Searching...
Filters
SmallMediumLarge
Home Print Show Topic URL Previous Next
IT Management Suite
Client Management Suite
Server Management Suite
Deployment Solution
Asset Management Suite
ServiceDesk

Configuring Notification Server to use HTTPS after ITMS installation is completed

ITMS Installation and Upgrade

After the ITMS installation is completed, you can configure the Notification Server and other components in your ITMS environment to use HTTPS mode.

Notification Server is automatically configured to use HTTPS if you select the Require HTTPS to access the Management Platform on the Notification Server Configuration page, in Symantec Installation Manager, during the installation of IT Management Suite. When you roll out Symantec Management Agents from a Notification Server that uses HTTPS, the Symantec Management Agents are also automatically configured to use HTTPS.

If you install Notification Server without HTTPS support, you can manually configure it later. You also have to redirect the Symantec Management Agents to use HTTPS for communicating with Notification Server.

Following are the advantages of configuring your environment to use HTTPS mode:

  • Increased secure and reliable communication

    HTTP is unsecured and is subject to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks. HTTPS mode of communication creates a secured channel for a communication that is more reliable and improves communication with client computers.

  • Ability to set up Cloud-enabled Management

    After you configure your environment to use HTTPS mode, you can start setting up Cloud-enabled Management. Cloud-enabled Management lets you manage endpoints over the Internet even if the client computers are outside of the corporate environment and cannot access the management servers directly.

    For more information about setting up Cloud-enabled Management, see the Setting up Cloud-enabled Management chapter in the IT Management Suite 7.5 SP1 Administration Guide.

For more information about setting up HTTPS communication in your ITMS environment, see the How to run ITMS on HTTPS feature card.

The process of setting up HTTPS communication in your ITMS environment involves the following steps:

Table: Process of setting up HTTPS communication in your ITMS environment

Step

Action

Description

Step 1

Create or import an appropriate SSL certificate.

You must obtain an SSL certificate that is used to encrypt and decrypt the information that is transferred over the network.

See Creating or importing an SSL certificate

Step 2

Create an HTTPS binding.

You must create an HTTPS binding for a website by using the newly-created SSL certificate.

See Creating an HTTPS binding

Step 3

Verify the HTTPS binding by making a request to the website.

After you have created an HTTPS binding, you must verify that the selected website uses the HTTPS binding that you specified.

See Verifying the HTTPS binding

Step 4

Configure your Notification Server and Symantec Management Agents to use HTTPS.

Ensure that your Notification Servers are configured for HTTPS access and that your Symantec Management Agents use HTTPS.

See Configuring Notification Server to use HTTPS

Step 5

Apply a root certificate authority certificate to a managed computer.

Add the root certification authority (CA), which issued the SSL certificate, to the list of trusted CA on all the managed computers. This task involves manually exporting the root certificate from NS, and then applying the exported root certificate to all managed computers.

See Exporting a root CA certificate from Notification Server

Step 6

Redirect the Symantec Management Agent to communicate to the HTTPS port of ITMS.

Before you can bring a Symantec Management Agent under Cloud-enabled Management, you need to ensure that the agent uses HTTPS for communicating with Notification Server.

See Redirecting the Symantec Management Agent to use HTTPS

Step 7

Configure a package server to publish HTTPS package codebases.

You can configure HTTPS on your package servers by using the Package Service Settings page. This page specifies the global package service settings that are applied to all package servers that serve your Symantec Management Platform.

Step 8

(Only required for setting up Cloud-enabled Management)

Configure site servers to use HTTPS.

To serve CEM agents, site servers have to be configured to use HTTPS. This process is automated by Cloud-enabled Management Site Server Settings policy. When a new site server is assigned to an Internet site, an SSL certificate is distributed and HTTPS binding is created on the 443 port. By default, Cloud-enabled Management Site Server Settings policy does not affect the functionality of site servers that already use HTTPS. For example, if you assign a site server with an existing HTTPS binding to an Internet site, the binding is not overwritten.

See Configuring Cloud-enabled Management Site Server Settings policy

Step 9

(Only required for setting up Cloud-enabled Management)

Configure sites and site servers to serve Cloud-enabled agents.

The Cloud-enabled agents that are behind the Internet gateway use Internet sites for determining site services. In the Symantec Management Console, you must add your site servers to a predefined Default Internet Site or other Internet sites that you want to use. You must also assign the Cloud-enabled computers to the sites that are based on resource targets. This manual assignment ensures that each computer remains a member of the appropriate site regardless of where it is physically located.

See Configuring sites and site servers to serve Cloud-enabled agents