Security Requirements for the Passive Identity Agent

To safeguard the system, you should install the passive identity agent on a protected internal network. Although the passive identity agent is configured to have only the necessary services and ports available, you must make sure that attacks cannot reach it.

If the passive identity agent and the Security Cloud Control reside on the same network, you can connect the Security Cloud Control to the same protected internal network as the passive identity agent.

Regardless of how you deploy your appliances, inter-system communication is encrypted. However, you must still take steps to ensure that communications between appliances cannot be interrupted, blocked, or tampered with; for example, with a distributed denial of service (DDoS) or man-in-the-middle attack.