Securing Monitoring Gateway Services

To secure an FTL monitoring gateway service (tibmongateway process), complete this task.

Before you beginAll FTL servers must be secure.

The enterprise authentication system must define user names and associate them with appropriate FTL authorization groups.

Secure realm servers automatically use secure transports for the stream of monitoring data.

Procedure

Example Command Line

tibmongateway
               --ftlserver https://ftl1:8585|https://ftl2:8585|https://ftl3:8585
               --password-file mon-gw-creds.txt
               --ftlserver-trust-file ftl-trust.pem
               --influx-server https://influx-host:8086
               --influx-trust-file inflx.pem

Connect only to secure FTL servers using HTTPS.
When you supply the --ftlserver parameter on the gateway command line, specify a URL with HTTPS protocol.
Arrange authentication credentials to the FTL server.
Supply the location of the gateway's credentials as the value of the --password-file parameter on the gateway command line. Ensure that this file is protected from unauthorized access.
The user name in the file must be in the authorization group ftl.
For further details, see "Monitoring Gateway Command Line Reference (tibmongateway)" in TIBCO FTL Monitoring.
For file syntax, see "Password File" in TIBCO FTL Administration.
Arrange trust in the FTL servers.
Arrange access to a copy of the FTL server trust file.
Supply the file location as the value of the --ftlserver-trust-file parameter on the gateway command line.
For further details, see "Trust File" in TIBCO FTL Administration.
Connect to the InfluxDB server.
Supply a URL with HTTPS as the protocol as the value of the --influx-server parameter on the gateway command line.
Arrange trust in the InfluxDB server.
Arrange access to a copy of the InfluxDB server public certificate file.
Supply the file location as the value of the --influx-trust-file parameter on the gateway command line.

Did you find this helpful?

Yes No