Introduction
From version 6.1 vSEC:CMS can be installed on a host as a client Agent application. This is a lite version of vSEC:CMS Admin application which will allow an operator to perform the following tasks:
- Life cycle operations;
- PIN unblock flows, both online and offline;
- Certificate flows;
- View credential information;
- Credential Updates.
The Agent application can be configured to communicate with the vSEC:CMS server either over gRPC/HTTP(S) or SOAP/HTTP(S). In this article we will describe how you can install the Agent application and configure it to use gRPC or SOAP or both.
For instructions on configuring the Agent application service on the server-side refer to the article vSEC:CMS Client-Server Communication for details.
Install
1. On the client host start the vSEC:CMS installer and click I Agree.
2. Select the Agent: Agent interface to the server option and click Next.
3. Select the default location for the installation or click Browse to install to a different location. Click Install to begin the installation.
4. When complete click Close.
Configure
It will be necessary to configure the connections to the backend where the vSEC:CMS server is running. This can be done via registry.
You can set this either based on per user (HKEY_CURRENT_USER) or per host (HKEY_LOCAL_MACHINE).
Registry settings in HKEY_LOCAL_MACHINE will have higher priority over settings in HKEY_CURRENT_USER.
If you configure it per user then you need to set the below registry settings in this location:
[HKEY_CURRENT_USER\Software\Versatile Security\vSEC_CMS_T]
If you configure it per host then you need to set the below registry settings in this location for 32-bit version:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Versatile Security\vSEC_CMS_T]
And here:
[HKEY_LOCAL_MACHINE\SOFTWARE\Versatile Security\vSEC_CMS_T]
for 64-bit version.
The registry values are:
cms.adm.server.protocol (DWORD)
Where the values can be:
1 - which sets Prefer SOAP;
2 - which sets Prefer gRPC;
3 - which sets Force SOAP;
4 - which sets Force gRPC.
Prefer SOAP and Prefer gRPC will configure the Agent application to try whichever one is set and if for whatever reason the prefered protocol is not available then the Agent application will try the other protocol.
grpc.adm.server.url (String)
Where you enter the URL of the backend where gRPC is listening. This would normally be configured by host name and port number, for example, http://<cms-host>:<port-number> OR if SSL/TLS is used https://<cms-host>:<port-number>
soap.adm.server.url (String)
Where you enter the URL of the backend where SOAP is listening. This would normally be configured by host name and port number, for example, http://<cms-host>:<port-number>/adm OR if SSL/TLS is used https://<cms-host>:<port-number>/adm
The /adm appended to the end for SOAP protocol is important to include otherwise the connection will fail.
Silent Installation
It is possible to perform a silent install and configure the protocol and URL that the Agent application should use. You will need to pass in some parameters to achieve this. There are 4 possible scenarios in how this can be done. These parameters that you should pass in are:
/S : This is to inform the installer that you are installing silently.
-agent : This is to inform the installer that you are installing the Agent application.
-soap_client : This is the URL to the backend for SOAP protocol communication.
-grpc_client : This is the URL to the backend for gRPC protocol communication.
-server_proto : This is to configure either of the 4 protocol options below.
Options 1 - Install Agent with prefer SOAP
If you want to install the Agent application on a client where prefer SOAP is the protocol choice then the application will try to use SOAP first as the protocol and if for whatever reason SOAP communication is not possible then the fall-back will be to use gRPC. Below is an example command.
vSEC_CMS_Setup.exe /S -agent -soap_client "https://my-cms-server:8443/adm" -grpc_client "https://my-cms-server:8446/" -server_proto 1
Options 2 - Install Agent with force SOAP
If you want to install the Agent application on a client where force SOAP is the protocol choice then the application will try to use SOAP as the protocol only. Below is an example command.
vSEC_CMS_Setup.exe /S -agent -soap_client "https://my-cms-server:8443/adm" -server_proto 3
Options 3 - Install Agent with prefer gRPC
If you want to install the Agent application on a client where prefer gRPC is the protocol choice then the application will try to use gRPC first as the protocol and if for whatever reason gRPC communication is not possible then the fall-back will be to use SOAP. Below is an example command.
vSEC_CMS_Setup.exe /S -agent -grpc_client "https://my-cms-server:8446/" -soap_client "https://my-cms-server:8443/adm" -server_proto 2
Options 4 - Install Agent with force gRPC
If you want to install the Agent application on a client where force gRPC is the protocol choice then the application will try to use gRPC as the protocol only. Below is an example command.
vSEC_CMS_Setup.exe /S -agent -grpc_client "https://my-cms-server:8446/" -server_proto 4
Operations in Agent Application
The Agent application is designed as a lite version of the Admin application where an operator can only perform operations, i.e. it will not be possible to perform configuration changes to vSEC:CMS from here. This makes the Agent application a perfect fit for persons who will be working on a daily basis performing common tasks such as credential issuances and PIN unblocks.
Depending on the role assigned to the logged on operator it will be possible to:
1. Issue credentials from the Lifecycle;
2. Perform PIN unblock/reset both online and offline for a managed credential;
3. Perform certificate issuance/reissuance for a managed credential;
4. View credentials specific details;
5. Update credentials when updates are pending for a managed credential.
Comments
0 comments
Please sign in to leave a comment.