Use > JMX Reference > Hardening Methods > How to Configure the Universal CMDB Server with Confidential Manager

How to Configure the Universal CMDB Server with Confidential Manager

When working with Universal CMDB, you should configure the secret and crypto-properties of the encryption, using the following JMX methods:

  1. On the Universal CMDB Server machine, launch the Web browser and enter the Server address, as follows: https://<UCMDB Server Host Name or IP>:8443/jmx-console.

    You may have to log in with a user name and password.

  2. Under UCMDB, click UCMDB:service=Security Services to open the Operations page.
  3. To retrieve the current configuration, locate the CMGetConfiguration operation.

    Click Invoke to display the Confidential Manager server configuration XML file.

  4. To make changes to the configuration, copy the XML that you invoked in the previous step to a text editor. Make changes according to the table in Encryption Properties.

    Locate the CMSetConfiguration operation. Copy the updated configuration into the Value box and click Invoke. The new configuration is written to the UCMDB Server.

  5. To add users to Confidential Manager for authorization and replication, locate the CMAddUser operation. This process is also useful in the replication process. In replication, the server slave should communicate with the server master, using a privileged user.

    • username. The user name.
    • customer. The default is ALL_CUSTOMERS.
    • resource. The resource name. The default is ROOT_FOLDER.
    • permission. Choose between ALL_PERMISSIONS, CREATE, READ, UPDATE, and DELETE. The default is ALL_PERMISSIONS.
  6. Click Invoke.

  1. If necessary, restart Universal CMDB.

    In most cases there is no need to restart the Server. You may need to restart the Server when changing one of the following resources:

    • Storage type
    • Database table name or column names
    • The creator of the database connection
    • The connection properties to the database (that is, URL, user, password, driver class name)
    • Database type

Note  

  • It is important that the UCMDB Server and its clients have the same transport crypto-properties. If these properties are changed on the UCMDB Server, you must change them on all clients. (This is not relevant for the Data Flow Probe because it runs on the same process as the UCMDB Server—that is, there is no need for the Transport crypto-configuration.)

  • Confidential Manager Replication is not configured by default, and can be configured if needed.

  • If Confidential Manager Replication is enabled, and the Transportation initString or any other crypto-property of the master changes, all slaves must adopt the changes.