Non-TLS/SSL Communication and Encryption
Non-TLS/SSL Agents establish a connection with a Communication Process (CP). A connection to the database of the AE is not required for this purpose because data exchanged between clients and the Automation Engine is exclusively exchanged through CPs.
This page includes the following:
Connecting to a Communication Process (CP)
Connections are established in several steps.
-
The Agent attempts to connect to a randomly selected communication process (CP) as specified in the parameter CP.PORTS= in the [PORTS] section of the INI file of the Automation Engine, see Automation Engine INI file.
-
The Agent selects the communication process (CP) with the best connection count. One communication process (CP) can handle 99999 connections on all platforms. The exceptions is zLinux where the limit is 65000.
-
Upon establishing a connection, the communication process (CP) provides the client (Automic Web Interface or Agent) the performance values for the connection and information about all addresses of communication processes (CP) known in the system.
-
The addresses are used to update the corresponding sections of the INI file entries.
The number of Agents, the number of connections per communication process, and the number of concurrent users logged in do have an upper limit. For the current upper limit of each, refer to the log files of the primary work process (PWP) and the communication processes (CP).
Using an AES Key
These Agents also use an AES key level of your choice for encryption.
You define whether the communication is encrypted or not in the ENCRYPTION key available in the UC_AS_SETTINGS variable that is provided in Client 0. It is enabled by default. For more information, see UC_AS_SETTINGS - Advanced Security.
The following values are allowed for all components:
-
ENCRYPTION = NO
The communication between the components in an Automation Engine system is not encrypted.
-
ENCRYPTION = AES-128
Communication encrypted with a 128-bit key length.
-
ENCRYPTION = AES-192
Communication encrypted with a 192-bit key length.
-
ENCRYPTION = AES-256
Communication encrypted with a 256-bit key length.
The encryption strength has no negative effects on the performance of your system.
Encrypting the Communication
Follow these steps to encrypt the communication between the components in your Automation Engine system.
-
Log in to Client 0.
-
Enter UC_AS_SETTINGS in the Global Search field.
-
A dropdown list with a link to the variable opens up. Click it to display the UC_AS_SETTINGS.
-
Activate the checkbox next to ENCRYPTION to activate it.
-
Click the file icon in the Value 1 column to open the Cell Editor, where you can enter the encryption strength.
-
Save your changes.
For more information, see UC_AS_SETTINGS - Advanced Security.
This encryption strength is used for the following components:
- Password storage within the Automation Engine database repository
- Database password reference within the Automation Engine configuration file
- Communication between Automation Engines and Agents
- Web Interface
- API Calls
See also: