Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Applies to: (tick) Kyvos Enterprise  (tick) Kyvos Cloud (SaaS on AWS) (tick) Kyvos AWS Marketplace

(tick) Kyvos Azure Marketplace   (tick) Kyvos GCP Marketplace (tick) Kyvos Single Node Installation (Kyvos SNI)


Note

From Kyvos 2023.3 onwards, you can see the last performed network communication operation details, including progress status and start time, by clicking the i icon located next to the Revert button. To view more comprehensive details, simply click the View Details link, which will take you to the Operations page, where you can view the operation information in detail. 

The Network Communication page allows you to configure secured communication settings (HTTPS/TLS) for Kyvos and Kyvos Manager.

Kyvos supports TLS communication with Mutual Authentication for all internal communications and authentication-related information. Mutual authentication is used when the server wants to authenticate the client as a trusted partner. The server requests mutual authentication, and the client needs to present its certificate to the server while establishing the connection.

To configure the TLS communication settings for the cluster from Kyvos Manager, click Security > Network Communication.

The following figure displays the Network Communication page.

Note

You can also define HTTP2 configuration from the Network Communication page. Further, you can specify HTTP2 configuration for the Kyvos Web portal even if TLS is not enabled.

On the Network Communication page, select one of the following options and complete the parameters displayed for the selected option.

  • Select with TLS on all Kyvos Services and Kyvos Manager 

  • Secured HTTPS on Kyvos Web Portal Only 

  • HTTP

Enter details as: 

Parameter/Field

Comments/Description

HTTP Protocol 

Select the HTTP Protocol to use. Before enabling HTTP2, ensure that the prerequisites are completed.

TLS Protocol

Select the version for SSL/TLS protocol to be used. For multiple versions, select the corresponding checkboxes. 

TLS Certificate mode

Select the certificate mode. You can upload a file or provide the path.

Keystore

Provide the location of the keystore file. This file is used by the server when secure communication is enabled and required by the client when mutual authentication is enabled.
Example: /data/KM_SNI/Certificate/keystore.jks

Keystore Private Key

Enter the keystore password. 

Truststore 

Provide the location (path) to read the trust store file. This file is required by the client when secure communication is enabled and required by the server when mutual authentication is enabled.
Example: /data/KM_SNI/Certificate/truststore.jks

Truststore Private Key

Enter the truststore password.

Cipher Suite

Enter the encryption algorithm to be used for communication over the TLS layer.

Enable Mutual Authentication

Select to enable mutual authentication. 
NOTE: This option is displayed only if you have installed the Kyvos cluster using the war bundle. For other modes, Mutual authentication is enabled automatically.

Skip Host Name Verification 

Select Yes to skip host name verification to enable TLS communication in IP address based cluster.

NOTE: It is mandatory to skip host name verification to enable TLS communication in IP address based cluster. The property  HOSTNAME_VERIFIER  value will be updated in the "globals.properties" file.

Kyvos Web Portal Configuration

  • Use Same Certificate as TLS: Select to use the same certificate for TLS and Web portal authentication.

  • Use Different Certificate: Select to use a different certificate. In this case, you will have to upload or provide the path of the Certificate and enter the Keystore path and Keystore Private Key.

HTTP2 Configuration

APR Lib Path: Provide the absolute path for Apache Portable Runtime library. 

Custom Attributes for HTTPS over TLS connector

Here, provide the key value pairs for the following parameters:

  • Connector

  • Connector.UpgradeProtocol

  • Connector.SSLHostConfig

  • Connector.SSLHostConfig.Certificate

Custom Attributes for Mutual Authentication connector

Here, provide the key value pair for the Connector.

Note

If HTTPS is enabled for the Kyvos Web portal with TLS not enabled and BI Server is not on the Web server node, perform the following steps for the correct working of the Dashboard Sharing via email. 

  1. Make sure valid certificates are present on the Web server node and BI Server node.

  2. Go to the BI Server nodes on which the Web server is not configured.

  3. Open the  olapengine.properties  file and set the value of CLIENT_URL to non-http Kyvos URL with 8081 port. For example, CLIENT_URL= http://cdh1.kyvostest.com:8081/kyvos

  4. Restart the BI Server.


  • No labels