Can a communication between client and server be established without authentication? Is it encrypted?
When the Notification Server Agent is first installed, it makes a call to our CreateResource.aspx page, providing its computer name and domain name values. The Notification Server creates a Resource in its database and then provides a GUID (32-bit unique identifier) to the computer which places it in its registry as a MachineGUID value. The Notification Server Agent will then send Basic Inventory to the Notification Server via the PostEvent.asp page.
The Notification Server Agent will then make a call to our GetClientPolicies.aspx page, providing its GUID. The Notification Server interrogates the CollectionMembership table using this GUID, to find out which collections the resource has been placed in by its Basic Inventory data. It then creates a configuration policy based off of all policies and tasks that are enabled for all collections that this resource is a member of.
In order to download a package, it must be referenced in the client configuration policy provided by the Notification Server. The Notification Server Agent will then make a call to our GetPackageInfo.aspx page, which will tell it where to find the package. It will then make a call to our GetPackageSnapshot.aspx page (either on the Notification Server or on a Package Server) in order to find out file information about the package as well as to download it.
All of these calls are made anonymously by default, but you could disable this as long as you configure share permissions correctly.
In order for the Notification Server Agent to be redirected, either our AeXAgentUtil.exe must be used, or a registry key deployed along with a service restart. Once redirected, the resource will no longer send or receive data to its original Notification Server, and will be managed solely by its new Notification Server.
The Notification Server to Notification Server Agent communications are not encrypted, as we only use encryption for certain items in the registry and database. However, if you configure IIS to use HTTPS instead of HTTP, then communications will be encrypted within the SSL connection.