Disabling the collection of metadata for devices that use TLS 1.0 or 1.1

Disable the use of the TLS 1.0 and 1.1 protocols for communication between the data collector and your devices. When you disable TLS 1.0 and 1.1, IBM® Storage Insights automatically uses TLS 1.2.

About this task

If you change the version of TLS, the change affects only the internal communication between your devices that support lower-level protocols and the data collector. The outbound transmission of metadata to IBM Storage Insights is not affected by this change.

How to confirm whether TLS 1.0 and 1.1 are enabled or disabled: If you're unsure of your current TLS settings, you can confirm whether TLS 1.0 and 1.1 are enabled or disabled. For more information, see https://www.ibm.com/support/pages/node/6579217.

Procedure

  1. Log on to the server where the data collector service is installed.
  2. Open a command window or shell and go to the directory where you installed the data collector package.
  3. To stop the data collector service, choose one of the following options:
    Operating system Options
    Windows
    1. From the desktop, click the Start menu, type services.msc, and then press Enter.
    2. On the Services page, right-click the service name that begins with IBM Spectrum Control Storage Insights data collector and select Stop.
    Alternatively, from the command prompt, complete these steps:
    1. Click the Start menu and type cmd.
    2. In the data collector directory, type dataCollector.bat stop, and then press Enter.
    AIX® or Linux® In the data collector directory, type dataCollector.sh stop, and then press Enter.
  4. Complete one of these actions:
    • On Windows, go to Data Collector Installation\jre\lib\security.
    • On AIX or Linux, go to Data Collector Installation/jre/lib/security.
  5. Create a backup copy of the java.security.
    Save it with a different name so it can be more easily identified later, such as java.securitybackup_tlsdisabled.
  6. Open the original java.security file in an editor and add the text TLSv1, TLSv1.1 to the following line, like this example: 
    jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, TLSv1.1, EC keySize < 224, anon, NULL
  7. Save the file.
  8. To verify that the data collector doesn't reference a different java.security file, go to the directory where the data collector is installed and open \conf\setup.properties.
  9. Check for the following parameters: dcJVMArgs, epJvmArgs.
    For example:
    dcJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
    epJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
    If entries for the parameters are included, delete them from setup.properties. Deleting the entries helps to ensure that the java.security file in the location from step 6 is used.
  10. Save the file.
  11. Choose one of the following options to restart the data collector service:
    Operating system Options
    Windows
    1. From the desktop, click the Start menu, type services.msc, and then press Enter.
    2. On the Services page, right-click the service name that begins with IBM Spectrum Control Storage Insights data collector and select Start.
    Alternatively, from the command prompt, complete these steps:
    1. Click the Start menu and type cmd.
    2. In the data collector directory, type dataCollector.bat start, and then press Enter.
    AIX or Linux In the data collector directory, type dataCollector.sh start, and then press Enter.

Results

The data collector initiates communication with and collect metadata from devices that use TLS 1.2.