Enabling encryption on Clients
When installed, you can set up your Clients to encrypt all outgoing reports to protect data such as credit card numbers, passwords, and other sensitive information.
Note: You must have encryption enabled for your deployment
before enabling it for your Clients. In particular, for the required
option, your clients will become silent if you enable them without
first setting up your deployment.
To enable encryption, follow these steps:
- Open the BigFix Console.
- From the BigFix Management Domain, open the Computer Management folder and click the Computers node.
- Select the computer or set of computers that you want to employ encryption for.
- From the right-click context menu, select Edit Computer Settings.
- From the Edit Settings dialog, click Add.
- In the Add Custom Setting dialog, enter the setting name as
_BESClient_Report_Encryption (note the underline starting the name).
There are three possible values for this setting:
- required
- Causes the Client to always encrypt. If there is no encryption certificate available in the masthead or if the target computer (Relay or Server) cannot accept encryption, the Client will not send reports.
- optional
- The Client encrypts if it can, otherwise it sends its reports in clear-text.
- none
- No encryption is done, even if an encryption certificate is present. This allows you to turn off encryption after you enable it.
- Click OK to accept the value and OK again to complete the setting. You must enter your private key password to deploy the setting action.
For additional information about encryption, see Encryption.