Secure Configuration Manager employs a process called manage by proxy to let you manage and audit some endpoints without installing an agent on the computer. The manage by proxy capability greatly simplifies deployment. For example, a single instance of the Windows agent is capable of managing any endpoint that is a member of the domain in which the agent service is installed. A domain is a set of computers sharing a common security account (user and group) database and policy. Each domain has a unique name.
To set up a proxy agent, add the agent to your asset map, and then add multiple endpoints to the agent. You can change an agent’s properties, such as the agent version, at any time after you have added the system to the asset map. You can also add customized properties for each system, such as specifying the number of endpoints that the agent manages.
NOTE:After you have added the customized property, the property cannot be deleted.
Secure Configuration Manager also lets you control the flow of information through an agent by limiting the number of requests that Core Services submits to an agent concurrently. For example, if you have an agent installed on a shared server supporting many proxies, you can set the Maximum Concurrent Requests to a low value. This enables the server’s resources to be shared with other applications since less data will flow through the agent at any given time. Alternatively, you can increase the number of concurrent requests if the agent is installed on a server with no proxy reporting or is installed on a dedicated server monitoring multiple endpoints by proxy. To specify the number of requests Core Services sends to the agent concurrently, change the agent property for Maximum Concurrent Requests. The default value is 5, and the maximum value is 100.
To determine whether an agent is started, running, and registered, check the agent heartbeat. The heartbeat indicates the agent’s status. If an agent is not running, you may need to start the agent service and register the agent again.
In the left pane, click IT Assets.
In the IT Assets tree pane, expand Agents.
Right-click the folder that contains the agent whose heartbeat you want to check, and then click Check Heartbeat.
Click OK on the confirmation message.
If you add an agent, but do not register the agent at that time, you can manually register the agent later. Secure Configuration Manager shows an unregistered agent as being offline.
In the left pane, click IT Assets.
In the IT Assets tree pane, expand Agents and select the folder that contains the agent you want to register.
In the content pane, right-click the agent that you want to register, and then click Register Agent or Endpoint.
Follow the instructions in the wizard.
When you delete an agent from your asset map, it is still registered by Core Services. To ensure that an unused agent does not cause a problem with future versions of Core Services, you can permanently remove the agent from Core Services. This process both un-registers the agent from Core Services and deletes it from your asset map. For more information about simply deleting an agent, see Section 2.4.5, Deleting an Agent from the Asset Map.
NOTE:Before deleting an agent, you must remove all attached endpoints. Deleting the agent without removing the endpoints leaves the endpoints unmanaged.
In the left pane, click IT Assets.
(Conditional) If the agent has endpoints attached to it, complete the following steps:
In the IT Assets tree pane, expand Agents and select the appropriate folder.
In the content pane, select the agent you want to un-register.
In the lower content pane, right-click the endpoints associated with the agent, and then click Remove from Agent.
In the IT Assets tree pane, select Managed Systems.
In the content pane, right-click the agent that you want to un-register, and then click Delete.
Click Yes on the confirmation message.
Secure Configuration Manager enables you to push software updates to security agents on multiple systems concurrently. Once you have a Secure Configuration Manager Windows Agent registered in your asset map, you can use the Deployment wizard in the console to apply a hotfix, service pack, or new version of the agent.
Secure Configuration Manager adds a report to the Completed Jobs queue when the deployment process finishes. You can also save a copy of the report to a folder or file share. The report provides a list of successful and failed agent updates.
You can apply only the Windows installation and update packages stored on the Core Services computer. By default, the packages are stored as .nap files in the %ProgramFiles%\NetIQ\Secure Configuration Manager\Core Services\SyncStore folder. Some .nap files might contain an update for both the Windows agent and Secure Configuration Manager components. The Deployment wizard enables you to import the file.
In the IT Assets tree pane, expand Agents > OS > Windows.
In the content pane, select the agents you want to update.
Right-click a selected agent, and then click Deploy or Update.
Follow the instructions in the wizard until you finish updating the agents on the target computers. For more information about deploying your Windows agents, see the Help in the console.
Any time you no longer need an agent, or when you have removed the agent from the domain, you can delete that agent from your asset map. However, the agent is still registered by Core Services. Leaving an unused agent registered by a specific version of Core Services can cause problems in the future if you want to use that agent again, but with an updated or different Core Services.
The following steps explain how to delete the agent from your asset map. For more information about permanently removing an agent from Core Services, see Section 2.4.3, Un-Registering an Agent.
NOTE:Before deleting an agent, you must remove all attached endpoints. Deleting the agent without removing the endpoints leaves the endpoints unmanaged.
In the left pane, click IT Assets.
In the IT Assets tree pane, expand Agents and select the appropriate folder.
(Conditional) If the agent has endpoints attached to it, complete the following steps:
In the content pane, select the agent you want to delete.
In the lower content pane, right-click the endpoints associated with the agent, and then click Remove from Agent.
In the content pane, right-click the agent you want to delete, and then click Delete.
Click Yes on the confirmation message.