DocumentationAPICommunitySupport

Collector-Micro-Agent Secure Communication

Suggest Edits

Introduction

OverOps supports full encryption of all data transferred between OverOps components, so that the Micro-Agent and Collector are able to communicate securely without any impact to the non-encrypted option.

Encryption Versions

Encryption was first introduced n version 4.47, which means that to use encrypted communication, you'l need to upgrade the Micro-Agent and Collector to a version that supports encryption (from 4.47 and later). Encryption is based on Advanced Encryption Standard (AES) specification and is supported on Linux and Windows Collectors and Micro-Agents. We'll refer to this type of encryption as "basic" encryption.

In version 4.50, we introduced an advanced version of encryption based on OpenSSL, that improves the speed of encrypted communication; therefore, we recommend upgrading your OverOps Collector and Micro-Agent to 4.50 to use this advanced encrypted communication. We'll refer to this type of encryption as "advanced".

Therefore, there are two versions available of the encryption:

  • Basic means any version between 4.47 to 4.49 (including all 4.49 hotfixes) this encryption works well but it is slower than the new one
  • Advanced means any version from 4.50 and up

When possible, we recommend upgrading to version 4.50 and later to ensure that you have the most updated encryption capabilities.

📘

Note

Encryption is available only for deployments where the Collector is installed on a different machine than the Micro-Agent. If the environment is running in Windows, remember that the Collector configuration isn’t applied automatically as part of the installation process; therefore, you’ll need to configure the Collector after the installation.

Installation and Usage Guidelines

  1. Verify that you're using a version of the Micro-Agent and Collector that supports encryption (from 4.47 and later).
  2. Activate the new encryption capability by enabling the following parameter in both the agent.properties and collector.properties files:
  • For basic encryption: enable takipi.encrypt =true
  • For advanced encryption: enable takipi.encrypt.fast=true
  • Add an encryption key takipi.encrypt.key=<Encryption_Key>
    Note: The <Encryption_Key> should be wrapped in quotation marks ("...") and should not contain the " and ' chars.
  1. Restart the Micro-Agent and Collector.

How is Communication Handled?

  • If encryption isn't enabled on both sides, for both the Micro-Agent and the Collector, then every Micro-Agent / Collector can communicate with its counterpart regardless of the version that's installed; however, communication won’t be secure.
  • If basic encryption, introduced in version 4.47, is enabled on both sides, they'll be able to communicate securely.
  • If both the Micro-Agent and the Collector have the advanced encryption enabled, they'll be able to communicate securely using advanced encryption.
  • If only one side has advanced encryption enabled, communication will fail.
  • If one side has basic encryption enabled and the other has advanced encryption enabled, the Micro-Agent and Collector can't communicate
  • If encryption is off for both components, they’ll be able to communicate

How to Generate the Encryption Key?

You can use any string to generate an encryption key, however, to generate a strong key, we recommend using an online key generator.

Updated almost 4 years ago