COP Security enhancement for Monitor/SOP communication

Print
Dark
Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

For ControlUp On-Premises (COP) version 8.7 and all higher versions, you must use a JSON Web Token (JWT) to connect any ControlUp Monitor to Solve On-Premises (SOP). The following article walks you through the steps required to implement this security feature.

Several private keys are created when you create a new SOP appliance.
Each SOP appliance generates dedicated unique keys that are only valid for the appliance they are generated on.
The keys are stored in a file on the SOP server machine and must be imported to the COP server.
The keys are used to create dedicated JWT tokens to apply when connecting to Solve.
Without a valid import, you can't access Solve.

How to import JWT to COP

Step 1. Download the JWT from the SOP Server

Connect to the SOP server with the cuadmin user, switch to the root user with sudo -i and navigate to /opt/sib_volumes/sop-cert
You can copy the json file to the COP server using WinSCP or any other file transfer software.

Alternatively, if you have PuTTY installed on your computer, open the file with the following command and mark the content to automatically copy the content to your clipboard.

cat /opt/sib_volumes/sop-cert/sop_YYYMMDDhhmm.json

Step 2. Apply the JWT keys on the ControlUp Server

Once you copied the JSON file to your COP server, open the COP server configuration by right-clicking ControlUp Server > Change. Select Solve On-Premises Configuration and browse the JSON file you copied from your SOP server.

The file will be validated, in case of any issue an explicit error will display. After importing the JSON file, you can use Solve On-Premises as usual.