TIBCO FTL

The Data Server connects to TIBCO FTL using the TIBCO FTL API. The TIBCO FTL Server can be configured to run with transport encryption and additionally with username/password authentication. If transport encryption is enabled, follow the instructions in the TIBCO FTL Administration Guide to create a trust file (certificate), which by default is named ftl-trust.pem. Copy this file into your projects/rtview-server directory and import it into your JVM keystore with a command such as:

keytool -alias ftl -file ftl-trust.pem -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

In the RTView Configuration Application TIBCO FTL Connection dialog, use an https URL to connect to TIBCO FTL Servers with transport encryption enabled. If the TIBCO FTL server is configured with authentication, fill in the Username and Password fields. 

TIBCO ActiveMatrix

The Data Server connects to TIBCO ActiveMatrix either using TIBCO Hawk or via TIBCO Enterprise Monitor messages. See the TIBCO Hawk section for information about securing TIBCO Hawk connections. The EMS Server can be configured to require a user name and password that the user enters in the ActiveMatrix Add Connection dialog in the RTView Configuration Application when defining the connection to that EMS Server. Additionally, the EMS Server can be configured to use SSL. In this case, you must implement a subclass of the GmsRtViewJmsDsSSLHandler to return a map of the required SSL parameters per connection. This is described in the RTView Core documentation under RTView Data Sources→JMS Data Source → Application Options - JMS → JMS Connections Tab → JMS SSL Parameters.

TIBCO BusinessEvents

The Data Server connects to BusinessEvents using JMS. BusinessEvents does not support secure JMX connections.

TIBCO BusinessWorks 5

The Data Server connects to BusinessWorks 5 using TIBCO Hawk. See the TIBCO Hawk section for information about securing those connections. Additional server metrics can optionally be collected via JMX using the RTView Manager. See the TIBCO BusinessWorks 5 documentation for enabling JMX and securing it in your BusinessWorks engine. See the RTView Manager section in this document for information on making secure connections to JMX. For BWSE engines, RTView collects AMX Node data via JMS messages that are hosted on an EMS Server. The EMS Server can be configured to require a user name and password that you enter in the RTView Configuration Application when defining the connection to that server. Additionally, the EMS Server can be configured to use SSL. In this case, you must implement a subclass of the GmsRtViewJmsDsSSLHandler to return a map of the required SSL parameters per connection. This is described in the RTView Core documentation under under RTView Data Sources→JMS Data Source→Application Options - JMS→ JMS Connections Tab →JMS SSL Parameters.

TIBCO BusinessWorks 6

The Data Server connects to TIBCO BusinessWorks 6 either using TIBCO Hawk or via the OSGI plugin. See the TIBCO Hawk section for information about securing TIBCO Hawk connections. When using the OSGI plugin, data is sent via socket to the Data Server on port XX72. By default, this socket is not secure, but the data will be sent via secure socket if the Data Server is configured for SSL sockets.

TIBCO EMS Server

The Data Server connects to EMS Servers using TIBCO's TibjmsAdmin api. The EMS Server can be configured to require a user name and password that you enter in the RTView Configuration Application EMS Server Connection dialog when defining the connection to that EMS Server. Additionally, the EMS Server can be configured to use SSL. In this case, you must implement a subclass of the GmsRtViewTibJmsSSLHandler to return a map of the required SSL parameters per connection. This is described in the RTView Core documentation under RTView Data Sources→TIBCO EMS Administration Data Source → Application Options - TIBCO EMS → TIBCO EMS Servers Tab → TIBCO EMS Administration SSL Parameters.

TIBCO Hawk

TIBCO Hawk is used to gather metrics for both TIBCO BusinessWorks 5 (required) and TIBCO BusinessWorks 6. The Data Server connects to TIBCO Hawk via TIBCO's TIBHawkConsole api. The TIBCO Hawk installation may either be configured to run on a Rendezvous transport (rvd) or an EMS Transport. In the case of Rendezvous transports, no secure connection options are supported. In the case of EMS transports, the TIBCO Hawk agent can be configured to require a user name and password that you enter in the TIBCO Hawk Add Connection dialog in the RTView Configuration Application when adding a connection to that agent. The EMS transport can also be configured for SSL. In this case, you must implement a subclass of the GmsRtViewHawkCustomSSLHandler to return a map of the required SSL parameters per connection. This is described in the RTView Core documentation under RTView Data Sources→TIBCO Hawk Data Source → Application Options - TIBCO Hawk→ TIBCO Hawk SSL Parameters.

RTView Manager

The RTView Manager connects to processes via JMX. A process that opens a JMX port can be configured to require a user name and password that you enter in the RTView Manager Add Connection dialog in the RTView Configuration Application when defining the connection to that process. A process that opens a JMX port can also be configured to require SSL. To connect to SSL secured JMX, fill in the SSL Credentials section of SECURITY tab in the RTView Configuration Application with the appropriate values for your SSL configuration.  

RTView Processes

The Data Server, Data Collector, Historian and Display Server all open JMX ports for monitoring. By default, these jmx ports are unsecured, but they can be secured either by user name and password or by SSL. See the RTView Manager section in this document for instructions on connecting to secure JMX. To configure the JMX ports of the RTView processes to use SSL and/or username and password, go to the SECURITY tab in the RTView Configuration Application. Note that the start/stop/status_rtv scripts use JMX to communicate with the RTView processes. If you secure the JMX ports on the RTView processes, you will need to save arguments for use by the scripts in the Configuration Application SECURITY tab or pass additional arguments into the start/stop/status_rtv scripts.

