HP P9000 Replication Manager Software 7.2 Configuration Guide
Securing communications within a single management server and between
multiple servers
Replication Manager can use SSL to encrypt network transmissions between Replication Manager
and BCM Agent (IBM HTTP Server) or Device Manager server. To configure the connection to use
SSL, follow this procedure:
1. Determine if it is necessary to register a certificate. This process is described in “Server CA
certificate setup” on page 96.
2. Set up SSL on Device Manager server or the BCM host. For details, see the following:
• Device Manager:HP P9000 Command View Advanced Edition Suite Software Installation
Guide
• BCM host: HP P9000 for Business Continuity Manager Software Installation Guide
3. Select HTTPS as the communication protocol when registering an information source as described
in the HP P9000 Replication Manager Software User Guide.
Server CA certificate setup
To use SSL you need to register a certificate from a certificate authority (CA) in the truststore used by
Replication Manager. In this case, this is the server certificate for BCM Agent (IHS) and Device
Manager server.
The truststore can be one of two files; cacerts (the default truststore for HP StorageWorks P9000
Command View AE Common Component) or jssecacerts. The jssecacerts truststore has a
higher priority, so if it exists, cacerts is ignored. The truststore files are stored in the following
location.
P9000-Command-View-AE-Common-Component-installation-folder\jdk\jre\lib\
security
NOTE:
The cacerts truststore is automatically updated (replaced) when upgrading HP StorageWorks
P9000 Command View AE Common Component, so avoid registering a certificate in cacerts.
Several CA certificates are registered by default in the cacerts truststore. If a certificate already
registered is available and can be used, you need not register a new certificate. Use the following
flowchart to determine whether or not you need to register a certificate.
Security management96