Advanced ALM Octane server configuration

This section describes advanced configuration tasks for the ALM Octane server.

Redirect http to https

This procedure describes how to redirect http to https. You need to redirect to https when accessing the ALM Octane server directly, and not through a front-end server.

To redirect http to https:

  1. Edit /opt/octane/webapps/root/WEB-INF/web.xml, and add the following at the end (before </web-app>):

    <security-constraint>
    	<web-resource-collection>
    		<web-resource-name>Everything</web-resource-name>
    		<url-pattern>/*</url-pattern>
    	</web-resource-collection>
    	<user-data-constraint>
    		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
    	</user-data-constraint>
    </security-constraint>
                        
  2. Restart .

  3. Access ALM OctaneALM Octane via http://<ALM Octane>:8080/ui. Port 8080 is the default port.

    You should be redirected to https://<ALM Octane>:8443/ui. If not, ensure that SecurePort in jetty.xml matches your secure port.

Back to top

Configure number of allowed open files (Linux)

If ALM Octane is under a very heavy load, it might try to use too many Linux resources. In this case, Linux kills the server process. Do the following to increase the number of allowed open files to 65536:

  1. Open the /etc/security/limits.conf file.

  2. Add the following line:

    octane hard nofile 65536
  3. Restart the ALM Octane server.

For details, see https://easyengine.io/tutorials/linux/increase-open-files-limit/.

Back to top

Configure secure database access

This section describes how to configure a secure connection from the ALM Octane server to the database server. The secure connection is protected with SSL/TLS for encryption and authentication, or is protected only with Oracle Native Network encryption.

This section includes: 

Before securing database access...

Before configuring secure database access, determine the following:

  • For SQL Server databases, determine if TLS 1.2 is required.

  • For Oracle databases, determine if the database requires SSL/TLS or only Native Oracle protection.

    Does the Oracle database require SSL/TLS? Instructions
    Yes
    • Place the Oracle client wallet file in a location on the ALM Octane server into a directory accessible to all, such as /tmp/ewallet.p12.

    • Get the port number for secure access.

    No

    Get the following, for use later:

    • Determine if native Data Integrity is configured in sqlnet.ora on the Oracle server as SQLNET.CRYPTO_CHECKSUM_SERVER.

    • Determine if native Network Encryption is configured on the Oracle server. If yes, get the algorithm as defined in sqlnet.ora on the Oracle server as SQLNET.ENCRYPTION_TYPES_SERVER, and see if the key is larger than 128 bits.

  • Prepare the connection string for the database

    This connection string will be used later.

    SQL Server

    SQL Server Scenario ConnectionString
    SSL/TLS is required

    Add the encryption method to the end of the ConnectionString value.

    jdbc:mercury:sqlserver://<server>:<port>;EncryptionMethod=SSL

    TLSv1.2 is required

    Add the encryption method and the TLS version to the end of the ConnectionString value.

    jdbc:mercury:sqlserver://<server>:<port>;EncryptionMethod=SSL;CryptoProtocolVersion=TLSv1.2

    Oracle

    Perform the following, based on your scenario.

    Oracle scenarios ConnectionString and other instructions
    SSL/TLS required

    Add the encryption method, the trust store, and the trust store password to the end of the ConnectionString value.

     jdbc:mercury:oracle://<server>:<port>;servicename=<serviceName>;EncryptionMethod=SSL;TrustStore=<path to client wallet file> ;TrustStorePassword=<wallet password>

    Oracle Native Data Integrity

    Add ;DataIntegrityLevel=accepted or ;DataIntegrityLevel=required to the end of the ConnectionString value.

    Oracle Native Encryption

    Add ;EncryptionLevel=accepted or ;EncryptionLevel=required to the end of the ConnectionString value.

    For encryption algorithms with keys longer than 128 bits, replace the Java security policy files in \opt\octane\java\jre\lib\security\.

    For details on Java security policy files, see http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html.

To configure a secure database connection for a previously-unsecured database

This step provides instructions for configuring the site schema connection.

Skip this section if you have a separate database server for your workspaces and you only want a secure connection to that database.

This section is relevant if the database server that was configured for a secure connection contains your site schema.

  1. Edit the setup.xml file. The default location is /opt/octane):

    1. Set the value of SiteAction to CONNECT_TO_EXISTING:

      SiteAction=CONNECT_TO_EXISTING
    2. Edit the line with ConnectionString. For details, see Prepare the connection string for the database.

  2. If SSL/TLS is required, make sure the trust on the ALM Octane server has been established. For details, see Configure trust on the ALM Octane server.

  3. Run the service to start the ALM Octane server.

    service octane start

To configure a secure database connection for a new ALM Octane installation

  1. After installing ALM Octane, start the server:

    service octane start
  2. In the Database Server step, select the ConnectionString option and set the values for your database. For details, see Prepare the connection string for the database.

  3. Make sure the trust on ALM Octane the ALM Octane server has been established. For details, see Configure trust on the ALM Octane server.

Back to top

See also: