Requirements for a vertical scaling and required SSL implementation

This configuration is intended for customers who:

  • Want to maximize the number of client connections supported on a single host
  • Have a host with enough system resources to manage all concurrent client connections
  • Want to specify the communications ports the Service Manager implementation uses
  • Want to require SSL encryption for all connections
  • Want to protect against complex SSL-related attacks
  • Want to authenticate that the HPE Service Manager server is a valid host
Number of Service Manager hosts required
This implementation requires the following number of hosts.
1
Certificates required
You must create or obtain the following certificates for SSL encryption.
  • Certificate authority certificate
  • Keystore containing the certificate authority's certificate
  • HPE Service Manager host certificate
Private keys required
You must create or obtain the following private keys for SSL encryption.
  • Certificate authority's private key *
  • HPE Service Manager host private key
* This key is only necessary if you are managing your own private certificate authority.
Parameters required in sm.cfg
You must set the following configuration parameters.
sm -loadbalancer -httpPort:<value>
sm -httpPort:<value> - httpsPort:<value>
sm -httpPort:<value> - httpsPort:<value>
  • loadbalancer – creates a special servlet container process to route client connection requests to other available servlet container processes
  • httpPort – identify the communications port that a servlet container process uses to communicate with clients using HTTP
  • httpsPort – identify the communications port that a servlet container process uses to communicate with clients using HTTPS
Parameters required in sm.ini
You must set the following initialization parameters.
  • cacertpem – identify the certificate authority's certificate
  • certpem – identify the HPE Service Manager host's certificate
  • pkpem – identify the HPE Service Manager host's private key
  • pkpempass – identify the password for the HPE Service Manager host's private key
  • ssl:1
  • sessiontimeout – define the number of minutes a client connection can remain unresponsive before the server closes the connection.
  • threadsperprocess – identify the total number of threads the servlet container process supports
    The recommend maximum value for the parameter threadsperprocess is 60. Usually the value of this parameter should be below 50.
Parameters required in web.xml
You must set the following Web parameters.
  • cacerts – identify the keystore containing the certificate authority's certificate
  • serverHost – identify the host name of the Service Manager host
  • serverPort – identify the communications port on which the Service Manager host listens for client connections requests
Windows client preferences required
You must set the following preferences from the Connection menu.
  • Server host name – identify the host name of the Service Manager host
  • Server port number – identify the communications port on which the Service Manager host listens for client connections requests
You must set the following preference from the Window > Preferences > HPE Service Manager > Security menu.
  • CA certificates file – identify the keystore containing the host's certificate authority certificate
Other requirements
You must do the following additional steps to ensure that HPE Service Manager can use your private certificates.
  • Add the certificate authority's certificate to one or more key stores that your Web and Windows clients can access
  • Ensure that the HPE Service Manager server's host name matches the common name (CN) listed in the host's signed certificate