Determining a Security Mode Between Components

You must determine a security mode for communication between your infrastructure components. The security mode of connected producers and consumers must be the same across all components.

The secure communication described applies only in the context of the components that relate to the Micro Focus container-based application you are using, which is specified in that application's documentation.

When possible, configure the Micro Focus components with the security mode you intend to use before connecting them to additional ArcSight Platform products.

To enhance security, you can configure TLS Client Authentication between components that do not utilize client username and password authentication, such as producers and consumers connecting to Transformation Hub. With TLS Client Authentication enabled, the client and the server authenticate each other to ensure that both parties involved in the communication are trusted.

Changing the Allow Plain Text, TLS Client Authentication, or FIPS-compliant TLS settings after the deployment will necessitate system downtime.

Micro Focus product documentation for ArcSight products in the table is available from the Micro Focus support community.

Unless otherwise indicated in the table below, the ArcSight Platform and the capabilities that deploy to it, communicate with each other using TLS with authentication performed in a manner appropriate for the component.

Product Preparations Needed TCP Ports Supported Security Modes
Standalone ArcMC
  • Be sure to use v2.9.5 or later.
  • Install ArcMC before the Platform installation.
SmartConnectors and Collectors
  • You can install and run SmartConnectors and ArcMC onboard connectors before you install the Platform. Or, you can install them after you deploy the Platform.
  • FIPS mode setup is not supported between SmartConnector v7.5 and the Platform.
  • Only TLS and TLS Client Authentication are supported.
  • FIPS mode is supported between Connectors v7.6 and later and the Platform.
ArcSight ESM
  • You can install and run ESM before you install the Platform.
  • You can change compact mode ESM from TLS to FIPS-compliant TLS after you install ESM.

  • Changing compact mode ESM from FIPS-compliant TLS to TLS requires reinstalling ESM.

  • In distributed mode, the ESM security mode is set at installation time. Any change between TLS and FIPS-compliant TLS requires reinstalling ESM.
ArcSight Logger
  • You can install and run Logger before you install the Platform.
ArcSight Database
  • You install the ArcSight Database before the Platform.
NFS Server
  • For optimal security, secure all NFS settings to allow only required hosts to connect to the NFS server.
  • Plain text
Web Browser
  • By default, TLS is enabled.
  • TLS
ArcSight Intelligence (HDFS) Secure HDFS for Intelligence.