IC SunsetThe developerWorks Connections Platform is now in read-only mode and content is only available for viewing. No new wiki pages, posts, or messages may be added. Please see our FAQ for more information. The developerWorks Connections platform will officially shut down on March 31, 2020 and content will no longer be available. More details available on our FAQ. (Read in Japanese.)
Topic
  • No replies
DanielMichel
DanielMichel
62 Posts

Pinned topic Adding DS8000 storage systems that use SSL Version 3 or earlier versions or that use MD5 signed certificates

‏2016-06-15T08:34:59Z |

Adding DS8000 storage systems that use SSL Version 3 or earlier versions or that use MD5 signed certificates

To ensure the security of the HMC, the best practice is to ensure that all DS8000 storage systems are patched or updated to a firmware level that doesn't use the SSLv3 protocol. That's why you can't add DS8000 storage systems that are at a firmware level that doesn't use SSLv3 as documented in the security bulletin at http://www-01.ibm.com/support/knowledgecenter/HW213_7.2.0/com.ibm.storage.ssic.help.doc/f2c_securitybp_updatecert.html.

MD5 was disabled because of a security vulnerability, which means that Storage Insights will not collect data from DS8000 storage systems that use MD5 to sign certificates.

 

If you want to monitor DS8000 storage systems that don't support the latest cryptographic standards, you must modify the setup.properties file in the data collector conf directory:

  1. Open the setup.properties file.
  2. Complete one or both of these steps:
    • To use SSL version 3 or earlier, enter EnableSSLv3=true on a separate line.
    • To ignore the MD5 security vulnerability, enter EnableMD5=true on a separate line.
  3. Save the file and stop and start the data collector service:
    • On Windows operating systems, you must have Administrator rights to stop or start the data collector service: Click the Start menu, type services.msc and then press Enter. On the Services page, select the service name that begins with IBM Spectrum Control Storage Insights data collector and stop and start it.
    • On AIX or Linux operating systems, you must have root privileges to stop or start the data collector service: Run the dataCollector.sh script with the stop parameter, and then run the script again with the start parameter.

 

 

Updated on 2016-06-15T08:35:31Z at 2016-06-15T08:35:31Z by DanielMichel