Security Features of the MCP Server

Virtual Appliance MCP servers include robust security features to ensure secure interaction with AI models.

Masked Personally Identifiable Information (PII)

By default, the MCP server masks sensitive information such as IP addresses, email addresses, and API tokens in raw JSON responses. This way it prevents the exposure of PII and credentials to AI models.

Note:

When using secure on-premises or enterprise AI models, you may choose to unmask sensitive information.

Administrators can disable masking as follows:
  1. Go to /home/appduser/mcp-charts/charts/appdynamics-va-mcp/values.yaml.
  2. Set the vaMcp.env.enableMasking flag to false

MCP Server Authentication

The MCP server requires an authentication token to establish a secure connection with the MCP client. You must generate this token before initiating the connection.

Administrators can rotate the MCP authentication tokens as follows:
  1. Run the following command.
    CODE 
    appd cli key mcp

    This command generates the token and asks whether you want to rotate the MCP API tokens.

  2. Enter yes to the prompt.
    CODE 
    Do you want to rotate the MCP API token? (yes/no): yes
  3. Restart the MCP Server.
    CODE 
    appdcli stop mcp <profile>
appdcli start mcp <profile>

MCP Tool Access Control

By default, all MCP tools are enabled with their configured read-only or write permissions. Administrators can activate the tools that have read-only access as follows:
  1. Go to /home/appduser/mcp-charts/charts/appdynamics-va-mcp/values.yaml.
  2. Set the vaMcp.env.readOnlyMode flag to true.

Secure Communication

All MCP server communication is encrypted. The configuration supports both self-signed and CA-signed certificates.