Agent in TCP Mode

TCP Mode Overview

TCP mode of agent installation is suitable to manage systems that are in a LAN or for those systems that can be communicated to, by the PatchQuest server over a secure VPN tunnel.

The two-way communication between the PatchQuest server and the agent is via a TCP connection (port to port). The agent will have a TCP port (default:9001) open in the system and talk to the server on its own TCP port (default port:9000). Data is encrypted and the communication is secured using SSL. Patch management tasks are initiated from the web interface of PatchQuest. The PQ Server contacts the agent and assigns the tasks. PQ Agent will perform the tasks on the system and send the response back to the server on the same connection.

Enterprise Setup

Consider a scenario within an enterprise network where a few systems are "highly" secured or present in a DMZ (De-Militarized Zone) - wherein remote access is not permitted, ADMIN$ shares are disabled, remote registry service is disabled or systems have a firewall enabled which blocks external access. It becomes practically impossible to manage such systems in the remote or agentless mode as they cannot be easily contacted by the PatchQuest Server. In such cases, installing PatchQuest Agents on these systems and enabling TCP port 9001 in the firewall for access by the Server will making patch management permissible.

Setting up PatchQuest Server in the enterprise

The PatchQuest Server will be installed on a high-end machine in the internal network / server data center. TCP port 9000 must be open in this machine for PQ Agents to communicate to the Server over TCP.

Administrators can login to the web interface of PatchQuest either from the server data center or enterprise internal network.

Setting Up PatchQuest Agents in the enterprise network machines

Access the web interface of the PQ Server as : https://<server-name>:8443/
Login and download the PQ Agents (Windows) from the Home tab
Copy and install the PQ Agents on systems that need to be managed
During the installation, configure the agent's TCP port (default 9001)
Provide the name or IP address of the PQ server machine as Server Name to the agent during installation
Change the Server TCP port (default:9000) if and only if this value has been changed during Server installation.
Start the agent at the end of the installation screen
Login to the web interface of PQ, visit the Systems tab and see your agents listed there
Carry out patch management operations on the agents from the web interfaces

Installation

The PQ agent is available as an executable file (AdventNetPQWinAgent.exe) in the <Server_Install_Dir>/AdventNet/SecureCentral/ PatchQuest/agent/windows directory of the PatchQuest Server. Copy the agent to your target machines, execute the file and follow the instructions. Choose SSL/TCP mode when prompted for during the installation.

Alternatively, you can connect to the PatchQuest Server from a browser in the target machine, using the URL : https://server_name:portnumber. (e.g. https://localhost:8443). Login and visit the 'Home' tab.

Use the 'Download Agent - Windows' link to download and install the PatchQuest agent (.exe file) in that particular system. Carry out the same step for the desired number of target machines. Choose SSL/TCP mode when prompted for during the installation.

NOTE: Automatic install of agents via the PatchQuest web console is not supported! PatchQuest agents can only be installed manually by downloading/copying the agent installable onto the target machines or by using your own logon scripts and doing a silent-install of the agent. The instructions for a silent-install are available here: http://forums.adventnet.com/viewtopic.php?t=5143.

Agent Configurations for TCP Mode

There are some parameters that need to be configured for this mode. These are configurations are effected in any of the following ways:

During Agent Installation
By editing two config files - agent.ini & server.ini in the agent installation, if required at a later point
From the web interface of PatchQuest --> 'Configure System Info' screen for the agent system listed

Here are the parameters :

Mode: Property to be changed in agent.ini & server.ini file: transport=ssl
Agent Port : Default is 9001. This is the port on the agent machine through which the PQ agent communicates with the PatchQuest Server. Property in agent.ini file: requestport
Server Name : The System Name or IP address of the PatchQuest server machine to which agent communicates. Property in server.ini file: server
Server Port : Default is 9000. The TCP port on which the PQ server communicates to the agent. Property in server.ini file: sslport

Do not alter Server Port value unless and until this has been changed accordingly during PatchQuest Server installation.