From version 6.1 vSEC:CMS can be installed on a host as a client Agent application. This is a lite version of vSEC:CMS Admin application which will allow an operator to perform the following tasks:
- Life cycle operations;
- PIN unblock flows, both online and offline;
- Certificate flows;
- View credential information.
The Agent application can be configured to communicate with the vSEC:CMS server either over gRPC/HTTP or SOAP/HTTP. In this article we will describe how you can install the Agent application and configure it to use gRPC or SOAP or both.
For instructions on configuring the Agent application service on the server-side refer to the article vSEC:CMS Client-Server Communication for details.
1. On the client host start the vSEC:CMS installer and click I Agree.
2. Select the Agent: Agent interface to the server option and click Next.
3. Select the default location for the installation or click Browse to install to a different location. Click Install to begin the installation.
4. When complete click Close.
It is possible to perform a silent install by passing /S to the installer. Additionally, you need to pass the URL for the backend service that the Agent application needs to connect to. The parameter name is -soap_client and you should enter the full URL for the server where the operator console service is running.
Also, it will be necessary to let the installer know that you want to install the Agent application by passing in -agent.
For example, if you run from a command prompt it would be like below:
> vSEC_CMS_Setup.exe /S -agent -soap_client http://my-cms-server:8443/adm
It will be necessary to configure the connections to the backend where the vSEC:CMS server is running. This can be done via registry.
You can set this either based on per user (HKEY_CURRENT_USER) or per host (HKEY_LOCAL_MACHINE).
Registry settings in HKEY_LOCAL_MACHINE will have higher priority over settings in HKEY_CURRENT_USER.
If you configure it per user then you need to set the below registry settings in this location:
If you configure it per host then you need to set the below registry settings in this location for 32-bit version:
for 64-bit version.
The registry values are:
Where the values can be:
1 - which sets Prefer SOAP;
2 - which sets Prefer gRPC;
3 - which sets Force SOAP;
4 - which sets Force gRPC.
Prefer SOAP and Prefer gRPC will configure the Agent application to try whichever one is set and if for whatever reason the prefered protocol is not available then the Agent application will try the other protocol.
Where you enter the URL of the backend where gRPC is listening. This would normally be configured by host name and port number, for example, http://<cms-host>:<port-number> OR if SSL/TLS is used https://<cms-host>:<port-number>
Where you enter the URL of the backend where SOAP is listening. This would normally be configured by host name and port number, for example, http://<cms-host>:<port-number>/adm OR if SSL/TLS is used https://<cms-host>:<port-number>/adm
The /adm appended to the end for SOAP protocol is important to include otherwise the connection will fail.
Operations in Agent Application
The Agent application is designed as a lite version of the Admin application where an operator can only perform operations, i.e. it will not be possible to perform configuration changes to vSEC:CMS from here. This makes the Agent application a perfect fit for persons who will be working on a daily basis performing common tasks such as credential issuances and PIN unblocks.
Depending on the role assigned to the logged on operator it will be possible to:
1. Issue credentials from the Lifecycle;
2. Perform PIN unblock/reset both online and offline for a managed credential;
3. Perform certificate issuance/reissuance for a managed credential;
4. View credentials specific details.