Making Changes to the Communication Layer (iSCALE)

The communication layer (iSCALE) connecting all components of the architecture is encrypted. Communication between all parts is an encrypted TCP/IP based connection. By default this communication is encrypted using AES 256 bit. ARC4 is available for use.

Change the encryption method and the key using keymgr. The program generates a file in the lib directory of a Sentinel installation ($ESEC_HOME/lib or %ESEC_HOME%\lib) called .keystore. This file must be copied to each machine that has an e-Security component installed.

Best pratices recommends that the default security key be changed to provide unique encryption and authentication parameters.

Making key changes or enable other encryption methods

1. For Solaris, login as esecadm. For Windows, login as a user with administrative rights.
2. cd to:

For Windows:

%ESEC_HOME%\lib

For Solaris:

$ESEC_HOME/lib

1. Run the following script:

java –jar keymgr.jar --keyalgo --keysize 256

This will allow you to set your encryption method. A file called .keystore will be created in the lib directory.

4.Copy .keystore to each machine with a Sentinel component installed. The file should be copied to:

For Windows:

%ESEC_HOME%

For Solaris:

$ESEC_HOME

5.If the Sentinel environment is set for Windows Authentication, skip this step.

§On the machine where DAS is installed, cd to:

%ESEC_HOME%\sentinel\config

§run the following commands:

For Windows:

dbconfig.bat -a . -p

For Solaris:

dbconfig -a . -p

§Restart all services for .keystore to be reloaded.