Network Configuration Parameters
Parameters | Default | Description |
---|---|---|
NAE_IP.1 | No default | The NAE_IP.1 parameter specifies the IP address of Key Manager. Specify multiple IP addresses separated by colons (:) when load balancing is used. For example, 192.168.1.10:192.168.1.11:192.168.1.12. These servers must have the same value for the NAE_Port parameter. For IPv6, the IP address is to be specified in curly braces, such as {2002:0dc8:85k3:0000:0000:9a2e:0370:5221}. Also, combination of IPv4 and IPv6 addresses can be specified separated by colons(:) provided each IPv6 address is within {}. |
NAE_Port | No default | The NAE_Port parameter specifies the port of the Key Manager.Note: Clients and servers must use the same port. |
Protocol | tcp | The Protocol parameter specifies the protocol used to communicate between the client and the Key Manager. Possible settings: — tcp. —ssl – The ssl option uses TLS v1.0, v1.1, and v1.2. To establish SSL connections between NAE clients and servers, at least one of TLSv1.0, TLSv1.1, and TLSv1.2 must be enabled on the servers. Clients and servers must use the same protocol. If Key Managers are listening to SSL requests, and clients aren’t sending SSL requests, problems will occur. Also, TLSv1.1 and 1.2 are supported for DB2 using JRE versions 1.7 and above. Note: It is recommended to gradually increase security after confirming connectivity between the client and the Key Manager. Once a TCP connection is established between the client and server, it is safe to move on to SSL. Initially configuring a client under the most stringent security constraints can complicate troubleshooting. |