Werk #14089: Checkmk agent TLS encryption and compression

Component

Checks & agents

Title

Checkmk agent TLS encryption and compression

Date

May 13, 2022

Level

Prominent Change

Class

New Feature

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.2.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

In Checkmk version 2.1 the monitoring data sent from the monitored host to the monitoring server is TLS encrypted and compressed by default.

This is realized by a new component on the monitored hosts: The Checkmk agent controller cmk-agent-ctl.

The added executable is called cmk-agent-ctl. On Linux systems, the agent controller will be run as a dedicated user cmk-agent, which is added during installation. As a result the process listening on the TCP port will have limited privileges, and the agent output is not available to any other local user.

While upgraded setups will continue to work as before, in order to enable TLS encryption an additional registration step is required. More information on the registration step, the installation and the provided commands can be found in our online documentation.

To the list of all Werks