6.13 Communication encryption in JP1/Base

JP1/Base can encrypt communication through SSL during the following communications:

• Communication associated with an authentication server (user authentication)

  • Communication for user authentication between products using JP1/Base user authentication and an authentication server

  • Communication for commands^# related to JP1/Base user authentication

    # Commands related to JP1/Base user authentication are as follows:

    jbsadduser, jbschgpasswd, jbsrmuser, jbslistuser, jbsaclreload, jbslistacl, jbssetacl, jbsrmacl

• Communication associated with command execution by JP1/IM

  • Communication for automated action between JP1/IM - Manager and JP1/Base on a manager host

  • Communication for command execution between JP1/IM - View and JP1/Base on a manager host

• Communication associated with the monitoring of agent hosts

  Transfer of JP1 events, search for JP1 events, reception of JP1 events, automatic action, execution of commands, management of configurations, and health checks performed between the manager host's JP1/IM - Manager and JP1/Base and the agent host's JP1/Base

The following figure shows an overview of JP1/Base communication capable of SSL communication.

Figure 6‒10: JP1/Base communication capable of SSL communication

Note that to use SSL communication, the version of JP1/Base on the host (server side) at the connection destination and the hosts (client side) connecting to that host must be 11-00 or later. (When communication associated with agent host monitoring is to be encrypted, the version of JP1/Base on these hosts must be 12-10 or later.)

Note on using SSL communication on an authentication server (user authentication)

If SSL communication is enabled on an authentication server host, SSL communication must also be enabled on each host that connects to that authentication server. If hosts that do not use SSL communication must be authenticated, you need to install an authentication server that does not use SSL communication to separate the user authentication block.

Furthermore, if you set hosts that do not support SSL communication in the non-SSL communication host configuration file (jp1bs_nosslhost.conf), communication associated with the monitoring of agent hosts can take place in accordance with the SSL communication settings of the agent host. For details on the non-SSL communication host configuration file, see Non-SSL communication host configuration file in 16. Definition Files.

The following figure shows an example of a system configuration where both SSL communication and non-SSL communication take place.

Figure 6‒11: Example of a system configuration where both SSL communication and non-SSL communication take place

In this example, the integrated manager uses non-SSL communication to access the instances of JP1/Base located within the same LAN. On the other hand, to access a site manager or the instances of JP1/Base located within the same LAN as the site manager, the integrated manager uses SSL communication.

Organization of this section

• 6.13.1 Files required for SSL communication

• 6.13.2 Setting up an SSL communication environment on the server side

• 6.13.3 Setting up an SSL communication environment on the client side

• 6.13.4 Setting up the communication encryption function of JP1/Base

• 6.13.5 Notes on using event services

To Page Top