Securing communication between product components

You can secure communication between different components of BMC Helix Continuous Optimization by using HTTPS and Transport Layer Security (TLS) version 1.3.

Security planning between on-premises and cloud components

Communication between the on-premises components and BMC Helix Continuous Optimization is always encrypted and sent over HTTPS.

  • Communication between the on-premises components and BMC Helix Continuous Optimizationis always initiated by on-premises components. Communication is never initiated by the BMC Helix Continuous Optimization in the cloud. 
  • Use the API key and Helix host URL while installing the Remote ETL Engine to ensure that:
    • The connection between the Remote ETL Engine and BMC Helix Continuous Optimization is authenticated.
    • BMC Helix Continuous Optimization connects only with the registered Remote ETL Engines.
  • The only port required is 443 for the Remote ETL Engine. For environments with a firewall, enable the access by specifying the firewall rule for outgoing communication with port 443 using the DNS or IP address of BMC Helix Portal. 

Security planning for BMC Helix Continuous Optimization in the cloud

BMC Helix services are designed based upon National Institute of Standards and Technology (NIST) 800-53, Rev 4 controls and standards in order to provide enterprise-grade security for our customers. We use an in-depth defense methodology that focuses on redundant controls to prevent and mitigate impacts to the confidentiality, availability, and integrity of customer data and services. For details, see Security.

Securing communication between on-premises components

The Remote ETL Engine, the Gateway Server and the Continuous Optimization Agent are the components that are installed on-premises. In any communication between these on-premises components, one might act as a client, or as a server, based on the context of communication. When a client requests TLS enabled communication with a server, the two computers validate identities by using encrypted, self-signed, security certificates in a handshake process. After a successful handshake, communication between the client and the server is secured by TLS. 

Important

You must only use the out-of-the-box, self-signed, security certificates in BMC Helix Continuous Optimization.

Click here to view the handshake process

TLS Handshake

For details, see the following pages:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*