You must configure the server-to-server Secure Sockets
Layer (SSL) if your secure environment has a remote event source or
if your dashboard server is not in the same cell as your IBM® Business Monitor server.
When server-to-server SSL is not configured, the monitor model deployment
fails or the IBM Business Monitor dashboards
are unable to retrieve data.
About this task
This procedure applies when the configuration between cells
uses Remote Method Invocation (RMI).
Important: CEI is
deprecated in IBM Business Monitor V8.5.5
and later. This procedure does not apply to a remote Business Monitor
event source (table-based event delivery) in an IBM Business Monitor cell
or an IBM Business Process Manager cell. The configuration between
the cells in such an environment uses a REST service and not the server-to-server
RMI.
Procedure
To configure cross-cell SSL, complete the following steps:
- From the administrative console where IBM Business Monitor is
installed, click .
- Click the appropriate trust store.
- Under Additional properties, click Signer
certificates.
- Click Retrieve from port. The Configuration panel is displayed.
- Complete the following general properties fields:
- In the Host field, enter the
name of the host for the remote Process Server or CEI server.
- In the Port field, enter the
SOAP port number for the remote Process Server or CEI server.
- In the Alias field, enter an
appropriate alias; for example, enter Remote.
- Click Retrieve signer information.
- Click OK and save your changes
to the master configuration.
- From the navigation panel, click .
- For both inbound and outbound, ensure that the cell
SSL settings are configured to use the default SSL settings and the
default certificate alias under Specific SSL configuration
for this endpoint.
- For each node under the cell, ensure that the Override
inherited values check box is cleared.
- Click OK and save your changes
to the master configuration.
- From the navigation panel, click . Under RMI/IIOP
security, click CSIv2 outbound communications.
- Click Trusted authentication realms - outbound.
- Select Trust realms as indicated below.
Click Add external realm and add the realm
of the remote cell. Click Apply. To
obtain the realm of the remote cell, from the administrative console,
click . The realm name is listed under User
account repository.
- Verify that the Use identity assertion setting
is enabled.
- Stop and restart all servers, node agents, and deployment
managers.
What to do next
You must repeat these steps on the remote CEI event source,
Process Server,
WebSphere® Portal server, or
dashboard server administrative console using the host and SOAP port
of the
IBM Business Monitor server.