Agents
You manage agents through the Agents page, which is accessed by clicking the Data Stores then Agents link in the Data Discovery sidebar on the left.
From the Agents page, you can:
View a list of all available agents. See Viewing List of Agents.
Edit the agent information. See Editing Agent Information.
Manage the agent's labels. See Managing Agent Labels.
View the agent's time difference information. See Agent Time Difference Information.
Viewing List of Agents
The Agents page lists all agents. If the server has been restarted, the agent list may be empty for a while.
To navigate to the Agents page, click the Data Discovery and Classification panel in the CipherTrust Manager dashboard, then click to expand the Data Stores menu in the navigation panel on the left, then click Agents.
The page employs the form of a table to show the following information:
| Item | Description |
|---|---|
| Name | Agent name (automatically assigned). |
| Version | Agent version from among the supported agent platforms (for example, Linux 2.3). |
| Connection IP | The IP address of the agent. |
| Data Stores | The number of data stores that the agent is associated with. NOTE: When you add a data store and an agent is associated with this data store, that agent will be used for that data store in any scan. If the configuration of the data store is saved after the association of the agent, a new agent search will be launched. Then, if there are several agents which can be associated with this data store, there is no guarantee that the same agent will be always selected. |
| Status | The status of the agent - "Connected" or "Not connected". |
| Labels | The number of labels that the agent has. |
| Local Storage Only | When this option is enabled, that agent can be used ONLY with Local Storage Data Stores. When it is disabled, that agent can be used as proxy, and it can be associated with other data stores (in the same network). The default value is disabled (i.e. the Local Storage Only toggle switch if off). NOTE: Disabling an agent in use will prevent it from being selected, but will not affect its behavior in the existing data stores. |
Note
The agents are shown in any domain. The Local Storage Only option is managed independently of the domain, that is you can have an agent with the Local Storage Only option enabled in Domain A, and the same agent with the Local Storage Only option disabled in Domain B.
Use the Search text box to search for an agent. Search results display agents that contain specified text in their names. By default, agents are listed in ascending alphabetic order of their names.
Editing Agent Information
Click the overflow icon (
) for the selected agent.Click the View/Edit option that is displayed in the overflow menu.
The agent details screen opens. It shows the same information as the main Agents screen in the GENERAL section, plus the agent label information in the LABELS section.Modify whatever agent information you need to modify and click Save Changes.
Managing Agent Labels
A label is a way to mark an agent, for example its special features, such as its data store scanning capabilities, scanning performance, etc. For example, if you have an agent that's capable of scanning the Oracle database you can label it as "Oracle". If you have an agent dedicated to scanning critical data stores (i.e. containing a lot of sensitive information) you may want to assign it a "Critical" label.
There are no predefined labels, you can make them up as needed. The label can be changed to another one, but not updated. Indeed, you can update the list of the labels. Also, once an agent is assigned to a data store, there is no option to re-launch the automatic selection. One agent can have many labels assigned to it. Agent labels can only be created in the Labels section inside the agents.
To edit the labels for an agent:
Click the overflow icon (
) for the selected agent.Click the Manage Labels option that is displayed in the overflow menu. The agent details screen opens.
Modify the agent labels as desired (add or remove) and click Save Changes to save your changes.
Note
Editing the labels list affects the automatic agent selection. This is to say that:
If you add a label and that label is already used by other data stores then these data stores will be able to use that agent for scanning.
If you remove or edit a label then any data stores that were assigned to that agent that shared that removed label with the agent should be reassigned by re-launching automatic agent assignment for the affected data stores. Note that removing or editing a shared label does not break the current assignment of the agent and the data stores.
Agent Time Difference Information
When there is a time difference between the scanner service (where CM is deployed) and the agent machine (where the agent is installed) a clock icon is shown with the difference in seconds (always in seconds):
| Icon | Description |
|---|---|
 | This is the kind of warning that you will see if the time is behind the CM clock. |
 | This is the kind of warning that you will see if the time is ahead of the CM clock. |
Tip
When the date/time has been changed in the agent machine, it's necessary to restart the agent service.
Warning
Be careful when the scan is launched and there is a difference between the scanner service and agent machine. If the agent's clock is slower that scanner service, then the scan will start at that time. Furthermore, it will also delay resuming a scan when using the auto-pause functionality.
Note
If your Agent's system clock does not match with a Cloud Data Store's clock, you may hit issues while adding the Cloud Data Store in DDC, so it is highly recommended to set up a NTP server to synchronize the clocks. This can be achieved in the following manner:
In CM through the Admin Settings -> NTP.
For Windows agents, refer to: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/configure-authoritative-time-server.
For RedHat / CentOS agents, refer to: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-configuring_ntp_using_ntpd.
For Ubuntu agents, refer to: https://ubuntu.com/server/docs/network-ntp.
Automatic Agent Selection
Data stores that do not have a DDC Agent installed on the same host require using a DDC Agent as a proxy to get from the CM appliance to the data store endpoint. To achieve this, data stores select agents automatically.
Note
To control the agents that can scan a particular Data Store, please check that the desired agent has granted the access to it. At the same time, block connections from any other agent at network layer.
When a data store is added, the following situations can occur:
DDC searches for a compatible agent: When DDC searches for a compatible Agent, a rotating spinner next to the data store's name is displayed. If you hover the mouse over the spinner, "Waiting for Agent" is shown.
DDC finds a compatible agent: When a compatible agent is found, no spinner is seen next to the name. You can now test its connectivity with the Agent by clicking the "Test Connection" button inside the data store's settings. Refer to "Editing Data Stores" on page 1 for details.
DDC does not find a compatible agent: DDC retries the agent selection for seven days. If cannot find a compatible agent in seven days, an error icon is displayed. If you hover the mouse over the icon, it states "Agent not available". The "Find Agent" button to relaunch the Agent selection is visible on clicking the overflow icon (
) next to the data store.
To relaunch automatic agent selection for a data store:
In the Data Discovery application, click the overflow icon (
) corresponding to the desired data store. A shortcut menu appears.Click Find Agent.
Note
Instructions to install and configure DDC Agents can be found in the Data Discovery and Classification Deployment Guide.
Port
11117on the CM appliance must be accessible from DDC Agent hosts.Data store endpoint needs to be accessible from DDC Agent hosts.
To proxy requests to database stores, a Windows-based DDC Agent is required.
To proxy requests to Hadoop data stores, a Linux-based DDC Agent is required.
When the DDC Agent is properly identified, the data store status changes to ready. At this point, it is now possible to run scans against this data store.
Automatic agent selection algorithm only considers DDC Agents with "Local Storage Only" enabled for Local Storage Data Stores. Refer to Viewing List of Agents for details.
