IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Prepare for installation > Security options

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2


Global Security Toolkit

IBM Tivoli Monitoring includes the Global Security Toolkit (GSKit) for SSL processing as used in SPIPE and HTTPS. GSKit is installed by default on all distributed components, and its utilities are used to create and manage the encryption of data between components through the use of digital certificates.

Do not uninstall or manipulate the GSKit during installation. This may cause functional regression in other products or make them inoperable. The GSKit will automatically install the most recent build if another version GSKit already exists.

A default certificate and key are provided with GSKit at installation. A stash file provides the database password for unattended operation.

You can also use the key management facilities in GSKit to generate your own certificates. See the GSKCapiCmd Users Guide.

The IBM Tivoli Monitoring installer no longer modifies the system GSKit. If necessary, it installs a local copy of GSKit that is private to Tivoli Monitoring.

In 64-bit environments, only the 64-bit GSKit is installed by default. The 32-bit GSKit is no longer installed by default. The 32-bit GSKit is only installed if a 32-bit component that requires 32-bit GSKit is installed into the 64-bit environment.


z/OS considerations

On z/OS, GSKit is known as the Integrated Cryptographic Service Facility, or ICSF. If ICSF is not installed and enabled on the z/OS system, the monitoring server uses an alternative, less secure encryption scheme. Since both components must be using the same scheme, if the hub system does not use ICSF, you must configure the Tivoli Enterprise Portal to use the less secure scheme (EGG1) as well. For more information on configuring a monitoring server to use ICSF or to configure the EGG1 scheme, see Configure the Tivoli Enterprise Monitoring Server on z/OS.

If ICSF is not installed and enabled on a z/OS system for a monitoring server, you must also set the TEMS Security Compatibility option to Yes (enabled) for that monitoring server so that Take Action requests can be processed by any connected agents that are using the Tivoli Enterprise Monitoring Agent framework at V6.3 or later.


Parent topic:

Security options

+

Search Tips   |   Advanced Search