VMware recommends that you configure your system to use encrypted connections wherever possible.

Table 1. Suggested encryption connections in non-FIPS 140 mode
Connections for Recommended Encryption Conditions Additional Information
Broker
  • Cleartext
  • Encryption in SM_INCOMING_PROTOCOLand and SM_OUTGOING_PROTOCOL
  • TLS v1.2
If client supports only cleartext.
Note: The Broker need not support cleartext if all clients can make encrypted connections.
This is a required configuration since the Broker acts as a client as well as a server.

The Broker should be able to communicate with every component in the system.

Domain Manager Set SM_OUTGOING_PROTOCOL to cleartext as well as encryption When the Domain Manager must connect to a client that supports only cleartext. None
Adapters TLS v1.2 For Adapters based on Foundation 9.1 None
Set SM_INCOMING_PROTOCOL to encryption If you have Adapters that accept incoming connections from clients that are not TLS capable. Adapters that register with the Broker, can accept incoming connections.
Add cleartext option to the appropriate variable If you have Adapters that support only cleartext. None
Components running on network outside the management domain
  • Set SM_INCOMING_PROTOCOL to encryption
  • Set SM_OUTGOING_PROTOCOL to encryption
  • TLS v1.2
To configure any components that must run on networks outside the management domain. Depending on the level of encryption, this will prevent snooping or man-in-the-middle attackers. You will not be able to connect directly to such a component by using a console.