The communication layer (iSCALE) connecting all components of the architecture is an encrypted TCP/IP based connection built on a JMS (Java Messaging Service) backbone. With Sentinel 6, an optional SSL proxy has been added to secure the Collector Manager and Sentinel Control Center components if they are installed outside the firewall.
Figure 6-1 Sentinel Architecture
There are two communication options available when installing the Collector Manager:
Connect directly to the message bus (default): This is a simplest and fastest option. It requires the Collector Manager to know the shared message bus encryption key, however, which can be a security risk if the Collector Manager is running on a machine that is exposed to security threats (for example, a machine in the DMZ). This option will encrypt communications using AES 128-bit encryption based on the data in a file called .keystore.
Connect to the message bus through the proxy: This option adds an additional layer of security by configuring the Collector Manager to connect through an SSL proxy server. In this case, certificate-based authentication and encryption will be used, so the .keystore does not need to be stored on the Collector Manager machine. This is a good option when the Collector Manager is installed in a less secure environment.
Either of these options can be selected when installing the Collector Manager. The Sentinel Control Center uses the proxy by default.