13.11.6 System configuration
The communication encryption function enables you to maintain the confidentiality of communication data on viewer hosts and manager hosts. The following subsections explain the recommended system configurations for using the communication encryption function.
- Organization of this subsection
(1) Basic system configuration
This configuration supports an environment in which JP1/Base 11 or earlier is run on an agent and an authentication server and also JP1/Base 10 or earlier is run.
|
|
![[Figure]](GRAPHICS/CS072800.GIF)
(2) System configuration in which connection is established with multiple manager hosts
The following figure shows a system configuration in which one viewer host starts two viewers, one of which is connected to a manager host on which the communication encryption function is enabled and the other is connected to a manager host on which the communication encryption function is disabled.
|
|
![[Figure]](GRAPHICS/CS072900.GIF)
In this system configuration, a host that encrypts communication with JP1/IM - View and a host that does not encrypt communication with JP1/IM - View are configured. For details about the configuration method, see Non-encryption communication host configuration file (nosslhost.conf) (in Chapter 2. Definition Files) in the manual JP1/Integrated Management 2 - Manager Command, Definition File and API Reference.
To maintain the confidentiality of communication data between the viewer host and the manager host on which the communication encryption function is disabled, configure a physically secure environment with a secure network by using a firewall, VPN, or the like, so that unencrypted communication from the viewer host in the unsecure environment to the manager host can be blocked.
(3) System configuration in which multiple viewer hosts establish connection
An environment in which JP1/IM - View version 11 is intermixed with JP1/IM - View version 10 or earlier is not supported because a manager host does not allow unencrypted communication with viewer hosts.
|
|
![[Figure]](GRAPHICS/CS073000.GIF)
(4) Tree configuration of manager hosts and viewer hosts
If the communication encryption function is disabled on a base manager host or a relay manager host, communication with the viewer host is not encrypted.
To maintain the confidentiality of communication data, configure a physically secure environment with a secure network by using a firewall, VPN, or the like. Encrypt all communication from a viewer host in an unsecure environment and block unencrypted communication by using a firewall, for example. Also, place a viewer host that uses unencrypted communication in a secure environment.
|
|
![[Figure]](GRAPHICS/CS073100.GIF)
(5) Configuration of manager hosts and an authentication server
If you will be encrypting communication between manager hosts and an authentication server, consider the authentication server's authentication range.
-
When all manager hosts are version 12
If the authentication server's communication encryption function is enabled, enable the communication encryption function (authentication server's function as a client) in all JP1/Bases (manager hosts).
Figure 13‒44: When all manager hosts are version 12 ![[Figure]](GRAPHICS/CS073200.GIF)
-
When manager hosts with version 11 or later are intermixed with manager hosts with version 10 or earlier
If the authentication server's communication encryption function is enabled, separate authentication ranges must be provided by configuring a server for which the authentication server's communication encryption function is disabled.
Figure 13‒45: When manager hosts with version 11or later are intermixed with manager hosts with version 10 or earlier ![[Figure]](GRAPHICS/CS073300.GIF)