Remote Integration Client
In this section:
The SD Elements integration process normally requires direct network access with another server. In this case, the server is considered to be accessible to SD Elements. However, if a server is hosted in a different network, then normal operation is not possible: the server is inaccessible to SD Elements. By using the Remote Integration Client SD Elements can integrate with systems hosted in a different network.
The Remote Integration Client is an application supported by Security Compass and available through SD Elements Support or your Sales Engineer. The following image illustrates the typical configuration using the Remote Integration Client:
-
SD Elements instance hosted in the Internet.
-
Remote Integration Client running inside a private network. The application has network access to SD Elements and an internal server (Jira, Team Foundation Server, Fortify SSC, Active Directory, and so on).
Allow integration between SD Elements (SaaS) and another system:
Steps:
-
The server connector should be marked "inaccessible" in System → Integration.
-
Install the Remote Integration Client on a computer having network access to the SD Elements server and the other server.
-
Teams set up project integrations using the web UI as normal, including frequency.
-
The Remote Integration Client can be configured to run on a frequency that matches the settings chosen by the SD Elements project teams.
-
How the Remote Integration Client works:
-
The application authenticates to the SD Elements server over HTTPS using an API token.
-
The application retrieves the list of integration jobs that the user has permission to view and run.
-
Details of each integration job are retrieved from the SD Elements server, including ALM/Scanner/LDAP server address and credentials.
-
Each job is executed and the job’s result (success or failure) is posted back to the SD Elements server.
-
Requirements
The Remote Integration Client has the following requirements.
User Permissions:
-
ALM sync.
-
Permission Global Roles → Edit Alm connections.
-
-
Scanner import:
-
Permission Global Roles → Edit security tool connections.
-
Permissions Project Roles → Sync with Alm tools, and Project Roles → Verify tasks for each project.
-
Technical Requirements:
-
HTTPS network access to the SD Elements server.
-
Linux, Mac OS X or Windows.
-
Network access to the private server.
Installation
Remote Integration Client supports Windows or Linux/Mac OSX systems.
Windows
Installing the Remote Integration Client on Windows is a straight-forward process.
-
Download and run the installer.
The integration process runs automatically using the Windows Task Scheduler.
Linux or Mac OS X
Contact SD Elements support for installation instructions.
Troubleshooting
Assuming a user has the proper project permissions, any errors that occur during an integration will display on the web interface. Further information about an integration run can be found by adding "-d" (debug) command-line arguments.
Detailed Debug-level Logging:
Debug-level logging (prints out the full set of parameters for an integration including credentials):
python sde.py command_driver -d --debugmods=sdetools.sdelib.restclient --sde_api_token=APIv2_CONNECTION_STRING
Trust a new SSL Certificate:
python sde.py add_ssl_cert --server=SERVER.COM --port=443
Disable SSL certification validation for ALM Integration:
python sde.py command_driver --sde_api_token=APIv2_CONNECTION_STRING --command_params="{\"alm_validate_cert\":\"False\"}"
Run a specific integration for an ALM or scanner:
python sde.py command_driver --filter_connections=alm-XX --sde_api_token=APIv2_CONNECTION_STRING
Where XX is a database ID. This value is not shown on the Web UI, but you can get it from the project connection links:
On a SDE Project > Integration page there will be a list of connections with a "Sync" button. Click the button to start syncing the tasks over to an ALM (such as Jira or Rally). Examine the links of each connection. These links have a form similar to:
https://your.server.com/bunits/general/demo-application/demo-project/integration/alm/335
When you find the integration you want to run, examine its URL. It should look similar to the one above. In this example you would use 335 for XX.
Connect through a proxy
The Remote Integration Console can normally detect when it should connect through a proxy server. In cases where it cannot, you can follow the steps below:
Windows
Open "integrate.bat" in the application directory. By default it is located at:
C:\Users\YOUR-NAME\AppData\Local\Programs\SD Elements Remote Integration\integrate.bat
Add the proxy’s server and port to the top of the file:
SET http_proxy=http://someproxy.com:3128
Linux or Mac OS X
Before calling the "python sde.py" process, set the "http_proxy" environment variable to the proxy’s server and port:
export http_proxy=http://someproxy.com:3128
Scheduling ongoing integration
Windows
The Remote Integration Client relies on the Windows Task Scheduler for scheduled integration runs. During installation, the installer will prompt a user to automatically create Windows Task Scheduler entries for hourly, daily, weekly or monthly frequencies.
Linux or Mac OS X
By using the filtering options outlined above it is possible to schedule ongoing integration to match the SD Elements user-interface.
On Unix-like environments the following crontab can be used to run jobs consistent with the UI. In the terminal type:
crontab -e
Then paste the following crontab:
# Hourly (On the hour) 0 * * * * python /path/to/sde.py command_driver --sde_api_token=APIv2_CONNECTION_STRING --filter_frequency=hourly > /path/to/output.log 2> /path/to/debug.log # Daily (Midnight) 0 0 * * * python /path/to/sde.py command_driver --sde_api_token=APIv2_CONNECTION_STRING --filter_frequency=daily > /path/to/output.log 2> /path/to/debug.log # Weekly (Mondays) * * * * 1 python /path/to/sde.py command_driver --sde_api_token=APIv2_CONNECTION_STRING --filter_frequency=weekly > /path/to/output.log 2> /path/to/debug.log # Monthly (First of the month) 0 0 1 * * python /path/to/sde.py command_driver --sde_api_token=APIv2_CONNECTION_STRING --filter_frequency=monthly > /path/to/output.log 2> /path/to/debug.log
Update the paths to reflect the relevant locations.