1 Reply Latest reply on Apr 23, 2014 5:35 PM by chrisgoettl

    Cloud Protect nuts and bolts document?

    ebunaj Rookie

      Is there a support document or white paper that discusses the specific nuts and bolts communication between the Shavlik console and clients with the Cloud?  Our cyber department wants more information than I can provide to them.  Enabling an agent policy for the cloud seems like it could be more secure (and reliable) than a console on the DMZ with open ports, but I need specific information to provide to them before getting there blessing.  I've seen the information/documentation explaining how to register the console, and modify the agent policies, but I need more specifics on what is communicated and how.  Is the all the traffic encrypted, etc?  Thanks.



        • 1. Re: Cloud Protect nuts and bolts document?
          chrisgoettl SupportEmployee

          An excellent question!  You can absolutely replace the DMZ console if you change to the Cloud Agent. The only downside is you would need to reinstall the agent from the internal console to the agents that will be going in and out of the environment.  You can also use the cloud provisioning feature to install an agent completely outside your environment. 


          So, a little bit on the security of the feature.  The Console and Agent talk to the Cloud so neither has to open an inbound port.  The ProtectCloud acts as the proxy between the two.  Communication between console\cloud and agent\cloud is HTTPS web service calls using a token to provide mutual authentication.  All policy and result data is encrypted so only the console and the agent can decrypt.  The Cloud cannot decrypt your data only ensure delivery to authorized agents\console.  All data is encrypted in transit and at rest.  Results are picked up every 15 minutes so there is only a small windows of the results data being at rest before the console picks it up. 


          Hopefully this answers your questions. 

          1 of 1 people found this helpful