Securing communication between product components using TLS

You can secure communication between the TrueSight Capacity Optimization components by using Transport Layer Security (TLS) version 1.2 with server certificate validation.

The components might act as a client or a server based on the context of communication. To achieve TLS mode of communication, the security certificates need to be authenticated between a client and a server.

If a component is operating as a client, it requires a truststore to verify a server certificate. You must install the server certificate files or procure them from your organization's security administrator. Use a public certificate file which is a Certificate Authority (CA) signed certificate in .crt format, for authentication.

Disabling TLS

Software requirements

Administering

Installation process overview

You can switch from the default inter-component security configuration to TLS 1.2 configuration after you install the product components. There are different communication channels established between the TrueSight Capacity Optimization components. You must perform the TLS configurations per communication channel.

Click here to see the security architecture diagram

The following security architecture diagram shows an illustration of the product components and their connections.

Note: The arrow in the diagram indicates connection initiation request from client to server.

TLS 1.2 is not supported for communication channels that involve Gateway Server and Capacity Agents.

For detailed instructions, see the following topics:

Page tree

Securing communication between product components using TLS