Security configuration
There are different security settings depending on the security level of your PATROL Agent.
Security level 0 to 2
For PATROL Agents running at security levels ranging from 0 to 2, the out-of-the-box setting at the PATROL Agent skips the validation of the Integration Service. You can use the 'security_mode' attribute that has been added to the PATROL Agent's Integration Service policy. The 'security_mode' attribute can have the following values:
- NO_AUTH — This is the default value, and it indicates that the PATROL Agent will not validate the Integration Service.
KNOWN_HOST — This value indicates that the PATROL Agent needs to validate the Integration Service. For this, the public key of the Integration Service must be available in the secure key store of the PATROL Agent. If this is not available, the connection with the Integration Service will be rejected.
Security level 3 and 4
In highly secure environments (security level greater than 2), the BMC PATROL Agent uses it existing client security policy to connect to the Integration Service
Security level 3
The Integration Service's export certificate is made available to the agent by adding it to the KDB pointed to by the agent's client policy.
As part of the security handshake, the PATROL Agent will validate the Integration Service's certificate with the certificate authority.
Security level 4
For security level 4, both the PATROL Agent and the Integration Service need to have their own certificates and each other's export certificates in their respective client and server policies.
The PATROL Agent needs to have the Integration Service's export certificate into the KDB associated with its client policy.
In addition, the PATROL Agent's export certificate needs to be added into the KDB associated with Integration Service's server policy.
As part of the security handshake, both the PATROL Agent and the Integration Service will validate each other's export certificate with the certificate authority.