RSCD Agent and Smart Agent Installation for Azure connectors
This topic provides an overview of and instructions to install RSCD Agent and Smart Agent for Azure on-premises and Azure cloud connectors.
- Introduction
- RSCD Agent
- SmartAgent
- Supported Platforms
- Flow
- Prerequisites for installing RSCD agent
- Importing BMC Azure VM RSCD Discovery Policy 1.2.0 from Policy Library for connector policy mapping
- Parameters required for RSCD Agent installation on Azure VM
- More Links
- Rules Supported by BMC Azure VM RSCD Discovery Policy 1.2.0
Introduction
Architecture of TSSA requires that the RSCD agents running on targets are accessible either directly or indirectly via SOCKS proxies. For any actions or job executions on targets, the TrueSight Server Automation (TSSA) uses RSCD protocol which requires a persistent TCP connection to targets. Customers have started moving their workloads to public clouds like AWS, Azure, GCP and Alibaba and they want to manage their VMs running in these clouds via TSSA. Most of the VMs in these clouds run in their virtual private networks and not reachable directly. There are several thousands of such isolated or disconnected networks, and it becomes challenging for customers to setup thousands of SOCKS proxies for each such network, for TSSA to manage the VMs sitting in those network. Hence there is a need for a solution that is simple to deploy and manage for existing TSSA customers.
RSCD Agent
- RSCD Agent (Remote System Call Daemon) Server-side agent that TrueSight Server Automation accesses for executing various commands for patching, compliance, executing scripts, etc.
Role of RSCD Agent -
- RSCD agent only accepts incoming connections and talks in RSCD protocol.
SmartAgent
Agent running on VM which is provisioned either in public/private cloud or data centers. SmartAgent is light weight agent which runs along side RSCD and monitors the health of RSCD and reports the heartbeat to SmartHub.
Role of SmartAgent -
- Monitor RSCD state/status.
- Automatically enroll servers without manual intervention.
Supported Platforms
Smart Agent is supported for RHEL and Windows only.
Supported Operating System
- 64-bit Operating System for RHEL.
- 64-bit Operating System for Windows..
Qualified Versions and Builds details used for testing purpose
- Linux VM - Red Hat Enterprise 7.7
- Azure VM - Windows Server 2012, 2015, 2016, 2017
- Linux RSCD Installer Build - BladeLogic_RSCD_Agent-release_2002_hotfix-20.02.00.31-rhas5.0-x86_64.rpm
- Windows RSCD Installer Build - RSCD-WIN64-release_2002_hotfix-31.msi
- VC++ version - Microsoft Visual C++ 2015 Redistributable(x64)
Architecture Diagram
The following diagram shows the architecture for this installation.
Flow
Following are high level steps which gets executed:
- Connector gets downloaded from cloud security.
While on-boarding connector make sure you select newly created BMC Azure VM RSCD Discovery policy 1.2.0 for connector policy mappings.
Before running the connector, map the connector under BMC Azure VM RSCD Discovery Policy 1.2.0. - Run the downloaded connector.
- Connector will scan the desired account and make the policy rule results compliant/non-compliant.
- Trigger the remediation action for rules which has the remediation which internally triggers smart agent installation job.
- In post installation of smart agent job, agent itself register itself against smart agent.
Prerequisites for installing RSCD agent
1. On Virtual machine for Azure, Visual C++ must be installed.
Following Versions of VC++ are supported
- Microsoft Visual C++ 2015 Redistributable (x64)
- Microsoft Visual C++ 2017 Redistributable (x64)
- Microsoft Visual C++ 2019 Redistributable (x64)
2. All the three installer paths (Windows Installer Path, Linux Installer Path and VC++ installer path) must be accessible by Virtual machine for Azure.
NOTE: It is Recommended to Always Create New Connector.
Importing BMC Azure VM RSCD Discovery Policy 1.2.0 from Policy Library for connector policy mapping
Note After Importing BMC Azure VM RSCD Discovery Policy 1.2.0, map the Azure on-prem and cloud Connector with the BMC Azure VM RSCD Discovery 1.2.0 policy.
Rule Description
a) Check for AZURE VM managed by TSSA
Description: Rule state if any version of RSCD is in use
- Rule will be non-compliant, if RSCD agent not found.
