Introduction

Within this document you'll find the necessary instructions to get started with two way communication. Briefly: using or trying two way communication requires three components: Blancco Drive Eraser, Blancco Management Console (BMC), and asset management system (AMS). Implementing an AMS to the specification takes a bit of doing and therefore in order to ease quick tryouts we provide a Reference AMS. It can be used to try out two way communication. We do provide its source code and therefore it can also be used as a starting point for your own implementation.

Setup

This chapter contains step by step instructions on how to setup Drive Eraser, BMC, and Reference Asset Management System (AMS) in order to start using the two way communication.

Blancco Drive Eraser

Drive Eraser is set up to receive job specifications from BMC. For this, you need to set up BMC address, port and credentials and set up the image to have "Job Specification" as erasure control.

Blancco Drive Eraser Configuration Tool

To set up the Drive Eraser image into two-way communication mode, you need to go to Security and choose "Job Specification" for the "Erasure control".


The Auto Connect value defines if the Drive Eraser would start by connecting to BMC and requesting the job description (when Auto Connect is checked) or if it would start by showing the Input & edit screen where user can edit the custom fields and then send a request to BMC to receive a job description (when Auto Connect is not checked).

Blancco Management Console

In BMC configuration the following is necessary:

  • Enable two way communication. By default it is disabled.
  • Define the URLs for the AMS

Both can be configured in BMC's graphical user interface (GUI). The relevant configuration items can be found logging in as root admin and going to Administration -> Integration. There the relevant section is Asset Management Integration Settings. Once the configuration fields have been properly filled and saved, BMC will start using them. There is no need to restart BMC. With regards to Reference AMS, the configuration in BMC appears as follows:

There are no restrictions on which relational database management system (RDBMS) is used nor which authentication is used. By and large BMC works just like it used to.

Behavior

With all components (Drive Eraser, BMC, Reference AMS) setup as described above, the behavior is as follows:

  1. Drive Eraser registers to BMC to accept job specifications. As a result it will appear in Live Management.
  2. BMC notifies Reference AMS about the new client and it will
    1. request information on the new client's disks and custom fields
    2. send a basic job specification to be delivered to Drive Eraser
    3. Drive Eraser validates the job specification and Reference AMS is notified on whether the specification is valid or not. It will be.
    4. Drive Eraser begins erasure
    5. After erasure completion, Drive Eraser sends report to BMC
    6. Reference AMS is notified about the finished session along with the erasure report's UUID
    7. Reference AMS fetches the erasure report from BMC

Please be aware that this chain of events does consume a license.

Reference Asset Management System

Click here to download Reference Asset Management System

Click here to download Reference Asset Management System source code

To start the application execute the following on command line:

java -jar reference-asset-management-system.jar

This will start the server and in order to shut it down use Control+C. There are a few configuration options:

  • server.port: the port in which this server is running on. By default the value is 9000.
  • bmc.url: full URL of BMC. By default the value is http://localhost:8080.
  • bmc.username. By default the value is "admin".
  • bmc.password. Empty by default.
  • execution.chain. Defines the behavior of the Reference AMS, following modes are supported:
    • normal. If the connected client has capability to send custom fields, then MC's asset management API's custom field inquiry interface (/api/clients/{clientId}/custom_fields) is invoked. When the custom fields are received, then MC's asset management API's job specification sending interface (/api/clients/{clientId}/job_spec) is invoked with the configured job specification. The default job specification is described later on.
      • If the client does not have capability to request custom fields, then job specification is send directly.
    • reset. If the connected client has capability to reset itself, then MC's asset management API's reset interface (/api/clients/{clientId}/reset) is invoked with the following message: "Reset is needed to continue".
    • shutdown. If the connected client has capability to shutdown itself, then MC's asset management API's shutdown interface (/api/clients/{clientId}/shutdown) is invoked with the following message: "Nothing to do, shutdown".
    • asset_report. If the connected client has capability to send requested reports, then MC's asset management API's asset report request interface (/api/clients/{clientId}/report) is invoked. MC will pass the requested asset report to Reference AMS.
    • passive. Does nothing but simply idles and logs the incoming messages, especially useful when testing different APIs and to see how the communication happens between the erasure client and third party system.

The values can be changed as follows without recompiling the application:

java -Dserver.port=9000 -Dbmc.username=admin -Dbmc.password=Test1234 -Dexecution.chain=passive -jar reference-asset-management-system.jar

The default job specification used by the Reference AMS start the erasure automatically after receiving the job specification and set the erasure standard to HMG Infosec 5, Higher Standard:

job_spec.json
{
	"job_spec": {
		"standard": "hmg_higher",
		"process": "auto"
    }
}

For more details how to compile a job specification and which settings and values are allowed, can be found from Job Specification documentation.

Logging and Monitoring

Drive Eraser

Blancco Drive Eraser does not have any logging accessible to the end-user. In case a valid job specification is received, there would be an option to send or save an issue report, which can later be analyzed by the Blancco support team.

Blancco Management Console

There are two ways to see what's happening. The first is live management view. Any Drive Eraser client that has registered a session with BMC will appear in live management. Please keep in mind, however, that this requires both that Drive Eraser has registered the session successfully with BMC and that AMS has been properly configured and has received the notification about a new session. If AMS cannot be reached, the session is deleted.

