Network Protocol – Raw, SSH, SSL

The installation program prompts you to choose a network protocol for communication among the software applications. For the Master Server, you can choose raw (TCP/IP) or SSL. For Local Distributors, Remote Agents, and CLI Clients, you can choose raw (TCP/IP), SSH, or SSL.

Raw (TCP/IP) is an insecure communication protocol. When using this connection protocol with the provisioning system, anyone with network access to a server that has an Sun N1 Service Provisioning System 5.2 application installed on it can connect to the provisioning system and issue commands. If you choose raw, you can secure the provisioning system by configuring the security policy file to only accept connections from servers that have Sun N1 Service Provisioning System 5.2 applications. For more details, see Chapter 9, Configuring the Java Virtual Machine Security Policy.

SSL is more secure than raw. If you select SSL, you must also specify which cipher suite to use, encryption with no authentication or encryption with authentication. Encryption with no authentication is similar to using raw in that anyone with network access to a server that has a provisioning system application installed on it can connect to the provisioning system and issue commands. The encryption with authentication mode is the most secure choice when using SSL. You can further secure the provisioning system by configuring the security policy file to only accept connections from servers that have Sun N1 Service Provisioning System 5.2 applications. For more details, see Chapter 9, Configuring the Java Virtual Machine Security Policy. For more information about SSL, see Chapter 8, Configuring the Sun N1 Service Provisioning System 5.2 for SSL.

When you use SSL with a Local Distributor on an AIX server, the SSL cipher suite is set to encryption with authentication. Encryption with no authentication is not available for Local Distributors that are running on AIX servers.

SSH is the most secure network protocol and supported on only Linux and UNIX based platforms. To use SSH with the Sun N1 Service Provisioning System 5.2, you must install SSH software on your servers. For more information, see Chapter 7, Configuring the Sun N1 Service Provisioning System 5.2 to Use Secure Shell.

If you choose to use SSH as the network protocol for communication between the Master Server and the CLI Clients, the IP address of the Master Server is set to 127.0.0.1. The communication protocol for the Master Server is set to raw. You must configure the CLI Client to connect to the Master Server using SSH.