Security Tab

All RTView processes (Data Server, Historian, Display Server) open JMX ports for monitoring which, by default, are not secured. The Security tab allows you secure these ports as well as specify credentials needed to connect to SSL secured servers from RTView's Solution Packages.

SSL Credentials

This region allows you to specify the path to the Truststore and Keystore files (and their associated passwords) that contain the SSL credentials needed to secure the RTView JMX Ports and/or access any SSL secured servers associated with RTView’s Solution Packages. This is required if the Secure with SSL option is enabled (see below for details).

Securing RTView JMX Ports

This region provides a couple of options for securing the JMX ports that are opened by the RTView processes: Secure with SSL and/or Secure with Username and Password.

Secure with SSL

When toggled on, this option secures the JMX ports for the RTView processes with SSL. When the JMX ports are SSL secured, an SSL handshake is performed between the client and the server when the client attempts to connect. For this handshake, the client must provide a certificate the server trusts, and the server must provide a certificate the client trusts. A Keystore file contains the application's certificate and private key and a Truststore file contains the application's trusted certificates. These files are created by running the Java keytool on the command line. When this option is enabled, you must specify the path to the server's Truststore and Keystore files (and their associated passwords) in the SSL Credentials region (see above).

The start_server, stop_server, and status_server scripts are all connected to the JMX Ports of the RTView processes to execute operations and get status. If the JMX ports have been secured with SSL, these scripts need the path and passwords for the truststore and keystore files containing the client credentials in order to connect. You can either pass these in on the command line each time you run (-sslkeystore:clientkeystore.jks -sslkeystorepass:clientkeystorepass -ssltruststore:clienttruststore.jks -ssltruststorepass:clienttruststorepass) or you can fill in the fields under SSL Credentials for RTView Scripts.

The RTView Manager application also connects to the JMX Ports of the RTVeiw processes in order to monitor them. If you are using the RTView Manager and the JMX ports have been secured with SSL, you must fill in the SSL Credentials on the Security tab of the RTView Manager Configuration Application to specify the path the truststore and keystore files containing the client credentials.

Secure with Username and Password

This region allows you to secure the JMX ports for RTView processes, which would then require using a specific username/password to gain access. If this option is enabled, you must specify the path to the password file containing all valid user names and passwords.

The start_server, stop_server, and status_server scripts are all connected to the JMX Ports of the RTView processes to execute operations and get status. If the JMX ports have been secured with a username and password, the scripts need a valid user name and password in order to connect. You can either pass these into the command line each time you run (-jmxuser:userName -jmxpass:myPassword) or you can fill in the Username and Password Credentials and enable the Use for Scripts toggle.

The RTView Manager application also connects to the JMX Ports of the RTVeiw processes in order to monitor them. If you are using the RTView Manager in RTViewCentral and the JMX ports have been secured with username and password, you must fill in the Username and Password Credentials that the RTView Manager should use to connect. If you are using the RTView Manager in a deliverable other than RTViewCentral, you will need to fill in the user name and password in the connection to this RTViewDataServer in the RTView Manager Configuration Application.

 

 

The Security tab has the following fields:

SSL Credentials

Truststore

Enter the directory path to the truststore file and click the associated SET PASSWORD button to define the password required to access the file.

 

Keystore

Enter the directory path to the keystore file and click the associated SET PASSWORD button to define the password required to access the file.

Secure with SSL

Enabling this toggle locks the JMX ports for the RTView processes (DataServer and Historian, for example). You must specify the path to the Truststore and Keystore files (and their associated passwords) in the SSL Credentials region (see above) when selecting this toggle.

 

This option also locks the JMX ports used when the start_server, stop_server, and status_server scripts are run. Though not required, you can enter the path to the truststore and keystore files in the associated Client Truststore and Client Keystore fields (as well as their passwords) to avoid having to enter the keystore and truststore names and passwords on the command line when using the start_server, stop_server, and status_server scripts.

 

SSL Credentials for RTView Scripts

The start_server, stop_server, and status_server scripts connect to the RTView processes using JMX. You can either save the Client Truststore and Client Keystore properties here for use by the scripts or you can pass them in on the command line each time you execute those scripts.
For example, start_server.sh -sslkeystore:clientkeystore.jks -sslkeystorepass:clientkeystorepass -ssltruststore:clienttruststore.jks -ssltruststorepass:clienttruststorepass.

Secure RTView JMX Ports with Username and Password

Secure with User Name and Password

Enabling this option secures the JMX ports for RTView processes, which would then require using a specific username/password to gain access. If this option is enabled, you must specify the path to the password file containing all valid user names and passwords.

 

 

Password File – enter the path to the password file containing the login and password credentials required to access the RTView processes.

 

 

Username and Password Credentials – If you are using RTView Manager in RTViewCentral and the JMX ports have been secured with username and password, you must fill in the Username and Password Credentials that the RTView Manager should use to connect.

 

 

Use for Scripts – Toggle on this option to allow the start_server, stop_server, and status_server scripts to use the username and password entered in the Username and Password Credentials region rather than having to specify the username and password on the command line each time you run the start_server, stop_server, and status_server scripts. For example, start_server.sh -jmxuser:userName -jmxpass:myPassword.

Â