SDK software provides multiple levels of security which SDK administrators can use to secure their system and control access to it. The various levels of security can be implemented through:
Authentication and user privileges
Client-server connections can be controlled on both the client and server sides of the system. The system is secured by using authentication records and by assigning connection privileges on the server side. When a client initiates a connection to a server, the client must supply appropriate authentication to the server before the connection (as defined by the connection privileges) is permitted. “Configuring authentication” on page 89 provides detailed information.
Passwords can be encrypted in the serverConnect.conf, clientConnect.conf, and brokerConnect.conf files. Encryption is based on a secret phrase, common to all of the SDK applications that must interact, and is used to encrypt password fields in the authentication records. “Encrypted passwords” on page 102 provides detailed information.
Passwords can also be encrypted in seed files. “Encrypted seed files” on page 104 provides detailed information.
SDK software can provide three levels of security above cleartext communication: Diffie Helman-Advanced Encryption Standard (DH-AES), encryption based on the site secret, and DH-AES used in conjunction with the site secret. The levels of security are configured by way of values for environment variables. “Encrypted connections” on page 105 provides detailed information.
The SDK security features are enabled with default settings when you install SDK software. The default security settings are thoroughly documented and permit access to the system. As a result, you should change the default usernames, passwords, and the secret phrase to enforce access control to SDK software. In addition, you should restrict access to the security configuration files, as described in “Specifying alternate security configuration files” on page 97.Note:
An SDK administrator can also place access restrictions on certain console operations by applying user profiles. This ability to restrict SDK users to certain operations is described in the VMware Smart Assurance Service Assurance Manager Configuration Guide.