IBM Tivoli Network Manager considerations for GDPR readiness

For PID(s): 5724-S45

Notice:

This document is intended to help you in your preparations for GDPR readiness. It provides information about features of IBM Tivoli Network Manager that you can configure, and aspects of the product's use, that you should consider to help your organization with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients may need to take to comply with such laws and regulations.

The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Table of Contents

  1. GDPR
  2. Product Configuration for GDPR
  3. Data Life Cycle
  4. Data Collection
  5. Data Storage
  6. Data Access
  7. Data Processing
  8. Data Deletion
  9. Data Monitoring
  10. Capability for Restricting Use of Personal Data

GDPR

General Data Protection Regulation (GDPR) has been adopted by the European Union ("EU") and applies from May 25, 2018.

Why is GDPR important?

GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:

  • New and enhanced rights for individuals
  • Widened definition of personal data
  • New obligations for processors
  • Potential for significant financial penalties for non-compliance
  • Compulsory data breach notification

Read more about GDPR

Product Configuration - Considerations for GDPR Readiness

Offering Configuration

The following sections provide considerations for configuring IBM Tivoli Network Manager (ITNM) to help your organization with GDPR readiness.

Data Life Cycle

What is the end-to-end process through which personal data go through when using our offering?

This offering processes the Types of Personal Data listed below:

  • ITNM stores information about authorized users in a user repository. The client has the choice of two user repositories, IBM Tivoli Netcool/OMNIbus or their own LDAP repository.
    • Both user repositories store the following information:
      • The user's username and encrypted password, chosen in accordance with the client's policies.
      • The user's group and role assignments, also determined by the client's policies.
    • IBM Tivoli Netcool/OMNIbus also stores the user's first name, last name and email address. The email address is optional, and there is no requirement for the first or last name to be genuine, as ITNM does not cross-reference them with anything else.
    • The client's LDAP repository stores whatever additional information the client has configured it to store.
  • Technically Identifiable Personal Information: ITNM discovers and monitors devices on an IP network for the purpose of detecting and reporting faults on those devices and the network. Typically the devices are in the core of the network, providing shared infrastructure, rather than devices at the edge that might be dedicated to an individual. The client decides which devices ITNM should discover and monitor, and which information about the devices ITNM should gather and store. ITNM gathers information about the devices through SNMP queries and by logging in to the devices over telnet or SSH. By default, there are two fields that ITNM collects from each device over SNMP that might contain personal information:
    • sysContact (SNMP OID 1.3.6.1.2.1.1.4)
    • sysLocation (SNMP OID 1.3.6.1.2.1.1.6)

sysContact and sysLocation are defined in RFC 1213, and are populated in accordance with the client's policies.

Personal data used for online contact with IBM

IBM Tivoli Network Manager clients can submit online comments/feedback/requests to contact IBM about IBM Tivoli Network Manager subjects in a variety of ways, primarily:

  • Public comments area on pages in the IBM Tivoli Network Manager community on IBM developerWorks
  • Public comments area on pages of IBM Tivoli Network Manager documentation in IBM Knowledge Center
  • Public comments in the IBM Tivoli Network Manager space of dWAnswers
  • Feedback forms in the IBM Tivoli Network Manager community

Typically, only the client name and email address are used, to enable personal replies for the subject of the contact, and the use of personal data conforms to the IBM Online Privacy Statement.

Data Collection

The processing activities with regard to personal data within this offering include:

  • Receipt of data from Data Subjects and/or third parties. Most clients use ITNM to monitor their own IP networks, but some clients monitor third-party networks, as part of an outsourcing or similar deal. If devices on a third-party network contain personal information (see the comments above regarding sysContact and sysLocation), then that personal information could be copied into the ITNM database.
  • Computer processing of data, including data transmission, data retrieval, data access, and network access to allow data transfer if required.
  • Storage and associated deletion of data.

