Accelerator Client to Server communication encryption

Accelerator Client to Server communication encryption

Article: 100044103
Last Published: 2021-02-23
Ratings: 0 0
Product(s): Enterprise Vault

Problem

Is communication between the Enterprise Vault (EV) Compliance Accelerator (CA) or Discovery Accelerator (DA) Clients and servers encrypted?

 

Solution

Communication between the Accelerator Clients and servers is encrypted by default. Such communication occurs over Transmission Control Protocol (TCP) via Remote Procedure Calls (RPC) over TCP ports 8085 and 8086 by default. The communication transport channel is handled by the .NET infrastructure using Windows Authentication and uses Transport Layer Security (TLS) and the Security Support Provider Interface (SSPI). TLS itself can use a number of different algorithms/ciphers, the listing of which is outside the scope of this article - more information regarding TLS algorithms/ciphers can be found online. The encryption is transparent to users and any encryption algorithms and/or cyphers are not visible to users within the product, nor are the algorithms/ciphers that are used listed anywhere in any configuration files. Any algorithms/ciphers used are defined in the code and are not visible to users as the code is proprietary.

To verify encryption is enabled (default behaviour), review the following configuration files located in the Accelerator installation folder, which is typically located under \Program Files (x86)\Enterprise Vault Business Accelerator on the Accelerator server.

-    AcceleratorManager.exe.config
-    AcceleratorManagerConsole.exe.config
-    AcceleratorService.exe.config
-    ADSynchroniser.exe.config

These configuration files should contain Remoting Channel Configuration sections which determine the communication channel behaviour. By default (on installation) the communication should be encrypted, as indicated by the secure setting being set to true, and the protectionLevel setting being set to EncryptAndSign.

Here is an example:

<!-- This channel configuration is for the Web client -->
    <add key="Remoting Channel Configuration" value="name=Client Port, port=8085,suppressChannelData=false, machineName=, priority=1, secure=true, protectionLevel=EncryptAndSign, useIpAddress=true,  bindTo=0.0.0.0, rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false, authorizationModule=, typeFilterLevel=Full" />
    <add key="Remoting Channel Configuration IPv6" value="name=Client Port IPv6, port=8085,suppressChannelData=false, machineName=, priority=2, secure=true, protectionLevel=EncryptAndSign, useIpAddress=true,  bindTo=[::], rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false, authorizationModule=, typeFilterLevel=Full" />
    <!-- This channel configuration is for the Windows client.-->
    <add key="Windows Client Remoting Channel Configuration" value="name=Windows Client Channel, port=8086,suppressChannelData=false, priority=1, secure=true, protectionLevel=EncryptAndSign, rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false, typeFilterLevel=Full" />
    <add key="Windows Client Remoting Channel Configuration IPv6" value="name=Windows Client Channel IPv6, port=8086,suppressChannelData=false, priority=2, secure=true, protectionLevel=EncryptAndSign,  bindTo=[::], rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false,  typeFilterLevel=Full" />

 

 

Was this content helpful?