3.2 Understanding Communication Security Levels

You must choose the level of security for communication between the NetIQ components that is appropriate for your environment. If your policies allow, use the same security level for AppManager for UNIX that you use throughout your AppManager environment. The options available are:

  • Unencrypted messages (no security): no extra measures are taken to secure agent-to-management server communications. This option is only available for use with NetIQ AppManager Operator Console. All data sent between the management server and the agent is transmitted without encryption, and the agent does not authenticate the identity of the management server. The lowest security setting for agent communications is entirely appropriate in many environments. Cleartext communications facilitate troubleshooting and are suitable for a closed network environment. However, many organizations require greater security to ensure data privacy and integrity and to help prevent potential attacks from unauthorized, external sources.

  • Encrypted communication only (Security Level 1): a basic level of security. All data transmitted between the server and the agent is encrypted and decrypted using a session key generated dynamically when the server is started.

  • Authentication and encrypted communications (Security Level 2): a high level of security. The agent uses a predefined key to authenticate the identity of the management server before sending encrypted data. The key information is stored and a portion of the key is made available for the agent computers to use.