HCL Workload Automation, Version 9.4

Configuring SSL attributes

Use the composer command line or the Dynamic Workload Console to update the workstation definition in the database. See the HCL Workload Automation: User's Guide and Reference for further information.

Configure the following attributes:

secureaddr

Defines the port used to listen for incoming SSL connections. This value must match the one defined in the nm SSL port local option of the workstation. It must be different from the nm port local option that defines the port used for normal communications. If securitylevel is specified but this attribute is missing, 31113 is used as the default value.

securitylevel

Specifies the type of SSL authentication for the workstation. It must have one of the following values:

enabled: The workstation uses SSL authentication only if its domain manager workstation or another fault-tolerant agent below it in the domain hierarchy requires it.
on: The workstation uses SSL authentication when it connects with its domain manager. The domain manager uses SSL authentication when it connects to its parent domain manager. The fault-tolerant agent refuses any incoming connection from its domain manager if it is not an SSL connection.
force: The workstation uses SSL authentication for all of its connections and accepts connections from both parent and subordinate domain managers. It will refuse any incoming connection if it is not an SSL connection.

If this attribute is omitted, the workstation is not configured for SSL connections. In this case, any value for secureaddr will be ignored. You should also set the nm ssl port local option to 0 to be sure that this port is not opened by netman. The following table describes the type of communication used for each type of securitylevel setting.

Table 1. Type of communication depending on the securitylevel value
Fault-tolerant agent (domain manager)	Domain manager (parent domain manager)	Connection type
-	-	TCP/IP
Enabled	-	TCP/IP
On	-	No connection
Force	-	No connection
-	On	TCP/IP
Enabled	On	TCP/IP
On	On	SSL
Force	On	SSL
-	Enabled	TCP/IP
Enabled	Enabled	TCP/IP
On	Enabled	SSL
Force	Enabled	SSL
-	Force	No connection
Enabled	Force	SSL
On	Force	SSL
Force	Force	SSL

The following example shows a workstation definition that includes the security attributes:

cpuname MYWIN
os WNT
node apollo
tcpaddr 30112
secureaddr 32222
for maestro
autolink off
fullstatus on
securitylevel on
end