Configuring the embedded Agent Manager
Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server
Deploying the Agent Manager cartridge
Downloading the Agent Manager installer
Installing the Agent Manager
Configuring the Agent Manager
Installing the Agent Manager using the installer interface
Installing the Agent Manager from the command line
Using the Agent Manager silent installer
Installing the Agent Manager as a Windows service
Starting or stopping the Agent Manager process
Frequently asked questions
How do I upgrade the Agent Manager?
How do I uninstall the Agent Manager?
Where can I find the Agent Manager installation log files?
Why does the message "Created system preferences directory in java.home" appear after I finish installing the Agent Manager on AIX?
Are the passwords that are stored in the configuration file, fglam.config.xml, encrypted?
How can I see what parameters are available for the silent installers?
Why are two URLs displayed for localhost when I search for HA peers?
I tested the connection between the Agent Manager and a Management Server, but the Management Server URL failed the connectivity test. Why did this happen?
When I try to install the Agent Manager using the installer interface on Solaris x86 VMware, it fails and a warning message related to fonts appears. Why does this occur?
Why does an AIX compatibility warning appear when I run the Agent Manager installer?
Operating system patches
Launching the Agent Manager installation interface
Configuring the Agent Manager from the command line
Configuring the Agent Manager to use SSL certificates
Configuring an Agent Manager instance as a Concentrator
Advanced system configuration and troubleshooting
Configuring the concentrator
Configuring downstream Instances
Creating a secure connection with downstream instances
Excluding SSL ciphers from upstream or downstream Connections
Excluding Specific SSL Protocols from Downstream Connections
Configuring the Agent Manager to accept connections from the Management Server
Configuring the Agent Manager to execute commands on remote hosts
Configuring multiple Agent Manager instances
Controlling the polling rate
Configuring the Agent Manager to work in HA mode
Assigning Agent Managers to HA partitions
Adding cartridges to the HA deployment whitelist
About agent fail-over
About non-HA deployments
Negotiating Agent Manager resources at runtime
Configuring credentials
Troubleshooting
Configuring Windows Management Instrumentation (WMI)
Monitoring the Agent Manager performance
WMI IPv6 connection support
Windows Firewall interference
Minimum requirements for Windows Management Instrumentation
Configuring Windows Remote Management (WinRM)
Promoting remote users to administrators on local machines through the Domain Controller
Granting required permissions to individual remote users
WMI access violation and OS connectivity verification failure
WMI and Quota Violation error
Known WMI issues in Windows Server 2008
Tuning WMI connections
Modifying registry key ownership on Windows Server 2008 R2
Configuring registry settings for Windows Server 2008 R2 and Windows 7
Resolving Access Denied errors when connecting to Windows XP Professional
OS collection fails with a Local_Limit_Exceeded error
Access to DCOM objects and registry is denied
Configuring registry settings for WinShell access through DCOM
Enabling agents to connect from UNIX machines
Enabling agents to connect locally on Windows
Releasing a locked MySQL process
WinRM IPv6 connection support
About WinRM authentication and the Agent Manager
Configuring the target (monitored) system
Configuring the Agent Manager (monitoring) system
Generating a configuration file required for WinRM Negotiate authentication
Configuring command-shell connection settings
About WinRM connection ports
Troubleshooting
UNIX- and Linux-specific configuration
SSH IPv6 connection support
About supported remote monitoring protocols
Configuring the Agent Manager to run as a daemon
Configuring Agent Manager agent privileges
Using sudo to configure secure launcher permissions
Using setuid_launcher to configure secure launcher permissions
Using the HP patch checking tool
About Agent Manager installations on AIX
Preventing Agent Manager core dumps on Linux
Investigating Agent Manager diagnostics
Deploying the Agent Manager to large-scale environments
Using Agent Manager silent installer Parameters
Example: Deploying the Agent Manager to multiple UNIX hosts
Example: Deploying the Agent Manager to multiple Windows hosts
Next steps
Configuring the concentrator
You can configure the concentrator to connect to the upstream target in different ways:
|
• |
Using HTTP: Set the upstream target of the concentrator in the same way you typically set the Management Server URL: |
|
• |
|
• |
|
• |
Using HTTPS: To configure a concentrator connection to the Management Server using a secure connection, follow the instructions in Configuring the Agent Manager to use SSL certificates . |
When running the Agent Manager as a concentrator, you must increase the default disk cache sizes.
