Managing on-prem targets using the secure client

A secure client, also known as the secure connector for hybrid support, is an agent that you install in your on-prem environment so that a SaaS server can manage on-prem targets, such as VMware vCenter and Red Hat OpenShift.

Supported on-prem targets

The following list includes supported targets for the secure client. Targets are disabled by default, unless otherwise noted.

Note:

When you first install the secure client operator on a non-OVA environment, all probes are disabled by default.

  • Applications and Databases

    • Apache Tomcat 7.x, 8.x, or 8.5.x

    • Datadog

    • IBM WebSphere Application Server 8.5+

    • JBoss Application Server 6.3+

    • JVM 6.0+

    • SQL Server 2012, 2014, 2016, 2017, 2019, or 2022

    • MySQL 8.0

    • Oracle 19c or 21c

    • Oracle WebLogic 12c

  • Fabric and Network

    • Cisco UCS Manager 3.1+

      This target is enabled by default.

    • HPE OneView 3.00.04

  • Guest OS Processes

    • SNMP

    • WMI: Windows 7, 8, 8.1, 10, 2008 R2, 2012, 2012 R2, 2016, or 2019

  • Hyperconverged

    • Cisco HyperFlex 3.5

    • Nutanix Community Edition

    • VMware vSAN

      This target is enabled by default.

  • Hypervisors

    • IBM PowerVM

      • HMC 10: Power8, Power9, or Power10

      • HMC 9: Power8 or Power9 only; Power7 LPARs and Systems are ignored.

    • Microsoft Hyper-V 2012 R2, 2016, 2019, or 2022

    • VMware vCenter 7.0 or 8.0

      This target is enabled by default.

  • IT Management

    • FlexNet Manager Suite 2023 R2 or above

  • Orchestrator

    • Action Script

    • ServiceNow

      Certified for ServiceNow versions:

      • Utah

      • Vancouver

      • Washington

  • Private Cloud

    • VMM for Microsoft System Center 2012 R2, System Center 2016, System Center 2019, or System Center 2022

  • Storage

    • EMC ScaleIO 2.x or 3.x

    • EMC VMAX using SMI-S 8.1+

    • EMC VPLEX Local Architecture with 1:1 mapping of virtual volumes and LUNs

    • EMC XtremIO XMS 4.0+

    • HPE 3PAR InForm OS 3.2.2+, 3PAR SMI-S, 3PAR WSAPI

    • IBM FlashSystem running on Spectrum Virtualize 8.3.1.2 or later (8.4.2.0 or later recommended)

    • NetApp Cluster Mode using ONTAP 8.0+ (excluding AFF and SolidFire)

      This target is enabled by default.

    • Pure Storage F-series and M-series arrays running Purity 5.3.6 and 6.4.4 (Pure API 1.6)

      This target is enabled by default.

  • Virtual Desktop Infrastructure

    • Horizon 7.0 or higher

Encryption of secure client data

To maintain data security, the secure client encrypts data in the following ways:

  • Data in transit is encrypted using TLS 1.2+.
  • Data at rest is encrypted using AES 256.

Secure client deployment methods

You can install the secure client by using the Open Virtual Appliance (OVA), Red Hat OpenShift OperatorHub, Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), or Google Kubernetes Engine (GKE).

Secure client updates

The secure client automatically updates each time your Turbonomic representative updates your SaaS server to a new version. The update process keeps the version of the secure client components (probes and tunnel) in sync with the server. If the secure client is unable to update for some reason, it attempts to update periodically until it succeeds.

Note:

As a customer, it is your responsibility to install and maintain the secure client. Maintenance includes keeping the OS up-to-date and applying the necessary security patches within the OVA deployment. It is the responsibility of Turbonomic to upgrade and maintain the probes and secure connector tunneling components, and address Turbonomic security issues as part of the regular product updates.