Server-to-Agent Security

Communication between the Sun Management Center server and its managed nodes is primarily performed using the industry standard Simple Network Management Protocol version 2, employing the User Security model SNMP v2usec. The SNMPv2 mechanism is well suited to mapping the user credentials from the server layer to agent-side operations. SNMPv2 is the primary mechanism for ensuring that access control policies cannot be circumvented.

Sun Management Center also supports SNMP v1 and v2 with community-based security. Although not as robust from a security standpoint, support for SNMP v1 and v2 is important for integration with other devices and other management platforms. In environments where the use of these mechanisms is undesirable, the access control specification mechanism can be used to restrict or forbid access to processes using the SNMP v1 and v2 protocols. The Sun Management Center agent can also understand and respond to SNMPv3 queries from third-party applications.

For customized operations where data streaming could be a requirement, a probe mechanism is also employed. The probe mechanism is initiated by SNMP operations. When initiated, probe operations use a streaming TCP connection to implement bidirectional, potentially interactive services on the managed node, for example, log file viewing. Since the probe mechanism uses SNMP communication, no encryption of the packet payload is performed.