Securing Monitoring Gateway Services

To secure an FTL monitoring gateway service (tibmongateway process), complete this task.

Prerequisites

All realm servers must be secure.

The enterprise authentication system must define user names and associate them with appropriate FTL authorization groups.

Secure realm servers automatically use secure transports for the stream of monitoring data.

Procedure

Example Command Line

tibmongateway
               --realmserver https://rs-host:7000
               --password-file mon-gw-creds.txt
               --trust-file ftl-trust.pem
               --influx-server https://influx-host:8086
               --influx-trust-file inflx.pem

  1. Connect only to secure realm servers using HTTPS.
    When you supply the --realmserver parameter on the gateway command line, specify a URL with HTTPS protocol.
  2. Arrange authentication credentials to the realm server.
    Supply the location of the gateway's credentials as the value of the --password-file parameter on the gateway command line. Ensure that this file is protected from unauthorized access.

    The user name in the file must be in the authorization group ftl.

    For further details, see "Monitoring Gateway Command Line Reference (tibmongateway)" in TIBCO FTL Monitoring.

    For file syntax, see "Password File" in TIBCO FTL Administration.

  3. Arrange trust in the realm servers.
    Arrange access to a copy of the realm server trust file.

    Supply the file location as the value of the --trust-file parameter on the gateway command line.

    For further details, see "Trust File" in TIBCO FTL Administration.

  4. Connect to the InfluxDB server.
    Supply a URL with HTTPS as the protocol.
  5. Arrange trust in the InfluxDB server.
    Arrange access to a copy of the InfluxDB server public certificate file.

    Supply the file location as the value of the --certificate parameter on the gateway command line.