Setting Up Managed Hosts - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1 Administration Manual

64 U D
SING THE EPLOYMENT
Setting Up Managed
Hosts
E
DITOR
• Update the managed host port configuration. See
Assign a component to a managed host. See
•
Host.
Configure Host Context. See
•
Using the deployment editor you can manage all hosts in your deployment
including:
Add a managed host to your deployment. See
•
Edit an existing managed host. See
•
Remove a managed host. See
•
You also can not assign or configure components on a non-Console managed
host when the STRM Log Management software version is incompatible with the
software version that the Console is running. If a managed host has previously
assigned components and is running an incompatible software version, you can
still view the components, however, you are not able to update or delete the
components.
Encryption provides greater security for all STRM Log Management traffic between
managed hosts. To provide enhanced security, STRM Log Management also
provides integrated support for OpenSSh and attachmateWRQ
software. Reflection SSH software provides a FIPS 140-2 certified encryption
solution. When integrated with STRM Log Management, Reflection SSH provides
secure communication between STRM Log Management components. For
information on Reflection SSH, see the following web site:
www.wrq.com/products/reflection/ssh
Note: You must have Reflection SSH installed on each managed host you wish to
encrypt using Reflection SSH. Also, Reflection SSH is not compatible with other
SSH software, such as, Open SSH.
Since encryption occurs between managed hosts in your deployment, your
deployment must consist of more than one managed host before encryption is
possible. Encryption is enabled using SSH tunnels (port forwarding) initiated from
the client. A client is the system that initiates a connection in a client/server
relationship. When encryption is enabled for a managed host, encryption tunnels
are created for all client applications on a managed host to provide protected
access to the respective servers. If you enable encryption on a non-Console
managed host, encryption tunnels are automatically created for databases and
other support service connections to the Console.
Note: Enabling encryption reduces the performance of a managed host by at least
50%.
STRM Log Management Administration Guide
Configuring a Managed
Assigning a Component to a
Configuring Host Context.
Adding a Managed
Editing a Managed
Removing a Managed
Host.
Host.
Host.
Host.
®
Reflection SSH