Enabling SNMP V3 passwords for autonomous agents

Edit online

If you intend to use autonomous agents on a z/OSĀ® system and the ICSF subsystem is available on the z/OS system, you can enable SNMP V3 passwords.

Procedure

  1. From the distributed installation media for either IBM Tivoli Monitoring or IBM Tivoli Management Services on z/OS, install the Tivoli Enterprise Monitoring Agent Framework.
    When you select Tivoli Enterprise Monitoring Agent Framework during installation, the following components are installed:
    • Tivoli Enterprise Monitoring Agent Framework
    • IBM GSKit Security Interface
    • Tivoli Enterprise Services User Interface
    This software includes the itmpwdsnmp tool, which converts the passwords in SNMP trap configuration files from plain text into GSKit-encrypted passwords. For installation instructions, see IBM Tivoli Monitoring: Installation and Setup Guide.
  2. Run the itmpwdsnmp tool on the distributed system to encrypt the passwords in an SNMP trap configuration file.
    For instructions, see the SNMP PassKey encryption: itmpwdsnmp topic in the IBM Tivoli Monitoring: Administrator's Guide.

    If you must encrypt only a few passwords, you can run the itmpwdsnmp tool in interactive mode.

  3. Upload the SNMP trap configuration file in text mode to the rhilev.rte.RKANDATV data set for the runtime environment in which the monitoring agent is configured.
  4. Use one of the following methods to create a KAES256 member in the rhilev.rte.RKANPARU data set for the runtime environment in which the monitoring agent is configured.
    • Copy the KAES256 member from the rhilev.rte.RKANPARU data set for the runtime environment in which the monitoring server is configured to the rhilev.rte.RKANPARU data set for the runtime environment in which the monitoring agent is configured. For instructions on creating the KAES256 member, see Enabling security validation on a z/OS hub.
    • In binary mode, copy the KAES256.ser file from the keyfiles directory of the distributed system where you ran the itmpwdsnmp tool to the KAES256 member of the rhilev.rte.RKANPARU data set for the runtime environment in which the monitoring agent is configured. The KAES256.ser file contains 48 bytes on distributed systems and is padded with blanks in the KAES256 member of the rhilev.rte.RKANPARU data set.
  5. Concatenate the ICSF modules for monitoring agent procs by setting the GBL_DSN_CSF_SCSFMOD0 parameter depending on whether you use PARMGEN or Configuration Manager:
    • For PARMGEN, this parameter can be found in WCONFIG($GBL$USR).
    • For Configuration Manager, use or edit the RTEDEF(GBL$PARM) or RTEDEF(GBL$lpar) members as needed.
  6. Restart the monitoring agent and verify that the passwords are decrypted. Check RKLVLOG for error messages indicating failure of GSKit password decryption or failure to create SNMP V3 trap destinations.