Security overview

You must implement security and encryption to the degree appropriate for your deployment and environment. Review the following tasks that you must take to ensure a secure deployment.

You must set up the Connect:Direct® administrator user ID on all target systems.

In order for Control Center to establish a secure connection with the Connect:Direct nodes after they are installed, install the nodes with a keycert. You must also configure the Secure+ .Client record to use the keycert. If you establish a secure connection from a client, you can safely complete more security configuration tasks. These configuration tasks include adding users and updating keycerts, with the Connect:Direct API. For more information, see the IBM Sterling Control Center Getting Started Guide.

For ease of deployment, use a single keycert for all the nodes in a group during deployment. A single keycert facilitates a secure connection so that you can use Control Center to apply production keycerts to the deployed nodes. For more information, see the IBM Sterling Control Center Configuration Management Guide.

CAUTION:
Encrypt the keycert passphrase to keep it protected. Decrypt the keycert passphrase immediately before you install a Connect:Direct node.
Tip: If you use Tivoli Endpoint Manager for deployment, the passphrase is encrypted for you.