Distribution Server components can be modified so they listen on a specific interface.

Solution:

First, shut down JBoss service and Access Control services if they are running.

Open the file JBossDir\bin\run.bat.

Locate:

     org.jboss.Main %* -b 0.0.0.0

Change this to the following, replacing 192.168.72.128 with your own IP address:

     org.jboss.Main %* -b 192.168.72.128

In JBossDir\server\default\deploy\IdentityMinder.ear\config\workpoint-client.properties

Change:

     java.naming.provider.url=localhost:11099

to:

     java.naming.provider.url=192.168.72.128:11099

To force the DistributionServer (aka ReportServer) to listen on a specific interface as well:

Modify CADir\AccessControlServer\MessageQueue\tibco\ems\bin\tibemsd.conf to adjust TIBCO's listening port:

Change:

     listen = ssl://7243

to:

     listen = ssl://192.168.72.128:7243

Modify JBossDir\server\default\deploy\jms\tibcoems-service.xml to adjust JBoss:

Change:

     java.naming.provider.url=tibjmsnaming://localhost:7243

to:

     java.naming.provider.url=tibjmsnaming://192.168.72.128:7243

Also change:

     <attribute name="ToName">tibjmsnaming://localhost:7243/SSLXAQueueConnectionFactory</attribute>

to:

     <attribute name="ToName">tibjmsnaming://192.168.72.128:7243/SSLXAQueueConnectionFactory</attribute>

Finally, restart JBoss and the AC Web Service (eACWS). It should now only be accessible via the interface with the specified IP.

Environment:

Release:
Component: SEOSWG