Configuring a secure connection to the non-z/OS DB2 database server

You can configure a secure connection to encrypt transactions between the IBM® Sterling Control Center Monitor engine and non-z/OS DB2 database instances. Configuring these secure connections can be completed in a high availability or non-high availability environment.

  • Before you configure IBM Sterling Control Center Monitor to enable secure connections to the databases, complete the following tasks for the DB2 database server:
    1. Install IBM Global Security Kit (GSKit) on both the server and client side.
      • If both the client and server are on the same physical computer, you do not need to install GSKit because it is automatically installed with the DB2 server.
      • If the client is being installed on a separate computer, install GSKit if the client will use SSL to communicate with the servers.
    2. Ensure the path to the IBM Global Security Kit (GSKit) libraries is listed in the following variables:
      • Windows platforms - PATH environment variable located in C:\Programs Files\IBM\GSK8\lib (Windows 32-bit platforms) and C:\Programs Files\IBM\GSK8\lib64 (Windows 64-bit platforms)
      • Linux and UNIX platforms - LIBPATH, SHLIB_PATH or LD_LIBRARY_PATH environment variables located in sqllib/lib/gskit.
    3. Invoke GSKCapiCmd and complete the following tasks:
      1. Create your key database.
      2. Create a self-signed certificate.
      3. Extract the signer certificate to a file. This is the trusted database server certificate.
    4. Set up your DB2 server for SSL support.

    Consult the DB2 IBM Documentation for information on configuring DB2 for SSL.

  • Create and configure the keystore and truststore files in IBM Sterling Control Center Monitor.

In a high availability environment, every event processor's keystore certificate must be trusted by your other event processors in the cluster. In every event processor's truststore, you must include the certificate. You can use the same keystore and truststore files for every event processor in your high availability environment. You might receive a browser security warning when you access the web console on an event processor where the common name does not match the host name that you are connecting to.

Use this procedure to enable encryption and SSL authentication between the IBM Sterling Control Center Monitor engine and non-z/OS DB2 databases. To configure a secure connection between the IBM Sterling Control Center Monitor engine and non-z/OS DB2 databases in a high availability or non-high availability environment:
  1. Install IBM Sterling Control Center Monitor.
  2. During the Microsoft Windows installation, select DB2 as the database type and provide information about the DB2 databases (production and reporting).
  3. Import the trusted database server certificate you extracted during SSL setup of the DB2 database server into the IBM Sterling Control Center Monitor engine truststore.
  4. Use one of the following methods to run the configCC utility:
    Microsoft Windows UNIX
    Double-click configCC.bat in installation directory\bin. Run the configCC.sh utility from installation directory/bin.
  5. When you are prompted to secure the connection to the IBM Sterling Control Center Monitor database (production), type Y.
  6. Type Y to confirm your configuration changes.