Novell PLATESPIN ORCHESTRATE 2.0.2 - DEVELOPMENT CLIENT REFERENCE 08-28-2009 Reference page 63

Make TLS mandatory on the agents
The Orchestrate Server rejects any connections that do not establish TLS encryption. This is the
most secure encryption level because it ensures that all message communication between the
node (that is, an agent) and the server are protected from tampering or interception.
TLS On Client: This setting allows the encryption level to be set to one of four values, as described
(in order of security level) below.
Forbid TLS for clients
Only unencrypted connections are allowed for users of this server. If the user or client attempts
to initiate encrypted communication, the connection attempt is rejected. This is the least secure
of the encryption levels and is only recommended for installations where encryption is
forbidden due to legal or policy restrictions, or where the performance benefits of disabling
encryption outweigh security concerns.
Allow TLS on the clients; default to falling back to unencrypted
This level specifies that the server defaults to unencrypted communication, but that the user can
optionally enable encryption.
This is the default setting for the Orchestrate Server. More secure installations might require a
setting to one of the higher levels below.
Allow TLS on the agents; default to TLS encrypted if not configured
encrypted
The server defaults to using encryption, but the user can optionally disable encryption.
Make TLS mandatory on the clients
The Orchestrate Server rejects any connections that do not establish TLS encryption. This is the
most secure encryption level because it ensures that all message communication between the
user's client programs and the server are protected from tampering or interception.
TLS Address: This is the port number and optional bind address for incoming encrypted
connections from users and nodes. The format is
causes the server to accept only TLS connections on the address
10.10.10.10:8101
on port . If "*" is used as the host name, then the Orchestrate Server listens on all available
8101
network interfaces. The default is
encrypted sessions on all available interfaces on the system.
Agent/User Session Configuration
When nodes (agents) and users log on to the Orchestrate Server, they establish a session context
used to manage the state of the messaging connection between client and server. This session can be
revoked by the administrator, and it can also expire if the connection exceeds its maximum lifetime
or idle timeout.
Agent Session Lifetime: The maximum number of seconds that an agent's session can last
before the agent is disconnected and must re-authenticate with the server. A value of
"forever."
Agent Session Timeout: The idle timeout for agents. If an agent connection remains idle with
no message traffic in either direction for this time period (in seconds), the session times out, the
agent is disconnected and must reauthenticate when it is ready to communicate with the server
again.
hostname:port
, which causes the Orchestrate Server to listen for
*:8101
. For example,
10.10.10.10
-1
The Explorer Tree
" means
63