JBoss

JBOSS can be configured on two types of machines: Linux and Windows. Developed by JBOSS, this server can be deployed on both operating systems, providing flexibility and compatibility for various environments.

Prerequisites

  • Ensure that the following packages are installed to facilitate device addition for linux:
    • sudo/dzdo (optional, as per the access elevation selected)
    • timeout
    • base64
  • Ensure that the target IP address is accessible from the cloud connector and the port is open.
  • Make sure that the language setting for the JBoss Server is set to English. Ensure that the sudo prompt string follows the standard Linux format, which is typically "[sudo] password for <your_username>:"
  • Only certifiticates in .pem, .crt, and .cer formats and key files are discovered.
  • SSH private keys cannot be used in conjunction with password-enabled sudo/dzdo settings. Therefore, if an SSH key is used for authentication, ensure that the sudo/dzdo configuration is set to passwordless.
  • Certificates are not identified from the path that does not have the required permission such as 640 for the user. Ensure that the file is the same as configured in device addition; hence, configure the certificates in the config files with accessible path or change file permissions to make the files accessible.
  • Verify that the commands needing sudo or dzdo access have been enabled on the server.
  • Check for the ServerRoot location in the httpd file. Make sure it holds forward slashes(/) as path separator as in other Linux-based file locations. (This might lead to failure in managing JBoss server installed on the Windows machines).

Onboarding JBoss Linux

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
  3. Click the (Add) icon.
    The Device details page is displayed.
  4. Select JBoss from the Vendors list.
  5. In the Server details section, select/enter the details as follows.
    Table 1. Server Details - Field Description Table
    Fields Description
    *Operating system type Select the Linux radio button.
    *Server name Enter the name of the designated JBoss Linux server.
    Data center Choose the desired data center.
    Onboarding Group Select the onboarding group to assign the device.
    Note: Devices without an assigned group are automatically mapped to the Default group during migration, onboarding, and when edited without existing group mappings.
    Communication mode Select the SSH or SSM protocol to be used for communication between the AppViewX node and the JBoss server. SSH is the preferred communication mode.
    *IP address/FQDN Enter the IP address or the fully qualified domain name (FQDN) of the server that is to be onboarded.
    *SSH Port Retain the value 22; it is the default port used for the SSH communication mode. (The field is not displayed for SSM communication mode.)
    Cert Sync Choose from any of the following:
    • Managed - AppViewX performs the config fetch operations and the certificates are discovered and managed in the inventory. CLM actions (push & bind, rollback etc.) can be performed on them.
    • Monitored - AppViewX performs the config fetch operations and the certificates are downloaded in the inventory in the read-only state. CLM actions cannot be performed on them.
    • Ignored - AppViewX only performs the config fetch operations for the devices. There is no certificate discovery performed.
    *: Mandatory fields
  6. In the Credentials section, select/enter the details as indicated below. The credentials entered in this section are used to authenticate the session between the AppViewX node and the JBoss server device.
    If Communication mode = SSH the fields are as follows:
    Table 2. Credentials - Field Description Table
    Fields Description
    *Credential Type Select the credential type from the dropdown.
    • Manual entry (default)
    • Credential List - Appviewx
    • SSH
    Note:
    • If Credential list - Appviewx is selected, the *Credentials list dropdown field is displayed. Select any of the preconfigured credential values.
    • If SSH is selected, enter the *Username, *Upload key file, and enter the Passphrase for authentication.
    *Username Enter the designated username for authentication.. (field displayed for manual entry and SSH)
    *Password Enter the secure password. (field displayed for manual entry only)
    *: Mandatory fields
    If Communication mode = SSM the fields are as follows:
    Table 3. Credentials - Field Description Table
    Fields Description
    *Credential Type Select the credential type from the dropdown.
    • Manual entry (default)
    • Credential List - cloudAccount
    Note: If Credential list - cloudAccount is selected, the *Account name dropdown field is displayed. Select any of the preconfigured credential values.
    *Access key Enter the access key to login to the EC2 instance of the AWS cloud machine.
    *Secret key Enter the secret key to login to the EC2 instance of the AWS cloud machine.
    *: Mandatory fields
  7. In the Vendor Specific Details section, select/enter the details as indicated below.
    If Communication mode = SSH the fields are as follows:
    Table 4. Vendor Specific Details - Field Description Table
    Fields Description
    Access Elevation By default, application uses none. You can change the command if needed.
    Note: SSH key-based authentication doesn't support password enabled sudo/dzdo.
    If Communication mode = SSM the fields are as follows:
    Table 5. Vendor Specific Details - Field Description Table
    Fields Description
    *Region Enter the geographic region of the AWS instance.

    Example: us-east-2
    *Instance id Enter the unique identifier for an EC2 instance in AWS.

    It is required to perform actions or execute commands on a specific EC2 instance

    Example: i-02573cafcftext
    *SSM document name Enter the name of the SSM document that contains the script or action to be executed on the EC2 instance.

    Example: AWS-RunShellScript is an SSM document that allows you to execute shell scripts on EC2 instances.
    *SSM document version Specify the version of the SSM document to be executed.

    Example: 1
    *S3 bucket name Enter the S3 bucket name used to store command output or logs executed in the EC2 instance.

    Example: avxdiscoverydocument-c2
    Proxy required Select the checkbox to enable the secure proxy service.
  8. Click Save.
    The JBoss Linux device is onboarded successfully.

