Network Communication and Encryption

A secure communication between the components that integrate an Automation Engine system relies on encryption. It secures the data flow between the components and ensures that data cannot be read or modified during transfer. You do not require external encryption solutions as this is done natively through an AES key level of your choice. As a system administrator, you decide and configure the level of encryption to be used.

Encryption is used for the following:

• Password storage within the CA Automic database repository
• Database password reference within the Automation Engine configuration file
• Communication between Automation Engines and Agents
• User interfaces and APIs
• Outbound communication

Network Communication

The Automation Engine uses the TCP/IP protocol family for data transmission. These protocols have been developed for fail-safe peripheral communication and are therefore very well suited for safe data transfer. TCP/IP needs relatively low effort for the design of redundant networks, thus making the design of highly available and fail-safe networks easy.

Encryption

You define whether the communication is encrypted or not in the ENCRYPTION key available in the UC_AS_SETTINGS variable that is provided in system Client 0000. It is enabled by default. For more information, see UC_AS_SETTINGS - Advanced Security.

The following values are allowed:

• ENCRYPTION = NO

  The communication between the components in an Automation Engine system is not encrypted.

• ENCRYPTION = AES-128

  Communication encrypted with a 128-bit key length.

• ENCRYPTION = AES-192

  Communication encrypted with a 192-bit key length.

• ENCRYPTION = AES-256

  Communication encrypted with a 256-bit key length.

The encryption strength has no negative effects on the performance of your system.

For more information, see Encrypting the Communication.

See also:

• Security Concept
• System Hardening
• Configuring Firewall and Ports