Technical Blog Post
Abstract
ITM Agent Insights: Transport Layer Security protocol usage for IBM Tivoli Monitoring agent version 6.23 or lower
Body
This blog will help you configure your environment to use the Transport Layer Security (TLS) v1.2 protocol with an IBM Tivoli Monitoring (ITM) agent at a version 6.23 or lower. As you all know TLS protocol was introduced in ITM release 6.3. The TLS v1.2 protocol was provided with ITM release 6.3 Fix Pack 2. Here are further details from the user guide:
You could encounter a situation where you may be running an agent at a lower version such as 6.22 or 6.23 and still want to use the TLS protocol in your environment. In such cases you will need to upgrade the TEMA components ax (IBM Tivoli Monitoring Shared Libraries) and gs (IBM GSKit Security Interface) to 6.3 FP2 or higher.
I will demonstrate the exact steps using an example. In this example, we have the following
ITM environment: 6.3 FP6 (TEPS and TEMS running at 6.3 FP6)
ITM VIOS agent: 6.22 FP2 IF6
NOTE: Since this is a VIOS server there is one additional step needed, as this involves an encrypted shell on top AIX. Also, note that the VIOS agent is a 32-bit agent, typically the OS agents such as UX are 64-bit agents. So we want to make sure in this case we upgrade the 32-bit versions of the TEMS components.
STEP 1: Check the agent listing in the cinfo output:
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.22.04.00 << Current level for ax component
aix526 Version: 06.22.04.00
gs IBM GSKit Security Interface << Current level for gs component
aix523 Version: 07.40.27.00
aix526 Version: 07.40.27.00
va Monitoring Agent for VIOS Premium
aix523 Version: 06.22.02.06 << Shows the VIOS agent is 32-bit
STEP 2: The easiest way to upgrade the components for any 64-bit agent would be to install the UX OS agent. So if we install the 6.3 FP6 UX agent the cinfo output will show.
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.22.04.00
aix526 Version: 06.30.06.00 << 64-bit ax component upgraded
gs IBM GSKit Security Interface
aix523 Version: 07.40.27.00
aix526 Version: 08.00.50.36 << 64-bit gs component upgraded
ux Monitoring Agent for UNIX OS
aix526 Version: 06.30.06.00
va Monitoring Agent for VIOS Premium
aix523 Version: 06.22.02.06
However, note that this will only work for a 64-bit agent. In the example described above the VIOS (va) agent is a 32-bit agent and hence would need the 32-bit ax and gs components upgraded.
STEPS 3: For 32-bit agents this additional step will be needed. You need to use the same full install binary, fix pack images will not work. So using the same 6.3 FP6 agent binary, execute the following command,
<MEDIA>/install.sh -h <CANDLEHOME> -q -p <MEDIA>/unix/tf<PLAT>.txt
where <PLAT> is 523
This will upgrade the 32-bit version of the TEMA components to the required levels.
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.30.06.00 << 32-bit ax component upgraded
aix526 Version: 06.30.06.00
gs IBM GSKit Security Interface
aix523 Version: 08.00.50.36 << 32-bit gs component upgraded
aix526 Version: 08.00.50.36
Once this is done, the server running the ITM agent at the lower version can communicate with the TEMS server using the TLS v1.2 protocol.
Subscribe and follow us for all the latest information directly on your social feeds:
|
|
|
Check out all our other posts and updates: | |
Academy Blogs: | https://goo.gl/U7cYYY |
Academy Videos: | https://goo.gl/FE7F59 |
Academy Google+: | https://goo.gl/Kj2mvZ |
Academy Twitter : | https://goo.gl/GsVecH |
UID
ibm11084917