Versions Compared

Old Version 6

changes.mady.by.user Sami Purho

Saved on

compared with

New Version Current

changes.mady.by.user Sami Purho

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To set up the Drive Eraser image into two-way communication mode, you need to go to Security and choose "Job Specification" for the "Erasure control".

Image RemovedImage Added

The Auto Connect value defines if the Drive Eraser would start by connecting to BMC and requesting the job description (when Auto Connect is checked) or if it would start by showing the Input & edit screen where user can edit the custom fields and then send a request to BMC to receive a job description (when Auto Connect is not checked).

...

Both can be configured in BMC's graphical user interface (GUI). The relevant configuration items can be found logging in as root admin and going to Administration -> Integration. There the relevant section is Asset Management Integration Settings. Once the configuration fields have been properly filled and saved, BMC will start using them. There is no need to restart BMC. With regards to Reference AMS, the configuration in BMC appears as follows:

Image RemovedImage Added

There are no restrictions on which relational database management system (RDBMS) is used nor which authentication is used. By and large BMC works just like it used to.

...

  • server.port: the port in which this server is running on. By default the value is 9000.
  • bmc.url: full URL of BMC. By default the value is http://localhost:8080.
  • bmc.username. By default the value is "admin".
  • bmc.password. Empty by default.
  • execution.chain. Defines the behavior of the Reference AMS, following modes are supported:
    • normal. If the connected client has capability to send custom fields, then MC's asset management API's custom field inquiry interface (/api/clients/{clientId}/custom_fields) is invoked. When the custom fields are received, then MC's asset management API's job specification sending interface (/api/clients/{clientId}/job_spec) is invoked with the configured job specification. The default job specification is described later on.
      • If the client does not have capability to request custom fields, then job specification is send directly.
    • reset. If the connected client has capability to reset itself, then MC's asset management API's reset interface (/api/clients/{clientId}/reset) is invoked with the following message: "Reset is needed to continue".
    • shutdown. If the connected client has capability to shutdown itself, then MC's asset management API's shutdown interface (/api/clients/{clientId}/shutdown) is invoked with the following message: "Nothing to do, shutdown".
    • asset_report. If the connected client has capability to send requested reports, then MC's asset management API's asset report request interface (/api/clients/{clientId}/report) is invoked. MC will pass the requested asset report to Reference AMS.
    • passive. Does nothing but simply idles and logs the incoming messages, especially useful when testing different APIs and to see how the communication happens between the erasure client and third party system.

The values can be changed as follows without recompiling the application:

Code Block
java -Dserver.port=9000 -Dbmc.username=admin -Dbmc.password=Test1234 -Dexecution.chain=passive -jar reference-asset-management-system.jar

The default job specification used by the Reference AMS start the erasure automatically after receiving the job specification and set the erasure standard to HMG Infosec 5, Higher Standard:

Code Block
titlejob_spec.json
{
	"job_spec": {
		"standard": "hmg_higher",
		"process": "auto"
    }
}

For more details how to compile a job specification and which settings and values are allowed, can be found from Job Specification documentation.

Logging and Monitoring

Drive Eraser

...

  • AMS instructed Drive Eraser to shutdown
  • AMS instructed Drive Eraser to reset
  • AMS sent an invalid job specification
  • Drive Eraser received a valid job specification, erased the computer, and sent the erasure reportshut down or the client timed out (after 30 minutes of inactivity)

An example of the message sent:

...

  • Auto-connect: Blancco Drive Eraser connects to BMC sending the default custom fields values along with other information such as MAC address, starts a session and requests a job specification

Image RemovedImage Added

  • Input & edit: User can first input values for the custom fields and then can press "Update & connect" to start a session with BMC and request a job specification by sending updated values along with other information such as MAC address:

Image RemovedImage Added

In case of error, Blancco Drive Eraser would show the error message in a dialog box and fall back to the "Input & edit: mode. In this case, BMC would unregister Drive Eraser and a new session can be created by pressing "Update and connect"

Image RemovedImage Added

If the job description is valid, Blancco Drive Eraser would update the configuration based on the specification sent by the AMS via BMC and start a local erasure session based on the updated configuration.

...