Table of Contents
Advertisement
TLS Implementation for VCM
Delivering Initial Certificates to Agents
VCM Agents use Enterprise Certificates to validate Collector Certificates. Therefore, the Agent must have access to
the Enterprise Certificate as a trusted certificate. In most cases, VCM will deliver and install the Enterprise Certificate
as needed.
Installing the Agent from the Collector
The Enterprise Certificate is stored in the CollectorData folder on the Collector. The Enterprise Certificate is installed
when the VCM Agent is installed or upgraded with the HTTP protocol.
New Installations
In a new Agent installation, all module files will be installed. The Enterprise Certificate will be installed if and when the
EcmComSocketListenerService module is installed. If the "Enable HTTP" option is not chosen for the installation,
then the module and certificate will not be installed.
Upgrades
All upgrades of HTTP-enabled Agents from non-TLS Agents to TLS Agents receive a new version of the
EcmComSocketListenerService, and the Enterprise Certificate. This also applies to upgrades via the "License and
Install Agent on Discovered Machines" Discovery rule option (see VCM Help for more information on VCM
Discoveries."
Changing Protocols from DCOM to HTTP
Changing protocols to HTTP causes the EcmComSocketListenerService module to be installed. Since a secure
DCOM connection with the Agent exists, the current Enterprise Certificate can be delivered with the
EcmComSocketListenerService module.
Changing Protocol from HTTP to DCOM
The EcmComSocketListenerService module is uninstalled from the Agent during this operation. Since DCOM does
not use certificates, the Agent will simply stop using them. Any changes to the Enterprise Certificate will not be
automatically propagated to the Agent until HTTP is reinstated. Changing protocol from DCOM to HTTP in the future
will deliver the current Enterprise Certificate.
TECHNICAL WHITE PAPER / 15
Advertisement
Table of Contents
