DCO Server - HTTPS and TLS1.2 - Don't works.

DCIM_Support · ‎2020-07-05

This question was originally posted on DCIM Support by Andres Cordero on 2018-11-10

Preview:

- One of the biggest national banks in our country has the DCO and DCE running in virtual servers.
- The DCO is running in version 8.0.3-66536-08cb94
- The DCE is running in version 7.6.0.114

Customer requirements:

- The customer only admits the security protocol “TLS version 1.2” and "HTTPS" in all the communication protocols.
This is mandatory in the client console - Server - webmin - applications - devices.

Remarks:

- When the DCO detects a communication with one DCE server.
It exports the information for the devices in the DCE server and also enables the possibility to associate the device with a genome in the graphical design.

- The DCO has the capability to open associated devices inside the DCE server.

- All devices inside DCE must be configurated as follow:
Web Settings: HTTPS enabled // Minimum Protocol TLS 1.2

- The DCE is capable to get access to devices with the combination previously described.
HTTPS enabled // Minimum Protocol TLS 1.2 ---------- Works!!
HTTP enabled // Minimum Protocol TLS 1.2 ---------- Works!!

- The DCO is not capable to get access to devices with the combination previously described.
HTTPS enabled // Minimum Protocol TLS 1.2 ---------- Don't Work!!
HTTP enabled // Minimum Protocol TLS 1.2 ---------- Works!!

- The DCO detect all the devices inside the DCE platform,
but It's not able to show in the respective folder 3 devices that are not associated with the DCO graphical design.

The customer requires to get access to the DCO using web security connection “https:” with port 443, also with the communication protocol TLS 1.2. (it is mandatory!).

Question:

- Why the combination HTTPS enabled // Minimum Protocol TLS 1.2 is not operational on the DCO server but It works on DCE?
- Why the devices no associated with the DCO graphical design are not showed as available in their respective folders?

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Jef Faridi on 2018-11-12

Hi Andres,

Can you please add some screenshots (mask sensitive data) illustrating configurations and problem(s).

In my setups, DCO ssl encryption using TLSv1.2 and ssl (port 443) communication with DCE (as external system): works without any problem.

Kind regards

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Andres Cordero on 2018-11-23

Hi,
Images attached.

DCIM_Support · ‎2020-07-05

This answer was originally posted on DCIM Support by Jef Faridi on 2018-11-28

Hi Andres,

From DCO side, it seems it's working as designed.

The Discovered Devices view is showing the discovered items, if the communication between your DCO and DCE is using Encryption (port 443), then that is working fine.

Right clicking to an item (in Discovered Devices) and Launch to Device may only start your default browser to initiate the log session to your device via DCE (https://<dce server IP>/privateproxy/deviceID). DCO will not be involved in that communication.

You have also asked "Why the devices no associated with the DCO graphical design are not showed as available in their respective folders?" can please clarify the question with some screen captures.

PS. It is highly recommended to consider upgrading the product to latest release version (currently DCO 8.2.12), which contains many enhancements including security updates.

Kind regards

DCIM_Support · ‎2020-07-05

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.