Secure Data Warehouse Server and Aggregation Server with SSL Encryption (HTTPS)

Once you have certificates and keys, you can configure SSL encryption (HTTPS). When you configure servers to use Secure Sockets Layer (SSL) encryption, this ensures that access to the server is secure and that data is protected.

This article provides details about how to secure user access to the Data Warehouse Server and Aggregation Server as well as how to secure communication between Aggregation Server and Agent.

Before you begin

To configure servers to use SSL, you must have an SSL certificate. How to generate the SSL certificate for Data Warehouse Server and Aggregation Server read here.

Procedure

  1. Step 1 If you deployed a Data Warehouse Server, configure it for HTTPS using the server-side Configuration Tool:
    1. a Stop the AternityPlatform service.

      Wait until the service has the status Stopped (not Stopping).

    2. b Make sure you have your enterprise's certificate. Learn more.
    3. c On that same computer, launch the Configuration Tool from the Start menu, by right-clicking it and selecting Run as administrator to start.

      When you create any Aternity server it adds the Configuration Tool.

    4. d Select Reconfigure Server and click Next until you reach the Web Server Configuration screen.
    5. e Configure the server for HTTPS.
      Secure SSL connections to this server
      Field Description
      HTTP or HTTPS

      Select HTTPS if you want any connection to this server to be via HTTPS.

      Tip

      To see the Aternity's system-wide security settings, view the security overview of all components.

      Port

      Enter the port required to receive data from the monitored devices. The default for HTTPS is 443.

      Custom keystore

      Enter the pathname of the system's keystore that contains the certificate for verifying Management Server's identity. Additional certificates may interfere with single sign-on processes.

      You must add your enterprise's certificate to the system's Java keystore file (.jks) using Java's keytool utility (see Aternity documentation for creating .jks).

      Custom keystore password

      Enter the password required to access the system's keystore file.

    6. f Select Next repeatedly until you reach the end of the wizard, leaving all other values unchanged.

      This process forces a restart of the Windows service for this Aternity server.

    7. g Start the AternityPlatform service.
  2. Step 2 If you deployed a single Aggregation Server, configure it for HTTPS using the server-side Configuration Tool:
    Secure your Aggregation Server
    1. a Stop the AternityPlatform service.

      Wait until the service has the status Stopped (not Stopping).

    2. b Make sure you have your enterprise's certificate. Learn more.
    3. c On that same computer, launch the Configuration Tool from the Start menu, by right-clicking it and selecting Run as administrator to start.

      When you create any Aternity server it adds the Configuration Tool.

    4. d Select Reconfigure Server and click Next until you reach the Web Server Configuration screen.
    5. e Configure the server for HTTPS.
      Secure SSL connections to this server
      Field Description
      HTTP or HTTPS

      Select HTTPS if you want any connection to this server to be via HTTPS.

      Tip

      To see the Aternity's system-wide security settings, view the security overview of all components.

      Port

      Enter the port required to receive data from the monitored devices. The default for HTTPS is 443.

      Custom keystore

      Enter the pathname of the system's keystore that contains the certificate for verifying Management Server's identity. Additional certificates may interfere with single sign-on processes.

      You must add your enterprise's certificate to the system's Java keystore file (.jks) using Java's keytool utility (see Aternity documentation for creating .jks).

      Custom keystore password

      Enter the password required to access the system's keystore file.

    6. f Select Next repeatedly until you reach the end of the wizard, leaving all other values unchanged.

      This process forces a restart of the Windows service for this Aternity server.

    7. g Start the AternityPlatform service.
  3. Step 3 If you deployed several Aggregation Servers with a load balancer (LB), install your enterprise's certificate on the load balancer (LB) and configure each one of them for HTTPS as explained in the previous step.

    For more information, on securing your LB, consult the vendor's documentation.

    Secure the load balancer if you have more than one Aggregation Server
  4. Step 4 If the access to Aggregation Server is secured, then configure the Agent setup to use a secured HTTPS connection, by specifying https:// in the address of the Aggregation Server in the Agent's setup parameters file.