Data Center Security

Hello,

do somebody have experience in implementing the DCS:SA Agent to an operation-system-image? The typical way for playing back the image on a client is to write the image back on the client and then to change the clients name and to install some special applications.

The agent should be distributed on every client, so I prefer that the agent is installed already and then I would like changing the name und installing some applications.

Do I have to keep something in mind if I do so? For example: Do I should reset the DCS:SA Agent ID or something else before imaging? Can it create some troubles on the DCS:SA Server if I everytime change the name after imaging back.

Regards

I don't have first hand knowledge of what you're asking but a few problems jump up right away.

• The agent is going to want to register with the management server each time you spin up a new instance. I can imagine many duplicate registrations within the management console.  Enable deletion of duplicate agents in the console.
• I don't know of a way to change the hostname within the agent.  I'm thinking you would have to force a re-registration AFTER you change the hostname (sisipsconfig -forcereg) but I'm not too sure the agent would pick-up the change to the hostname.  Testing is definitely needed here.  If the agent does NOT automatically pick-up on the hostname change, you can change the agent name in the console.

Seems like a it could get messy with a lot of manual fixes afterwards.  Can you include DCS in the list of specialized applications to be installed after the new machine is created?  I'm thinking a silent install launched by a script  I feel like that would be a cleaner way to handle the problem.

Regards

Will

1. Don't let the DCS agent check in until after the renaming and IP-ing of the system.  At first check-in the GUID for the agent is created (the GUID is found in the agent.ini in the IPS directory).  If you allow the system to check in before the deployment, every system will have the same GUID and will appear as the same agent in the mangement console.  Note:  You cannot delete the GUID from the agent.ini, as the file has a checksum.
    
2. If for some reason it does check in and you need to reset the GUID, run a forcereg.  This forces the agent to get a new GUID and hence creates a new asset record in the database.
   
   Windows:  sisipsconfig -forcereg
   Unix:  /opt/Symantec/sdcssagent/IPS/sisipsconfig.sh -forcereg

I don't know of a way to change the hostname within the agent.

I don't try to change the hostname within the agent. I change it within the windows settings. But my care is for getting problems with the identical Agents GUID in the network if I write back the windows-Image.

For now I have executed the command sisipsconfig -forcereg but the agent didn`t changed the GUID. The agent have still the same GUID.

In my mind I have 3 ways:

1. Either I will install the agent as specialized application or

2. I find out how to reset the GUID so that the agent get a new one or

3. I install the agent but I try to prevent that the agent is register with the DCS Server, thereby the agent don`t get a GUID.

Dimitri,

I agree.  I think your best option is number 1.  Install the agent after the hostname and IP address have been changed.  The agent install is so fast and easy to automate it doesn't seem like it's worth the pain to include it in your base image.

Best of luck!

Will

@Chuck Edson

If for some reason it does check in and you need to reset the GUID, run a forcereg.  This forces the agent to get a new GUID and hence creates a new asset record in the database.

Windows:  sisipsconfig -forcereg
Unix:  /opt/Symantec/sdcssagent/IPS/sisipsconfig.sh -forcereg

For now I have executed the command sisipsconfig -forcereg but the agent didn`t changed the GUID. The agent have still the same GUID. In the helping of sisipsconfig -forcereg there is an information that with -forcereg the agent is re-register on the server, but there is no note that the agent get a new GUID.

Do you have experience in reseting the GUID because of your comment?

What do you think about this option:

I insert the agent in the default image but I don't configure any server parameter. So the agent don't get any GUID from the server. And when write back the default image to an instance I use the command-tool of the symantec agent and overgive the needed parameters like server IP?

If you don't have Duplicate Agent Registration enabled (Admin > Settings > Agent Settings), then the agent will get the same GUID.  Also, if you delete the agent in the DCS console (and hence, database), it should get a new GUID.

That will work, but I am not sure if the install will allow you to continue without an IP.  Maybe use 127.0.0.1 to get around this.

I think that will work.

MANAGEMENT_SERVER is a required property, but there's no requirement that the value must be correct :)

Will