Configuring the ITM On-Prem (ObserveIT) Database Server to Use SSL/TLS

To enhance database security, communication to and from the ITM On-Prem (ObserveIT) Database must be encrypted. This topic describes how to secure communication between the ITM On-Prem (ObserveIT) server-side components (Application Server, Web Console, Notification Services) and the SQL database server, by using SSL/TLS.

To secure communication to and from the SQL Server

1. Create a Self-Signed SSL Certificate. For instructions on how to do this, see Creating a Self-Signed Digital Certificate.

2. Install the certificate.

3. Configure the database server to work with the certificate.

Before You Begin

Make sure that your environment meets the following conditions:

• The environment is complete with the Application Server, Web Console, ITM On-Prem (ObserveIT) Agent and Database already installed.

• You have a valid license for your environment.

• All computers in your environment are members of the same domain. For further details, refer to the following article: Microsoft's Guide to Adding a Computer to a Domain.

Installing the Certificate

To install the certificate using the Internet Information Services (IIS) Manager Microsoft Management Console (MMC)

1. Select the Certificates snap-in, click Add, and assign it to the local computer account (Computer Account -> Local Computer).

2. Go to File > Add/Remove Snap-in.

3. Go to Start > run and enter mmc.

   

4. Select Certificates again, click Add, and assign it to the local service account: SQL Server.

   

5. In the MMC, under Local Computers > Personal, right-click the certificate and select All Tasks > Manage Private Keys.

6. Add the identity which is running the SQLSERVER service (from Component Services), and assign it Full Control permissions.

7. Export the certificate from Local Computers > Personal by right-clicking the certificate and selecting All Tasks > Export. Use the default export settings.

   Make sure that the exported certificate has the exact certificate name (that is, the full computer name).

   

8. Import the exported certificate to Service (SQLSERVER) > Trusted Root Certification Authorities.

   

9. Restart the SQLSERVER service (from Component Services).

Configuring the Database Server for Certification

1. Open the SQL Server Configuration Manager, and expand SQL Server Network Configuration.

2. Right-click Protocols for MSSQLSERVER and select Properties.

   

3. In the Properties dialog, under the Flags tab, set Force Encryption to Yes, and under the Certificate tab, select the certificate that you created.

   

4. Click Apply, and then click OK.

5. Copy the exported certificate to the computers on which the ITM On-Prem (ObserveIT) Application Server and Web Console are installed.

6. Import the certificate to Local Computer > Trusted Root Certification Authorities on each relevant computer.

7. Enable encryption by adding ;Encrypt=YES to the key ConnectionString in each of the following configuration files:

   C:\Program Files\ObserveIT\Web\ObserveITApplicationServer\Web.config

   C:\Program Files\ObserveIT\Web\ObserveIT\Web.config

   C:\Program Files\ObserveIT\HealthMonitor\bin\ObserveIT.HealthMonitor.Service.exe.config

   C:\Program Files\ObserveIT\NotificationService\ObserveIT.WinService.exe.config

   C:\Program Files\ObserveIT\UserAnalytics\bin\ObserveIT.UserAnalytics.Service.exe.config

   C:\Program Files\ObserveIT\Web\ObserveIT\AnalyticsMvc\web.config

   C:\Program Files\ObserveIT\RuleEngineService\bin\ActivityAlerts.Service.exe.config

8. Save the configuration files.

9. Restart the IIS Manager and the ITM On-Prem (ObserveIT) Database Server.