Enable, disable, and configure settings associated with the different network-accessible processes that can run on your DCE server: web server, SSH daemon, SNMP daemon, and SOCKS proxy.
SNMP Server tab
Enable or disable the use of an SNMP agent at your server, define the community names and the port setting used for SNMP access to monitored devices, and identify the contact and location information for the server.
SOCKS Proxy tab
Enable or disable the server's built-in SOCKS v5 proxy server. This proxy server, which uses port 1080, allows users with proxy access to access devices that reside on the private DHCP LAN, by accessing the server from the public LAN.
SSH Server tab
Secure Shell (SSH), a program that provides strong authentication and secure communications over insecure channels. SSH is used to log into a server on the network from a command line to execute commands.
SSH is currently running Enabled by default. Allows SSH access to the Data Center Expert server. Disabling SSH will cause the SSH daemon to be terminated. No new SSH sessions will be allowed. Existing SSH sessions will not be affected.
SSH starts at boot time Enabled by default. Starts SSH whenever the server is turned on or rebooted.
Note: SSH is primarily intended for use with technical support guidance in troubleshooting device issues.
Web Server tab
HTTP and HTTPS settings
Enabling and disabling HTTP or HTTPS access, or changing the ports used, can prevent devices from providing data to your Data Center Expert server.
Enable HTTP Port Select to enable the Data Center Expert server to use HTTP, a non-secure Internet protocol, for web communication at the defined IP port. HTTP is disabled by default.
Enable HTTPS port The Data Center Expert server always uses HTTPS, a secure Internet protocol, for web communication. You can specify the IP port, 443 by default.
Note: IP ports 1 - 65535 are valid, with the exception of ports 20, 21, 22, 23, 25, 123, 161, 162, and 389. These are ports reserved for use by NetBotz appliances and by well-known protocols. Using these reserved ports creates a conflict that can result in operational difficulties.
Manage (add, edit, or delete) the current Secure Socket Layer (SSL) certificate used for HTTPS communication.
Modify Certificate: Access the "Modify Server SSL Certificate" wizard to add or create a new certificate. This option is only enabled when the default, self-signed SSL certificate is in use.
Delete Signed Certificate: Remove a signed 3rd-party SSL certificate and revert back to using the default SSL certificate generated by the Data Center Expert server.This option is only enabled when the default, self-signed SSL certificate has been replaced by a 3rd-party certificate.
Security Policy tab
Configure the system-wide cryptographic policy used by the Data Center Expert server.
Crypto policies are a system component that configure the core cryptographic subsystem security policies instead of using individual configurations.
Select one of the cryptographic policies the Data Center Expert server supports:
- Future: Most restrictive to withstand near-term future attacks
- Default: Secure settings for current threat models
- Legacy policy: Least restrictive for maximum compatibility
- DCE: Custom policy, less restrictive than Default and more restrictive than Legacy
These policies are applied consistently to running services and are kept up to date as part of Data Center Expert software updates.
When a new policy is set, the web server and SSH server on the DCE server will restart.
The DCE policy is selected by default. The DCE policy is similar to the Legacy policy except that the DCE policy does not allow any RC4 or 3DES based ciphers.
See the documentation for security policy definitions from Red Hat here.