To secure with user name and password, you will need a java password file. To secure with SSL, you will need a certificate, truststore, and keystore. These are described in the Oracle documentation: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html

Apache Kafka

The Data Server connects to Kafka via JMX. Kafka can be configured to require a user name and password that you enter in the Kafka Add Connection dialog in the RTView Configuration Application when defining the connection to that process. Kafka can also be configured to require SSL. To connect to SSL secured Kafka, fill in the SSL Credentials section of the SECURITY tab in the RTView Configuration Application with the appropriate values for your SSL configuration.

Node.js

This solution package does not currently support secure connections.

TIBCO ActiveSpaces

The Data Server connects to the ActiveSpaces Data Grid using TIBCO FTL. See the TIBCO FTL section for instructions on securing those connections.

Data Cache

The solution package is a data receiver. The application sending the data connects to the data server via http either directly or via the rtvpost servlet.  To secure the http port on the Data Server, enable https in the Data Server CUSTOM PROPERTIES tab as follows: 

name: sl.rtview.rtvhttp.usehttps
value: true
filter: collector

While the rtvpost servlet does not support authentication, Tomcat access filters can be used to restrict access.

Oracle Coherence

The Data Server connects to Oracle Coherence by either joining the cluster as a node (direct connection) or via querying MBeans using JMX. See the Oracle documentation for information on securing your cluster. When configuring RTView to connect as a node to a secure cluster, all necessary information is in the cluster config .xml file so no additional configuration is needed in the Data Server.

Alternately, you can configure the Coherence nodes to use secure JMX. Secure JMX support user authentication (user name and password) and SSL. See the Oracle documentation for information on how to configure secure JMX for your nodes. To connect via JMX to a node that has been secured via user authentication, include the user name and password in the jmxconn connection string. To connect via JMX to a node that has been secured via SSL, add the following properties to your rtview properties file replacing the values with the appropriate values for your truststore and keystore:

sl.rtview.jvm=-Djavax.net.ssl.keyStore=client_keystore.jks

sl.rtview.jvm=-Djavax.net.ssl.keyStorePassword=mypassword

sl.rtview.jvm=-Djavax.net.ssl.trustStore=client_truststore.jks

sl.rtview.jvm=-Djavax.net.ssl.trustStorePassword=mypassword

Oracle Enterprise Manager

This solution package does not currently support secure connections.

IBM MQ

The Data Server connects to IBM MQ via the IBM MQ java client libraries. IBM MQ can be secured via SSL. See the IBM MQ documentation for securing your database. To connect to an IBM MQ instance that has been secured via SSL, turn on the Do you want to connect using SSL? toggle in the IBM MQ Add Connection dialog in the RTView Configuration Application and fill in the certificate and cipher suite fields as appropriate for your configuration.

Docker

The Data Server acquires Docker data from cadvisor based agents which send data via http POST requests to the Data Server. The cadvisor agents post to http by default, which is unsecured. To post to https instead, modify the RTVHTTPURL variable in the rtvapm/dockermon/agents/cadvisor-rtview/cadvisor-rtview.sh script to use https instead of http in the url. To enable the Data Server to receive data via https, add the following to the CUSTOM PROPERTIES tab of the RTView Configuration Application:

Name: sl.rtview.rtvhttp.use_https

Value: true

Filter: collector

UserExperience

UXMON performs simulated transactions by means of the uxrobot process that sends metric data via socket to the Data Server on port XX72. By default, this socket is not secure, but the data will be sent via secure socket if the Data Server is configured for SSL sockets.

MongoDB

The Data Server connects to MongoDB via the MongoDB java client library. A MongoDB instance can be secured via user credentials, TLS, SSL or DNS Seedlist. See the MongoDB documentation for information on how to secure your MongoDB instance. Each security option has one or more corresponding parameters in the connection URI string. To connect to a secure MongoDB instance from RTView, use the appropriate connection string URI parameters in the MongoDB Connection URL field dialog in the RTView Configuration Application when defining the connection to that instance. Some example URI's for SSL and TLS secured instances:

use the ssl=true connection option in the connection string URI
mongodb://db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&ssl=true
or
use the tls=true connection option in the connection string URI
mongodb://db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&tls=true

TIBCO ActiveSpaces 2

The Data Server connects to TIBCO ActiveSpaces via the TIBCO ActiveSpaces java client library. See the TIBCO documentation for securing metaspaces and generating a security token file. To connect to a secure metaspace, turn on the Use Security Token option in the RTView Configuration Application TIBCO ActiveSpaces 2 Connection dialog, then fill in the Security Token File field along with any of the other fields in that section that apply to your metaspace security configuration.

Solace

The Data Server connects to cloud brokers via http and non-cloud brokers via the Solace API. See the Solace documentation for information on about securing your brokers. To connect to a secured cloud broker, enter the https URL in the Solace Connection dialog in the RTView Configuration Application. To connect to a secured non-cloud broker, turn on the SSL Connection toggle in the Solace Connection dialog in the RTView Configuration Application, then fill in the SSL credentials on the SECURITY tab in the RTView Configuration Application.