To provide secure communications between components, as well as for external access to the vRealize Automation instance by external users, each instance of vRealize Automation must be configured with CA signed certificates that are placed on the vRealize Automation appliance and IaaS server.

In the case that there are Internet-facing components of the solution, namely the vRealize Automation appliance, VMware recommends that the appliance (or load balancer) be configured with a public CA signed certificate. Using public CA signed certificates at this tier enhances security between vRealize Automation service tiers.

For the rest of the components, internal CA signed certificates can be issued for the secure communication of vRealize Automation components. For these internal components, VMware recommends using a signed SAN certificate to help decrease the complexity of certificate placement, especially with distributed deployments of vRealize Automation.