You manage agents through the Agents page, which is accessed by clicking the Data Stores then Agents link in the Data Discovery sidebar on the left.
From the Agents page you can:
View a list of all available agents. See Viewing List of Agents.
Edit the agent information. See Editing Agent Information.
Manage the agent's labels. See Managing Agent Labels.
View the agent's time difference information. See Agent Time Difference Information.
Viewing List of Agents
The Agents page lists all agents. If the server has been restarted, the agent list may be empty for a while.
To navigate to the Agents page, click the Data Discovery and Classification panel in the CipherTrust Manager dashboard, then click to expand the Data Stores menu in the navigation panel on the left, then click Agents.
The page employs the form of a table to show the following information:
|Name||Agent name (automatically assigned).|
|Version||Agent version from among the supported agent platforms (for example, Linux 2.3).|
|Connection IP||The IP address of the agent.|
|Data Stores||The number of data stores that the agent is associated with.|
NOTE: When you add a DataStore and an agent is associated with this DataStore, that agent will be used for that DataStore in any scan. If the configuration of the DataStore is saved after the association of the agent, a new agent search will be launched. Then, if there are several agents which can be associated with this DataStore, there is no guarantee that the same agent will be always selected.
|Status||The status of the agent - "Connected" or "Not connected".|
|Labels||The number of labels that the agent has.|
|Local Storage Only||When this option is enabled, that agent can be used ONLY with Local Storage Data Stores. When it is disabled, that agent can be used as proxy, and it can be associated with other DataStores (in the same network). The default value is disabled (i.e. the Local Storage Only toggle switch if off).|
NOTE: Disabling an agent in use will prevent it from being selected, but will not affect its behavior in the existing data stores.
The agents are shown in any domain. The Local Storage Only option is managed independently of the domain, that is you can have an agent with the Local Storage Only option enabled in Domain A, and the same agent with the Local Storage Only option disabled in Domain B.
Use the Search text box to search for an agent. Search results display agents that contain specified text in their names. By default, agents are listed in ascending alphabetic order of their names.
Editing Agent Information
Click the overflow icon () for the selected agent.
Click the View/Edit option that is displayed in the overflow menu.
The agent details screen opens. It shows the same information as the main Agents screen in the GENERAL section, plus the agent label information in the LABELS section.
Modify whatever agent information you need to modify and click Save Changes.
Managing Agent Labels
A label is a way to mark an agent, for example its special features, such as its data store scanning capabilities, scanning performance, etc. For example, if you have an agent that's capable of scanning the Oracle database you can label it as "Oracle". If you have an agent dedicated to scanning critical data stores (i.e. containing a lot of sensitive information) you may want to assign it a "Critical" label.
There are no predefined labels, you can make them up as needed. The label can be changed to another one, but not updated. Indeed, you can update the list of the labels. Also, once an agent is assigned to a datastore, there is no option to re-launch the automatic selection. One agent can have many labels assigned to it. Agent labels can only be created in the Labels section inside the agents.
To edit the labels for an agent:
Click the overflow icon () for the selected agent.
Click the Manage Labels option that is displayed in the overflow menu. The agent details screen opens.
Modify the agent labels as desired (add or remove) and click Save Changes to save your changes.
Editing the labels list affects the automatic agent selection. This is to say that:
⚫ If you add a label and that label is already used by other data stores then these data stores will be able to use that agent for scanning.
⚫ If you remove or edit a label then any data stores that were assigned to that agent that shared that removed label with the agent should be reassigned by re-launching automatic agent assignment for the affected data stores. Note that removing or editing a shared label does not break the current assignment of the agent and the data stores.
Agent Time Difference Information
When there is a time difference between the scanner service (where CM is deployed) and the agent machine (where the agent is installed) a clock icon is shown with the difference in seconds (always in seconds):
|This is the kind of warning that you will see if the time is behind the CM clock.|
|This is the kind of warning that you will see if the time is ahead of the CM clock.|
When the date/time has been changed in the agent machine, it's necessary to restart the agent service.
Be careful when the scan is launched and there is a difference between the scanner service and agent machine. If the agent's clock is slower that scanner service, then the scan will start at that time. Furthermore, it will also delay resuming a scan when using the auto-pause functionality.
If your Agent's system clock does not match with a Cloud Data Store's clock, you may hit issues while adding the Cloud Data Store in DDC, so it is highly recommended to set up a NTP server to synchronize the clocks. This can be achieved in the following manner:
⚫ In CM through the Admin Settings -> NTP.
⚫ For Windows agents refer to: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/configure-authoritative-time-server.
⚫ For RedHat / CentOS agents refer to: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-configuring_ntp_using_ntpd.
⚫ For Ubuntu agents refer to: https://ubuntu.com/server/docs/network-ntp.