|
1 |
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing. |
|
2 |
Locate the <queue-sizes> XML element. |
|
3 |
|
• |
Change the argument for the max-disk-space attribute in both the <upstream/> and <downstream/> blocks to a value larger than the default setting (1024 KB). For example, to change the default disk cache size to 1 GB, set the max-disk-space attribute in both the <upstream/> and <downstream/> blocks as follows: |
The max-disk-space argument sets the amount of disk space (in KB) that can be used to store messages.
|
4 |
Save your changes to the fglam.config.xml file. |
|
1 |
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing. |
|
2 |
Locate the <http-downstreams> XML element. |
|
3 |
|
a |
Replace port_number with an available port number. This is the port on which the concentrator listens for connections from downstream Agent Manager instances. |
|
b |
Optional. If required, you can also bind the concentrator to single network address. To do so, include the attribute address="network_address" in the http-downstream child element (shown as an optional attribute in Step 3), replacing network_address with the network address where you want the concentrator to receive connections from the downstream instances. |
The optional address attribute is useful when a machine has two or more network addresses, and you want the connections to the Management Server to go out from one, and the connections from the downstream instances to come in to another.
|
4 |
If required, configure the concentrator to listen for connections on multiple different ports by adding additional <http-downstream/> elements and setting the port number (and, optionally, the network address), as described above. |
Configuring downstream Instances
|
• |
|
• |
|
3 |
Creating a secure connection with downstream instances
|
1 |
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/jre/<jre_version>/<jre>/bin/ directory. |
|
2 |
If you do not already have an SSL certificate for the concentrator host, you can create a self-signed certificate by executing the following command on the concentrator machine, where <password> is replaced with your desired password: |
|
3 |
Respond to the prompts from keytool. Only the “first and last name” are required, all other fields can be left blank. The “first and last name” form the common name (CN) for this key pair and this needs to be provided to the Management Server (for reverse polling) or downstream Agent Managers (as the ssl-cert-common-name). You can type anything you want into this field, but the host name is the most common choice. The default value, if left blank, is Unknown. |
|
5 |
Open the file <fglam_home>/state/<state name>/config/fglam.config.xml for editing. |
|
6 |
Between the existing <http-downstreams> and </http-downstreams> tags, add an <https-downstream/> child element: |
<https-downstream key-password=<password> keystore=<path_to_keystore> port=<port_number> [address=<network_address>]/>
|
• |
|
• |
|
• |
<port_number> is the port number on which you want the concentrator to listen for connections from downstream Agent Manager instances. |
|
• |
<network_address> is the network address, to which the concentrator is bound when receiving connections from the downstream instances. This argument is optional. It is useful when a machine has two or more network addresses and you want the connections to the Management Server to go out from one, and the connections from the downstream instances to come in to another. |
|
IMPORTANT: Other optional attributes are available for the <https-downstreams> element. See the file fglam.config.xml for details. |
|
7 |
If required, configure the concentrator to listen for connections on multiple different ports by adding additional <https-downstream/> elements and setting the arguments as described above. |
See Configuring Management Server URLs using the installer interface or Configuring Management Server URLs from the command line for information about these parameters, which you can set through the Agent Manager installer or configuration interface.
Excluding SSL ciphers from upstream or downstream Connections
If you need to exclude one or more ciphers from the SSL encryption used for SSL connections, you can do so using one or more excluded-ssl-cipher elements in the fglam.config.xml file. For example, you may want to exclude lower encryption strength ciphers, or ciphers with security vulnerabilities.
|
1 |
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing. |
|
2 |
Between the existing <http-upstreams> and </http-upstreams> tags, add an <http-upstream/> child element: |
<http-upstream url="https://secure_server_URL:port_number">
|
1 |
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing. |
|
2 |
Between the existing <http-downstreams> and </http-downstreams> tags, add an <https-downstream/> child element: |