EM Communication Encryption
As of version 7.3, communication between all Enterprise Manager components is encrypted using the TLS 1.2 standard. Therefore it is absolutely necessary that the Enterprise Manager Server and the Enterprise Manager Distribution Point run in the same version and that the communication works via https. The communication to the agents also works to the previous versions 7.x and 6.x via the old unencrypted port. In order to ensure encrypted and constant communication, a certificate is automatically stored and installed in the local certificate store on each computer object for each component. This works in detail for the individual components as follows:
Enterprise Manager Server
Installs or update Enterprise Manager Server version 7.3 or later. Automatically creates a certificate on the computer object under "Personal" and "Trusted Root Certification Authorities". The naming convention is always as follows name: %local computer name%, expiration date: "in 30 years", friendly name: "Matrix42 Enterprise Manager Server".
If the certificate is deleted by an administrator, then after a restart of services the system checks whether the certificate is available and if necessary installs it again.
In addition to the certificate, new incoming rules for the new communication (port) are automatically stored in the local firewall. These are identified by the name "Matrix42 Enterprise Manager Server Https".
The https communication port can of course be adapted and changed in the web console. Here another port has been added to the EM Server settings page.
Enterprise Manager Distribution Point
Installs or update Enterprise Manager DP version 7.3 or later. Automatically creates a certificate on the computer object under "Personal" and "Trusted Root Certification Authorities". The naming convention is always as follows name: %local computer name%, expiration date: "in 30 years", friendly name: "Matrix42 Enterprise Manager DP".
It is important that the EM DP and EM Server in version 7.3 have the same installed version so that the communication can function correctly!
If the certificate is deleted by an administrator, then after a restart of services the system checks whether the certificate is available and if necessary installs it again.
In addition to the certificate, new incoming rules for the new communication (port) are automatically stored in the local firewall. These are identified by the name "Matrix42 Enterprise Manager DP Https".
The https communication port can of course be adapted and changed during installation and in the web console. Another port has been added to the web console under Distribution Point editing.
Enterprise Manager Agent
Installs or update Enterprise Manager Agent version 7.3 or later. Automatically creates a certificate on the computer object under "Personal" and "Trusted Root Certification Authorities". The naming convention is always as follows name: %local computer name%, expiration date: "in 30 years", friendly name: "Matrix42 Enterprise Manager Agent".
A certificate is also installed and stored on each terminal device where the EM Agent is installed.
If the certificate is deleted by an administrator, then after a restart of services the system checks whether the certificate is available and if necessary installs it again.
In addition to the certificate, new incoming rules for the new communication (port) are automatically stored in the local firewall. These are identified by the name "Matrix42 Enterprise Manager Agent Https".
The https communication port can of course be adapted and changed during installation.