Reports client to reports server
A BMC BladeLogic Decision Support for Server Automation client is a web browser that connects to the reports server. After a user on the reports client is authenticated, the reports server obtains data for reports from the reports data warehouse. BMC BladeLogic Decision Support for Server Automation data is packaged using Cognos Reports.
For traffic between the reports client and the reports server, BMC Server Automation relies on the HTTPS protocol (HTTP over TLS) to secure communication between the browser and reports server. Users authenticate themselves to the reports server over the HTTPS session.
The TLS communication protocol automatically negotiates an encryption algorithm to secure data. Server-side certificates are used during the TLS handshake to establish session keys for encrypting traffic between the web browser and the reports server. By default, the reports server uses a self-signed certificate, but you can replace it with a custom certificate. To generate a new certificate, you can use a tool such as OpenSSL.
Authentication for BMC Decision Support for Server Automation
For BMC Decision Support for Server Automation, user authentication functions much like authentication for other BMC Server Automation applications. After users are authenticated, they are granted session credentials.
BMC Decision Support for Server Automation supports all BMC Server Automation authentication protocols except AD/Kerberos. Organizations that want Kerberos-based authentication for BMC Decision Support for Server Automation can use the Domain Authentication protocol, which can authenticate AD/Kerberos users when they provide their user name, domain, and password.
A default installation of BMC Decision Support for Server Automation sets up a BMC Server Automation Authentication Service called BMC SARA Authentication. The reports server accesses the BMC SARA Authentication Service to authenticate a user and acquire SSO credentials in the name of the authenticated user. By default only SRP authentication is enabled on the BMC SARA Authentication Service. Additional configuration is necessary if you want to use an Authentication Server that is not located on the same machine as the reports server. For all implementation details, see Implementing authentication in the BMC Decision Support for Server Automation documentation.