Use > Hardening > Data Flow Credentials Management > Data Flow Credentials Management Overview > Synchronizing All Probes with Configuration Changes

Synchronizing All Probes with Configuration Changes

For successful communication, the Confidential Manager client must be updated with the Confidential Manager server authentication configuration (LW-SSO init string) and encryption configuration (Confidential Manager communication encryption). For example, when the init string is changed on the server, the probe must know the new init string in order to authenticate.

The UCMDB server constantly monitors for changes in the Confidential Manager communication encryption configuration and Confidential Manager authentication configuration. This monitoring is done every 15 seconds; in case a change has occurred, the updated configuration is sent to the probes. The configuration is passed to the probes in encrypted form and stored on the probe side in secured storage. The encryption of configuration being sent is done using a symmetric encryption key. By default, the UCMDB server and Data Flow Probe are installed with same default symmetric encryption key. For optimal security, it is highly recommended to change this key before adding credentials to the system. For details, see Generate or Update the Encryption Key.

Note

Due to the 15 second monitoring interval, it is possible that the Confidential Manager client, on the Probe side, may not be updated with the latest configuration for a period of 15 seconds.

If you choose to disable the automatic synchronization of Confidential Manager communication and authentication configuration between the UCMDB server and the Data Flow Probe, each time you update the Confidential Manager communication and authentication configuration on the UCMDB server side, you should update all Probes with the new configuration as well. For details, see Disable Automatic Synchronization of the Confidential Manager Client Authentication and Encryption Settings Between the Server and Probes.