This offering may integrate with the following IBM offerings, which may process personal data content:

  • DB2
  • WebSphere
  • DASH
  • JazzSM
  • Tivoli Netcool/OMNIbus
  • Impact
  • Tivoli Common Reporting (TCR)
  • Cognos
  • IBM Tivoli Monitoring (ITM)
  • Netcool Configuration Manager (NCM)
  • Tivoli Application Dependency Discovery Manager (TADDM)
  • Tivoli Business Service Manager (TBSM)
  • Netcool Performance Insights (NPI)

This offering may integrate with the following third party products, which may process personal data content:

  • Oracle database (as an alternative to IBM DB2)
  • Mozilla Firefox (acts as a client to allow ITNM users to access ITNM functions)
  • Microsoft Internet Explorer (acts as a client to allow ITNM users to access ITNM functions)
  • Microsoft Edge (acts as a client to allow ITNM users to access ITNM functions)

Types of Data Collected

This offering collects the types of Personal Data listed below:

  • Authentication credentials (username and password)
  • Depending on the choice and configuration of the user repository, ITNM might collect Basic Personal Information (such as name, phone number, email, and so on).
  • ITNM is not intended to collect Technically Identifiable Personal Information (such as device IDs, usage based identifiers, static IP address, and so on - when linked to an individual). It collects information from client-configured ranges of IP addresses or hostname, without regard for whether a device is shared or personal. If the client knows that a certain IP address or IP range (or hostname) is allocated to personal devices, ITNM can be configured to not collect information from there, by excluding them from discovery.
  • Other Regulated Data. This offering is not designed to process any Special Categories of Personal Data.

Data Storage

  • Storage of account data
    • If the user repository is stored in IBM Tivoli Netcool/OMNIbus, it stores the user's username, encrypted password, first name, last name and email address. The email address is optional. First name and last name do not need to be the user's real names, as ITNM has no way of checking them against anything else.
    • If the user repository is stored in the client's own LDAP repository, it stores the user's username, encrypted password, and any other information that the client has configured it to store.
    • ITNM can store the following types of information for the purposes of discovering and monitoring IP devices:
      • SNMP community strings (SNMP v1 and v2)
      • SNMP security names, authentication passwords and privacy passwords (SNMP v3)
      • Command-line usernames and passwords (telnet and SSH)
    • This information is stored in an encrypted form in files on the ITNM server. The server administrator, or an ITNM user with the appropriate role (ncp_disco_config) can see this information in clear text and modify it.
  • Storage of client Data: ITNM uses roles to restrict access to functions in the UI. Users can be members of groups. Users and groups can have roles assigned to them. Only a privileged administrator can change the groups that a user is a member of. Only a privileged administrator or an ITNM administrator can change the roles that a user or group has assigned to it. By default, ITNM does not restrict access to the data that it collects from IP devices. Any authorized user can see all of it, although they might not be able to access all of the functions that ITNM can apply to that data. The ITNM administrator can restrict access to data collected from IP devices according to which ITNM domain the device exists in. For more information, see Restricting access to domains in the GUI. The ITNM logs can record the fact that data has been accessed, but not the identity of the user who accessed it. (This feature is intended for troubleshooting and diagnosing performance problems.)
  • The default groups in ITNM are listed on this page in the ITNM documentation.
  • The following link gives a list of the default roles in ITNM, along with the group(s) that each role is assigned to and the function that each role controls access to: link
  • Storage in backups: ITNM does not provide its own backup facility.
  • Storage in archives: ITNM does not provide its own archive facility.

Data Access

  • A privileged administrator or an ITNM administrator can see all data that is stored in the user repository (subject to the client's policies if the repository is LDAP), as well as those users' group and role assignments.
  • Any ITNM user with the appropriate role (ncp_bookmark_admin) can see the usernames of all users in the user repository (subject to the client's policies if the repository is LDAP), but no other user data.
  • ITNM uses roles and groups to control access, but these are more concerned with controlling access to functions than controlling access to data. This control is fairly flexible, but by default offers three levels of privilege. These levels are not named in the ITNM documentation, but for the purposes of this document can be called privileged administrator, ITNM administrator and operator.
  • A privileged administrator has access to the WebSphere Integrated Solutions Console. This allows him to create and delete users and groups, change a user's first name, last name, email address and password, and change the assignment of users to groups. He does not have access to everything in the ITNM GUI, but could easily grant himself this access. By default there is one privileged administrator, called smadmin.
  • Outside the ITNM user repository, there is a server administrator and a database administrator. The server administrator has access to the ITNM server at the operating system level, and can read and modify ITNM's configuration files and read its log files. The database administrator has SQL access to the ITNM database, and can modify or delete any data in it, as well as being able to modify its schema.
  • An ITNM administrator has access to all functions and all data in the ITNM GUI, but does not have access to the WebSphere Integrated Solutions Console. Within the ITNM GUI, he can see the following information for all users: username, first name, last name, email address, whether the user is currently logged in, and which roles have been assigned specifically to that user (as opposed to a group that the user is a member of). He can also see which roles have been assigned to which groups. He can create roles and delete roles that he or another ITNM administrator created, but cannot delete roles that ITNM created when it was installed. He can add and remove roles from users and groups, but cannot change other information about a user or group. By default, there is one ITNM administrator, called itnmadmin.
  • An operator is any ITNM user who is not an administrator of any kind.
  • The term 'ITNM user' refers to any user who has an account in the ITNM user repository, regardless of privilege level. ITNM users do not have access to the ITNM server at the operating system level, nor access to the ITNM database at the SQL level. Their access to these resources is mediated through the ITNM server, which runs as an application in IBM WebSphere.
  • This link gives details of the ITNM users that are created by default: link
  • The term user, without further clarification, means any ITNM user, or the server administrator, or the database administrator.

