Skip to Content

Encryption behavior between cells and components

This section describes the encryption behavior of cells and components during communication. The following actions occur when a BMC ProactiveNet component initiates communication with a cell:

  1. The component scans the cell configuration file, mcell.dir, for that cell's connection information.
  2. BMC ProactiveNet Administration Console retrieves the cell's connection information from the BMC ProactiveNet Server.
  3. The component opens a connection to the cell.

If the cell is configured with Encryption=yes, the component can use encrypted or non-encrypted communication. The component must use encrypted communication if the cell has ForceEncryption=yes and Encryption=yes.

If the communication is encrypted, both the cell and the component must use the same EncryptionKey values to establish communication.

Information retrieval

A component must have the address and port of a cell to establish communications with it. To establish encrypted communications, the component must also have the encryption key of the cell. BMC ProactiveNet Administration Console and the CLI commands determine the information in different ways:

  • BMC ProactiveNet Administration Console acquires the information from the BMC Impact Administration server (cell_info.list).
  • BMC CLI commands obtain the information by determining the server location using one of the following methods:
    • Directly from the CLI command
    • From the CLI configuration parameters in the mclient.conf file
    • From the mcell.dir file, if you use the -n CellName option

Default values

The default value for CellName is the name of the host (HostName). The default value for the port is 1828.

When the mcell.dir file is present, the default value is EncryptionKey=mc at installation. BMC recommends that you modify this value for security.

If the mcell.dir file is absent on the host and you do not specify an encryption key, the CLI command uses 0 (zero) as the default value for EncryptionKey. This value enables encrypted communications.

Warning

Note

You can disable encryption by setting the configuration parameter to Encryption=No. You might want to use this setting to disable encryption while tracing.

Mandatory key specification conditions

You must specify the encryption key if the following conditions apply:

  • You run the CLI command on a host without an mcell.dir file
  • The cell has an encryption key other than 0 (zero)

These conditions apply with the default installation. However, if the mcell.dir file is present on the host, and the file specifies the encryption key, you are only required to specify the cellName.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC ProactiveNet 9.6