6.4 AgentUpdateSecurityLevel

Use this Knowledge Script to remotely update the agent security level on the managed UNIX computers in your site. When configuring the security level for the agent, keep in mind that all managed UNIX clients in an AppManager site must be configured to use the same security level.

Use this Knowledge Script to change the security level on the managed UNIX clients in your AppManager site either before or after you change the security level on the repository database. The new security level takes effect on the managed UNIX client as soon as the Knowledge Script completes.

Keep in mind that managed UNIX clients cannot communicate with the management server until the security level on the managed UNIX client and the repository database are the same. After you restart the management server to use the latest security settings in the repository, managed UNIX clients with the corresponding security level can resume communication with the management server, and the Operator Console displays a success event message for this Knowledge Script job.

For more information about implementing AppManager secure communication, see the Administrator Guide.

The following security levels are available:

  • 0 - Cleartext -- no security indicates that all communication between the agent and the management server is in cleartext and is not encrypted.

  • 1 - Encryption -- medium security indicates that all communication between the agent and the management server is encrypted but the agent does not authenticate the identity of the management server.

  • 2 - Encryption and authentication -- highest security indicates that the agent attempts to authenticate the identity of the management server before sending and receiving encrypted communication. This option is only applicable if you installed the agent with Encryption and Authentication.

Tip If you configured the agent at installation to use Cleartext or Encryption and you want to change the security level to Encryption and authentication, you must reinstall the agent or manually change the agent’s configuration file.

6.4.1 Resource Objects

UNIX Server computers with the agent.

6.4.2 Default Schedule

By default, this Knowledge Script is only run once for each computer.

6.4.3 Setting Parameter Values

Set the following parameters as needed.

Description

How to Set It

Raise event when update succeeds or fails? (y/n)

Set to y if you want AppManager to raise an event when the security level is successfully updated. This Knowledge Script always raises an event if the job does not run successfully.

If enabled, you can configure the severity level of the event. The default is y.

Event severity when update succeeds or fails

Set the event severity level, from 1 to 40, to reflect the importance when the job successfully complete or when the job fails. The default is 5.

Security level

Select the security level you want the managed UNIX computer to use:

  • 0 - Cleartext if you want all communications between the agent and the management server to be in cleartext and is not encrypted. This option is best for closed network environments, testing, or troubleshooting communication issues.

  • 1 - Encryption if you want all communications between the agent and the management server to be encrypted.

  • 2 - Encryption and authentication if you want the management server to be authenticated before sending and receiving encrypted communication.

Keep in mind that, for a single repository, all managed UNIX clients must use the same security level setting. Any time you update security, you must do so for all of your UNIX agents. If you cannot update all of your UNIX agents at once, the management server cannot communicate with those agents and the interruption in communication might result in missing critical events or data. Therefore, you should plan any change to the security level carefully to minimize the chance of communication failures.

The default is 0 - Cleartext.