Data Processing

Data Processing

  • Encryption of data arriving and being sent on
  • Encryption if it is being stored
  • Flow through your product and potentially on to other sub-systems
  • Encryption in motion
  • ITNM users use a web browser to interact with the ITNM server. This communication is over HTTPS.
  • ITNM uses SNMP and, optionally, SSH to query the network devices that the client wants to discover and monitor. SNMP versions 1, 2 and 3 are supported.
  • ITNM is intended for clients to monitor their internal IP networks. Users do not normally access it over the public Internet. If they do, they would normally use a VPN provided by the client.
  • Encryption at rest: Passwords in the ITNM user repository are stored in an encrypted form. Passwords that ITNM uses to discover and monitor IP devices (SNMP community strings, SSH login details) are also stored in an encrypted form, but this encryption is reversible. Other data is not encrypted at rest by default, but the client could configure this.
  • Encryption key ownership

Data Deletion

  • Client Data deletion: A privileged administrator can use the delete user function provided in the WebSphere Integrated Solutions console to delete the account of an ITNM user. If the client is using IBM Tivoli Netcool/OMNIbus as the user repository, the user is deleted immediately when the delete user function is run. If the client is using their own LDAP as a user repository, the behavior of the delete user function depends on how LDAP is configured. The user might have created objects in the ITNM database. The delete user function does not remove these, as they might be shared with other users, but the ITNM GUI provides functions to remove them.
  • If the user repository is IBM Tivoli Netcool/OMNIbus, inactive user accounts remain in it until explicitly deleted. If the user repository is LDAP, deletion of inactive user accounts (if it happens) happens in accordance with the client's policies.
  • Account Data deletion: ITNM is an on-prem product that currently does not support multi-tenancy.

Data Monitoring

  • The ITNM log files, depending on configuration settings, can record when a user logs on, logs off, creates an object in the database, or deletes an object in the database. They can record access to objects in the database, but do not record which user accessed the objects. A privileged administrator can change the configuration settings for what information is logged through the WebSphere Integrated Solutions Console. A server administrator can make equivalent changes by editing a configuration file on the ITNM server.
  • Log files are not encrypted.
  • Log files are automatically deleted after an amount of time specified by the client, or when the total size of all the log files exceeds a number specified by the client, or both. See this link for an explanation of how to configure the deletion of log files: link
  • A privileged administrator or ITNM administrator can see a list of the currently logged-in users, but there is no facility for monitoring user activity, either in real time or historically. See this link for an explanation of how to generate a list of logged-in users: link
  • A privileged administrator can tell IBM WebSphere to generate a heap dump at any time through the WebSphere Integrated Solutions Console. This dump will contain information about what logged-in users were doing at the time it was generated. The dump could also contain information about what any user did during an arbitrary window of time before the dump was generated (as far back as the most recent restart of IBM WebSphere). The dump is stored on the ITNM server, where the server administrator has access to it.

Capability for Restricting Use of Personal Data

  • Overall there is no built-in function with the specific purpose of extracting a user's personal information from ITNM. A privileged administrator or an ITNM administrator can query the user repository and can see the objects that a given user created in the ITNM database. A server administrator can search the ITNM log files for the personal information of a given user that the logs were configured to record. A database administrator can see the objects that any user created in the ITNM database.
  • Any ITNM user can change their own password.
  • ny ITNM user with the appropriate privileges can create and delete objects in the ITNM database, and can control which other users have access to them, according to which groups or roles those users are assigned to.
  • A privileged administrator can change any user's password and modify or delete any user's data.
  • An ITNM administrator can modify or delete any user's data.
  • As ITNM is an on-prem product, IBM has no access to the server(s) where it is installed, nor to any client or user data.