(imported topic written by hbkrules6991)
Hi All:
I posted previously that we are looking to deploy a relay in the DMZ to allow our laptops the ability to communicate with our BF server when not connected over VPN. We only want the clients to use encryption when communicating to this relay, so I wanted to verify the steps to ensure that is the case.
v.8.0.627.0 is the version we are running
1: Enable encryption on the BES server thru the Admin tool.
-
Click Generate new key, select the key size and Uncheck the option to being encrypting immediately. Save the key
-
Copy the key to the relay servers that will be used to decrpyt. This will be one server which is in our DMZ. The path is here “c:\Program Files (x86)\BigFix Enterprise\BES Relay\Encryption Keys”
-
On each client that needs to use MLE run the BES Client Setting: Encrypted Reports.
-
The option I will choose is “Click here to set the BES Client to use encryption for reports if possible. (Recommended for most deployments)”.
-
To verify encryption, I will put in these two reg keys CarbonCopyPath & EncryptedCarbonCopyPath
-
Will verify data is encrypted.
Am I missing a step? or is the above pretty accurate as to what I need to do to accomplish our end goal.
Thanks!!