Communication Layer (Iscale) - Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Installation Manual

Communication Layer (iSCALE)

6
Section 6.1, "SSL Proxy and Direct Communication," on page 92

 Section 6.2, "Changing the Communication Encryption Key," on page 94
Section 6.3, "Increasing AES Key Strength," on page 95

The communication layer (iSCALE) connecting all components of the architecture is an encrypted
TCP/IP based connection built on a JMS (Java Messaging Service) backbone. With Sentinel 6, an
optional SSL proxy has been added to secure the Collector Manager and Sentinel Control Center
components if they are installed outside the firewall.
Sentinel Architecture
Figure 6-1
There are two communication options available when installing the Collector Manager:
Connect directly to the message bus (default): This is a simplest and fastest option. It

requires the Collector Manager to know the shared message bus encryption key, however,
which can be a security risk if the Collector Manager is running on a machine that is exposed to
security threats (for example, a machine in the DMZ). This option will encrypt
communications using AES 128-bit encryption based on the data in a file called
Connect to the message bus through the proxy: This option adds an additional layer of

security by configuring the Collector Manager to connect through an SSL proxy server. In this
case, certificate-based authentication and encryption will be used, so the
need to be stored on the Collector Manager machine. This is a good option when the Collector
Manager is installed in a less secure environment.
Either of these options can be selected when installing the Collector Manager. The Sentinel Control
Center uses the proxy by default.
.
.keystore
does not
.keystore
Communication Layer (iSCALE)
6
91