eAC 12.5 - Configure Enterprise Management to listen on a specific interface in a multihome environment

book

Article ID: 52192

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Description:

By default, the JBoss installed with AC Enterprise Management 12.5 listens universally on 0.0.0.0. However, the Enterprise Management and Distribution Server components can be modified so they listen on a specific interface.

Solution:

First, shut down JBoss service and Access Control services if they are running.

Open the file JBossDir\bin\run.bat.

Locate: 

     org.jboss.Main %* -b 0.0.0.0
Change this to the following, replacing 192.168.72.128 with your own IP address: 
     org.jboss.Main %* -b 192.168.72.128

In JBossDir\server\default\deploy\IdentityMinder.ear\config\workpoint-client.properties

Change:

     java.naming.provider.url=localhost:11099
to: 
     java.naming.provider.url=192.168.72.128:11099

To force the DistributionServer (aka ReportServer) to listen on a specific interface as well:

Modify CADir\AccessControlServer\MessageQueue\tibco\ems\bin\tibemsd.conf to adjust TIBCO's listening port:

Change: 

     listen = ssl://7243
to: 
     listen = ssl://192.168.72.128:7243

Modify JBossDir\server\default\deploy\jms\tibcoems-service.xml to adjust JBoss:

Change: 

     java.naming.provider.url=tibjmsnaming://localhost:7243
to: 
     java.naming.provider.url=tibjmsnaming://192.168.72.128:7243

Also change: 

     <attribute name="ToName">tibjmsnaming://localhost:7243/SSLXAQueueConnectionFactory</attribute>
to: 
     <attribute name="ToName">tibjmsnaming://192.168.72.128:7243/SSLXAQueueConnectionFactory</attribute>

Finally, restart JBoss and the AC Web Service (eACWS). It should now only be accessible via the interface with the specified IP.

Environment

Release:
Component: SEOSWG
Powered by Wolken Software