logo

NJP

Setup your Edge Encryption Server: Amazon EC2 Tier Example: Ubuntu 64 Bit

Import · Feb 22, 2017 · article

Play With Edge Encryption: Step#1: Set Up Your Test Edge Encryption Server

This Document articulates steps for setting up your own Edge EnCryption Server on top of your personal dev ServiceNow instance.

=> Get a brand new EC2 Remote Machine(Wintel/Unix). In this Document, I'll be writing commands for Ubuntu 64 bit being my Proxy's Host OS.

=> ssh to the box and perform following:

1) Install Java and other dependencies

sudo apt-get install python-software-properties

sudo add-apt-repository ppa:webupd8team/java

sudo apt-get update

sudo apt-get install oracle-java8-installer

2) Install MySQL Server, not older than 5.5

sudo apt-add-repository ppa:ondrej/mysql-5.6

sudo apt-get update

sudo apt-get install mysql-server

For this being a dry run, I kept id & password = "root".

3) Install Edge Encryption Plugin on your ServiceNow Instance

4) Login with Admin account, unlock high-Security rights and navigate to

Edge Encryption Configuration => Installation & Downloads => Download

image

5) Download the relevant installer, in this example: Linux 64 bit.

6) FTP this installer to your Proxy Server. In this example, we saved the installer at: /home/ubuntu/EDGE/edgeencryption-dist-2.1.1-linux-x86-64.zip

7) Execute below to understand your command:

java -jar edgeencryption-dist-2.1.1-linux-x86-64.zip

image above command gives below:

ubuntu@ip-172-31-28-4:~/EDGE$ java -jar edgeencryption-dist-2.1.1-linux-x86-64.zip

option: [--mode] MODE required

--help

-m|--mode MODE [required, modes: install, upgrade]

-s|--dst-dir DESTINATION DIRECTORY [optional for mode: install: default: $(PROXY_NAME)_$(PORT)]

-d|--proxy-dir PROXY DIRECTORY [required for mode: upgrade]

-n|--proxy-name PROXY NAME [required for mode: install]

-h|--host INSTANCE HOST [required for mode: install]

-p|--port INSTANCE PORT [required for mode: install]

-proto|--protocol INSTANCE PROTOCOL [required for mode: install]

Examples:

a) Install EdgeEncryption proxy into directory test_16001:

java -jar edgeencryption-dist-2.1.1-linux-x86-64.zip -m install -n test -h 1.2.3.4 -p 16001 -proto http

b) Install EdgeEncryption proxy into SecureProxy directory, and configure to use secure HTTPS connection:

java -jar edgeencryption-dist-2.1.1-linux-x86-64.zip -m install -n test -s SecureProxy -h 1.2.3.4 -p 443 -proto https

c) Upgrade EdgeEncryption proxy installed in directory test_16001:

java -jar edgeencryption-dist-2.1.1-linux-x86-64.zip -m upgrade -d test_16001

9) We are installing with below: (update parameters as per your details)

java -jar edgeencryption-dist-2.1.1-linux-x86-64.zip -m install -n VabEdgeUbuntu1 -h instance_name.service-now.com -p 443 -proto https

10) Logs from a successfull execution:

ubuntu@ip-172-31-28-4:~/EDGE$ java -jar edgeencryption-dist-2.1.1-linux-x86-64.zip -m install -n VabEdgeUbuntu1 -h instance_name.service-now.com -p 443 -proto https

Feb 22, 2017 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand

INFO: option: dist-file: file:/home/ubuntu/EDGE/edgeencryption-dist-2.1.1-linux-x86-64.zip

Feb 22, 2017 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand

INFO: option: dst-dir: /home/ubuntu/EDGE/VabEdgeUbuntu1_443

Feb 22, 2017 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand

INFO: option: proxy-name: VabEdgeUbuntu1

Feb 22, 2017 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand

INFO: option: port: 443

Feb 22, 2017 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand

INFO: option: protocol: https

Feb 22, 2017 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand

INFO: option: extra-properties: 0

Feb 22, 2017 5:32:53 AM com.snc.dist.upgrade.common.extract.ZipExtractor extract

INFO: extracting: file:/home/ubuntu/EDGE/edgeencryption-dist-2.1.1-linux-x86-64.zip => /home/ubuntu/EDGE/VabEdgeUbuntu1_443

