BES traffic encryption and strong authentication

Usage and Config Platform
1

(imported topic written by peterd91)

Is the below possible, if not, is it in the roadmap?

  1. strong authentication of the BES Client

  2. encryption of the traffic between the client and the server

2

(imported comment written by BenKus)

Hi peterd,

Instructions, commands, and downloads are all secured in BigFix… here is some information on how that works:

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=28

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=104

Additionally, we are adding in the next version (which we will probably call 7.1) of BigFix the ability to do Message Level Encryption, which will allow the information from the BigFix Agents to travel encrypted all the way to the BigFix Server. This technique is superior to HTTPS connections because it is lower overhead on the relays/server and it secures data even if a relay is compromised (because the data is unencrypted at the server).

Ben

3

(imported comment written by peterd91)

Regarding securing the communication between the agent and the server, I have the following further questions.

  1. Is https currently possible?

  2. When is the 7.1 coming out?

  3. How will the Message Level Encryption be set - per agent or globally per server (can I configure only a group of agents to use encryption. Will it be controlled by client setting and be turned on/off from the console or it will be set at the client installation time)?

  4. In addition to the encryption, will the agent be capable of authenticating itself to the server?

Thanks.