Chat now with support
Chat with Support

Foglight Experience Monitor 5.8.1 - User Guide

Installing and configuring Multi-appliance clusters Configuring the appliance Specifying monitored web traffic Transforming monitored URLs Managing applications Foglight components and the appliance Using the console program Troubleshooting the appliance Appendix: Third party software Monitoring the user experience Customizing reports The alarm system Integrating the appliance SOAP-based web services

Communicating with SiteMinder

The FxM web console allows you to configure the appliance to communicate with your SiteMinder Policy Server.

1
On the appliance, navigate to the Configure > Applications > SiteMinder page.
To define a new SiteMinder Policy Server, click Add a SiteMinder Server definition.

IP address of the host on which the SiteMinder Policy Server is installed.

The default authorization port number for the policy server is 44443. If the default port was changed during the SiteMinder installation, check the port setting in the Policy Server Management Console and enter that port number in this box.

The default authentication port number for the policy server is 44442. If the default port was changed during the SiteMinder installation, check the port setting in the Policy Server Management Console and enter that port number in this box.

The default accounting port number for the policy server is 44441. If the default port was changed during the SiteMinder installation, check the port setting in the Policy Server Management Console and enter that port number in this box.

The name of the sign-on cookie, either SMSESSION or GMWSESSION that is created when signing into SiteMinder Policy Server. Using the Secure Cookies setting on the SiteMinder web agent tells the browser to send the SMSSESSION or GMWSESSION cookie to the web server.

A name that is used when configuring the SiteMinder Policy Server. This can be any string such as quest_agent.

A key used for initial connection to the SiteMinder Policy Server. The appliance is assigned a new dynamic shared secret if the SiteMinder Policy Server is configured to provide it with one.

In a multiple-appliance cluster, a Probe list appears. To constrain the use of this definition to a specific probe, click the Selected probes option button and select the check box beside the probe’s IP address. Otherwise, use the default All option button.

4
To verify the SiteMinder settings defined in Step 3, click Verify settings at the bottom of the SiteMinder Server section.
6
In the Sites section, click Pick a Site to select one or more sites for which this Policy Server provides authentication.
7
Click OK to save this definition.
8
Navigate to the Configure > Monitoring > User Sessions page.
10

After configuring the appliance to access SiteMinder, you need to create and configure an Agent on the SiteMinder Policy server.

3
Select the Support 4.x agents check box.
6

Integrating with SafeNet Hardware Security Modules (HSMs)

SafeNet Hardware Security Modules (HSMs) store and manage cryptographic keys, providing organizations with secure encryption, decryption, authentication, and digital signing services. When integrated with a SafeNet HSM, Foglight Experience Monitor can use the keys stored within the HSM server to decrypt HTTPS traffic. Foglight Experience Monitor uses the keys in a secure manner consistent with the SafeNet HSM model.

To integrate Foglight Experience Monitor with SafeNet HSM servers and access the HSM private keys, you need to complete the following tasks:

Before starting with the integration, see Before you begin.

For each of your HSM servers, you need the following information:

For each Foglight Experience Monitor appliance, you need the appliance’s IP address.

Configuring Foglight Experience Monitor to use SafeNet HSM

To configure Foglight Experience Monitor to work with SafeNet HSM servers, you need to complete the following tasks:

You need to add an HSM server definition for each HSM server that manages private keys for the ports you want to monitor.

1
Navigate to Configure > Applications > SafeNet.
2
Click Add a SafeNet HSM Server definition.
4
Beside the HSM Server Certificate box, click Browse. Navigate to your server certificate and click Open.
5

The HSM appliance requires client certificates for all applications that need to interact with an HSM server. You need to generate an HSM client certificate for each Foglight Experience Monitor appliance that needs access to an HSM server. The client certificates are created using the IP address of the Foglight Experience Monitor appliance.

1
In the SafeNet page, click Create Client Certificate.
2
4
Click Close.

Contact your HSM Administrator. Your HSM Administrator uploads the client certificates for Foglight Experience Monitor to the HSM appliance, registers it using the IP address of the Foglight Experience Monitor appliance (not the hostname), and assigns access to the partitions containing the required private keys.

Next step: Verifying HSM server definitions

After you have added an HSM server definition, created the client certificate, and uploaded it to the HSM server, you can verify the definition.

1
Navigate to Configure > Applications > SafeNet.
4
1
Navigate to Configure > Applications > SafeNet.
3
Click Delete.

Associating monitored SSL ports with HSM keys

For each server handling encrypted traffic that can be decoded using a private key stored in your SafeNet HSM appliance, you need to associate each of the server’s SSL ports with an HSM partition and an HSM key. You need the password for the HSM partition.

1
From the main menu, click Configure > Monitoring > Servers.
3
Click Link HSM Key.
8
Click Finished.
Related Documents