Home
Administration
Administering HCL Discover involves configuring and integrating the HCL Discover client framework with your web applications or mobile native applications, installing and administering the databases used by HCL Discover, defining event objects and configuring events, hit attributes, dimensions, and other object attributes used by HCL Discover to monitor mission-critical metrics of your web application's performance.
HCL Discover Administration Manual
Securing Interprocess Communication
Discover 12.1.8 and above supports the use of a new SSL certificate based mechanism for securing all inter-process communication between the Discover servers. This is important in a distributed environment with multiple servers, as the components of Discover communicate with each other over the network, using a variety of ports.
Prerequisites

Administration
Administering HCL Discover involves configuring and integrating the HCL Discover client framework with your web applications or mobile native applications, installing and administering the databases used by HCL Discover, defining event objects and configuring events, hit attributes, dimensions, and other object attributes used by HCL Discover to monitor mission-critical metrics of your web application's performance.
- HCL Discover Administration Manual
  - Discover Admin Overview
    This section is an overview to the Discover system and its components.
  - Discover System Monitoring
    Discover provides several mechanisms for monitoring the health of the Discover system and Discover user activities. This section provides access to the various tools available in the Discover system for monitoring it and its users.
  - Portal Management
    This section contains administration topics for managing the Discover Portal and features available through it.
  - Discover Management System
    The Discover Management System (Manage Services) centralizes configuration management for Discover systems on Windows™-based hosts.
  - Database Administration
    The HCL Discover datastore runs on top of a set of four Microsoft™ SQL Server databases.
  - Report Access Permissions
    Users whose accounts contain the proper permissions may administer Discover reports. Depending on the type of report, permissions to administer individual reports of that type are configured in the report definition.
  - Managing User Agents
    Through Discover, you can monitor the different types of user agents that contact your web application. Through a provided set of data objects, Discover can identify the type of traffic that is requesting resources from your web application and then monitor counts and other information that pertains to the type of user agent. These objects can be used as the source data for developing a useful set of user agent-related reports, enabling you to closely monitor the composition of traffic to your site.
  - Configuring User Agent Detection
    This section describes how to acquire and maintain the configuration files necessary for parsing of fixed and mobile user agents and how to prepare those files for use in the HCL Discover platform.
  - Configuring User Agent Events
    To use the data that is injected into the [ExtendedUserAgent] section by the Discover SessionAgentTLTRef, a Discover administrator must create events that create charts for this data.
  - User Agent Tools
    These external utilities can be used to monitor and update user agent configuration data that is required by Discover.
  - bot Detection
    Most commercial enterprise web applications are subjected to significant traffic from web crawling bots. Short for "robot," a bot is a software agent that navigates websites to extract information about them. Some bots are used by search engines for indexing pages.
  - Discover Reference Information
    Use the links below to access reference information on file formats, common standards, and more in use by the Discover system.
  - Integrating HCL Discover and Unica Journey
    HCL Discover and Unica Journey integration works with CEP configuration. The CEP configuration enables the event to be sent to CEP and the external systems. Unica Discover-Unica Journey integration is supported from version 12.1.0.3 onwards.
  - Integrating HCL Discover and Unica Interact
    HCL Discover and Unica Interact integration works with CEP configuration. The CEP configuration enables the event to be sent to CEP and the external systems. Unica Discover-Unica Interact integration is supported from version 12.1.0.3 onwards.
  - Selective Deletion
    You can delete sessions and session fragments from the HCL Discover system with the Selective Deletion tool.
  - Using the ArchiveConfig utility
    Run the ArchiveConfig utility to configure and execute Selective Archiving.
  - ELK Configurations
    Before configuring ELK on HCL Discover, there are some prerequisites:
  - Securing Interprocess Communication
    Discover 12.1.8 and above supports the use of a new SSL certificate based mechanism for securing all inter-process communication between the Discover servers. This is important in a distributed environment with multiple servers, as the components of Discover communicate with each other over the network, using a variety of ports.
    - Prerequisites
    - Generating an SSL Certificate Pair
      Interprocess security works by ensuring that all servers have an identical copy of the SSL key pair, so that all traffic between them can be encrypted for transmission and decrypted on arrival.
    - Importing the SSL Certificate Pair
      The PFX file created in the previous step must now be imported, on all Windows servers in the Discover environment, including the server on which it was created.
    - Enabling TLS
      TLS can now be enabled, as a valid certificate pair is present on all servers.
    - Securing the Pipeline
      The certificate pair, once imported using the steps above, can also be used to encrypt Pipeline traffic: the captured session data flowing between the Discover servers.
    - Troubleshooting
    - Notes
  - Support for Okta
    From version 12.1.12, HCL Discover supports Okta authentication for customers who wish to use Okta instead of Microsoft Windows NT Authentication.
- HCL Discover Data Export for Data Analysis Administration Manual
- Session Archiving Guide

Prerequisites

Network ports

No new network ports are used after enabling TLS; instead the standard ports are used securely. The only potential exception is the Discover Data Service. The Data Service uses port 23000 by default but an option to use port 23443 instead was introduced in an earlier fix pack. At the time this option offered additional security, but this is no longer necessary from version 12.1.8. If port 23443 is in use, the configuration should be updated to use port 23000 instead, before trying to enable TLS in version 12.1.8.

Windows registry - TLS 1.2 support in Windows 2008 R2

For TLS security to work, Windows itself must support TLS 1.2. Windows 2012 and 2012 R2 support TLS 1.2 by default. In Windows 2008 R2 the following registry entries must be present:

HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendTrustedIssuerList = 0
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.2\Server\DisabledByDefault = 0
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.2\Server\Enabled = 1

Note: A reboot is required for any changes to these entries to take effect.

Windows registry - Discover configuration

If the Windows registry contains an existing Discover TLS configuration entry, it must be set to disabled (0). An "EnableTLS" entry may be present if the customer configured some of the optional security features.

HKLM:\SOFTWARE\Wow6432Node\HCL Discover\EnableTLS = 0

If the earlier "EnableTLS" option is present it must be set to 0.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box.