Encryption of Software Packages being deployed to agents

Document ID : KB000091685
Last Modified Date : 16/04/2018
Show Technical Document Details
Introduction:
The DTS download method by default does not use encryption. This document describes how encryption can be configured.
 
 
Question:
Is there a way to encrypt the packages being deployed to agents using DTS?
Environment:
All versions of CA Client Automation
Answer:
The transfer of a software package from the ITCM Domain Manager to a Scalability Server is performed by DTS (Data Transport Service).

The download method that transfers the software package from the Scalability Server to the agent can be configured as:
  • Internal - NOS
  • Internal - NOS-less
  • DTS - NOS-less
 
The 'Internal - NOS' method uses the Microsoft share method to access a software package on the Scalability Server (\\ScalabilityServer\SDLIBRARY$). The package is accessed and installed directly from the SDLIBRARY share. This access is not encrypted.
 
The 'Internal - NOS-less' method uses a Software Delivery internal method to transfer the entire package from the server to the agent. By default this transfer is encrypted the same way as all messages between the agent the Scalability Server are encrypted. The encryption algorithm can be configured in the configuration policy 'common components\Encryption\Cipher preferences'.
 
By default, software packages transferred using the DTS download method, either from the Domain Manager to the Scalability Server or from the Scalability Server to the agents, are not encrypted. DTS transfers can be configured with optional parcel filters and one of the parcel filter options is for encryption. In DTS, filters are configured as 2 corresponding pairs. An encryption parcel filter encrypts the package on the sending side of the transfer, which has a corresponding decryption parcel filter on the receiving side.

The available built-in parcel filters for DTS are:
AES256_ENCRYPT, AES256_DECRYPT, AES192_ENCRYPT, AES192_DECRYPT, AES128_ENCRYPT, AES128_DECRYPT, 3DES_ENCRYPT and 3DES_DECRYPT.

The DTS parcel filter can be configured under the configuration policy 'software delivery\file transfer' with one of the parameters 'DTS: Parcel filter 0' - 'DTS: Parcel filter 9'.

The syntax requires a ‘@’ sign at the start followed by the separator sign to separate the sending and the receiving parcel filter.

Ex: '@+ AES192_ENCRYPT + AES192_DECRYPT' configures the sending and the receiving parcel filter combination to AES192.

Figure 1