×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

BMC Client Management 20.08 ... Using Rolling out agents Automatically rolling out agent using a wizard

The Agent Rollout wizard 4 - Defining security parameters before rolling out the agent

The parameters in this window define the settings on how the communication between the agents is secured. The prepopulated default values are those defined for the master. To use those no modifications are required. Otherwise make the necessary changes to the boxes of the window.

Note:

If you are using secured communication with mutual authentication, don't forget to define the certificates and authorities, otherwise the agents cannot communicate.

Setting the Security parameters


Parameter

Default value

Description

Secure Communication

Yes

Defines if the agent communicates in secure format. The possible values are:

  • No: The agent accepts both securized and non-securized communication, however it sends only non-securized communications.
  • Securized Send, Receive Both: The agent accepts both securized and non-securized communication, however it sends only securized communications.
  • Yes: The agent only communicates in secure mode, that is, it only receives and sends securized communication.
  • Yes with mutual authentication: The agents communicate in secure mode and in addition authenticate each other via SSL.
Enabled SSL Protocols

Authorized SSL protocols for agent communication. Accepted values are TLS1.0, TLS1.1, TLS1.2 or a comma separated list of these values. When it is not defined, the default value is configured to TLS 1.2.

Authority Certificate

bcm

The authority certificate (CA Cert) to be used for signing the agent certificate of required. The parameter expects a certificate name (without extension) registered in the agent cert store (auth section), such as Numara_ca. This parameter is used on the server side and can also be used on the client side if the server is configured to authenticate the client.

Current Authority Certificatebcm

Defines the name of the certificate authority which is currently configured.

Trusted Authorities

bcm

A comma separated list of certificates to be trusted when connecting to a secured server or a client. By default, the agent trusts the default Numara CA unless a different list of certificates is configured. The parameter expects a list of certificate names (without extension) registered in the agent cert store (trusted section), for example, Numara_ca, enterprise_ca, startfleet_ca. This parameter is used on the client side as well as on the server, for the device to know if it can trust the answering device by comparing its certificate with the list of trusted certificates, if it does not match the authority certificate.

Current Trusted AuthoritiesbcmThe currently used trusted authorities configured which the local agent may trust for communication.

User Certificate


The user defined final certificate to be used for both the client and server roles. When this parameter is configured the agent ignores any other authority except the ones to be trusted. It expects a certificate name (without extension) registered in the Agent certificate store (user section), for example, Numara, enterprise, starfleet.

Current User Certificate
The currently used user defined final certificate to be used for the server role. This is a certificate name (without extension) registered in the Agent certificate store (integration section), for example, Numara, enterprise, starfleet.

Integration Certificate


The integration defined final certificate to be used for the server role. It expects a certificate name (without extension) registered in the Agent certificate store (integration section), for example, Numara, enterprise, starfleet.

Current Integration Certificate

bcm

The currently used integration defined final certificate for the server role. This is a certificate name (without extension) registered in the Agent certificate store (integration section), for example, Numara, enterprise, starfleet.

Certificate Subject organization
Name of your organization. This value forms a part of the distinguished name for the certificate.
Certificate Subject organization unit
Name of your organizational unit (section or division of the organization). This value forms a part of the distinguished name for the certificate.
Certificate Subject locality
Name of the town or city where your organization is located. This value forms a part of the distinguished name for the certificate.
Certificate Subject state
Full name of the state or province for your organization. This value forms a part of the distinguished name for the certificate.
Certificate Subject country
Two-letter ISO country code for your organization. This value forms a part of the distinguished name for the certificate.

Block Navigation from Agent User Interface

No

Check this box if the agent user interface is to be run in the browser's kiosk mode (full screen without menus or navigation bar). The installation of an add-on may be necessary to be able to use this mode (for example, with Firefox).

Strict Agent User Interface Authentication

No

Indicate if the user can apply operational rules assigned to the device without explicit authentication. If the strict authentication mode is disabled the user is able to execute operational rules locally without authentication. Enabling this parameter forces user authentication for all cases. This parameter is ignored for rules that are assigned to users.

Lock the agent serviceNoCheck this box if the agent service is to be locked.

Click Next to continue.

Related topics

Automatically rolling out agent using a wizard

Was this page helpful? Yes No Submitting... Thank you
Last modified by Darshana Bhangare on Aug 11, 2020
using

Comments

Log in or register to comment.

The Agent Rollout wizard (3)- Defining communication specific parameters
The Agent Rollout wizard 5 - Defining user interface and reboot management
© Copyright 2013 - 2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.