SSL Communication for Introscope Enterprise Manager
This page summarizes steps to enable full SSL/TLS communication for Introscope in combination with SAP Solution Manager. The steps are mainly organized by the two communication ports opened by the Enterprise Manager:
- HTTP port (default = 8081): This port is served by the embedded Jetty server. Converting this port from HTTP to HTTPS mainly involves adapting the file em-jetty-config.xml. This port is typically used when accessing Introscope Webview (e.g. dashboards), the UI5 applications sapdashboard and emergency monitoring, and also by SAP Solution Manager when accessing Introscope. In the picture below the green arrows represent the http access.
- RMI port (default = 6001): This port is used for incoming agent connections and for Workstation connections. The RMI communication can be done via multiple "channels" - more than one channel can be active at a time, thus opening multiple TCP ports. Adjusting the RMI ports requires changes on Enterprise Manager side and on agent side. As a result, SSL-enabling RMI is substantially more complex than the HTTP → HTTPS conversion.
In the picture below the red arrows represent the RMI access. SSL Communication for Enterprise Managers in a cluster (MoM and Collectors).
Communication between Enterprise Managers in a cluster (collectors and MoM) uses RMI. Introscope does not support using SSL communication between collectors and MoM. In the picture below this is represented by black arrows.
Strictly speaking even more combinations are possible: Agents and Workstations can also use HTTP and HTTPS. These options are not explained here.
HTTPS Access to the Enterprise Manager (Webview, Webstart, sapdashboard etc)
Configuration of HTTPS access to the Enterprise Manager is described on a dedicated page.