Network Protocol (N1 Grid Service Provisioning System 5.0 Installation Guide)

N1 Grid Service Provisioning System 5.0 Installation Guide

Network Protocol

The installation program prompts you to choose a network protocol for communication among the software applications. For the Master Server, you can choose TCP/IP or SSL. For Local Distributors, Remote Agents, and CLI Clients, you can choose TCP/IP, SSH, or SSL.

TCP/IP is an insecure communication protocol. When using this connection protocol with the provisioning system, anyone with network access to a server that has an N1 Grid Service Provisioning System 5.0 application installed on it can connect to the provisioning system and issue commands. If you choose TCP/IP, you can secure the provisioning system by configuring the security policy file to only accept connections from servers that have N1 Grid Service Provisioning System 5.0 applications. For more details, see Chapter 8, Configuring the Java Virtual Machine Security Policy.

SSL is more secure than TCP/IP. If you select SSL, you must also specify which cipher suite to use, encryption with no authentication or encryption with authentication. Encryption with no authentication is similar to using TCP/IP in that anyone with network access to a server that has a provisioning system application installed on it can connect to the provisioning system and issue commands. The encryption with authentication mode is the most secure choice when using SSL. You can further secure the provisioning system by configuring the security policy file to only accept connections from servers that have N1 Grid Service Provisioning System 5.0 applications. For more details, see Chapter 8, Configuring the Java Virtual Machine Security Policy. For more information about SSL, see Chapter 7, Configuring the N1 Grid Service Provisioning System 5.0 for SSL.

Note –

When you use SSL with a Local Distributor on an AIX server, the SSL cipher suite is set to encryption with authentication. Encryption with no authentication is not available for Local Distributors that are running on AIX servers.

SSH is the most secure network protocol and supported on only Solaris OS, Red Hat Linux, and IBM AIX platforms. To use SSH with the N1 Grid Service Provisioning System 5.0, you must install SSH software on your servers. For more information, see Chapter 6, Configuring the N1 Grid Service Provisioning System 5.0 to Use Secure Shell.