Disable the use of the TLS 1.0 and 1.1 protocols for communication between the data
collector and your devices. When you disable TLS 1.0 and 1.1,
IBM® Storage Insights automatically uses TLS 1.2.
About this task
If you change the version of TLS, the change affects only the internal communication between your
devices that support lower-level protocols and the data collector. The outbound transmission of
metadata to
IBM Storage Insights is not affected by this
change.
How to confirm whether TLS 1.0 and 1.1 are enabled or disabled: If
you're unsure of your current TLS settings, you can confirm whether TLS 1.0 and 1.1 are enabled or
disabled. For more information, see
https://www.ibm.com/support/pages/node/6579217.
Procedure
-
Log on to the server where the data collector service is installed.
-
Open a command window or shell and go to the directory where you installed the data collector
package.
-
To stop the data collector service, choose one of the following options:
Operating system |
Options |
Windows |
- From the desktop, click the menu, type services.msc, and then press Enter.
- On the Services page, right-click the service name that begins with
IBM Spectrum Control Storage Insights data collector and select
Stop.
Alternatively, from the command prompt, complete these steps:
- Click the menu and type cmd.
- In the data collector directory, type dataCollector.bat
stop, and then press Enter.
|
AIX® or Linux® |
In the data collector directory, type dataCollector.sh stop, and then
press Enter. |
- Complete one of these actions:
- On Windows, go to Data Collector
Installation\jre\lib\security.
- On AIX or Linux, go to Data Collector Installation/jre/lib/security.
- Create a backup copy of the java.security.
Save it
with a different name so it can be more easily identified later, such as
java.securitybackup_tlsdisabled.
- Open the original java.security file in an editor and add the text
TLSv1, TLSv1.1
to the following line, like this example:
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, TLSv1.1, EC keySize < 224, anon, NULL
- Save the file.
- To verify that the data collector doesn't reference a different
java.security file, go to the directory where the data collector is installed
and open \conf\setup.properties.
- Check for the following parameters: dcJVMArgs,
epJvmArgs.
For
example:
dcJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
epJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
If
entries for the parameters are included, delete them from setup.properties.
Deleting the entries helps to ensure that the java.security file in the
location from step 6 is used.
- Save the file.
-
Choose one of the following options to restart the data collector service:
Operating system |
Options |
Windows |
- From the desktop, click the menu, type services.msc, and then press
Enter.
- On the Services page, right-click the service name that begins with
IBM Spectrum Control Storage Insights data collector and select
Start.
Alternatively, from the command prompt, complete these steps:
- Click the menu and type cmd.
- In the data collector directory, type dataCollector.bat start, and then
press Enter.
|
AIX or Linux |
In the data collector directory, type dataCollector.sh start, and then
press Enter. |
Results
The data collector initiates communication with and collect metadata from devices that use TLS
1.2.