VMware recommends that you configure your system to use encrypted connections wherever possible.

  • Brokers should be able to communicate with cleartext as well as encryption in both SM_INCOMING_PROTOCOL and SM_OUTGOING_PROTOCOL if a client only supports cleartext. This is required in this configuration since the Broker acts as both a client and a server, and must be able to communicate with every component in the system. Brokers do not need to support cleartext if all clients can make encrypted connections.

  • If a Domain Manager must connect to a client that only supports cleartext, then set SM_OUTGOING_PROTOCOL to cleartext as well as encryption.

  • Configure adapters with SM_OUTGOING_PROTOCOL set to require encryption. Only adapters that register with the Broker (--name option) can accept incoming connections. If you have adapters that accept incoming connections, setting SM_INCOMING_PROTOCOL to require encryption is appropriate.

    Also, if the adapter must connect, or be connected, to clients that support only cleartext, then add the cleartext option to the appropriate variable.

  • Configure any components that must run on networks outside the management domain with both SM_INCOMING_PROTOCOL and SM_OUTGOING_PROTOCOL set to encryption. Depending on the level of encryption, this will prevent snooping or man-in-the-middle attackers. You will not be able to connect directly to such a component by using a console.