Prepare a Gold Machine Image with Data Center Security Agent Installed
search cancel

Prepare a Gold Machine Image with Data Center Security Agent Installed

book

Article ID: 164672

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

Need process to create a drive image with Data Center Security (DCS) agent already installed

Environment

***All steps described in reference to DCS agent; for SCSP agent the file paths will need to change as per agent installation directory***

Resolution

Every installation of the Data Center Security client creates a unique agent ID to that installation when the IPS service first starts. If using a computer with the DCS client to create a drive image, and if that image is used to create clones of that computer on the same network, then each computer will have the same Agent ID. This can cause problems in the DCS Manager as the agents with the same ID will be considered duplicates.

You can prevent these problems by creating a drive image that does not have a DCS Client agent ID.

 

  1. Install the operating system, and apply all of the patches required. Do not install the DCS agent.
  2. Install any other software needed except the DCS agent that will be on the image.
  3. Install the DCS agent after all of the other installations are complete.
  4. Reboot
  5. Before you save the image, stop the DCS agent services
    In Linux:
  • /etc/init.d/sisipsagent stop
  • /etc/init.d/sisidsagent stop
  • /etc/init.d/sisipsutil stop
     
  1. In Windows:
    stop the following services:
  • Symantec Data Center Security Server Agent
  • Symantec Data Center Security Server IDS Agent
  • Symantec Data Center Security Server Utility
     

    To stop and start the DCS Agent services, you must use sisservicectrl.exe via CMD.

    To stop the IPS Service
    sisservicectrl.exe stop sisipsservice

    To stop the IDS Service
    sisservicectrl.exe stop sisidsservice

    To stop the Utility Service
    sisservicectrl.exe stop sisipsutil

    To start the services use the same commands, but specify start instead of stop.

  1. Go to /etc/sisips/ in Linux ;  in Windows C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS There are 2 way to do it. One editing file and one to run the forcereg tool.
    • Option 1 :
      • Open the following files
        • agent.ini
        • agent.ini.1
        • fallback.ini
        • fallback.ini.1
        • Locate the agent.id line and delete the value after the "=" sign
        • Save the agent.ini file
        • Create the image
    • Option 2 :
      • On Windows, run "sisipsconfig.exe -forcereg". For Linux, run "./sisipsconfig.sh -forcereg" (running this tool will blank out all the agent.id)
      • Note: If you're on Linux, you'll need to "su sisips" first before running command
      • Create the image (without starting the services)

 

Once the image is deployed, make sure you have changed the hostname and IP prior to connect it to the network.

Once on the network, start the DCS services.

At this point, the agent should check in with the manager and get a new agent ID assigned.

If the system fails to show in the assets list, run "sisipsconfig.exe -forcereg" (./sisipsconfig.sh -forcereg on linux) to reset the agent ID.

 

 

 

Powered by Wolken Software