To secure communication between Tivoli® Enterprise Monitoring Agents, Tivoli Enterprise Monitoring Servers, and the Tivoli Enterprise Portal Server, use SPIPE as the protocol when you configure communications between the portal server and the hub monitoring server, between hub and remote monitoring servers, and between monitoring agents and monitoring servers.
On Linux and UNIX, update the agent configuration files (.ini) files directly.
On Windows, update the variables using Manage Tivoli Enterprise Monitoring Services or update the agent environment files (*ENV) files directly.
Work with the administrators of the other products that IBM Tivoli Monitoring communicates with to setup secure communications. If you are using any of the Jazz™ for Service Management components (Dashboard Application Services Hub, Registry Services, or Security Services) with IBM Tivoli Monitoring, use the WebSphere® Application Server administration console to work with their trust and certificate stores.
The following table lists the communication flows that can be secured and where to find information on how to secure the interaction.
Task to secure communication | Where to find information |
---|---|
Use TLS/SSL between the Tivoli Enterprise Portal clients and the portal server. | See "Using SSL between the portal server and the client" in the IBM Tivoli Monitoring Installation and Setup Guide. |
Use IP.SPIPE with certificate validation to
secure communication for these interactions:
|
See the ITM Certificate Authentication Configuration Guide for ITM V6.2.2 and later in the IBM Tivoli Monitoring Wiki. |
Use TLS/SSL between the hub monitoring server and a LDAP server. | Configuring TLS/SSL communication between the hub monitoring server and the LDAP server |
Use TLS/SSL between the portal server and a LDAP server. | Configuring TLS/SSL communication between the portal server and the LDAP server |
Use TLS/SSL when the IBM Dashboard Application Services Hub sends requests to the IBM Tivoli Monitoring dashboard data provider. | Configuring TLS/SSL communication between Dashboard Application Services Hub and the dashboard data provider |
Use TLS/SSL when the dashboard data provider sends requests to retrieve authorization policies from the Authorization Policy Server. | Configuring TLS/SSL communication with the Authorization Policy Server |
Use TLS/SSL when the tivcmd Command-Line Interface for Authorization Policy sends requests to the Authorization Policy Server. | Configuring TLS/SSL communication with the Authorization Policy Server |
Use TLS/SSL for sending private situation events from monitoring agents to the IBM Tivoli Netcool/OMNIbus Probe for Tivoli EIF. For this interaction, client certificate authentication is configured so that the probe uses certificates to authenticate the monitoring agents (the clients). | Sending private situation events by using TLS/SSL communication |
Use TLS/SSL when Tivoli Business Service Manager or Tivoli Integrated Portal send HTTPS requests to the portal server's charting web service. | "Tivoli Business Service Manager and Tivoli Enterprise Portal Server integration over SSL" in the IBM Tivoli Monitoring Installation and Setup Guide. |
Enable the Federal Information Processing Standard (FIPS) for IBM Tivoli Monitoring components. | Enabling FIPS for IBM Tivoli Monitoring |
After updating the IBM Tivoli Monitoring certificate, import the TEPS/e certificates into the portal server keyfile database to ensure the portal server web server plug-in and TEPS/e can continue to communicate securely. | Importing the TEPS/e certificates into the portal server keyfile database |
If you want to use HTTPS in a dashboard environment that is using an HTTP server to load balance multiple portal servers, you must configure TLS/SSL communication from the HTTP server to the portal server. | Configuring TLS/SSL communication between the load balancing HTTP Server and each portal server's local HTTP server |
If you want to use HTTPS in a dashboard environment that is using an HTTP server to load balance multiple portal servers, you must configure TLS/SSL communication from the Dashboard Application Services Hub to the HTTP server. | Configuring TLS/SSL communication between Dashboard Application Services Hub and an HTTP server used for load balancing multiple portal servers |