How to set up encryption when legacy agents are used.

Document ID : KB000009385
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

I am running AE 11.3 and using legacy agents (r11.0 and r4.5.x). I would like to use encryption and I understand that because I have legacy agents I cannot use "instance wide encryption." How do I leverage the available encryption methods for the best possible security from network sniffing?

Instructions:

As noted, instance wide-encryption must be turned off to allow communication to the 11.0 and 4.5.x agents. (see notes below)

  • In order to encrypt the communications to and from the 11.3 agents turn on agent level encryption. (see notes below)

  • The client utilities to application server require SSA (CSAM) to be configured to use SSL (see example below)

  • In order to encrypt the data stream sent to the 11.0 agents configure SSA (CSAM) to use SSL (see example below)

  • For the 4.5 there is no additional encryption available past the built in DES encryption between event processor and agent.

  • Note: The 11.3 auxiliary port is covered by the 11.3 agent level encryption.

To configure CSAM/SSA to use SSL: (please note the settings must match exactly on all WAAE machines!)

  • Make sure that SSL and port multiplexing are turned off at the top level: (the 11.3 scheduler requires this)

    csamconfigedit EnableSSL=False EnablePMUX=False

  • Then configure the application server and agent (11.0) ports for SSL and PMUX : (please verify your app server port before setting) (also keep in mind the settings must match on schedulers and agents)

    csamconfigedit PORT=9000 EnableSSL=True EnablePMUX=True
    csamconfigedit PORTRANGE=49152-50176 EnableSSL=True EnablePMUX=True
Additional Information:

For general information regarding encryption in Workload Automation AE please see the section marked "Data Encryption" in chapter 1 of the "CA Workload Automation AE Administration Guide"

For further information regarding turning instance-wide encryption on or off please see Chapter 4 of the "CA Workload Automation AE Security Guide"

For further information regarding 11.3 agent encryption please see the Section marked: "Modify the Encryption Type and Encryption Key on CA Workload Automation AE" (UNIX) Chapter 13 of the "CA Workload Automation AE UNIX Implementation Guide" (Windows) chapter 13 of the "CA Workload Automation AE Windows Implementation Guide".