VMware recommends that you configure your system to use encrypted connections wherever possible.
| Connections for | Recommended Encryption | Conditions | Additional Information |
|---|---|---|---|
| Broker |
|
If client supports only cleartext.
Note: The
Broker need not support cleartext if all clients can make encrypted connections.
|
This is a required configuration since the Broker acts as a client as well as a server. The Broker should be able to communicate with every component in the system. |
| Domain Manager | Set SM_OUTGOING_PROTOCOL to cleartext as well as encryption |
When the Domain Manager must connect to a client that supports only cleartext. | None |
| Adapters | TLS v1.2 | For Adapters based on Foundation 9.1 | None |
Set SM_INCOMING_PROTOCOL to encryption |
If you have Adapters that accept incoming connections from clients that are not TLS capable. | Adapters that register with the Broker, can accept incoming connections. | |
| Add cleartext option to the appropriate variable | If you have Adapters that support only cleartext. | None | |
| Components running on network outside the management domain |
|
To configure any components that must run on networks outside the management domain. | Depending on the level of encryption, this will prevent snooping or man-in-the-middle attackers. You will not be able to connect directly to such a component by using a console. |
