You can configure TCP communication between Network Manager processes to use encryption.
About this task
Some Network Manager processes communicate with each other using Transmission Control Protocol (TCP), including discovery processes such as Finders, discovery agents, ncp_disco, and the Helper Server. The GUI components also use TCP to communicate with ncp_config. Note that the IBM Netcool Agile Service Manager Network Manager Observer does not support encryption of the connection to Network Manager. By default, all TCP communication is unencrypted.
To encrypt TCP communication, complete the following steps:
Procedure
-
Stop the discovery and processes and the GUI components.
-
Generate an encryption key by running the $NCHOME/precision/bin/ncp_generate_key executable using a command line similar to the following:
ncp_generate_key -keysize 256 -algorithmName AES -algorithmMode CBC
The command-line options for the ncp_generate executable are as follows:
- -help
- Display usage information.
- -keySize
- Size of the cryptographic key to use. Supported sizes are 128, 192, and 256.
- -algorithmName
- Name of the cryptographic algorithm. Supported algorithms are: AES.
- -algorithmMode
- Mode of the cryptographic algorithm. Supported modes are: CBC.
- -version
- Displays the version number.
-
Copy the encryption key to all other servers that have Network Manager components that communicate with those on the current server.
The core components use a key file at this location: $NCHOME/etc/security/keys/NM_TCP.key
The GUI components use the key file for the core components if present, or if not, a key file at this location: $NMGUI_HOME/profile/etc/security/keys/NM_TCP.key
-
Restart the discovery and processes and the GUI components.