Security Considerations
Here are security configuration considerations you should address to ensure the secure operation of the Archer Engage Agent when maintaining your environment.
On this page
Ports
The API hosted in the Engage Agent uses port 5001. To ensure a successful SSL handshake between the Engage Agent and Archer, verify that port 5001 is open on the server hosting the Engage Agent.
SSL
Archer and the Engage Agent use the same X. 509 Certificate to connect to the Configuration Service. For more information on certificates, see Preparing for Installation.
Note: Use a CA-signed SSL certificate. Using a self-signed certificate requires establishing a chain of trust between the Engage Agent and your Archer instance.
There is an option to bypass SSL-related errors for Archer SSL-enabled endpoints. If Archer and Engage Agent are in a network of trusted boundary, you can turn this on or off in the
In the
If you set
Service Account
The Engage Agent creates a new dedicated service account for your Archer instance. The Engage Agent uses this account to run the Archer
CSRF Token
The Engage Agent uses a CSRF token to verify that the Archer user who initiated the publish request has Read access to the Archer content. This session token is located in the browser cookie, and any call made to the Archer Web server has the cookie attached.
Encryption
The Engage Agent generates a 256-bit Data Encryption Key (DEK) for each Archer instance and a separate DEK for common installation settings across all Archer instances. The DEKs are encrypted with a pre-existing 128-bit Key Encryption Key (KEK) and stored in
Authentication
After onboarding the Archer instance to the Engage Agent, the Agent creates a