Symantec Management Platform (Notification Server)

 View Only

About security on the Task Server’s Notification Server and Site Servers  

Nov 30, 2011 02:11 PM

This article explains the types of security that are available for the Task Server’s Notification Server (NS) and Site Servers and how they are supported.

The Task Server connects to the NS using the same URL that the agent on the machine is using. For example, if the agent uses HTTPS so will task server.

The Task Server verifies the NS’s server certificate using .NET mechanisms. These mechanisms are the same as the ones that the agent uses.

These mechanisms are:

  • The certificate must be valid (I.e. not expired, matching checksums, etc.)
  • The certificate must be issued by a trusted Certification Authority (CA). The CA certificate must be in the machine’s trusted certification authorities store.
  • The subject name on the certificate must match the name that it is trying to connect to.
  • Be careful when using IP addresses. If an IP address is used to connect to NS the code will verify that the server certificate subject name is the same as the IP address which is not a common arrangement.

Since the Task Server does not care what type of bindings are configured in IIS, HTTPS-level access to clients is available. The Task Server can be accessed through HTTPS or HTTP if IIS allows the Task Server’s website to be accessed that way. The agent talks to the NS according to the configured NS URL.

When the communicating to the Task Server, the following rules apply:

  • HTTPS will be tried only if the NS URL is using HTTPS, in which case it will be tried first.
  • If the Task Server does not accept registration via HTTPS, HTTP is tried next.
  • If the NS URL is HTTP, only HTTP will be tried.

When handling custom port numbers, the following rules apply:

  • If the NS URL explicitly contains a port number, that port number is tried for both HTTPS and HTTP.
  • If the NS URL does not contain an explicit port number, then the corresponding default ports are used for HTTP (80) and HTTPS (443).

Note: Tickle connections between the Task Server and NS as well as between the Agent and Task Server are not secured by SSL.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.