Onboarding JBoss Windows

  1. Go to (Menu) > CERT+ > ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
  3. Click the (Add) icon.
    The Device details page is displayed.
  4. Select JBoss from the Vendors list.
  5. In the Server details section, select/enter the details as follows.
    Table 6. Server Details - Field Description Table
    Fields Description
    *Operating system type Select the Windows radio button.
    *Server name Enter the name of the designated JBoss Windows server.
    *Hostname Enter the hostname of the windows server that is to be onboarded.
    Communication mode Select the Gateway or SSM protocol to be used for communication between the AppViewX node and the JBoss server. Gateway is the preferred communication mode.
    Data center Choose the desired data center. It holds all the SSL What can you do next? that is to be retrieved from the JBoss server.
    Cert Sync Choose from any of the following:
    • Managed - AppViewX performs the config fetch operations and the certificates are discovered and managed in the inventory. CLM actions (push & bind, rollback etc.) can be performed on them.
    • Monitored - AppViewX performs the config fetch operations and the certificates are downloaded in the inventory in the read-only state. CLM actions cannot be performed on them.
    • Ignored - AppViewX only performs the config fetch operations for the devices. There is no certificate discovery performed.
    *: Mandatory fields
  6. In the Credentials section, select/enter the details as indicated below. The credentials entered in this section are used to authenticate the session between the AppViewX node and the JBoss server device.
    If Communication mode = SSH the fields are as follows:
    Table 7. Credentials - Field Description Table
    Fields Description
    *Credential Type Select the credential type from the dropdown.
    • Manual entry (default)
    • Credential List - Appviewx
    Note: If Credential list - Appviewx is selected, the *Credentials list dropdown field is displayed. Select any of the preconfigured credential values.
    *Username Enter the designated username for authentication.. (field displayed for manual entry and SSH)
    *Password Enter the secure password. (field displayed for manual entry only)
    *: Mandatory fields
    If Communication mode = SSM the fields are as follows:
    Table 8. Credentials - Field Description Table
    Fields Description
    *Credential Type Select the credential type from the dropdown.
    • Manual entry (default)
    • Credential List - cloudAccount
    Note: If Credential list - cloudAccount is selected, the *Account name dropdown field is displayed. Select any of the preconfigured credential values.
    *Access key Enter the access key to login to the EC2 instance of the AWS cloud machine.
    *Secret key Enter the secret key to login to the EC2 instance of the AWS cloud machine.
    *: Mandatory fields
  7. In the Vendor Specific Details section, select/enter the details as indicated below.
    If the Communication mode = Gateway the fields are as follows:
    Table 9. Vendor Specific Details - Field Description Table
    Fields Description
    *Installation directory path Enter the directory/path where the application is installed.

    Example: C:\Tomcat8\JBoss-Tomcat-8.5.35
    *: Mandatory fields
    If the Communication mode = SSM the fields are as follows:
    Table 10. Vendor Specific Details - Field Description Table
    Fields Description
    *Installation directory path Enter the directory/path where the application is installed.

    Example: C:\Tomcat8\JBoss-Tomcat-8.5.35
    *Region Enter the geographic region of the AWS instance.

    Example: us-east-2
    *Instance id Enter the unique identifier for an EC2 instance in AWS.

    It is required to perform actions or execute commands on a specific EC2 instance

    Example: i-02573cafcftext
    *SSM document name Enter the name of the SSM document that contains the script or action to be executed on the EC2 instance.

    Example: AWS-RunShellScript is an SSM document that allows you to execute shell scripts on EC2 instances.
    *SSM document version Specify the version of the SSM document to be executed.

    Example: 1
    *S3 bucket name Enter the S3 bucket name used to store command output or logs executed in the EC2 instance.

    Example: avxdiscoverydocument-c2
    Proxy required Select the checkbox to enable the secure proxy service.
    *: Mandatory fields
  8. In the Windows gateway details section, enter the details as indicated below. (This section is not displayed if Communication mode = SSM)
    Table 11. Windows Gateway Details - Field Description Table
    Fields Description
    *Gateway type Select to use the PowerShell or WMI commands as the gateway communication mode.
    *Gateway location The value Remote is selected by default.
    *Select gateway Select the New or Existing gateway to be used. The below fields are enabled/disabled according to the selection.
    *Windows gateway name Enter the new gateway name. (Enabled when New is selected as gateway)
    *Windows gateway URL Enter the URL for the new gateway. (Enabled when New is selected as gateway)
    Client authentication certificate Click Browse and upload the client authentication certificate for the new gateway. (Enabled when New is selected as gateway)
    *Windows gateway Select any of the existing configured gateways from the dropdown list. (Enabled when Existing is selected as gateway)
    *: Mandatory fields
  9. Click Save.
    The JBoss Windows device is onboarded successfully.

Validating the Device

After the device is onboarded successfully, follow the steps to validate the device communication with AppViewX:
  1. Go to ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
    The Server Inventory page is displayed.
  3. Check that the device name appears in the inventory (Name column) with the specified status in the status column.
    The status column will have the value Managed/Monitored/Ignored if the connection is successful or displays Failed/Unresolved in case of failure.
  4. From the Status column, click the Managed/Monitored/Ignored/Failed/Unresolved.
    Device Status Log pop-up is displayed.
  5. Expand each value in the pop-up to know the Device communication, Device Version, Instance Information, and Certificate Discovery From Device.

What's Next

Once you have onboarded and validated the device connection, you are ready to proceed with the any of the following certificate actions: