Administer > Configuring installation and setup options > Server implementation options > Vertical scaling and required SSL implementation > Example: Setting up a vertical scaling and required SSL implementation

Example: Setting up a vertical scaling and required SSL implementation

The following example describes how to set up a vertical scaling and required SSL implementation that accomplishes the following:

  • Maximizes the number of client connections supported on a single host
  • Allows an administrator to specify the communications ports the HPE Service Manager implementation uses
  • Require SSL encryption for all connections
  • Protects against complex SSL-related attacks
  • Authenticates that the Service Manager server is a valid host

You can use this example to configure the implementation depicted in the Vertical scaling and required SSL implementation diagram.

  1. Install Service Manager on one host. For example: myserver1.
  2. Log in to the operating system of the Service Manager server host and change directories to the Service Manager RUN folder. For example: 
    C:\Program Files\HPE\Service Manager x.xx\Server\RUN
  3. Open the Service Manager configuration file (sm.cfg or smstart) in a text editor.
  4. Add the following lines: 
    sm -loadBalancer -httpPort:13080
sm -httpPort:13081 -httpsPort:13082
sm -httpPort:13083 -httpsPort:13084
    • The loadBalancer parameter creates a special servlet container process to route client connection requests to other available servlet container processes. A vertical scaling implementation only needs one load balancer.
    • The httpPort:13080 parameter specifies that the load balancer process listens to client connection requests on HTTP port 13080. This communications port must be unique across all hosts that you want to join the Service Manager virtual group.
    • The httpPort:13081 parameter specifies that the servlet container process listens to client connection requests on HTTP port 13081. This communications port must be unique on the host on which you start the servlet container.
    • The httpsPort:13082 parameter specifies that the servlet container process listens to client connection requests on HTTPS port 13082. This communications port must be unique on the host on which you start the servlet container.
    • The httpPort:13083 parameter specifies that the servlet container process listens to client connection requests on HTTP port 13083. This communications port must be unique on the host on which you start the servlet container.
    • The httpsPort:13084 parameter specifies that the servlet container process listens to client connection requests on HTTPS port 13084. This communications port must be unique on the host on which you start the servlet container.
  5. Save the Service Manager configuration file.
  6. Open the Service Manager initialization file (sm.ini) in a text editor.
  7. Add the RDBMS connection settings. For example: 
    [oracle10]
sqldb:ora102
sqllogin:sm7user/password
sqllibrary:SQORACLE.OCI10.DLL
sqldictionary:oracle10
  8. Add the following lines: 
    threadsperprocess:50
sessiontimeout:3
truststoreFile:cacert.keystore
truststorePass:<cacert password>
keystoreFile:scserver.keystore
keystorePass:<server certificate password>
ssl:1
    • The threadsperprocess:50 parameter defines the number of threads each process supports. A value of 50 threads assumes that the Service Manager host has the minimum recommended system memory available for servlet container processes.
    • The sessiontimeout:3 parameter defines the number of minutes that the client connection can remain unresponsive before the server closes the connection. A value of 3 minutes assumes that most network latency issues are quickly and easily resolved.
    • The truststoreFile:cacert.keystore parameter defines the file name and path to the keystore containing a list of trusted CA certificates. This value assumes you are using the default trust store file provided in the Service Manager server's RUN folder. This parameter must not be encrypted with the new initialization parameter encryption feature or the Java components will not be able to find the trust store file.
    • The truststorePass:<cacert password> parameter specifies the password to the trust store file. This parameter must not be encrypted with the new initialization parameter encryption feature or the Java components will not be able to read the password value.
    • The keystoreFile:scserver.keystore parameter defines the file name and path to the keystore containing the server's certificate file and private key. This value assumes you are using the default trust store file provided in the Service Manager server's RUN folder. This parameter must not be encrypted with the new initialization parameter encryption feature or the Java components will not be able to find the keystore file.
    • The keystorePass:<server certificate password> parameter specifies the password to the keystore file. This parameter must not be encrypted with the new initialization parameter encryption feature or the Java components will not be able to read the password value.
    • The ssl:1 parameter requires the Service Manager server to use a signed server certificate for SSL-encryption of all client-server communications. Each client connection validates the server's certificate against the signing certificate authority. You must also use the keystoreFile and keystorePass parameters to define the location of the server certificate and private key.
  9. Save the Service Manager initialization file.
  10. Start the Service Manager server.
  11. Log in to the operating system of the HPE Service Manager Web tier host and change directories to the HPE Service Manager WEB-INF folder. For example: 
    <Tomcat>\webapps\webtier_x.xx\WEB-INF
  12. Open the Web configuration file (web.xml) in a text editor.
  13. Set the following parameter values:
    ParameterDefault valueDescription
    secureLogintrue

    Controls the encryption of network communication between the web application server and the web browser. Set it to false if you do not use Secure Sockets Layer (SSL) connections to the web server.

    Note: To use secure login, you must enable SSL on your web application server. For details, refer to your web application server documentation.

    sslPort8443This parameter is needed only when secureLogin is set to true. Set it to the SSL port of the web application server.
    serverHostlocalhostSpecifies the name of the Service Manager host server.
    serverPort13080Specifies the communications port number to which the Service Manager server listens.
    ...
<context-param>
  <param-name>secureLogin</param-name>
  <param-value>true</param-value>
</context-param>
<context-param>
  <param-name>sslPort</param-name>
  <param-value>8443</param-value>
</context-param>
...
  <param-name>serverHost</param-name>
  <param-value>myserver1</param-value>
</init-param>
<init-param>
  <param-name>serverPort</param-name>
  <param-value>13080</param-value>
</init-param>
  14. Save the Web configuration file.
  15. Start the Service Manager Web tier.
  16. Open Service Manager Windows clients and set the Service Manager host name and communication port values:

    FieldValue
    Server host namemyserver1
    Server port number13080
    CA certificates fileC:\Program Files\HPE\ Service Manager x.xx\Client\plugins\com.hp.ov.sm.client.common_x.xx\cacerts
  17. Connect to the Service Manager host.
ClosedClick here to show or hide links to related topics.

Related concepts

Example: Enabling required SSL encryption
Server implementation options
Servlet implementation
Servlet implementation options
Vertical scaling and required SSL implementation

Related references

Vertical scaling and required SSL implementation diagram
Requirements for required SSL encryption
Requirements for a vertical scaling and required SSL implementation

Send Help Center feedback