Creating a Secure Connection Between the Event Processor and the Database

You can encrypt transactions between the IBM® Sterling Control Center Monitor event processor (EP) and the production database. Configuring encryption prevents anyone outside the system from viewing the data while it tracks between the IBM Sterling Control Center Monitor EP and instances of the database server. Creating these secure connections can be completed in either a high availability or non-high availability environment.

Secure Sockets Layer (SSL) is used to encrypt user IDs, passwords, and data that are transmitted across a network between the IBM Sterling Control Center Monitor EP, and instances of the database server.

You can use SSL to secure connections on two of the database types IBM Sterling Control Center Monitor supports: DB2® and Microsoft SQL Server 2008. To secure the database server, you configure the server for your database type to either require an SSL connection or to optionally allow an SSL connection.

Consider the following aspects of enabling database encryption:
  • By default, database connections are not secured by SSL in IBM Sterling Control Center Monitor. If you want your database transmissions to be encrypted, you must perform tasks in your database software and in IBM Sterling Control Center Monitor to set up and enable encryption.
  • Before enabling encryption, configure a keystore and truststore. The truststore file must contain either the certificate authority (CA) certificate or self-signed public certificate being used by the database server.
  • After you install IBM Sterling Control Center Monitor, run the configCC utility to secure the connection to the databases.
  • After you enable encryption for each supported database (production), it applies to all database transmissions between IBM Sterling Control Center Monitor and the databases.
  • Enabling SSL encryption increases the security of data transmitted across networks between instances of the database servers and IBM Sterling Control Center Monitor. However, enabling encryption slows performance.

In a high availability environment, every event processor's keystore certificate must be trusted by your other event processors in the cluster. In every event processor's truststore, you must include the certificate. You can use the same keystore and truststore files for every event processor in your high availability environment. You might receive a browser security warning when you access the web console on an event processor where the common name does not match the host name that you are connecting to.