Application Server to agent or repeater

For traffic between an Application Server and an agent or repeater, BMC Server Automation relies on TLS to secure communication and the following options for authenticating the Application Server host to the repeater or agent:

  • Self-signed certificates — Enables agents or repeaters to authenticate Application Servers. To accomplish this, agents and repeaters are provisioned with the SHA1 fingerprints of the Application Servers' self-signed certificates.


    For implementation details, see TLS with client-side certs - Securing a Windows Application Server or TLS with client-side certs - Securing a UNIX Application Server. If you want to set up self-signed certificates for a Network Shell proxy server, use these procedures as well. The procedure is identical.

  • IP address — Limits incoming traffic for an agent or repeater to IP addresses of specific Application Servers.


    To implement this approach, modify the exports file on each agent or repeater. For more information, see Configuring the exports file.

  • No authentication — By default, when an Application Server connects to an agent or repeater, no authentication occurs.


    A default installation of BMC Server Automation provides no authentication for this communication leg.
Was this page helpful? Yes No Submitting... Thank you