Set-LocalNodeServiceSecuritySettings
Synopsis
Sets the node's communication security settings.
Syntax
Set-LocalNodeServiceSecuritySettings [[-AuthenticationMode] <String>] [[-EncryptionMode] <String>] [[-ServerCertificateThumbprint] <String>]
Detailed Description
The Set-LocalNodeServiceSecuritySettings function modifies the security settings that the node uses to communicate with other applications.
Authentication
A node's authentication mode dictates how the node will determine the identity of a user that is trying to communicate with it (whether on behalf of Laserfiche applications or as Workers or Schedulers). By default, nodes do not attempt to authenticate clients. Nodes can be configured to identify callers using Windows Authentication.
The authentication mode must be set to Windows Authentication for a node to encrypt its communication and enforce authorization settings.
Encryption
Laserfiche Distributed Computing Cluster supports securing its communication with other applications using SSL over TCP. By default, a node does not encrypt its communication. Encryption can be enabled using the EncryptionMode parameter.
Parameters
-AuthenticationMode <String> Sets the method that a node uses to authenticate clients. Valid values are: -- None: Uses Anonymous authentication. -- Windows: Uses Windows Authentication to identify clients. Required? false Position? 1 Default value Accept pipeline input? false Accept wildcard characters? false -EncryptionMode <String> Sets the method used to encrypt its communication with other applications. Valid values are: -- None: Disables encryption -- WindowsTLS: Encrypts the communication channel using SSL over TCP. This mode has the service and the operating system automatically choose the certificates that are used to secure the channel. -- SSL: Encrypts the communication channel using SSL over TCP. This mode allows you to explicitly specify the certificate that is used to secure the channel. Required? false Position? 2 Default value Accept pipeline input? false Accept wildcard characters? false -ServerCertificateThumbprint <String> Sets the thumbprint of the X.509 certificate that is used to secure communication. This parameter is required if the EncryptionMode is being set to SSL, and is ignored otherwise. Required? false Position? 3 Default value Accept pipeline input? false Accept wildcard characters? false
Inputs
None
You cannot pipe input to this function.
Outputs
None
This function does not return any output.
Note: If you are configuring a node to use SSL and prefer to specify the certificate that is used, you must ensure:
Note: - The X.509 certificate is a service certificate. It should contain "Server Authentication" in its Intended Purposes field.
Note: - The X.509 certificate is placed in the appropriate store so that it can be accessed by the Laserfiche Distributed Computing Cluster service user.
Note: - The X.509 certificate is trusted by all machines that will communicate with the node. That is, all machines that run client or administrative applications (such as the web client or the Web Administration Console) and all Worker machines must trust the Scheduler's certificate. All machines in the cluster must trust a Worker's certificate.
Examples
Example 1
PS C:\> Set-LocalNodeServiceSecuritySettings -AuthenticationMode Windows -EncryptionMode WindowsTLS
This command sets the node to use Windows Authentication and to encrypt communication with SSL.
Example 2
PS C:\> Set-LocalNodeServiceSecuritySettings -AuthenticationMode Windows -EncryptionMode SSL -ServerCertificateThumbprint "f9 7f 3b ae 39 5f c9 b6 6a 08 e0 6c d3 eb 33 93 4e 61 4f 5b"
This command sets the node to use Windows Authentication and to encrypt communication channels with SSL. The service uses an X.509 certificate that is installed on the machine that has "f9 7f 3b ae 39 5f c9 b6 6a 08 e0 6c d3 eb 33 93 4e 61 4f 5b" as its thumbprint.
Example 3
PS C:\> Set-LocalNodeServiceSecuritySettings -AuthenticationMode None -EncryptionMode None
This command sets the node to use Anonymous Authentication and to disable encryption.