DX Unified Infrastructure Management

 View Only
  • 1.  Doubts for to use TLS v1.2 for DX UIM 20.1

    Posted Mar 30, 2021 02:58 PM
    Hi Everyone.
    I have an environment with UIM DX 20.1 and for PCI request it's necessary secure the connection to DB MSSQL via TLS v 1.2. 
    I see that it's possible configure UIM for connect to DB via TLS 1.2 but I have a doubt with the documentation that to indicate that if activate TLS 1.2 it cannot be a partial, all the infrastructure components across layers (for example, primary hub, secondary hub, probes) should be upgraded to TLS v1.2.



    My doubts are:

    1) How I configure primary hub and secondary hub for support TLS 1.2 version ? I don't find procedure on the documentation.
    2) When indicate probes should upgrade to TLS 1.2 what probe do reference? data_engine ?
    2) It's necessary configure secondary hub, primary hub at the same time? or I can to configure data_engine for connect to db first and after the other components?
    3) If not configure the other components at the same time we cab problems of connectivity on the environment?

    I am being guided by this reference ----> Support for TLS v1.2 (Microsoft SQL Server)
    Broadcom remove preview
    Support for TLS v1.2 (Microsoft SQL Server)
    CA UIM supports Transport Layer Security (TLS) v1.2 when communicating with the CA UIM database: Microsoft SQL Server. This support enables the UIM Server to establish secure communication with the UIM database. To enable TLS v1.2 support for Microsoft SQL Server, ensure that you perform the required configurations on the Microsoft SQL Server computer (database server) and UIM Server (client computer).
    View this on Broadcom >


    Best Regards.




  • 2.  RE: Doubts for to use TLS v1.2 for DX UIM 20.1
    Best Answer

    Posted Apr 07, 2021 01:00 PM
    The point is 'should be upgraded to TLS v1.2-supported version', no configuration done at robot, hub, it's just a matter of keeping them current. data_engine will need to have the box checked for TLS, and yes at the database server configuration does need to be done to disable older versions and only have TLS 1.2 enabled. 

    ------------------------------
    Support Engineer
    Broadcom
    ------------------------------