Sentinel Agent Manager monitors computers using host-based agents and proxy agents. An agent is a service that runs on a monitored computer to collect events. Windows agents that a central computer deploys and manages are called managed agents. Windows agents you manually install and that require manual installation of software upgrades are unmanaged agents.
You can configure Sentinel Agent Manager to automatically install agents on Windows computers using the Agent Administrator. The Agent Administrator allows you to create discovery rules, deploy managed agents, authorize unmanaged agents, and configure agentless Windows monitoring.
You can also configure central computer Global Settings to require approval before installing agents on Windows computers.
When you deploy a managed agent or install an unmanaged agent you assign that agent to a central computer.
For a managed agent, a central computer performs the following functions:
Installs and upgrades the managed agent
Scans the managed agent to check for configuration changes
Sends rules and configuration information to the managed agent
Receives events from the managed agent
For an unmanaged agent, a central computer performs the following functions:
Sends rules and configuration information to the unmanaged agent
Receives events from the unmanaged agent
The central computer cannot install, upgrade, or scan, an unmanaged agent.
This section describes when you can automatically deploy agents and when you must manually install them.
You can configure Sentinel Agent Manager to automatically deploy agents to Windows computers using the Agent Administrator in the Agent Manager console. The Agent Administrator allows you to deploy agents to Windows computers by name or by domain with matching criteria. For example, you can specify that Sentinel Agent Manager deploy agents to all Windows computers in a specified domain that contain a prefix in the computer name. You can also specify that certain computers be excluded from Windows agent deployment. For more information about automatically deploying Windows agents on Windows computers, see Section 3.6, Installing Agents.
Sentinel Agent Manager cannot deploy managed Windows agents to remote Windows computers that are located outside a firewall. In this circumstance, manually install an unmanaged agent. For more information about installing agents in firewall environments, see Section 2.5, Understanding Ports and Firewalls.
You should also consider installing an unmanaged agent to access the network over a WAN or a slow connection. For more information about manually installing the unmanaged agent on a Windows computer, see Section 4.0, Manually Installing Unmanaged Windows Agents.
The following table lists the system requirements for a Windows agent computer.
Category |
Requirement |
---|---|
Processor |
See System Requirements. |
Disk Space |
|
Memory |
|
Operating Systems |
|
Network Access |
|
Additional Requirements |
|
NOTE:NetIQ recommends installing the latest Microsoft Windows service packs and hotfixes on all computers before installing Sentinel Agent Manager components.
Since Windows workstation computers typically send relatively few events to the central computer compared with Windows servers, Sentinel Agent Manager agents deployed on workstation computers may need to communicate less frequently with their central computer than agents deployed on server computers. A workstation is a computer with Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows 2012 R2, or Windows 10 installed.
However, even when an agent has few events to send to the central computer, the agent must heartbeat regularly and keep in communication with the central computer in order to remain active. This requirement limits the number of agents a central computer can monitor, in spite of usage.
Sentinel Agent Manager uses a workstation scalability multiplier setting to allow workstation agents to communicate at longer intervals than server agents. Sentinel Agent Manager multiplies default agent communication settings, including heartbeat, computer availability, and connection retry intervals, by the scalability multiplier value for all workstation computers.
For example, when a central computer uses the default multiplier value of 36 for all workstations, all workstation computers heartbeat every 3 hours instead of the default 300 seconds. The delay reduces the performance load on the central computer, allowing one central computer to monitor a large number of workstation computers.
If your configuration group includes no workstation computers, changes to the workstation scalability multiplier setting do not affect your agent computers.
NOTE:When you deploy an agent to a workstation computer, the workstation uses the server agent heartbeat setting until the central computer sends initial configuration information to the workstation agent. After receiving configuration information, the workstation agent uses the scalability multiplier when heartbeating.
Using the Agent Manager Console, you can modify the default scalability multiplier setting. For more information about modifying global agent settings in the Agent Manager Console, see the NetIQ Agent Manager User Guide.