All JMS traffic between the agent and the server is encrypted with Transport Layer
Security (TLS). However, starting with version 6.2.2 of the IBM® UrbanCode™ Deploy, the
server creates by default a unique key for agents that connect to it and encrypts all JMS traffic to
the agent with this key. This encryption ensures that instructions that are meant for an agent can't
be read or used by another client on the JMS mesh.
Before you begin
Upgrade IBM UrbanCode Deploy to
version 6.2.2 or later.
Procedure
- Upgrade each agent to version 6.2.2 or later. Agents that are not being upgraded can communicate with the server during this process, so you
can upgrade agents one at a time.
- Required: Set the system time on the server and the computers that agents are running on to times that
are the same or within a few minutes of each other. The server and computers with agents do not have
to be in the same time zone, but they must agree about the global time within approximately 5
minutes.
- Optional: If it is not feasible to synchronize the system times or if you want to disable end-to-end JMS
encryption, add the following line to agent's installed.properties file, and
then restart the agent:
agent.jms.disable_full_encryption=true
Results
You can view the API key of an agent by clicking on the server. If you suspect that an agent was compromised, select the API key and
then click to revoke the API Key and prevent the agent from connecting to the server.