Important This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 24.3.01

Securing communication

The PATROL Agent integrates comprehensive security features to communicate securely with Integration Services and BMC Helix Operations Management. These features include advanced certificate options and dynamic encryption mechanisms to protect sensitive data and credentials.


Communication protocol

From version 22.3.01, the default communication protocol for the PATROL Agent is TLS v1.2. This standard ensures secure data transfer over HTTPS. During the handshake, BMC Helix Operations Management provides a Server Certificate that the PATROL Agent validates against its stored certificate.


Communication and data security

PATROL Agent and BMC Helix Operations Management use advanced encryption techniques to enhance data security. The process involves a secure key exchange mechanism to protect data transmitted over the network and stored on the PATROL Agent.

This process includes the following credentials:

  • Policy data credentials: The credentials are securely stored in the policy store and encrypted by using specific keys exchanged during the key exchange process, providing robust protection against unauthorized access.
  • Agent query command credentials: Credentials used for querying the PATROL Agent are secured through this dynamic key exchange, ensuring that command interactions are protected.

Key exchange process in BMC Helix Operations Management (BHOM):

PASecurity-BHOM.png

  1. The PATROL Agent sends its public key to BMC Helix Operations Management as part of the registration process.
  2. BMC Helix Operations Management generates a unique key to encrypt PATROL Agent data and query command credentials.
  3. BMC Helix Operations Management encrypts the unique key with the PATROL Agent's public key and uses it to encrypt the data and credentials.
  4. The encrypted unique key and policy data are sent to the PATROL Agent.

Key exchange process in the PATROL Agent:

PASecurity-PA.png

  1. The PATROL Agent receives the encrypted unique key and policy data and then decrypts the unique key by using its corresponding private key.
  2. The PATROL Agent then uses the decrypted unique key to decrypt the received data and query command credentials, ensuring only authorized agents can access this information.


IPv6 support

The PATROL Agent supports IPv4 and IPv6 communication to ensure seamless compatibility across various network environments and protocols.

The following table outlines the possible communication configurations between IPv6, IPv4, and dual-environment setups.

PATROL Agent > Client/Server services

IPv4

IPv6

DUAL

IPv4

Yes

No

Yes

IPv6

No

Yes

Yes

DUAL

Yes

Yes

Yes

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*