You can configure your LoadRunner Professional environment to communicate with two-way TLS (SSL) authentication. In this mode, the server send its own certificate and requests from the client to send it client certificate for validation.
The following images illustrate some possible configurations when using two-way TLS authentication:
Controller--Load Generator Communication. In this environment, the load generator machine is the server and Controller is the client. You activate authentication on the load generator, enforcing security between the machines.
Controller--Load Generator--MI Listener Communication. In this over-firewall environment, the MI Listener machine is the server, and Controller and load generators are the clients. You activate authentication on the MI Listener machine which, in turn, enforces security facing Controller and load generators.
Controller--MI Listener--Load Generator--Monitor-Over-Firewall Communication. In this over-firewall environment, the MI Listener machine is the server. The Monitor over Firewall, Controller, and load generator machines are the clients. You activate authentication on the MI Listener machine which, in turn, enforces security on the other machines.