IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Agent Installation Guides > IBM i Agent Installation Guide > Agent installation and configuration
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Support for SSL communication with the Monitoring Agent for IBM i
The Monitoring Agent for IBM i OS supports communication with the monitoring server using the SSL communication protocol (Secure Socket Layer).
In IBM Tivoli Monitoring, SSL communication is managed through the use of digital certificates. You have two options for managing certifications:
- iKeyman, a Java-based utility available as part of IBM iSeries Client Encryption licensed program. Key ring files to hold certificates can be created using the iKeyman GUI. Both Server and Client certificates can be created and stored in key ring files.
- Digital Certificate Manager (DCM), a free iSeries feature, to centrally manage certificates for applications. DCM enables managing certificates that are obtained from any Certificate Authority (CA). Also, you can use DCM to create and operate your own local CA to issue private certificates to applications and users in your organization.
Current SSL configuration does not use the key ring files on the Monitoring Agent for IBM i OS, unlike other OS monitoring agents. Instead, DCM is used to create a local certificate store, if it does not already exist on the system where IBM i OS is installed. Local certificates are created in the certificate store. Certificates obtained from a 3rd party Certificate authority also can be imported to the local certificate store. To configure the SSL for the Monitoring Agent for IBM i OS using the Application Identifier to associate certificates to the Monitoring Agent for IBM i OS application and SSL services provided by iSeries.
The following procedure provides the high-level summary of the steps to configure this support:
- Install the Monitoring Agent for IBM i OS on System i.
- Open the Configure Tivoli Monitoring: IBM i OS screen by running the GO OMA command and selecting Option 4.
- Set the monitoring server DNS or IP address using the TEMS IP.SPIPE Address parameter.
- Set the port number using the TEMS IP.SPIPE Port Number parameter. 3660 is the default port.
- Configure the Certificate and Application ID using the steps in Configure DCM.
- Configure the monitoring server to communicate with the IP.SPIPE protocol on the port set in step 4. You can set this communication protocol in the Monitoring Tivoli Enterprise Monitoring Services utility.
- Start the monitoring server and the Monitoring Agent for IBM i OS.
If there are connection problems, first configure the agent to communicate using the IP.PIPE protocol. If that is successful, then try with the SPIPE protocol.
If the agent does not connect, to troubleshoot the problem, set the agent trace as follows:
- Add the line KDE_DEBUG=A somewhere in QAUTOTMP/KMSPARM(KBBENV)
- Stop and restart the agent to generate more trace.
- FTP the file QAUTOTMP/KA4AGENT01 to a PC and send to IBM Software Support.
- Prerequisites
- Configure DCM
- Configure the monitoring agent
- Set the Coded Character Set Identifier (CCSID)
Parent topic:
Agent installation and configuration