Well first of all im a newbie on BF and ILMT. However i have managed to set upp a environment containing BF(9.5.9.62) and ILMT(9.2.12.0), i also have agents installed and running ad communications to server.
Now i want to enable encryption(https) between the agent and the server. This is what i have done so far:
The first thing to note is that report encryption is not required in order to have HTTPS communication between the agent and the server. HTTPS communication is leveraged by default. Report encryption (also known as Message Level Encryption) is an optional configuration that enables end-to-end encryption specifically of Client data being sent to the BigFix Server.
For the scenario you describe above, I certainly understand the caution. The site credentials are critical to a given instance of BigFix, and should be protected accordingly. That said, the ‘-disablekey’ option for ‘-reportencryption’ applies specifically to the encryption key, not the site key.
Ok thx this was good info…
But can u link me to som documentation that really confirm thats https is enabled per default between BF agent and BF server(Or do i have to sniff the network:))?
Alse thx for clarifying that the connamds i posted does not affecting the site key!
“9.5.6 or later, which means that:
The BigFix Server enforces that registration requests coming from BigFix Agents V9.5.6 or later must be properly signed.
The BigFix Server and the Relays V9.5.6 or later enforce the use of the HTTPS protocol when BigFix Agent registration data is exchanged.
Enforcing this behavior has the following side effects:
BigFix Agents earlier than V9.0 cannot send registration requests to the BigFix Server because they cannot communicate using the HTTPS protocol.
Because BigFix Relays with versions earlier than V9.5.6 cannot handle correctly signed registration requests, any BigFix Client that uses those Relays might be prevented from continuing to register, or might fall back to a different parent Relay or directly to the Server.”
Is this what we are talking about? Or is it only applicable when using releays? So fuzzy for me…