Communication Between Trusted Agent and Private Resources

The connections between Trusted Agent and the private resources they access are typically short-lived and utilize the communication protocols appropriate for the target private resource type.

For example, when a Trusted Agent receives a request from a Trusted Agent Hub to verify an LDAP user account, that request includes LDAP directory connection information configured in CSM Administrator. The Trusted Agent uses this connection information to open a direct LDAP connection to the LDAP directory and issues LDAP queries to verify the User account. When completed, the Trusted Agent disconnects from the LDAP directory and returns the result of the user verification operation to the Trusted Agent Hub for delivery to the requesting CSM service or application.

The connection between a Trusted Agent and a private resource should typically occur over a private local network to reduce latency. Additionally, just as you would with other direct connections to secure resources, consideration should be given to using secure LDAP and encrypted database communications to protect the flow of sensitive information between these two components on the private network.

The way in which Trusted Agent connects to and interacts with private resources is exactly the same as how CSM would directly connect to and utilize those resources if no network security boundaries were in place. That is, the same resource access logic is used for both scenarios. Trusted Agent simply provides a mechanism to relay those requests across network security boundaries. As a result, it may be helpful to configure an LDAP connection or an External Database connection in CSM Administrator without using Trusted Agent first, when possible. Then, when the connection is working properly, you can update the connection settings to indicate that Trusted Agent should be used.