28.1 Disabling Plain Text Communication

By default, both SSL and plain text communications are enabled in Transformation Hub. If you want only SSL to be enabled in Transformation Hub, you can disable plain text communication.

28.1.1 Prerequisite

When you are disabling plain text communication, ensure that you are configuring SSL between Transformation Hub (Kafka) and all the following components outside the Kubernetes cluster:

Component

See

Vertica

Configuring SSL for Vertica

Identity Governance

Configuring SSL between Identity Governance and Transformation Hub

Identity Manager Driver for Entity Data Model

Creating and Configuring the Driver.

SmartConnector

Installing SmartConnector

28.1.2 Disabling Plain Text Communication

Disabling plain text communication involves uninstalling and reinstalling Transformation Hub. Uninstalling Transformation Hub removes all Transformation Hub configurations, however data in Kafka topics and Kafka topic offsets are retained.

To disable plain text communication:

  1. Log in to CDF Management Portal.

  2. Click Deployment > Deployments.

  3. Uninstall Transformation Hub:

    1. Click of arcsight-installer, then click Change.

    2. In the Capabilities page, deselect Transformation Hub.

    3. Click Next until you reach the Configuration Complete page.

    4. Click Next after all the pods in the Configuration Complete page are displayed in green.

  4. Reinstall Transformation Hub and update the configuration to allow only SSL:

    1. Click of arcsight-installer, then click Change.

    2. In the Capabilities page, select Transformation Hub.

    3. Click Next until you reach the Transformation Hub configuration page.

    4. In the Transformation Hub configuration page:

      • All the values in this page are reset to default during reinstallation. Therefore, you must set the appropriate values for all the configuration fields.

        For information about the value, see the Transformation Hub Tuning section in the Hardware Requirements and Tuning Guidelines.

      • Disable Allow plain text (non-TLS) connections to Kafka.

    5. Click Next until you reach the Configuration Complete page.

    6. Click Next after all the pods in the Configuration Complete page are displayed in green.

  5. Restart the ITOM-DI pods manually:

    1. Get the name of all ITOM-DI pods:

      kubectl get pods --all-namespaces | grep itom-d

    2. Restart all the pods individually by executing the command:

      kubectl delete pod -n <namespace> <ITOM-DI pod name>

  6. Restart all the components mentioned in the prerequisite for the changes to take effect.