Agents and Probes when actions are necessary (such as to initiate a remote control session). In cases where the
XMPP session is terminated abnormally (for example, by a firewall cleaning open sessions), the Agent will re-create
the session automatically.
N-able N-central leverages the XMPP based communications for control purposes only, not for the transmission of
monitored data. As an additional measure, the XMPP protocol can be turned off for individual devices or globally,
however, this is not recommended as this will increase system load and will cause latency on certain N-able N-central
features.
By default, the N-able N-central Agent, Probe, and XMPP-based communications use HTTPS with the data encrypted
using TLS and the strongest cipher suite supported by both the client and the server.
Probe as a Cache
The Windows Probe also acts as a cache location for software installation files such as the Agent, AV Defender,
Backup Manager, and Windows Patches. Agents communicate with the Probe over TCP 10004 using the .NET
remote communication protocol.
Security Profiles
Sometimes you have to work with older operating systems that use older security protocols. Security Profiles in N-
able N-central enable you to select between modern security protocols, or legacy ones. The Modern security profile is
enabled by default to block TLS 1.0 and 1.1. You can switch the network security profile to the Legacy Security Profile
to use older TLSversions. To change Security Profiles, at the System level, click Administration > Mail and Network
Settings > Network Security.
Because the Modern security profile is enabled by default, you need to ensure that Agents and Probes are at version
12.1 SP1 or higher. Version 12.1 SP1 and higher leverage TLS 1.2 properly and communicate with N-able N-central
12.2 and higher. This also applies to ReportManager; you need to upgrade it to version 5.0 SP5.
The differences between the profiles are:
Compatibility Security Profile
n
The Compatibility security profile sits between the Legacy and Modern security profiles. It allows you to support
older operating systems, such as Windows Server 2012 R2, but without allowing TLS 1.1 or 1.0.
n
Does not support TLS 1.0 and 1.1.
n
Disables weak SSH Ciphers, MACs and KEX Algorithms.
n
Supports Modern Operating Systems (Windows 7/Server 2008 R2 and newer).
n
Meets PCI requirements for TLS and ciphers.
n
Support for only 2048 bit keys
N-able strongly recommends that you choose between either the Compatibility or Modern security profile as
we plan to deprecate the Legacy security profile in a future release of N-central.
Modern Security Profile:
n
Configures N-central's UI so that it does not support TLS 1.0, 1.1, SHA1 and all weak ciphers and non-PFS
ciphers.
n
Supports TLS 1.3 on all UI, API, and Agent ports. The Web UI ports have further been enhanced with TLS
ciphers that offer improved performance on mobile devices.
n
Disables weak SSH Ciphers, MACs and KEX Algorithms.
page 6