You can use the following properties in
trc.properties to control, how
secure communications are enforced.
secure.url=
Modifiable field |
secure.url |
Field Description |
Determines the base URL that is used to redirect requests when secure
communications are required. |
Possible Values |
User-defined - for example
HTTPS://X.X.X.X/trc , where X.X.X.X is the IP
address of your BigFix® Remote
Control server.
Note: This separate URL property is required because replacing HTTP with HTTPS in the base URL does
not work because the ports for each URL might be different. |
Value Definition |
User-defined. URL and context root of application when you are using secure
connections. |
enforce.secure.web.access=
Modifiable field |
enforce.secure.web.access |
Field Description |
An HTTP request that is not a call home, upload, or
validation request is redirected to the secure URL. The value that is set in the
secure.url property is used as a base. |
Possible Values |
True or False |
Value Definition |
- True
- The HTTP request is redirected to the secure URL. This value is the default value.
- False
- The HTTP request is not redirected to the secure URL.
Note: When you change the value of this property, you must restart the BigFix® Remote
Control server service
for the new value to take effect.
|
enforce.secure.endpoint.callhome=
Modifiable field |
enforce.secure.endpoint.callhome |
Field Description |
Determines the URL that a target uses to
contact the BigFix® Remote
Control server.
|
Possible Values |
True or False |
Value Definition |
- True
- If a call home is received by using HTTP, the request is redirected
to the secure URL. The secure URL is also returned in the response from the server. Targets are
forced to use the secure URL when they send heartbeats to the BigFix® Remote
Control server. This value is the default value.
- False
- Targets are not forced to use the secure URL when they send
heartbeats to the BigFix® Remote
Control server.
Note: From BigFix® Remote
Control V9.1.3, HTTPS
secure communication is enforced by setting the url property in the
trc.properties file to HTTPS when Force targets to use
https is selected during installation. To ensure HTTP target communication, confirm that
the url property is set to the HTTP URL in the
trc.properties file. If the url property is set to HTTPS,
the targets use HTTPS after they first contact the server.
Note: When you change the value of this property, you must restart the BigFix® Remote
Control server service
for the new value to take effect.
|
enforce.secure.endpoint.upload=
Modifiable field |
enforce.secure.endpoint.upload |
Field Description |
Determines whether the controller or target uses
the secure URL to upload the recordings and audit information to the server. |
Possible Values |
True or False |
Value Definition |
- True
- If an upload or a validation request is received by using HTTP, the
server redirects the request to an equivalent URL. The equivalent URL is built with the value that
is defined in secure.url as a base. It also uses the value of
secure.url as a base to provide the upload and validation URLs to the
controller and target when the session starts. This value is the
default value.
- False
- The server does not redirect to the secure URL if an upload or a
validation request is received by using HTTP.
Note: From BigFix® Remote
Control V9.1.3, HTTPS
secure communication is enforced by setting the url property in the
trc.properties file to HTTPS when Force targets to use
https is selected during installation. To ensure HTTP target communication, confirm that
the url property is set to the HTTP URL in the
trc.properties file. If the url property is set to HTTPS,
the targets use HTTPS after they first contact the server.
Note: When you change the value of this property, you must restart the BigFix® Remote
Control server service
for the new value to take effect.
|
The following examples consider scenarios that reflect different security requirements that
you might have about communications with the
BigFix® Remote
Control Server:
- Example 1: All endpoint and user communications with the server must be encrypted with SSL.
Configuration
- Set secure.url in the trc.properties file to contain
the HTTPS URL.
- Set the three enforce.secure properties to true by editing the
trc.properties file.
- The Target and CLI do not need to be explicitly configured to use the HTTPS URL, but doing so
avoids the first redirection.
- Example 2: All user communications with the server must be encrypted with SSL. Endpoint
communications that are not callhomes must be encrypted. For example, audit and recording
uploads or validating session requests.
Configuration
- Configure the HTTP URL to be used by the call homes in the urlproperty in
the trc.properties file.
- Configure the HTTPS URL to be used by the users, endpoint uploads, and the API in the
secure.url property.
- enforce.secure.web.access = true.
- enforce.secure.endpoint.callhome = false.
- enforce.secure.endpoint.upload = true.
- Target and CLI tools are configured with the HTTP URL.
- Example 3: All user communications with the server must be encrypted with SSL. Endpoint
communications do not need to be encrypted.
Configuration
- Configure the HTTP URL to be used by the endpoints call home and uploads in the URL property in
the trc.properties file.
- Configure the HTTPS URL to be used by the users and the API in the secure.url
property.
- enforce.secure.web.access = true.
- enforce.secure.endpoint.callhome = false.
- enforce.secure.endpoint.upload = false.
- Target and CLI tools are configured with the HTTP URL.
- Example 4: No need for enforcement other than through the regular configuration options
(url property and ServerURL).
Configuration
- url = http://localhost/trc.
- secure.url = https://localhost/trc.
- enforce.secure.web.access = false.
- enforce.secure.endpoint.callhome = false.
- enforce.secure.endpoint.upload = false.