Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
51525354555657585960
Authentication
13
Authentication
This chapter describes the VCM authentication and certificate structure. To understand these concepts,
you must have some familiarity with secure authentication and certificates.
Transport Layer Security
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic
protocols that provide endpoint authentication and secure communication over any transport. TLS is
normally associated with TCP/IP communication but can be applied to any transport layer, including
HTTP. TLS allows for server authentication and mutual authentication security.
Server Authentication
Server authentication only authenticates the server to the client. With server authentication, the client
verifies that the server with which it is communicating is the server that it claims to be. When browsing,
your browser is the client, and a Web site such as Amazon is the server. Millions of clients need to be sure
that the site to which they are sending financial information is really Amazon.
To accomplish this using TLS, Amazon provides a certificate issued by a trusted authority such as Verisign.
When your browser has a copy of the Verisign certificate in its trusted store, it can know when a server
really is the one at Amazon. In the other direction, the server usually authenticates a client by verifying
credentials such as a user name and password.
If you want to use server authentication without mutual authentication, VCM can support that
configuration. Under server authentication, VCM Agents authenticate the identity of a VCM Collector by
recognizing and verifying its certificate. However, counterfeit Agents are possible with server
authentication. Server authentication alone is called Collector Authentication in VCM.
Mutual Authentication
Mutual authentication employs certificates in both directions; from the server to the client, and from the
client to the server. Mutual authentication is more secure because the client certificate requires the private
key that only exists on a legitimate client.
Starting with version 5.5, VCM uses mutual authentication out of the box. A Collector certificate is
employed for server authentication, and Agent certificates are employed in the other direction so that the
Collector authenticates the Agent.
Keys and Certificates
Communication between VCM systems relies on keys and certificates for authentication.
VMware, Inc.
57