Discovery with Microsoft JEA - some questions

Bob D
Tera Expert

[Rome]

I have set up JEA discovery in a limited test environment and successfully discovered 3 VMware VMs. So I have the basics figured out.

Now I have to think about deploying at larger scale, and I have questions.

1.  I understand that the MID server for JEA is configured with WinRM protocol - but can it still discover Windows servers that don't have JEA configuration files and certificate as long as WinRM is enabled and a valid admin-level credential exists?

2. I'm using JEAv2 that uses a certificate to verify the MID server as the sending source of the commands.   With Rome+ versions, am I able to revert to JEA(v1), get rid of the certificate and init.ps1 file, and instead provide a list of allowed cmdlets/functions?  Or is this capability deprecated. 

3. Do the MID server and the target server have to be in the SAME domain?  Or are my domain trusts still valid.

thank you

 

1 ACCEPTED SOLUTION

Bob D
Tera Expert

I have answers:

1.  I understand that the MID server for JEA is configured with WinRM protocol - but can it still discover Windows servers that don't have JEA configuration files and certificate as long as WinRM is enabled and a valid admin-level credential exists?

NO - once the MID server is configured to look for JEA endpoint, it will not discover servers without JEA endpoint. 

2. I'm using JEAv2 that uses a certificate to verify the MID server as the sending source of the commands.   With Rome+ versions, am I able to revert to JEA(v1), get rid of the certificate and init.ps1 file, and instead provide a list of allowed cmdlets/functions?  Or is this capability deprecated. 

NO - with Rome+ version, "JEAv2" is required, and the ability to specify allowed commands is removed.  Note "JEAv2" is a ServiceNow invention built on top of Microsoft JEA.

3. Do the MID server and the target server have to be in the SAME domain?  

NO

View solution in original post

1 REPLY 1

Bob D
Tera Expert

I have answers:

1.  I understand that the MID server for JEA is configured with WinRM protocol - but can it still discover Windows servers that don't have JEA configuration files and certificate as long as WinRM is enabled and a valid admin-level credential exists?

NO - once the MID server is configured to look for JEA endpoint, it will not discover servers without JEA endpoint. 

2. I'm using JEAv2 that uses a certificate to verify the MID server as the sending source of the commands.   With Rome+ versions, am I able to revert to JEA(v1), get rid of the certificate and init.ps1 file, and instead provide a list of allowed cmdlets/functions?  Or is this capability deprecated. 

NO - with Rome+ version, "JEAv2" is required, and the ability to specify allowed commands is removed.  Note "JEAv2" is a ServiceNow invention built on top of Microsoft JEA.

3. Do the MID server and the target server have to be in the SAME domain?  

NO