Non-TLS Agent Encryption

Non-TLS agents establish a connection with a Communication Process (CP). A connection to the database of the AE is not required for this purpose because data exchanged between clients and the Automation Engine is exclusively exchanged through CPs.

This page includes the following:

Connecting to a Communication Process

Connections are established in several steps.

The agent attempts to connect to a randomly selected communication process (CP) as specified in the parameter CP.PORTS= in the [PORTS] section of the INI file of the Automation Engine, see Automation Engine.
The agent selects the communication process (CP) with the best connection count. One communication process (CP) can handle 99999 connections on all platforms. The exceptions is zLinux where the limit is 65000.
Upon establishing a connection, the communication process (CP) provides the client (Automic Web Interface or agent) the performance values for the connection and information about all addresses of communication processes (CP) known in the system.
The addresses are used to update the corresponding sections of the INI file entries.

The number of agents, the number of connections per communication process, and the number of concurrent users logged in do have an upper limit. For the current upper limit of each, refer to the log files of the primary work process (PWP) and the communication processes (CP).

Using an AES Key

These agents also use an AES key level of your choice for encryption.

You define whether the communication is encrypted or not in the ENCRYPTION key available in the UC_AS_SETTINGS variable that is provided in system Client 0000. It is enabled by default. For more information, see UC_AS_SETTINGS - Advanced Security.

The following values are allowed for all components:

ENCRYPTION = NO

The communication between the components in an Automation Engine system is not encrypted.
ENCRYPTION = AES-128

Communication encrypted with a 128-bit key length.
ENCRYPTION = AES-192

Communication encrypted with a 192-bit key length.
ENCRYPTION = AES-256

Communication encrypted with a 256-bit key length.

The encryption strength has no negative effects on the performance of your system.

Encrypting the Communication

Follow these steps to encrypt the communication between the components in your Automation Engine system.

Note: If you are using old Agent versions with a more recent version of the Automation Engine, make sure that you deactivate the compatibility mode. For more information, see Deactivating the Compatibility Mode.

Log in to Client 0.
Enter UC_AS_SETTINGS in the Global Search field.
A dropdown list with a link to the variable opens up. Click it to display the UC_AS_SETTINGS.
Activate the checkbox next to ENCRYPTION to activate it.
Click the file icon in the Value 1 column to open the Cell Editor, where you can enter the encryption strength.
Save your changes.

For more information, see UC_AS_SETTINGS - Advanced Security.

This encryption strength will be used for the following components:

Password storage within the Automation Engine database repository
Database password reference within the Automation Engine configuration file
Communication between Automation Engines and Agents
Web Interface
API Calls

Deactivating the Compatibility Mode

To support Agents older than version 9.0, the Automation Engine supports unencrypted communication between components.

When the compatibility option is deactivated (COMPATIBILITY=NO) in the UC_AS_SETTINGS system variable, the Job Messenger will only accept encrypted connections. The only exceptions are connections from the local IP address and the IP addresses that are defined as such in the Agent object. Set the compatibility option to YES for Agents with a version older than 9.0.

The compatibility mode is deactivated as default for new installations. For more information, see UC_AS_SETTINGS - Advanced Security.

Important! Use this configuration only if you are using old Agents. Otherwise, make sure that COMPATIBILITY is set to NO to guarantee a secure network communication.