A trusted relationship must exist between the CA TM Server and each client machine running the CA TM Agent. This trusted relationship allows the server to push policies to the client.
If you are using multiple CA TM Servers, each client needs to have a trusted relationship with each of the CA TM Servers that it receives policies from. For example if CA TM Server A manages subnet A, machines on that subnet receive policy A. If one of the client machines moves to subnet B, then it receives policy B from CA TM Server B and remains protected. The client receives the appropriate policy for that subnet. If you have clients that move between regional offices or different business units, each requiring different policies, the client receives the appropriate policy and remains protected regardless of their subnet location.
The trusted relationship is created in one of two ways: