Install Agent Application

Anthony - Versasec Support
Anthony - Versasec Support
  • Updated

Introduction

Starting from version 6.1, vSEC:CMS can be installed on a host as a client Agent Application. This version serves as a lighter alternative to the full vSEC:CMS Admin Application, enabling operators to perform the following tasks:

  • Life cycle operations.
  • PIN unblock flows, both online and offline.
  • Certificate flows.
  • View credential information.
  • Credential Updates.

The Agent Application can be configured to communicate securely with the vSEC:CMS Server using gRPC, with the option to enable or disable SSL/TLS encryption.

Important
Starting March 2024, we will discontinue support for SOAP client interface. For optimal performance and compatibility, it is recommended to select force gRPC in the protocol dropdown list.
Note
For instructions on configuring the Agent Application service on the server-side, refer to the article vSEC:CMS Client-Server Communication for details.

Installation

  1. Start the vSEC:CMS installer on the client host and click I Agree.
  2. Select the Agent: Agent interface to the server option and click Next.
  3. Select the default location for the installation or click Browse to install to a different location. Click Install to begin the installation.
  4. When it's finished, you can click Close.

Configuration

Starting from version 6.3, you can configure the connection settings by launching the application from the desktop shortcut. Upon launching the console for the first time, you will encounter a dialog similar to the one below.

agent_application_settings-w450.png

Configuring gRPC connection to the vSEC:CMS Server:

  1. From the Protocol dropdown list, select Force gRPC.
  2. Locate the Server URL (gRPC) field in the dialog box.
  3. Enter the URL of the backend server where gRPC is listening, in the following format.
    • http://<server-host>:<port-number>
    • https://<server-host>:<port-number> if SSL/TLS is enabled.
  4. Once the URL is entered, click Test to check the connection.
  5. After verifying the connection status, click Ok to finish setup.

By completing these instructions, you'll have successfully configured your gRPC connection to the vSEC:CMS Server, enabling seamless credential operations via vSEC:CMS Agent Application.

Silent Installation

It is possible to perform a silent install and configure the backend connection using the following parameters:

  • /S: Use this parameter to initiate silent installation.
  • -agent: Select Agent Application for installation.
  • -grpc_client: Specifies the Server URL for the gRPC listener.
  • -server_proto 4: Specifies the use of the gRPC protocol.

Silent Installation via PowerShell

Below is an example demonstrating the utilization of silent install parameters, in conjunction with the Server URL:

PS C:\> .\vSEC_CMS_Setup.exe /S -agent -grpc_client "https://vSEC-CMS:50550/" -server_proto 4
Ensure that the entered Server URL is valid and accessible from the client. Additionally, make sure to run the PowerShell session with administrative privileges.

Registry Configuration

You also have the option to configure the Agent Application through the registry, utilizing either host-wide configurations or per-user settings.

Registry Path

For per-user configurations, use the following registry location:

[HKEY_CURRENT_USER\Software\Versatile Security\vSEC_CMS_T]

For host-wide configurations, use this registry location:

[HKEY_LOCAL_MACHINE\SOFTWARE\Versatile Security\vSEC_CMS_T]

Registry Settings

The registry values are:

  • cms.adm.server.protocol: REG_DWORD
    • 4: Force gRPC
  • grpc.adm.server.url: REG_SZ
    • http://<server-host>:<port-number>
    • https://<server-host>:<port-number>if SSL/TLS is enabled.

Agent Application Operations

The Agent Application is designed for operational tasks and does not support configuration changes to vSEC:CMS. Operators can perform various actions depending on their assigned roles, including issuing credentials, managing PINs, handling certificates, viewing credential details, and updating credentials. This makes it ideal for daily operational tasks.