Adding DS8000 storage systems that use SSL Version 3 or earlier versions or that use MD5 signed certificates
To ensure the security of the HMC, the best practice is to ensure that all DS8000 storage systems are patched or updated to a firmware level that doesn't use the SSLv3 protocol. That's why you can't add DS8000 storage systems that are at a firmware level that doesn't use SSLv3 as documented in the security bulletin at http://www-01.ibm.com/support/knowledgecenter/HW213_7.2.0/com.ibm.storage.ssic.help.doc/f2c_securitybp_updatecert.html.
MD5 was disabled because of a security vulnerability, which means that Storage Insights will not collect data from DS8000 storage systems that use MD5 to sign certificates.
If you want to monitor DS8000 storage systems that don't support the latest cryptographic standards, you must modify the setup.properties file in the data collector conf directory:
- Open the setup.properties file.
Complete one or both of these steps:
- To use SSL version 3 or earlier, enter EnableSSLv3=true on a separate line.
- To ignore the MD5 security vulnerability, enter EnableMD5=true on a separate line.
Save the file and stop and start the data collector service:
- On Windows operating systems, you must have Administrator rights to stop or start the data collector service: Click the services.msc and then press Enter. On the Services page, select the service name that begins with IBM Spectrum Control Storage Insights data collector and stop and start it. menu, type
- On AIX or Linux operating systems, you must have root privileges to stop or start the data collector service: Run the dataCollector.sh script with the stop parameter, and then run the script again with the start parameter.