You must configure the server-to-server Secure Sockets
Layer (SSL) if your secure environment has a remote common event infrastructure
(CEI) server for either queue-based or table-based event delivery,
or your dashboard server is not in the same cell as your IBM® Business Monitor server.
When server-to-server SSL is not configured, the monitor model deployment
fails at the CEI subscription step, or the IBM Business Monitor dashboards
are unable to retrieve data.
About this task
To configure cross-cell SSL, complete the following steps:
Procedure
- From the administrative console where IBM Business Monitor is
installed, click .
- Click the appropriate trust store.
- Under Additional properties, click Signer
certificates.
- Click Retrieve from port. The Configuration panel is displayed.
- Complete the following general properties fields:
- In the Host field, enter the
name of the host for the remote Process
Server or CEI server.
- In the Port field, enter the
SOAP port number for the remote Process
Server or CEI server.
- In the Alias field, enter an
appropriate alias; for example, enter CEI.
- Click Retrieve signer information.
- Click OK and save your changes
to the master configuration.
- From the navigation panel, click .
- For both Inbound and Outbound, ensure that the cell
SSL settings are configured to use the default cell SSL settings
and the default certificate alias under Specific SSL configuration
for this endpoint.
- For each node under the cell, ensure that the Override
inherited values check box is unchecked.
- Click OK and save your changes
to the master configuration.
- From the navigation panel, click . Under RMI/IIOP
security, click CSIv2 outbound communications.
- Click Trusted authentication realms - outbound.
- Select Trust realms as indicated below.
Click Add External Realm and add the realm
of the remote cell. Click Apply. To
obtain the realm of the remote cell, from the administrative console,
click . The realm name is listed under User
Account repository.
- Verify that the Use identity assertion setting
is enabled. See "Enabling identity assertion" in the related tasks
for more information about enabling this setting.
- Stop and restart all servers, node agents, and deployment
managers.
What to do next
You must repeat these steps on the remote CEI,
Process
Server,
WebSphere® Portal server, or
dashboard server administrative console using the host and SOAP port
of the
IBM Business Monitor server.