Chat now with support
Chat with Support

InTrust 11.3 - Technical Insight

Manual Installation of Remote Agents

Remote agent installation should be performed manually in the following cases:

  • The InTrust server and the remote computers are connected by unreliable and slow links. Agent installation fails when the packet drop rate is higher than 5%.
  • The remote computers are behind a firewall (and the Server Windows service is unavailable for InTrust server).
  • The remote computers are Unix-based (running on Sun Solaris, Linux, HP-UX or IBM AIX platform)

Agent installation is typically performed using TCP/IP and only requires one port (900) to be open for connection from the remote computer to the InTrust Server. This is a configurable setting, as described in the Connection Between Remote Agents topic.

To install an agent, an administrator should follow the instructions provided in Installing Agents Manually.

A list of commands for agent deployment is provided below:

Command

Description

-install

Installs the agent.

-add

Establishes a connection between the agent and the specified InTrust server using the specified port.

After an agent is added, it will be named as follows:

  • If installed on Windows computer: NetBios name FQDN for each IP address
  • If installed on Unix computer: FQDN for each IP address.

The list of names that can be used to access the agent will also include the name given to site-processing agent (available in the site properties).

The display name will be the one with the highest priority. The priorities are assigned as follows (the highest is 10 - for the name of site-processing agent):

ADC_AGENTNAME_RANGE_REGISTERED 10

ADC_AGENTNAME_RANGE_SERVER 20

ADC_AGENTNAME_RANGE_SERVER_DNS 23

ADC_AGENTNAME_RANGE_SERVER_NETBIOS 26

ADC_AGENTNAME_RANGE_DNS 30

ADC_AGENTNAME_RANGE_NETBIOS 40

-register

Registers (adds) an alias for the computer on the specified InTrust server (adds the alias to the list of names that can be used to access the agent & if the display name has not explicitly been set, then it updates the display name used by InTrust Manager to be the alias).

-reauth Forces the agent to re-authenticate with the specified InTrust server.
-upgrade

Upgrades the agent to a newer version.

-uninstall_for_upgrade Removes the agent but does not delete the agent configuration

Semi-Automatic Installation of Remote Agents

The installation procedure is initiated by InTrust administrator and performed automatically on Windows Platform only. It requires TCP port 900 (configurable) to be open on InTrust server for agent-server communication, ICMP echo request to be allowed between InTrust server and agent, and the Server Windows service on agent to be available for InTrust server (see the Service overview and network port requirements for the Windows Server system Microsoft KB article for details.

An administrator initiates the agent installation process by right-clicking on a site and selecting the Install Agents menu item.

The InTrust Server Service completes the installation by:

  1. Copying the agent package to the target computer.
  2. Installing the Quest InTrust Agent Installer service, using the Service Control Manager.
  3. Instructing the Quest InTrust Agent Installer service (using the Service Control Manager) to install and start the agent.

Automatic Installation of Remote Agents

Automatic agent installation is performed in the same way as semi-automatic installation, except that the process is initiated not by an administrator but by any of the following:

  • A gathering job
  • A change to real-time monitoring configuration (due to which the monitoring of new sites starts)
  • A new computer being discovered during the periodic site enumeration process (for a site involved in monitoring policy)

Connection Between Remote Agents

Connections between remote agents and local agents are ALWAYS established by the remote agent; local agents never establish the connection

The default port for a connection between remote agents and local agent on InTrust Server is TCP port 900. This setting can be modified during InTrust Server setup, or by taking the following steps:

  1. Modify Agent_Port advanced parameter for the required InTrust Server.
  2. Restart InTrust services on the InTrust Server computer for changes to take effect (gathering will not operate properly until the restart).
  3. Agents’ states will change to “Not Responding”, and then to “Lost”; after that, agents will be recovered and re-configured by InTrust Server Service.
    Communication will be then restored automatically for the agents that meet both of the following requirements:
    1. An agent belongs to site with automatic agent deployment allowed (i.e., “Prohibit automatic agent deployment on site computers” option cleared)
    2. The accounts specified for agent configuration and operation have sufficient rights

For other agents, the -add command should be used to restore communication (see Installing Agents Manually for details)

  1. Agents start using the new port.

When the connection has been established, both the remote and local agents use the connection to send/receive data (there is no out-of-band communication).

The connection remains open until it is closed by:

  • Stopping the remote agent (either manually or during a reboot)
  • Stopping the local agent
  • A network problem
  • Using the -unregister command, or the Uninstall menu item in InTrust Manager
  • Agent uninstallation
Related Documents