Collector-Micro-Agent Secure Communication
OverOps supports full encryption of all data transferred between OverOps components, so that the Micro-Agent and Collector are able to communicate securely without any impact to the non-encrypted option.
Encryption was first introduced n version 4.47, which means that to use encrypted communication, you'l need to upgrade the Micro-Agent and Collector to a version that supports encryption (from 4.47 and later). Encryption is based on Advanced Encryption Standard (AES) specification and is supported on Linux and Windows Collectors and Micro-Agents. We'll refer to this type of encryption as "basic" encryption.
In version 4.50, we introduced an advanced version of encryption based on OpenSSL, that improves the speed of encrypted communication; therefore, we recommend upgrading your OverOps Collector and Micro-Agent to 4.50 to use this advanced encrypted communication. We'll refer to this type of encryption as "advanced".
Therefore, there are two versions available of the encryption:
- Basic means any version between 4.47 to 4.49 (including all 4.49 hotfixes) this encryption works well but it is slower than the new one
- Advanced means any version from 4.50 and up
When possible, we recommend upgrading to version 4.50 and later to ensure that you have the most updated encryption capabilities.
Encryption is available only for deployments where the Collector is installed on a different machine than the Micro-Agent. If the environment is running in Windows, remember that the Collector configuration isn’t applied automatically as part of the installation process; therefore, you’ll need to configure the Collector after the installation.
Installation and Usage Guidelines
- Verify that you're using a version of the Micro-Agent and Collector that supports encryption (from 4.47 and later).
- Activate the new encryption capability by enabling the following parameter in both the agent.properties and collector.properties files:
- For basic encryption: enable
- For advanced encryption: enable
- Add an encryption key
Note: The <Encryption_Key> should be wrapped in quotation marks ("...") and should not contain the " and ' chars.
- Restart the Micro-Agent and Collector.
How is Communication Handled?
- If encryption isn't enabled on both sides, for both the Micro-Agent and the Collector, then every Micro-Agent / Collector can communicate with its counterpart regardless of the version that's installed; however, communication won’t be secure.
- If basic encryption, introduced in version 4.47, is enabled on both sides, they'll be able to communicate securely.
- If both the Micro-Agent and the Collector have the advanced encryption enabled, they'll be able to communicate securely using advanced encryption.
- If only one side has advanced encryption enabled, communication will fail.
- If one side has basic encryption enabled and the other has advanced encryption enabled, the Micro-Agent and Collector can't communicate
- If encryption is off for both components, they’ll be able to communicate
How to Generate the Encryption Key?
You can use any string to generate an encryption key, however, to generate a strong key, we recommend using an online key generator.
Updated almost 3 years ago