A standalone ProfileUnity Console communicates via "localhost". If you require even localhost traffic to be encrypted, this article outlines the process to enable and force TLSv1.2 for MongoDB connections from the ProfileUnity Console service.
NOTES:
- TLS connections will be supported out of the box for all operations in 6.8.5.
- This article requires you already have an existing ProfileUnity Console server and know what the existing prou_services account password is currently set to.
- If you are using FlexDisk VMDK FlexApps or User Data Disks / VMDK ProfileDisks STOP NOW - this process does not support FlexDisk until 6.8.5.
- Until 6.8.5, enabling TLS connections for MongoDB may cause any future cluster operations like removing/adding nodes to fail.
INSTRUCTIONS:
- Starting with a healthy ProfileUnity Console server - Shutdown, snapshot and power it back on.
- Navigate and logon to the ProU web console (https://prouServerName:8000), mouse-over the username at the top right and click Administration. Scroll down to the Clustering section and put a check next to Enable High Availability Mode and click Update at the top right.
- Connect to the ProU Console server and open "Services.msc". Stop the Liquidware ProfileUnity service, stop and disable the Liquidware FlexDisk service and then stop the MongoDB service.
- Download the attached "mongodb.cfg" file and place it into "C:\Program Files\MongoDB".
- Download and edit the attached "settings.json" file and replace the example password and servername in the mongodb:// connection string with your actual prou_services account password and ProU Console FQDN. Then place the edited file into "C:\Program Files (x86)\Liquidware Labs\ProfileUnity". *If the service fails to start, edit the string and use the short computer name instead.
- Back in "Services.msc", start the MongoDB service and then start the Liquidware ProfileUnity Service. Click Refresh and make sure both services are still "Running" and that the ProU web console is accessible.