Feb 22, 2017 5:32:54 AM com.snc.cloudedge_zip.CloudedgePermissions execute

INFO: setting permissions: /home/ubuntu/EDGE/VabEdgeUbuntu1_443

Feb 22, 2017 5:32:54 AM com.snc.dist.upgrade.common.extract.ZipExtractor extract

INFO: extracting: file:/home/ubuntu/EDGE/VabEdgeUbuntu1_443/java/mid-jre-1.8.0_40-4-linux-x86-64.zip => /home/ubuntu/EDGE/VabEdgeUbuntu1_443/java

11) go to /conf and open "edgeencryption.properties" to update

ubuntu@ip-----:~/EDGE$ cd VabEdgeUbuntu1_443/conf

ubuntu@ip-----:~/EDGE/VabEdgeUbuntu1_443/conf$ vi edgeencryption.properties

12) Update below Properties:

< edgeencryption.target.host = .service-now.com

---

< edgeencryption.target.username = User_Name_With_Edge_Role_In_Your_Instance

< edgeencryption.target.password = Password_Of_User_With_Edge_Role_In_Your_Instance

---

< edgeencryption.proxy.host = IP_Address_OF_Proxy_Host

---

< edgeencryption.proxy.https.keystore.password = default is "changeme" => set it to the password you want to create alias with.

< edgeencryption.proxy.https.cert.alias = alias1httscerti => set it to the value you want to create alias with.

---

< edgeencryption.db.user = root => This is the user of your sql db server installed earlier

< edgeencryption.db.password = root => Password you set while installing

---

< edgeencryption.proxy.signature.keystore.password = default is "changeme" => set it to the password you want to create alias with.

< edgeencryption.proxy.signature.keystore.keyalias = alias2proxysig => set it to the value you want to create alias with.

---

<# edgeencryption.encrypter.properties.password = => Comment this out. This is for password for config encryption

---

< e*dgeencryption.keystore.path* = keystore/keystore.jceks => Uncomment this

< edgeencryption.keystore.password = => Uncomment this and set it to default password "changeme" (the password of your encryption key)

13) Save "edgeencryption.properties" file.

14) Go to /keystore

15) Execute below to generate 3 keys:

a) Generating the certificate for the Web server holding the proxy. This is the one you want sign with a CA authority =>

edgeencryption.proxy.https.cert.alias = alias1httscerti

../java/jre/bin/keytool -genkey -alias alias1httscerti -keyalg rsa -keystore keystore.jceks -storetype jceks

b) This is another certificate, internal to edge: the signature =>

edgeencryption.proxy.signature.keystore.keyalias = alias2proxysig

../java/jre/bin/keytool -genkey -alias alias2proxysig -keyalg rsa -keystore keystore.jceks -storetype jceks

c) Generate the encryption certificate on AES format so Edge can encrypt, 128 bit =>

../java/jre/bin/keytool -genseckey -alias jsaes128 -keyalg aes -keystore keystore.jceks -storetype jceks -keysize 128

16) List all certificates in this keystore, it will have 4 now, password for my example keystore is "changeme" =>

../java/jre/bin/keytool -list -v -keystore keystore.jceks -storepass changeme -storetype jceks

17) Login to ServiceNow with your admin account, and unlock high-Security rights and navigate to

Edge Encryption and Configuration => Encryption Key Configuration => Set Up Keys

image

image

18) Now, you are all set to start up your Edge Encryption Server.

19) Navigate to and execute

./startup.sh

image

20) If you see This error:

bin/./wrapper-linux-x86-32: not found

image

Execute below:

sudo apt-get install libc6-i386 libc6-dev-i386

21) Validate from logs, logs are located at:

/logs

22) Validate if your proxy is up:

.service-now.com/xmlstats.do?include=edgeencryption

image

More updates are yet to come to this article.

Regards,

Vab Singhal

View original source

https://www.servicenow.com/community/now-platform-articles/setup-your-edge-encryption-server-amazon-ec2-tier-example-ubuntu/ta-p/2327938