How to Enable CCA Agent Security

book

Article ID: 38119

calendar_today

Updated On:

Products

CENDURA

Issue/Introduction

Introduction:

Secured communications requires a certificate for identification on both the Server side and the Agent side. You must create a certificate authority before you can secure Agent communications.  To secure your CCA Agents, you would need to create and enable CCA Agent Security as it will create security certificates for the agent that will only allowed be communicated with the CCA Server creating and deploying those certificates

Instructions:

To enable Agent Security:

  1. Create and Enable CCA Agent security certificates as required. You create CCAAgent security certificates using the Secure Agent option for each individual server selected on the Servers page.

  2. From the "Administration Link", select the "Security Certificates" that you want to secure. 

  3. Select "Create Certificate" from the "Table Actions" dropdown. 

    <Please see attached file for image>

    2016-02-11 11_32_07-Administration View - CA Configuration Automation - Opera.png

  4. Enter the CCA Server Name as well as the Certificate Password (with confirmation) and the Certificate Authority password, then select OK 
    Note: You cannot use Agent Security with an SSH proxy, and you must use the Manually Configured Agent selection for Agent Mode in the Access Profile.

  5. CCA creates the certificate for the Agent, installs this new certificate in the Agent installation directory, configures the Agent to accept only secure connections, and restarts the Agent with the new configuration. After CCA successfully completes these steps, navigate back to the Management link then Servers tab 

  6. Confirm that your Access Profile is set to Secure Agent by going to the Access Profiles and editing the associated Access Profile to the target Server and verifying that the 'Secure Agent' checkbox is selected in the "Access Mode" tab

    <Please see attached file for image>

    2016-02-11 11_49_18-Management View - CA Configuration Automation - Opera.png

  7. Select the target Server, Select Actions, Agent Actions, Secure Agent; a popup will appear with the Agent Certificate Password as well as the Certificate Authority Password

    <Please see attached file for image>

    2016-02-11 11_51_26-Management View - CA Configuration Automation - Opera.png

  8. After entering in the passwords and hitting OK, your agent is now secured

Note: You cannot use Agent Security with an SSH proxy, and you must use the Manually Configured Agent selection for Agent Mode in the Access Profile. 

Environment

Release: ACMPHY99000-12.7-Configuration Automation-for Physical Environments
Component:

Attachments

1558723829413000038119_sktwi1f5rjvs16x0y.png get_app
1558723827623000038119_sktwi1f5rjvs16x0x.png get_app
1558723825663000038119_sktwi1f5rjvs16x0w.png get_app