Jump to content

how ERA 6 identify client?


tbsky
 Share

Go to solution Solved by MartinK,

Recommended Posts

hi:

    i am confused about "server <-> agent" identify process in ERA6.

 

    in ERA 5:  when client connect to ERA server with correct password, server with create an entry with client hostname and remember the client token (I don't know how the internal works, but with the token server can identify this specific client?). if I reinstall OS, when client connect to ERA server, server will create another entry with same hostname. and there is a setting in ERA5 to merge these entries if their mac addresses are the same. so even if I reinstall OS ,ERA5 still can maintain correct client lists.

 

   in ERA6: when agent connect to ERA server with correct certificate, server will create an entry with agent ip. (if reverse dns resolving works, it will transfer ip to hostname at this stage? I don't have reverse dns so I don't know). every hour ERA will run a "rename computer" task to rename these entries from ip to hostname which is collected by agent (if the hostname already comes from reverse dns and conflict with computer name, will  rename task change it to computer name?). I think there is still a token for the server to identify the specific client. but according to the forum post, if I upgrade the agent manually, then ERA server may create another duplicate entry. so it seems the token is destroyed when agent upgrade manually.

 

  I don't know how ERA6 identify its client and how the token is generated/destroyed. also how can duplicate entries merged like ERA5 by mac address.

 

  thanks for correct my understanding!

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Every time you install AGENT, it gets unique identifier, which will pair with computer record in Webconsole. There are two basic scenarios how this identifier is generated:

  1. Identifier is generated during manual AGENT installation (manual & live installer) - and upon first connection to SERVER, respective entry is created with the same identifier and from now, this is what pairs AGENT with it's entry in computers list.
  2. Identifier is generated once you manually create computer in Webconsole (and also using synchronization). When you use remote installation task to install AGENT, it is installed on remote machine with the same identifier so that upcoming connections are pair with computer.

Duplicate entries are mostly created when you:

  • manually reinstall (uninstall + install) AGENT on client machine. In this case AGENT uses new identifier -> new computer is created in Lost & Found group.
  • run "reset cloned agent" task on specific client. Result is almost the same as AGENT was manually reinstalled, except not all data are purged (task as example)
  • synchronize computers (AD,LDAP) and install AGENT's manually. In this case, there are two identifiers for the same computer.

Currently merging computers as you mentioned is not supported. You can only "merge' multiple entries in case only one of them is "managed", which technically means removing dummy entries of computers, that had never an AGENT installed - and this merging is based on their name, which is mostly their hostname.

 

You mentioned renaming tasks: name of computer is not used to pair it with AGENT installation and once AGENT is connection, you can rename it to what ever you want. Computer name is currently used only in two scenarios:

  • name is used as target to remote installation task, therefore for this task it has to be either IP or hostname so that ERA can connect to it
  • name is used to "merge" multiple computers with the same name, but only in case no more than one of them is managed.

 

Summary: identification of computers is significantly different. ERAv5 identified computers by their HW fingerprint, which may have changed even in case you did not wanted it (i.e. you changed MAC address, or replaced some hardware). Contrary to that, ERAv6 identifies clients not by HW, but by installation which has its own disadvantages, namely problems with duplicating virtual machines, which results in two AGENT's with the same identifier

Link to comment
Share on other sites

hi:

   thanks for your detailed explanation! so let me summarize:

 

in ERA6, the unique identifier may create/trigger at client (when install agent manually at client side) or server (when create computer entry manually or by sync process at server side). in later case, we should use "agent install task" to install agent, or there will be duplicate entries.

 

this is really different than EAR5. since we use vbscript to to install Eset products, now I have to keep this process in mind.

 

but there is one thing I don't understand. you said

 

"ERAv6 identifies clients not by HW, but by installation which has its own disadvantages, namely problems with duplicating virtual machines, which results in two AGENT's with the same identifier".

 

is the problem came from duplicating virtual image (so agent unique identifier include in the image is the same). or it cause by virtual hardware, so every time it generates the same agent unique identifier?

Edited by tbsky
Link to comment
Share on other sites

  • ESET Staff

is the problem came from duplicating virtual image (so agent unique identifier include in the image is the same). or it cause by virtual hardware, so every time it generates the same agent unique identifier?

 

I meant copying already installed AGENT, which includes duplicating virtual machines, but also cloning HDD and possibly also running remote installation task multiple times on different machines but using the same entry in Webconsole.

 

Wrong usage of remote installation task: Imagine you have only one computer entry in console named Computer1.domain with identifier ID1. Once you run remote installation task on this computer, AGENT gets installed and is assigned ID1. Next day, hostname "Computer1.domain" will be pointing to different computer in your network and once you re-run installation task, you will end with two computers with installed AGENT using the same unique identifier ID1. This will cause problems, especially data received from client(s) may be mixed -> there will be still only one entry in computers list, even when two different computers will be connecting. Therefore we recommend to use remote installation task only for initial installation, and not for further repairs ...

Link to comment
Share on other sites

This will cause problems, especially data received from client(s) may be mixed -> there will be still only one entry in computers list, even when two different computers will be connecting. Therefore we recommend to use remote installation task only for initial installation, and not for further repairs ...

 

Wow! the situation you described is really a mess! 

 

thanks again for your invaluable information in this thread!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...