Got sent from Stackoverflow to here
I have been reading the Bamboo documentation about its remote agent security specifially, and to its credit it seems very secure, but I have yet to find a specific document that answers this.
In a production environment, is it standard/best/security practise to install a Bamboo remote agent on the production VM, so that deployment plans can be executed easily?, or are remote agents installed in an intermediate VM and through some shenanigans (eg: powershell remote logins, or ssh ), run their deployment plan(eg: write a script that SSH's to the production VM then execute a docker pull/run script to deploy the docker container on the docker host vm)?
My gut leans towards it being ok to deploy the remote agent on the production VM iself, but I would like a better reference for this. It seems that the intermediate VM would create an additional layer of complexity to me. as tasks like the 'Docker' task cannot be directly executed in the production docker host VM.
