12.11.7 Communication encryption function setting (enable/disable) and connectivity among product versions
This subsection explains the communication encryption function setting (enable/disable), connectivity among product versions (10-50 or earlier and 11-00 and later), and connectivity with linked products.
- Organization of this subsection
-
-
(2) Connectivity between JP1/IM - View and JP1/Base (manager host)
-
(3) Connectivity between JP1/Base (authentication server) and JP1/IM - Manager
-
(4) Connectivity between JP1/Base (manager host) and JP1/Base (agent host)
-
(5) Connectivity between JP1/IM - Manager and JP1/Base (agent host)
-
(7) Connectivity between JP1/IM - Manager and linked products
(1) Connectivity between JP1/IM - View and JP1/IM - Manager and when the jcochstat command with the -h option specified is executed
JP1/IM - View version 11-00 or later checks the non-encryption communication host configuration file to determine whether unencrypted communication is to be established with the connection-target JP1/IM - Manager.
For details about the non-encryption communication host configuration file, see Non-encryption communication host configuration file (nosslhost.conf) (in Chapter 2. Definition Files) in the manual JP1/Integrated Management - Manager Command and Definition File Reference.
JP1/IM - Manager |
JP1/IM - View |
|||
---|---|---|---|---|
Version |
Communication encryption function |
Version 10-50 or earlier |
Version 11-00 or later |
|
Unencrypted#1 |
Encrypted#2 |
|||
10-50 or earlier |
Always disabled |
U |
U |
N |
11-00 or later |
Disabled |
U |
U |
N |
Enabled (jp1imcmda)#3 |
N |
N |
Y |
The following example shows connectivity when the jcochstat command is executed from JP1/IM - Manager (hostA) to JP1/IM - Manager (hostB) on another manager host.
JP1/IM - Manager (hostA) |
JP1/IM - Manager (hostB) |
|||
---|---|---|---|---|
Version |
Communication encryption function |
Version 10-50 or earlier |
Version 11-00 or later |
|
Communication encryption function |
||||
Always disabled |
Disabled |
Enabled (jp1imcmda)#1 |
||
10-50 or earlier |
Always disabled |
U |
U |
N |
11-00 or later |
Disabled |
U |
U |
N |
Enabled (jp1imcmda)#1 |
N |
N |
Y#2 |
If you enable the communication encryption function on the manager host on which the jcochstat command is executed and on the manager host that is specified in the -h option of the jcochstat command, you can use the jcochstat command to change the response status of JP1/IM - Manager (other hosts). Note that this functionality for using the jcochstat command to change the response status of JP1/IM - Manager (other hosts) is for compatibility with version 6.
(2) Connectivity between JP1/IM - View and JP1/Base (manager host)
JP1/Base (manager host) |
JP1/IM - View |
|||
---|---|---|---|---|
Version |
Communication encryption function |
Version 10-50 or earlier |
Version 11-00 or later |
|
Unencrypted#1 |
Encrypted#2 |
|||
10-50 or earlier |
Always disabled |
U |
U |
N |
11-00 or later |
Disabled |
U |
U |
N |
Enabled (jp1imcmda)#3 |
N |
N |
Y |
|
Enabled (jp1bsuser)#4 |
U |
U |
N |
|
Enabled (jp1imcmda, jp1bsuser)#5 |
N |
N |
Y |
(3) Connectivity between JP1/Base (authentication server) and JP1/IM - Manager
The following explains encrypted communication between JP1/Base (authentication server) and JP1/IM - Manager that is supported.
-
Event console service (authentication API of JP1/Base) and JP1/Base authentication server
For details, see 12.11.1 Range of communication that can be encrypted by the communication encryption function.
JP1/Base (authentication server) |
JP1/IM - Manager |
||||
---|---|---|---|---|---|
Version |
Communication encryption function |
Version 10-50 or earlier |
Version 11-00 or later |
||
Communication encryption function |
|||||
Always disabled |
Disabled |
Enabled (jp1bsuser)#2 |
Enabled (jp1imcmda and jp1bsuser)#3 |
||
10-50 or earlier |
Always disabled |
U |
Not supported#1 |
||
11-00 or later |
Disabled |
U |
U |
N |
N |
Enabled (jp1bsuser)#2 |
N |
N |
Y |
Y |
|
Enabled (jp1imcmda, jp1bsuser)#3 |
N |
N |
Y |
Y |
(4) Connectivity between JP1/Base (manager host) and JP1/Base (agent host)
The communication encryption function settings have no effect on the connectivity between JP1/Base (manager host) and JP1/Base (agent host).
(5) Connectivity between JP1/IM - Manager and JP1/Base (agent host)
The communication encryption function settings have no effect on the connectivity between JP1/IM - Manager and JP1/Base (agent host).
This means that communication between JP1/IM - Manager and JP1/Base (agent host) is always unencrypted.
(6) Connectivity of IM Configuration Management
The table below explains connectivity of the synchronization function for JP1/IM - Manager's IM Configuration Management information. The synchronization function acquires IM configuration (remote configurations) by establishing connection from the integrated manager to base managers. Depending on the versions of the connection-source JP1/IM - Manager and the connection-target JP1/IM - Manager and whether the communication encryption function is enabled, communication is encrypted, unencrypted, or blocked.
JP1/IM - Manager (connection source integrated manager) |
JP1/IM - Manager (connection-target base manager) |
|||
---|---|---|---|---|
Version |
Communication encryption function |
Version 10-50 or earlier |
Version 11-00 or later |
|
Communication encryption function |
||||
Always disabled |
Disabled |
Enabled (jp1imcmda)# |
||
10-50 or earlier |
Always disabled |
U |
U |
N |
11-00 or later |
Disabled |
U |
U |
Y |
Enabled (jp1imcmda)# |
U |
U |
Y |
(7) Connectivity between JP1/IM - Manager and linked products
When the communication encryption function is enabled, linkage with JP1/Service Support is not supported.
When the communication encryption function is enabled, linkage with JP1/IM - Rule Operation is not supported.