- Rule will be compliant, if RSCD agent found.
Initially when the Azure VM instance rscd agent is not installed, the BMC Azure VM RSCD Discovery 1.2.0 rule will be shown as below
Check for AZURE VM managed by TSSA - Non-Compliant
Initially when the Azure VM instance rscd agent is installed, the BMC Azure VM RSCD Discovery 1.2.0 rule will be shown as below
Check for AZURE VM managed by TSSA - Compliant
Initially when the Azure VM instance is down or stopped, the BMC Azure VM RSCD Discovery 1.2.0 rule will be shown as below
Check for AZURE VM managed by TSSA - Indeterminate
Performing Remediation action for "Check for AZURE VM managed by TSSA" Rule
To remediate rule "Check for AZURE VM managed by TSSA", follow the below steps:
1. First enable the action content of the rule to On Demand Mode.
2. Pass the following list of parameters details in order to remediate
Parameters required for RSCD Agent installation on Azure VM
Below parameters list or fields that are required by the "Check for AZURE VM managed by TSSA" rule to perform the remediation action that is installing RSCD agent on Azure VM.
- Smart hub(hostname:port)
- RSCD Access key
- Linux Installer Path
- Windows Installer Path
- VC++ Installer Path
- Enroll Interval Min
- Enroll As
- Tunnel Enable
Smart hub(hostname:Port)
Smart hub hostname is the Hostname/IP Address of the Smart Hub server.
Smart hub Port is the Smart hub service listener port.
Note: This is the mandatory parameter.
For Example, 11.55.124.4:443
Here 11.55.124.4 is the hostname and 443 is the Port number
RSCD Access key
Access key for specified Smart Hub service. This is also a mandatory parameter.
Linux Installer Path
This is the Linux installation URL, should be accessible from Azure VM. This is mandatory parameter for remediation on Azure VM.
Windows Installer Path
This is the Windows Installation URL, should be accessible from Azure VM. This is the mandatory parameter for remediation on Azure VM.
VC++ Installer Path
This is the VC++ Installation URL, should be accessible from Azure VM. This is also a mandatory parameter for remediation on Azure VM.
Once the remediation has been successfully done, "Check for AZURE VM managed by TSSA" rule status will be shown as Remediation Completed on UI.
Enroll Interval Min
The interval at which the server enrollment request is sent(in minutes). The interval can be in the range 1-360 minutes.
Enroll As
The server is enrolled into the Application server using this identifiers. Predefined identifiers: <HOSTNAME>,<SMARTHUB_PEER_IP>,< SMARTHUB_PEER _FQDN>,<UUID>,<CLOUD_RESOURCE_ID>
Tunnel Enable
Enable the Tunnel feature in Smart Agent. Example: true
Note: It will take 1-2 minutes to remediate
On connector evaluation, this rule "Check for AZURE VM managed by TSSA" become compliant. On the target server, RSCD agent will get installed.
- RSCD windows remediation without passing VC++ as a remediation parameter
Error Message on UI : Failed to remediate resource. Error: Check remediation parameter VC Installer Path and provide url for installer. - RSCD windows remediation with passing linux rscd installer in place of windows rscd installer.
Error Message on UI : Failed to remediate resource. Error: This installation package could not be opened Contact the application vendor to verify that this is a valid Windows Installer
- Package. Passing any random xyz parameter in place of rscd installer(both linux and windows)
Error Message on UI : Failed to remediate resource. Error: RSCD xyz download failed
- Error Message on UI : Failed to remediate resource. Error: VC httpsrscdinstallersblobcorewindowsnetrscdinstallersVCredistx64exe download failed
- By Removing the public Access permission from the storage account(Linux and Windows)
- Remediation on Azure VM that is having only Private access(Publicly not accessable)
More Links
For more info about smart hub and smart agent, please refer the below links:
- Overview of Smart Agents
- Properties of the Smart Agent and Smart Hub
- TrueSight Server Automation documentation
- TrueSight Server Automation enhancements and patches
Rules Supported by BMC Azure VM RSCD Discovery Policy 1.2.0
BMC Azure VM RSCD Discovery Policy 1.2.0 basically supports one rule which will show different states (Compliant and Non-compliant) for Azure VM resources.
Check for AZURE VM managed by TSSA