IBM Support

ITM Agent Insights: Transport Layer Security protocol usage for IBM Tivoli Monitoring agent version 6.23 or lower

Technical Blog Post


Abstract

ITM Agent Insights: Transport Layer Security protocol usage for IBM Tivoli Monitoring agent version 6.23 or lower

Body

This blog will help you configure your environment to use the Transport Layer Security (TLS) v1.2 protocol with an IBM Tivoli Monitoring (ITM) agent at a version 6.23 or lower. As you all know TLS protocol was introduced in ITM release 6.3. The TLS v1.2 protocol was provided with ITM release 6.3 Fix Pack 2. Here are further details from the user guide:

http://www.ibm.com/support/knowledgecenter/en/SSTFXA_6.3.0.2/com.ibm.itm.doc_6.3fp2/adminuse/security_sp800_itm.htm

 

You could encounter a situation where you may be running an agent at a lower version such as 6.22 or 6.23 and still want to use the TLS protocol in your environment. In such cases you will need to upgrade the TEMA components ax (IBM Tivoli Monitoring Shared Libraries) and gs (IBM GSKit Security Interface) to 6.3 FP2 or higher.

 

I will demonstrate the exact steps using an example. In this example, we have the following
ITM environment: 6.3 FP6 (TEPS and TEMS running at 6.3 FP6)
ITM VIOS agent: 6.22 FP2 IF6

NOTE: Since this is a VIOS server there is one additional step needed, as this involves an encrypted shell on top AIX. Also, note that the VIOS agent is a 32-bit agent, typically the OS agents such as UX are 64-bit agents. So we want to make sure in this case we upgrade the 32-bit versions of the TEMS components.

 

STEP 1: Check the agent listing in the cinfo output:

ax      IBM Tivoli Monitoring Shared Libraries                                                                                    
         aix523  Version: 06.22.04.00      << Current level for ax component                            
         aix526  Version: 06.22.04.00                                   
                                                                        
gs      IBM GSKit Security Interface    << Current level for gs component                              
         aix523  Version: 07.40.27.00                                   
         aix526  Version: 07.40.27.00                                   
                                                                        
va      Monitoring Agent for VIOS Premium                              
         aix523  Version: 06.22.02.06    << Shows the VIOS agent is 32-bit

 

STEP 2: The easiest way to upgrade the components for any 64-bit agent would be to install the UX OS agent. So if we install the 6.3 FP6 UX agent the cinfo output will show.

ax      IBM Tivoli Monitoring Shared Libraries                                             
         aix523  Version: 06.22.04.00                                              
         aix526  Version: 06.30.06.00    << 64-bit ax component upgraded                           
                                                                        
gs      IBM GSKit Security Interface                                        
         aix523  Version: 07.40.27.00                                                
         aix526  Version: 08.00.50.36   << 64-bit gs component upgraded

ux      Monitoring Agent for UNIX OS                                                                       
         aix526  Version: 06.30.06.00                                 
                                                                        
va      Monitoring Agent for VIOS Premium                                        
         aix523  Version: 06.22.02.06

 

However, note that this will only work for a 64-bit agent. In the example described above the VIOS (va) agent is a 32-bit agent and hence would need the 32-bit ax and gs components upgraded.

 

STEPS 3: For 32-bit agents this additional step will be needed. You need to use the same full install binary, fix pack images will not work. So using the same 6.3 FP6 agent binary, execute the following command, 

<MEDIA>/install.sh -h <CANDLEHOME> -q -p <MEDIA>/unix/tf<PLAT>.txt

where <PLAT> is 523

 

This will upgrade the 32-bit version of the TEMA components to the required levels.

ax      IBM Tivoli Monitoring Shared Libraries                                             
         aix523  Version: 06.30.06.00    << 32-bit ax component upgraded                                           
         aix526  Version: 06.30.06.00                             
                                                                        
gs      IBM GSKit Security Interface                                        
         aix523  Version: 08.00.50.36    << 32-bit gs component upgraded                                            
         aix526  Version: 08.00.50.36  

 

Once this is done, the server running the ITM agent at the lower version can communicate with the TEMS server using the TLS v1.2 protocol.

 

Tutorials Point

 

Subscribe and follow us for all the latest information directly on your social feeds:

 

 

image

 

image

 

image

 

 

  

Check out all our other posts and updates:

Academy Blogs:https://goo.gl/U7cYYY
Academy Videos:https://goo.gl/FE7F59
Academy Google+:https://goo.gl/Kj2mvZ
Academy Twitter :https://goo.gl/GsVecH


image

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

UID

ibm11084917