Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
51525354555657585960
n
An Enterprise certificate
n
One or more Collectors, each with a certificate
n
An Agent certificate for each managed machine, for mutual authentication
VCM Agents and Collectors trust each other when their respective certificates are issued by the same
Enterprise certificate.
To view information regarding your Enterprise and Collector certificates, click Administration, and select
Certificates.
Enterprise Certificate
The Enterprise certificate enables VCM to operate in a multiple Collector environment. Agents have the
Enterprise certificate in their trusted certificate stores, and can use it implicitly to validate any certificate
that the Enterprise certificate issues. All Collector certificates are expected to be issued by the Enterprise
certificate.
Without an overall Enterprise certificate, Agents can only report to their own Collector as shown in the
following figure. In effect, each Collector becomes an isolated Enterprise.
Figure 13–1. Dedicated Collector-Agent Relationship
In cases where a single Agent must report to two Collectors, a common Enterprise certificate must exist,
and the Enterprise certificate must issue all Collector certificates. When both Collector certificates are
issued by the same trusted authority, the Agent that is shared between the two can trust both Collectors
as shown in the following figure.
VCM Security Guide
60
VMware, Inc.