Secure communication methods required by DX NetOps r21.2.x releases
search cancel

Secure communication methods required by DX NetOps r21.2.x releases

book

Article ID: 218284

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Most of our environment is configured with SSL/HTTPS for the web UI portal users access.

When upgrading to new more secure DX NetOps Performance Management (PM) releases what secure communication methods are required?

Does the upgrade force the use of SSL configurations? Does it do it for:

  • PM Performance Center (PC) web UI Portal
  • Data Aggregator and it's ActiveMQ service
  • Data Collector(s) and it's ActiveMQ service
  • DX NetOps Spectrum OneClick web server

Does the upgrade of a Spectrum (SSL enabled) OneClick server require the use of Secure CORBA ports for PC to Spectrum integration functionality?

Environment

All supported DX NetOps Performance Management (PM) r21.2.x releases

Resolution

 
  • Anything using HTTP pre-upgrade, can continue to use it post upgrade if that's the path chosen.
  • We strongly recommend configuring SSL/HTTPS for all components to enhance security. But it's not a requirement.
  • The only implications for SSL/HTTPS configurations for the 21.2 upgrade is systems that are already configured to use it.
  • No port changes are required with one exception:
    • If deciding to convert to HTTPS for CAMM/VNA/DA. See documentation for more information.
  • Authorization is already required for VNA and DA.
  • CAMM already had authorization for UI access, as well as authorization to deploy DPs into PC/DA.
  • Spectrum configurations for HTTPS are the same in r21.2.1.
  • If the DX NetOps PC Portal and/or DX NetOps Spectrum are currently using HTTPS, they will continue when moving to r21.2.1.
  • Secure CORBA is not required but recommended same as HTTPS for all parts of NetOps that support them. This includes HTTPS in PM and Spectrum components, and CORBA for Spectrum components that support it.
  • To be as secure as possible all Data Sources should be HTTPS
    • DA and AMQ, DC and AMQ, and PC using SSL
    • Spectrum is secure CORBA and/or SSL depending on system.
    • MySql is already using SSL between apps and mysql DB.
  • The only issue is if already set up for HTTPS on FT DA's.
    • If FT DA is HTTPS already, we backup the files and the changes must be reapplied post upgrade.
    • Also we must manually backup proxy HTTPS configurations, then restore them post upgrade.
    • That's from 20.2.8+ to 21.2.1. Anything 20.2.7 and earlier would require reverting from HTTPS back to HTTP, then upgrade and then post upgrade reconfigure HTTPS.

Additional Information

DX NetOps Performance Management r21.2 documentation

Powered by Wolken Software