Introduction
Starting from version 6.1, vSEC:CMS can be installed on a host as a client Agent Application. This version serves as a lighter alternative to the full vSEC:CMS Admin Application, enabling operators to perform the following tasks:
- Life cycle operations.
- PIN unblock flows, both online and offline.
- Certificate flows.
- View credential information.
- Credential Updates.
The Agent Application can be configured to communicate securely with the vSEC:CMS Server using gRPC, with the option to enable or disable SSL/TLS encryption.
Starting March 2024, we will stop supporting the SOAP client interface. For best performance and compatibility, please switch to gRPC in the protocol settings. While SOAP will still be included in the product, we will no longer provide support for any problems you encounter while using it.
For instructions on configuring the Agent Application service on the server-side, refer to the article vSEC:CMS Client-Server Communication for details.
Installation
- Start the vSEC:CMS installer on the client host and click I Agree.
- Select the Agent: Agent interface to the server option and click Next.
- Select the default location for the installation or click Browse to install to a different location. Click Install to begin the installation.
- When it's finished, you can click Close.
Configuration
Starting from version 6.3, you can configure the connection settings by launching the application from the desktop shortcut. Upon launching the console for the first time, you will encounter a dialog similar to the one below.
Configuring gRPC connection to the vSEC:CMS Server:
- From the Protocol dropdown list, select Force gRPC.
- Locate the Server URL (gRPC) field in the dialog box.
-
Enter the URL of the backend server where gRPC is listening, in the following format.
http://<server-host>:<port-number>https://<server-host>:<port-number>if SSL/TLS is enabled.
- Once the URL is entered, click Test to check the connection.
- After verifying the connection status, click Ok to finish setup.
By completing these instructions, you'll have successfully configured your gRPC connection to the vSEC:CMS Server, enabling seamless credential operations via vSEC:CMS Agent Application.
Silent Installation
It is possible to perform a silent install and configure the backend connection using the following parameters:
/S: Use this parameter to initiate silent installation.-agent: Select Agent Application for installation.-grpc_client: Specifies the Server URL for the gRPC listener.-server_proto 4: Specifies the use of the gRPC protocol.
Silent Installation via PowerShell
Below is an example demonstrating the utilization of silent install parameters, in conjunction with the Server URL:
PS C:\> .\vSEC_CMS_Setup.exe /S -agent -grpc_client "https://vSEC-CMS:50550/" -server_proto 4
Registry Configuration
You also have the option to configure the Agent Application through the registry, utilizing either host-wide configurations or per-user settings.
Registry Path
For per-user configurations, use the following registry location:
[HKEY_CURRENT_USER\Software\Versatile Security\vSEC_CMS_T]
For host-wide configurations, use this registry location:
[HKEY_LOCAL_MACHINE\SOFTWARE\Versatile Security\vSEC_CMS_T]
Registry Settings
The registry values are:
-
cms.adm.server.protocol: REG_DWORD4: Force gRPC
-
grpc.adm.server.url: REG_SZhttp://<server-host>:<port-number>https://<server-host>:<port-number>if SSL/TLS is enabled.
Agent Application Operations
The Agent Application is designed for operational tasks and does not support configuration changes to vSEC:CMS. Operators can perform various actions depending on their assigned roles, including issuing credentials, managing PINs, handling certificates, viewing credential details, and updating credentials. This makes it ideal for daily operational tasks.