3 Replies Latest reply on Aug 15, 2011 8:09 AM by René van Wijk

    Why SSL Node Manager?

      I haven't been able to locate any solid information regarding the merits of securing node manger through SSL. The EDG just says to do it.

      Can someone please provide the reasoning behind this? My VMs are behind a firewall, and for security puposes, I plan to enable host name verification, but I do not see why SSL of node manager is suggested.

      Thanks in advance.
        • 1. Re: Why SSL Node Manager?
          René van Wijk
          Very faint response: It is the default, so you do not have to configure anything.

          No seriously; using the node manager is all about (internal) network communication. When you want no one to get the usernames and passwords used
          you have to resort to SSL. Note that most security issues are related to internal misuse. This is usually the reason to go for SSL instead of
          plain communication, so that no one can mess up your system (even from the inside).

          More information about the node manager can be found here: http://download.oracle.com/docs/cd/E21764_01/web.1111/e13740/toc.htm
          1 person found this helpful
          • 2. Re: Why SSL Node Manager?
            Thank you for the reply Rene. I had reviewed that link, but it was vague there, as well.

            Would you please clarify the usernames and passwords comment? Are you saying this, in addition to host name verification, is to prevent someone internally from initiating an attack (suck as man-in-the-middle) to steal WL Admin usernames and passwords?

            • 3. Re: Why SSL Node Manager?
              René van Wijk
              I know it is paranoia, but in some environments this happens, so it is better safe than sorry.