Configuring TLS connections between the Data Streamer and its subscribers

To secure communications between the Z Common Data Provider Data Streamer and its subscribers, you must choose a streaming protocol that supports Transport Layer Security (TLS) when you configure a subscriber in a policy. You must also configure the Data Streamer and its subscribers to use TLS.

Before you begin

Refer to the following diagram to get a quick overview of the secure communication enhancements:
Note: If you use the scripts provided in releases earlier than (updated in May 2023), refer to section Securing communications between the Data Streamer and its subscribers in previous releases of IBM Z® Operational Log and Data Analytics User Guide for detailed instructions.
The following table shows different subscribers and corresponding protocols when you use TLS.
Table 1. Subscribers protocols
Subscribers Protocols
Splunk Splunk via Data Receiver secure
Splunk HEC secure
Splunk HEC with customized field support secure
Logstash Logstash secure
Fluentd Fluentd secure
Humio Humio via HTTP secure
Db2® Enterprise Data Warehouse (DB2®) secure
Generic HTTPS subscriber Generic HTTP secure

For more information about the streaming protocols, see Subscriber configuration. The streaming protocols that support TLS contain secure in the name except for Apache Kafka subscribers.

For Apache Kafka subscribers, whether to enable secure communications between the Data Streamer and Apache Kafka is not controlled by the protocol you select. Instead, specify the file path of the Apache Kafka producer or consumer properties file in the policy and set security.protocol=SSL or SASL_SSL in these files. The streaming protocol for Apache Kafka subscribers, with or without secure communication enabled, is CDP Kafka.

Tip: Secure Sockets Layer (SSL) protocol is the predecessor to TLS, the term Secure Sockets Layer, or SSL, is often used generically to refer to TLS encryption.

About this task

TLS is a standard technology used for enabling secure communications between client and server to ensure data security and integrity. The following sections explain how to configure TLS on the Data Streamer and its subscriber respectively.