What is the data collector

The data collector is the application that collects and delivers the metadata that is analyzed and presented in the GUI.

Data collector
The data collector is a light-weight application that is installed on a server in your data center. It sends the metadata that is collected about your storage systems, such as asset, configuration, capacity, and performance metadata, from your data center to your instance of IBM Storage Insights Pro or IBM Storage Insights, which is in an IBM® Cloud data center.
Important: Outbound metadata is sent by data collectors to the well-defined and secure network endpoint https://insights.ibm.com:443. Update your firewall rules to allow outbound communication to https://insights.ibm.com and to the HTTPS port 443 using the Transmission Control Protocol (TCP).
In a matter of minutes, you can install the data collector and when you add the storage systems that you want to monitor, you get the capacity and performance insights that you need to monitor your data center. Because the metadata that IBM Support needs to investigate and close tickets is also collected, you can also upload logs when you create or update tickets and IBM Support can access and investigate the metadata to resolve any issues that you might have.
Credentials for connecting to storage systems: To add and collect metadata from the storage systems that you want to monitor, you must provide the storage system's credentials. Depending on the type of storage system that you add for monitoring, you can provide the name and password of a user with privileges to collect the metadata, or an SSH user and SSH key. The credentials that are provided are encrypted before they are stored in the database for the instance, and the database is also encrypted. In addition, most storage systems support the creation of users with read-only roles, who can't make any changes to the configuration of the storage system.
Note: IBM Storage Insights now supports onboarding of IBM Storage Virtualize devices running on SSH4 secured connectivity by using data collector.
Supported operating systems: Data collectors can be installed on servers or virtual machine that run AIX®, Linux®, or Windows (64-bit systems only). On the server or virtual machine, you must provide at least 1 GB of RAM and 3 GB of disk space. For more information about the requirements for data collectors, see the following topics:
Security certification: IBM Storage Insights, based on regular audits, has ISO/IEC 27001 Information Security Management certification. Annually, the following audits are conducted: two KPI audits, one external Veritas ISO27001, 27017, and 27018 audit, and one IBM internal audit for each ISO2700x.
Note: Security scanners can display an alert message 'Daemon is not managed by RPM' for IBM Storage Insights data collector. For more information, see Troubleshooting data collectors.

Key security characteristics

To ensure that metadata is collected securely, the data collector has the following characteristics:
Built-in security
Communication with other entities, such as storage systems in the local data center and the IBM Storage Insights service in the IBM Cloud data center are initiated solely by the data collector. The data collector does not provide any remote APIs that might be used to interact with the data collector.
Data collectors use prepackaged commands and code from IBM Storage Insights to run pre-defined operations only. Remote code loading is not possible.
One-way communication
The data collector sends metadata out of your network to your instance of IBM Storage Insights Pro or IBM Storage Insights. Communication is outbound only; the data collector can't receive data from the internet or any other entity in your network. Here's how the one-way communication works:
  1. The data collector sends out a request for work.
  2. IBM Storage Insights responds with a data collection request.
  3. The data collector communicates with the storage resource or starts a log collection.
Secure transmission
All communication between the data collector and IBM Storage Insights Pro or IBM Storage Insights in the IBM Cloud data center uses encryption based on HTTPS.
The communication that the data collector initiates with the server where it is installed, and the communication between the server and IBM Storage Insights Pro GUI or IBM Storage Insights GUI. HTTPS connections use certificates issued by Cloudflare, Inc. (issuer common name "Cloudflare Inc ECC CA-3") and use TLS 1.2 and TLS 1.3 with 256-byte keys.
Tip: Because HTTPS connections are used, the data collector can run on any computer that can access the internet over an outbound TCP connection to port 443. Port 443 is the standard port for HTTPS connections.