Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)
Note
From Kyvos 2023.3 onwards, you can see the last performed network communication operation details, including progress status and start time, by clicking the i icon located next to the Revert button. To view more comprehensive details, simply click the View Details link, which will take you to the Operations page, where you can view the operation information in detail.
The Network Communication page allows you to configure secured communication settings (HTTPS/TLS) for Kyvos and Kyvos Manager.
Kyvos supports TLS communication with Mutual Authentication for all internal communications and authentication-related information. Mutual authentication is used when the server wants to authenticate the client as a trusted partner. The server requests mutual authentication, and the client needs to present its certificate to the server while establishing the connection.
To configure the TLS communication settings for the cluster from Kyvos Manager, click Security > Network Communication.
The following figure displays the Network Communication page.
Note
You can also define HTTP2 configuration from the Network Communication page. Further, you can specify HTTP2 configuration for the Kyvos Web portal even if TLS is not enabled.
On the Network Communication page, select one of the following options and complete the parameters displayed for the selected option.
Select with TLS on all Kyvos Services and Kyvos Manager
Secured HTTPS on Kyvos Web Portal Only
HTTP
Enter details as:
Parameter/Field | Comments/Description |
---|---|
HTTP Protocol | Select the HTTP Protocol to use. Before enabling HTTP2, ensure that the prerequisites are completed. |
TLS Protocol | Select the version for SSL/TLS protocol to be used. For multiple versions, select the corresponding checkboxes. |
TLS Certificate mode | Select the certificate mode. You can upload a file or provide the path. |
Keystore | Provide the location of the keystore file. This file is used by the server when secure communication is enabled and required by the client when mutual authentication is enabled. |
Keystore Private Key | Enter the keystore password. |
Truststore | Provide the location (path) to read the trust store file. This file is required by the client when secure communication is enabled and required by the server when mutual authentication is enabled. |
Truststore Private Key | Enter the truststore password. |
Cipher Suite | Enter the encryption algorithm to be used for communication over the TLS layer. |
Enable Mutual Authentication | Select to enable mutual authentication. |
Skip Host Name Verification | Select Yes to skip host name verification to enable TLS communication in IP address based cluster. NOTE: It is mandatory to skip host name verification to enable TLS communication in IP address based cluster. The property HOSTNAME_VERIFIER value will be updated in the "globals.properties" file. |
Kyvos Web Portal Configuration |
|
HTTP2 Configuration | APR Lib Path: Provide the absolute path for Apache Portable Runtime library. |
Custom Attributes for HTTPS over TLS connector | Here, provide the key value pairs for the following parameters:
|
Custom Attributes for Mutual Authentication connector | Here, provide the key value pair for the Connector. |
Note
If HTTPS is enabled for the Kyvos Web portal with TLS not enabled and BI Server is not on the Web server node, perform the following steps for the correct working of the Dashboard Sharing via email.
Make sure valid certificates are present on the Web server node and BI Server node.
Go to the BI Server nodes on which the Web server is not configured.
Open the olapengine.properties file and set the value of CLIENT_URL to non-http Kyvos URL with 8081 port. For example, CLIENT_URL= http://cdh1.kyvostest.com:8081/kyvos
Restart the BI Server.