Agents
You manage agents through the Agents page. To access the Agents page, click Data Stores > Agents.
From the Agents page, you can:
View a list of all available agents. See Viewing List of Agents.
Edit the agent information. See Editing Agent Information.
Manage the agent's labels. See Managing Agent Labels.
View the agent's time difference information. See Agent Time Difference Information.
Viewing List of Agents
The Agents page lists all available agents. After a server restarts, it might take a while for the list to populate.
The page shows the following information about the installed agents:
| Header | Description |
|---|---|
| Agent Name | Name of the agent (automatically assigned). |
| Operating System | Operating system on which the agent is running. |
| Version | Agent version from among the supported agent platforms (for example, Linux 2.3). |
| Connection IP | The IP address of the agent. |
| Status | The status of the agent - "Connected" or "Not connected". |
| Data Stores | The number of data stores that the agent is associated with. NOTE: Modifying data store settings after assigning an agent might trigger a new agent search. If multiple compatible agents are available, the same agent isn't guaranteed to be re-selected. |
| Labels | The number of labels assigned to the agent. |
| Local Storage Only | When this option is enabled, the agent can only be used with the Local Storage data stores. When disabled (default), the agent can be used as proxy, and can be associated with other data stores (in the same network). NOTE: Disabling a currently used agent prevents it from being selected for new data stores, but does not affect its behavior in the existing data stores. |
Note
The agents are shown in any domain. The Local Storage Only option is managed independently of the domain, that is you can have an agent with the Local Storage Only option enabled in Domain A, and the same agent with the Local Storage Only option disabled in Domain B.
Use the Search box to search for an agent. Search results display agents that contain specified text in their names. By default, agents are listed in ascending alphabetic order of their names.
Editing Agent Information
Click the ellipsis icon (
) for the selected agent.Click the View/Edit option that is displayed in the overflow menu.
The agent details screen displays. It shows the same information as the main Agents screen, split in the GENERAL and LABELS sections.
Modify the agent information as desired and click Save Changes.
Managing Agent Labels
A label is a way to mark an agent, for example its special features, such as its data store scanning capabilities and scanning performance.
For example, you could label an agent "Oracle" if it scans Oracle databases, or "Critical" if it's dedicated to scanning data stores with highly sensitive information.
There are no predefined labels, but you can make custom labels as needed. After a custom label is created, it cannot be modified. However, you can assign new labels to the agent. An agent can have multiple labels. Agent labels can only be created in the Labels section inside the agents.
Also, after an agent is assigned to a data store, there is no option to re-launch automatic agent selection.
To add or edit the labels for an agent:
Click the ellipsis icon (
) for the selected agent.Click the View/Edit option.
Modify the agent labels as desired (add or remove) and click Save Changes.
Note
Editing the labels list affects the automatic agent selection. This is to say that:
If you add a label and that label is already used by other data stores then these data stores will be able to use that agent for scanning.
If you remove or edit a label then any data stores that were assigned to that agent that shared that removed label with the agent should be reassigned by re-launching automatic agent assignment for the affected data stores. Note that removing or editing a shared label does not break the current assignment of the agent and the data stores.
Agent Time Difference Information
When there is a time difference between the scanner service (where CM is deployed) and the agent machine (where the agent is installed) a clock icon is shown with the difference in seconds (always in seconds):
| Icon | Description |
|---|---|
 | This is the kind of warning that you will see if the time is behind the CM clock. |
 | This is the kind of warning that you will see if the time is ahead of the CM clock. |
Tip
When the date/time has been changed in the agent machine, it's necessary to restart the agent service.
Warning
Be careful when the scan is launched and there is a difference between the scanner service and agent machine. If the agent's clock is slower that scanner service, then the scan will start at that time. Furthermore, it will also delay resuming a scan when using the auto-pause functionality.
Note
If your Agent's system clock does not match with a Cloud Data Store's clock, you may hit issues while adding the Cloud Data Store in DDC, so it is highly recommended to set up a NTP server to synchronize the clocks. This can be achieved in the following manner:
In CM through the Admin Settings -> NTP.
For Windows agents, refer to: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/configure-authoritative-time-server.
For RedHat / CentOS agents, refer to: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-configuring_ntp_using_ntpd.
For Ubuntu agents, refer to: https://ubuntu.com/server/docs/network-ntp.
Automatic Agent Selection
Data stores that do not have a DDC Agent installed on the same host require using a DDC Agent as a proxy to get from the CM appliance to the data store endpoint. To achieve this, data stores select agents automatically.
Note
To control the agents that can scan a particular Data Store, please check that the desired agent has granted the access to it. At the same time, block connections from any other agent at network layer.
When a data store is added, the following situations can occur:
DDC searches for a compatible agent: When DDC searches for a compatible Agent, a rotating spinner next to the data store's name is displayed. If you hover the mouse over the spinner, "Waiting for Agent" is shown.
DDC finds a compatible agent: When a compatible agent is found, no spinner is seen next to the name. You can now test its connectivity with the Agent by clicking the "Test Connection" button inside the data store's settings. Refer to "Editing Data Stores" on page 1 for details.
DDC does not find a compatible agent: DDC retries the agent selection for seven days. If cannot find a compatible agent in seven days, an error icon is displayed. If you hover the mouse over the icon, it states "Agent not available". The "Find Agent" button to relaunch the Agent selection is visible on clicking the overflow icon (
) next to the data store.
To relaunch automatic agent selection for a data store:
In the Data Discovery application, click the ellipsis icon (
) corresponding to the desired data store. A shortcut menu appears.Click Find Agent.
Note
Instructions to install and configure DDC Agents can be found in the Data Discovery and Classification Deployment Guide.
Port
11117on the CM appliance must be accessible from DDC Agent hosts.Data store endpoint needs to be accessible from DDC Agent hosts.
To proxy requests to database stores, a Windows-based DDC Agent is required.
To proxy requests to Hadoop data stores, a Linux-based DDC Agent is required.
When the DDC Agent is properly identified, the data store status changes to ready. At this point, it is now possible to run scans against this data store.
Automatic agent selection algorithm only considers DDC Agents with "Local Storage Only" enabled for Local Storage Data Stores. Refer to Viewing List of Agents for details.
