HCL Workload Automation, Version 9.4

Configuring full SSL support for internetwork dependencies

About this task

The network agent that resolves internetwork dependencies requires a particular setup for full SSL support.

To enable a network agent for full SSL support:
  1. Configure both the hosting and the remote fault-tolerant agents for full SSL support.
  2. On the hosting fault-tolerant agent copy or move the netmth.opts file from the TWA_home/TWS/config to the TWA_home/TWS/methods directories and add (and configure) the following options:
    SSL remote CPU
    The workstation name of the remote master or fault-tolerant agent.
    SSL remote full port
    The port number defined for full SSL support on the remote master or fault-tolerant agent.
    The local options that specify the private key and certificate on the hosting fault-tolerant agent
    These are documented in the Setting local options).
    Note that if the hosting fault-tolerant agent hosts more than one network agent, the TWA_home/TWS/methods directory contains one netmth.opts file for every defined network agent. In this case the complete name of each netmth.opts file must become:
    network-agent-name_netmth.opts
    If the TWA_home/TWS/methods directory contains both network-agent-name_netmth.opts and netmth.opts files, only network-agent-name_netmth.opts is used. If multiple agents are defined and the directory contains only netmth.opts, this file is used for all the network agents.
The following example adds full SSL support to the example described in A sample network agent definition in the User's Guide and Reference:
  • This is the workstation definition for the NETAGT network agent:
    CPUNAME NETAGT
     DESCRIPTION "NETWORK AGENT"
     OS OTHER
     NODE MASTERA.ROME.TIVOLI.COM 
     TCPADDR 31117 
     FOR maestro 
      HOST MASTERB
      ACCESS NETMTH
    END
  • These are the full SSL security options in the netmeth.opts file of NETAGT:
    ######################################################
    # Remote cpu parameters
    ######################################################
    
    SSL remote full port = 31119
    SSL remote CPU = MASTERA
    
    ######################################################
    # Configuration Certificate
    ######################################################
    
    SSL key                 ="C:\TWS\installations\SSL\XA.key"
    SSL certificate         ="C:\TWS\installations\SSL\XA.crt"
    SSL CA certificate      ="C:\TWS\installations\SSL\VeriSte.crt"
    SSL key pwd             ="C:\TWS\installations\SSL\XA.sth"
    SSL certificate chain   ="C:\TWS\installations\SSL\TWSCertificateChain.crt"
    SSL random seed         ="C:\TWS\installations\SSL\random_file.rnd"
    SSL auth mode           =cpu
    SSL auth string        =tws
    Note: The SSL configuration certificate options must refer to the private key and certificate defined on the hosting fault-tolerant agent.
  • This is the workstation definition for MASTERA (the remote workstation):
    CPUNAME MASTERA
      OS WNT
      NODE 9.168.68.55 TCPADDR 31117
      SECUREADDR 31119 
      DOMAIN NTWKA
      FOR MAESTRO
        TYPE MANAGER
        AUTOLINK ON
        BEHINDFIREWALL OFF
        SECURITYLEVEL enabled
        FULLSTATUS ON
        SERVER H
    END