To create a more secure connection to the DS8000®, update applications that connect to the storage system through the DS Network Interface so that they use the DS Network Interface client R7.2 or later.
The DS Network Interface server on the Hardware Management Console (HMC) is accessed by a number of IBM applications that use a DS Network Interface client. The DS Network Interface server R7.1.x or earlier has a legacy certificate with a weak public key (RSA-1024) and digital signature (MD5). The DS Network Interface client R7.1.x or earlier has a trust anchor associated with that certificate. The DS Network Interface server R7.2 and later contains both the legacy certificate and a NIST SP 800-131A compliant certificate, which has a NIST SP 800-131A compliant public key (RSA-2048) and digital signature (SHA-256). . The DS Network Interface client R7.2 and later automatically uses the NIST SP 800-131A certificate with DS8000 systems that are running R7.2 and later. For compatibility, it uses the legacy certificate with DS8000 systems that are running R7.1.x and earlier. Although it is not possible to upgrade the DS Network Interface client in an IBM application, you should upgrade the applications to a level that contains the DS Network Interface client R7.2 or later.