Encryption of Software Packages being deployed to agents
search cancel

Encryption of Software Packages being deployed to agents

book

Article ID: 91685

calendar_today

Updated On:

Products

CA Client Automation - IT Client Manager CA Client Automation

Issue/Introduction

The DTS download method by default does not use encryption. This document describes how encryption can be configured.

Is there a way to encrypt the package being deployed to Agents using DTS?

Environment

Client Automation - 14.0 and above

Resolution

The transfer of a software package from the ITCM Domain Manager to a Scalability Server is performed by DTS (Data Transport Service).

The download method that transfers the software package from the Scalability Server to the agent can be configured as:

  • Internal - NOS
  • Internal - NOS-less
  • DTS - NOS-less

The 'Internal - NOS' method uses the Microsoft share method to access a software package on the Scalability Server (\\ScalabilityServer\SDLIBRARY$). The package is accessed and installed directly from the SDLIBRARY share. This access is not encrypted.
 
The 'Internal - NOS-less' method uses a Software Delivery internal method to transfer the entire package from the server to the agent. By default this transfer is encrypted the same way as all messages between the agent the Scalability Server are encrypted. The encryption algorithm can be configured in the configuration policy 'common components\Encryption\Cipher preferences'.
 
By default, software packages transferred using the DTS download method, either from the Domain Manager to the Scalability Server or from the Scalability Server to the agents, are not encrypted. DTS transfers can be configured with optional parcel filters and one of the parcel filter options is for encryption. In DTS, filters are configured as 2 corresponding pairs. An encryption parcel filter encrypts the package on the sending side of the transfer, which has a corresponding decryption parcel filter on the receiving side.

The available built-in parcel filters for DTS are:
AES256_ENCRYPT, AES256_DECRYPT, AES192_ENCRYPT, AES192_DECRYPT, AES128_ENCRYPT, AES128_DECRYPT, 3DES_ENCRYPT and 3DES_DECRYPT.

The DTS parcel filter can be configured under the configuration policy 'software delivery\file transfer' with one of the parameters 'DTS: Parcel filter 0' - 'DTS: Parcel filter 9'.

The syntax requires a ‘@’ sign at the start followed by the separator sign to separate the sending and the receiving parcel filter.

Ex: '@+ AES192_ENCRYPT + AES192_DECRYPT' configures the sending and the receiving parcel filter combination to AES192.

Attachments

Powered by Wolken Software