The second way is to enable audit logging in BMC. It contains all major events related to two way communication. Many of these events are in fact otherwise invisible and can only be seen from the log files. The audit log contains a very high level view whereas the regular logging contains more details.

Reference Asset Management System

Once it has been started, all events and their details are printed to the console. There are no other log files nor any user interface. The printout should, however, contain all the necessary details for keeping track on what's going on and troubleshooting. For example, the following things are printed out:

  • A new client session has been registered and notified to the AMS. The session's UUID, product name, and version are also included.
  • The new client's disk information.
  • The new client's custom fields.
  • The fact that job specification has been sent and the job specification itself.
  • The validity of the sent job specification.
  • Information on finished session and the UUID of the report if such was sent by Drive Eraser at the end of the erasure.

Asset Management System

AMS is a server in the sense that it is listening for connections from BMC. All of the HTTP interfaces that can be configured to BMC must be listened to in AMS. These are the ones to which BMC sends messages. They are described in the following chapters. All of the interfaces listed below are expected to respond to all of the calls from BMC immediately with HTTP code 200 and message "RECEIVED". Without this response BMC will try to send the notification again. All messages in communication between BMC and AMS uses JSON as a data exchange format.

In each URL in Reference AMS a special notation {id} is used. This signifies that the used URL is constructed with the client session ID which in reality is a UUID. The same ID is also always contained in the contained JSON message. Therefore using the ID in the URL is optional and can be left out when defining the URLs for AMS. In Reference AMS, however, it is used and therefore BMC has to be configured with it. For example, when a new client message is sent and the session's ID is 123e4567-e89b-12d3-a456-426655440000 BMC sends a notification to URL http://localhost:9000/new_client/123e4567-e89b-12d3-a456-426655440000 to the extent that AMS is running on localhost port 9000.

New Client

URL in Reference AMS/new_client/{id}
HTTP MethodPOST

BMC notifies AMS of all new clients and this interface is used for that purpose. The intention is that AMS in responds to the notification immediately and then queries what ever systems it needs to in order to decide what kind of job specification needs to be sent, if any. The intention is that this notification contains the minimum amount of information which enables AMS to query for more information, request an asset report or to reset or shutdown the client. An example of the message that is sent:

{
    "new_client": {
            "id": "123e4567-e89b-12d3-a456-426655440000",
            "product": "Blancco5",
            "version": "5.9.0",
            "mac_addresses": [
                "B3-3C-55-8E-7E-E6",
                "E3-3C-55-8E-7E-B6"
            ]
    }
}  

Job Specification Validation

URL in Reference AMS/client/{id}/jobspec
HTTP MethodPOST

Once AMS has sent job specification for any given client, BMC passes it on to the Drive Eraser instance. Drive Eraser validates it and BMC informs AMS on it's validity. This interface receives that information. To the extent that it was invalid, both BMC and Drive Eraser will remove the session and start over. AMS will then be informed of the new session as described in the chapter New Client. An example of the message:

 {
    "job_spec": {
        "id": "c44ed942-fab6-4dfe-8b5a-81265e68a8dd",
        "status": "NOT_VALID",
        "message": "I am a reason of failure"
    }
}

Asset Report

URL in Reference AMS/client/{id}/asset_report
HTTP MethodPOST

Once AMS has requested BMC to fetch an asset report, it is delivered to this interface. An example message:

 {
    "client_id": "0d1f2601-7098-4e85-a772-8b3f0fdff5c3",
    "asset_report": {
        "report": "PHJ...DF=="
    }
}

The XML report is encoded with BASE64.

Session Finished

URL in Reference AMS/client/{id}/finished
HTTP MethodPOST

Once session has finished, AMS is notified with this interface. Session is considered finished when

  • AMS instructed Drive Eraser to shutdown
  • AMS instructed Drive Eraser to reset
  • AMS sent an invalid job specification
  • Drive Eraser shut down or the client timed out (after 30 minutes of inactivity)

An example of the message sent:

{
    "client_finished": {
        "id": "123e4567-e89b-12d3-a456-426655440000",
        "report_uuid": "e8b3f8ed-09f4-470b-9d84-6ff5ff6b54c3"
    }
}

Blancco Drive Eraser

Based on the "Auto connect" value, Drive Eraser can start in either on the two modes:

  • Auto-connect: Blancco Drive Eraser connects to BMC sending the default custom fields values along with other information such as MAC address, starts a session and requests a job specification

  • Input & edit: User can first input values for the custom fields and then can press "Update & connect" to start a session with BMC and request a job specification by sending updated values along with other information such as MAC address:

In case of error, Blancco Drive Eraser would show the error message in a dialog box and fall back to the "Input & edit: mode. In this case, BMC would unregister Drive Eraser and a new session can be created by pressing "Update and connect"

If the job description is valid, Blancco Drive Eraser would update the configuration based on the specification sent by the AMS via BMC and start a local erasure session based on the updated configuration.

Blancco Management Console API

There are several interfaces that have been added specifically with two way communication in mind. Details about these interfaces are provided in BMC's API documentation (Asset Management API-section). With them we enable AMS to, e.g.:

  • request information on custom fields
  • request information on disks
  • request for an asset report to be fetched from Drive Eraser
  • reset and shutdown Drive Eraser

Within the context of two way communication, "reset" means that Drive Eraser and BMC will drop the existing session and start over.