Professional Documents
Culture Documents
Ict Qa 27v9s Slides
Ict Qa 27v9s Slides
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
This is the 27th Q&A event prepared by the IBM License Metric Tool Central
Team (ICT)
Currently we focus on version 9.x of IBM License Metric Tool (ILMT)
The content of todays session also applies to Software Use Analysis (SUA)
in version 9.x
The session is for all ILMT users IBMers, Business Partners and Customers
The teleconference is set to mute. Use the web conference chat to
communicate with the ILMT subject matter experts
The presentation is recorded and will be available to watch on the ILMT
YouTube channel as well as to download from the ILMT Wiki soon
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
LMTHelp@us.ibm.com
https://ibm.biz/ILMT_Forum
https://ibm.biz/ILMT_Wiki
https://ibm.biz/ILMT_YouTube
https://ibm.biz/ILMT_Twitter
https://ibm.biz/ILMT_LinkedIn
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
Flow of data
Configuring secure communication
Federal Information Processing Standard (FIPS)
Standard 140-2
Recommendation SP 800-131
Managing a certificate
Existing certificate authority (CA)
Private certificate authority
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
Security Requirements
http://www-01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/Platform/Adm/c_security_requirements.html
http://www01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/Platform/Adm/c_scenarios_sha2_installation.html
Client Authentication
http://www01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/Platform/Console/ClientAuthentication.html%23ClientAuthe
ntication
http://www01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/Platform/Config/c_managing_client_encryption.html
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
10
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
11
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
12
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
http://csrc.nist.gov/
13
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
FIPS 140-2 is the standard that defines the security requirements for
cryptographic modules that are used within a system that handles
sensitive but unclassified information
Compliance with the FIPS 140-2 has two aspects that affect ILMT
the algorithms that are used to
manage sensitive data must be
FIPS-approved
FIPS-approved implementation
must be used when data
is transmitted with the SSL/TLS
http://csrc.nist.gov/publications/PubsFIPS.html
14
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
IBM License Metric Tool 9.0 uses the FIPS 140-2 approved
cryptographic providers for cryptography:
IBMJCEFIPS (certificate 376)
IBMJSSEFIPS (certificate 409)
IBM Crypto for C (ICC) (certificate 384)
http://csrc.nist.gov/publications/PubsFIPS.html
15
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
16
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
17
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
18
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
IBM License Metric Tool profile gives setup possibility to meet the SP
800-131 requirement that is originated by the National Institute of
Standards and Technology
You can configure License Metric Tool to run in SP 800-131 strict or
transition mode
19
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
When you configure security settings, ensure that the combination of security
modes that you set up on the side of Endpoint Manager and License Metric
Tool is supported
Legend:
20
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
21
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
The self-signed certificate that is provided with License Metric Tool is not
intended to be used in the production environment
Replace it with a certificate that is signed by a certificate authority (CA) of
your choice
To have a certificate, you need to generate a private key, a public key, and a
certificate signing request (CSR) that is associated with the public key
Next, a certificate authority must sign this request and there are two ways to
get a certificate signing request signed:
send it to an existing certificate authority, e.g.
Entrust
Verisign
CA of your organization
create a private CA
22
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
You can use an existing CA to sign your certificate signing request (CSR)
The root certificates of popular CAs are imported into new web browsers
by default
You can create a private CA and use it for signing the CSR
A private CA can be created on any computer with an operating system
that supports openSSL
23
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
24
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
25
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
Version 1.0.1
26
ICT: LMTHelp@us.ibm.com
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
27
ICT: LMTHelp@us.ibm.com
Version 1.0.1
IBM License Metric Tool 9.x & Software Use Analysis 9.x Security
27th Questions & Answers
28
ICT: LMTHelp@us.ibm.com
Version 1.0.1