Accelerator Client to Server communication encryption

Accelerator Client to Server communication encryption

Article: 100044103
Last Published: 2018-09-19
Ratings: 0 0
Product(s): Enterprise Vault

Problem

Is communication between the Enterprise Vault (EV) Compliance Accelerator (CA) or Discovery Accelerator (DA) Clients and servers encrypted?

 

Solution

Communication between the Accelerator Clients and servers is encrypted by default. Such communication occurs over Transmission Control Protocol (TCP) ports 8085 and 8086, in addition to Remote Procedure Calls (RPC). The communication transport channel is transparent to users and is handled by the .NET infrastructure using Windows Authentication.

To verify encryption is enabled (default behaviour), review the following configuration files located in the Accelerator installation folder, which is typically located under \Program Files (x86)\Enterprise Vault Business Accelerator on the Accelerator server.

-    AcceleratorManager.exe.config
-    AcceleratorManagerConsole.exe.config
-    AcceleratorService.exe.config
-    ADSynchroniser.exe.config

These configuration files should contain Remoting Channel Configuration sections which determine the communication channel behaviour. By default (on installation) the communication should be encrypted, as indicated by the secure setting being set to true, and the protectionLevel setting being set to EncryptAndSign.

Here is an example:

<!-- This channel configuration is for the Web client -->
    <add key="Remoting Channel Configuration" value="name=Client Port, port=8085,suppressChannelData=false, machineName=, priority=1, secure=true, protectionLevel=EncryptAndSign, useIpAddress=true,  bindTo=0.0.0.0, rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false, authorizationModule=, typeFilterLevel=Full" />
    <add key="Remoting Channel Configuration IPv6" value="name=Client Port IPv6, port=8085,suppressChannelData=false, machineName=, priority=2, secure=true, protectionLevel=EncryptAndSign, useIpAddress=true,  bindTo=[::], rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false, authorizationModule=, typeFilterLevel=Full" />
    <!-- This channel configuration is for the Windows client.-->
    <add key="Windows Client Remoting Channel Configuration" value="name=Windows Client Channel, port=8086,suppressChannelData=false, priority=1, secure=true, protectionLevel=EncryptAndSign, rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false, typeFilterLevel=Full" />
    <add key="Windows Client Remoting Channel Configuration IPv6" value="name=Windows Client Channel IPv6, port=8086,suppressChannelData=false, priority=2, secure=true, protectionLevel=EncryptAndSign,  bindTo=[::], rejectRemoteRequests=false, exclusiveAddressUse=true, impersonate=false,  typeFilterLevel=Full" />

 

 

Was this content helpful?