Application Server to agent or repeater
For traffic between an Application Server and an agent or repeater, TrueSight Server Automation relies on TLS to secure communication and the following options for authenticating the Application Server host to the repeater or agent:
Authentication option | Implementation |
|---|---|
Self-signed certificate Enables agents or repeaters to authenticate Application Servers. To accomplish this, agents and repeaters are provisioned with the SHA1 fingerprints of the Application Servers' self-signed certificates. | See TLS-with-client-side-certificates-Securing-a-Windows-Application-Server or TLS-with-client-side-certificates-Securing-a-UNIX-Application-Server. If you want to set up self-signed certificates for a Network Shell proxy server, use these procedures as well. The procedure is identical. |
CA-signed certificate Enables Application Servers to verify agents having CA-signed certificates. | |
IP address Limits incoming traffic for an agent or repeater to IP addresses of specific Application Servers. | To implement this approach, modify the exports file on each agent or repeater. For more information, see Configuring-the-exports-file. |
No authentication By default, when an Application Server connects to an agent or repeater, no authentication occurs. | A default installation of TrueSight Server Automation provides no authentication for this communication leg. |