Filter
Top Products
EncrypTight Component Connections
EncrypTight User Guide 27
This section describes the planning for the following connections:
● “ETPM and ETKMS on the Same Subnetwork” on page 27
● “ETPM and ETKMS on Different Subnetworks” on page 27
ETPM and ETKMS on the Same Subnetwork
When the ETPM is located on the same subnetwork as the external ETKMS, the ETPM communicates
with the ETKMS over the internal protected network using Ethernet connections as shown in Figure 7.
Figure 7 ETPM and ETKMS located in the same subnetwork
ETPM and ETKMS on Different Subnetworks
The ETPM and ETKMS interconnections on different subnetworks depends on the type of policy: Layer
3 IP policy or Layer 2 Ethernet policy.
ETPM and ETKMS in Layer 3 IP Policies
With larger IP networks, the ETPM and the external ETKMSs could be located on different subnetworks,
as shown in Figure 8. When managing the ETPM and ETKMS in-line, the communications path between
the devices must pass through one or more PEPs and potentially one or more firewalls. For in-line
management, in which management traffic can flow through the data path, be sure that the Enable
passing TLS traffic in the clear feature is selected on all PEPs. Enable this feature from the ETEMS
Appliance editor. By default, the Layer 3 PEPs are configured to pass all TLS traffic (port 443) in the
clear.
NOTE
The Enable passing TLS traffic in the clear feature passes all TLS traffic in the clear for all destination
addresses. For added security, disable passing TLS traffic in the clear and create a policy for all TLS
traffic (port 443) between EncrypTight components. For more information on creating policies, see
“Creating Distributed Key Policies” on page 181.