- Does installing the Agent client require a reboot on the client computer?
No, installing the Agent on the client computer does not require a reboot on the computer. After the Agent is installed it starts and connects to Secret Server automatically.
- How are the Agent clients upgraded?
When an Agent connects to Secret Server the first check that is done is to see if there is a new version of the client available. If this is the case, the new Agent version will be automatically downloaded and upgraded. After the upgrade is complete the Agent will re-connect to Secret Server automatically. This means that you only need to upgrade your Secret Server instance and the agents will then automatically upgrade themselves.
- How is Agent secure?
When you install Secret Server, a 2048 bit public/private RSA key pair is generated on Secret Server. Whenever a new agent is created, it has a copy of Secret Server's public key and also generates its own unique public/private key pair.
When the agent connects to Secret Server, it verifies identity with Secret Server using its key pair and verifies Secret Servers identity using the other key pair. After the handshake is complete, a 256 bit AES key will be generated by Secret Server and sent to the Agent using the Agent's public key. This ensures that only the Agent can decrypt and know the AES 256 key.
For the remainder of the duration of the connection between the agent and secret server, this AES 256 key will be used for all encryption. In summary, the agent uses a 2048 bit RSA key for the initial connection and identity verification, and AES 256 for all future messages sent between Secret Server and the agent.
This mechanism is very similar to how HTTPS/SSL connections are negotiated in a standard web browser typically for securing e-commerce transactions.
- How does Agent work in a clustered environment?
When configuring the Agent with in Secret Server the Host Name can be semi-colon separated list. In a clustered, load-balanced environment scenario the address of the primary node and then all secondary nodes should be given as the Host Name. When the agents connect to the server, they will update their list of available hosts. If the primary goes down the agents will attempt to connect to each of the hosts with the list until it is able to reconnect. When adding a new node to the cluster be sure to add it to the Agent Configuration to ensure agents can always reconnect.
Article ID: 148, Created On: 3/3/2011, Modified: 8/18/2011