Configuring secure connections

Configuring keystore and truststore files
You must create and configure keystore and truststore files in IBM Control Center before any connections can be secured. The IBM Control Center engine uses the same keystore and truststore files for all secure listeners and client connections, except for Cognos Business Intelligence server, which generates its own self-signed certificate for secure communications.

Configuring the event processor for a secure connection
To prepare the event processor (EP) for secure connections, configure the secure HTTP connector. You can configure the EP for a secure connection in either a high availability or non-high availability environment.

Configuring the console for a secure connection
To ensure the secure transfer of information between IBM Control Center and a console, use an HTTPS connection between the two locations. You can configure the console for a secure connection in either a high availability or a non-high availability environment.

Creating a secure connection to the web server
Although connections between an IBM Control Center event processor and the WebSphere® Application Server Liberty profile cannot be secured, you can configure a secure connection to encrypt transactions between the WebSphere Application Server Liberty profile and the browser. This configuration can be completed in either a high availability or non-high availability environment.

Configuring the Cognos Business Intelligence server for secure connections
You can configure a secure connection to encrypt transactions between the IBM Control Center engine and Cognos Business Intelligence server in either a high availability or non-high availability environment. You can also configure a secure connection between the browser and Cognos Business Intelligence server when you run reports.

Creating a secure connection between the event processor and the databases
You can encrypt transactions between the IBM Control Center event processor (EP) and the production database. Configuring encryption prevents anyone outside the system from viewing the data while it tracks between the IBM Control Center EP and instances of the database server. Creating these secure connections can be completed in either a high availability or non-high availability environment.

Creating a secure connection between the event processor and a managed server
To ensure the secure transfer of information between IBM Control Center and a managed server, you can configure a secure connection between the event processor (EP) and the server. IBM Control Center supports secure connections between the EP and a managed Sterling Connect:Direct server or IBM Sterling B2B Integrator SOA SSL Server Adapter.

Creating a secure connection between the event repository and dynamically discovered servers
If you need to encrypt your information, create a secure connection for event processing between the IBM Control Center event repository and dynamically discovered servers, such as IBM Global High Availability Mailbox.

Enabling cipher suites
You can enable a list of cipher suites that are used during the secure information exchange between the IBM Control Center event processors and the consoles or the web consoles.

Authenticating IBM Control Center to IBM Sterling Connect:Direct with a certificate
Certificate authentication refers to the way to authenticate IBM Control Center to a Sterling Connect:Direct server with an IBM Control Center SSL certificate. With certificate authentication, you do not need to update the Sterling Connect:Direct node settings in IBM Control Center when the Sterling Connect:Direct passwords are changed.