Applies To: Venafi Trust Protection Platform 15.3
In order for an agent to perform certificate installation, the agent record must have a device associated to it and that device must have provisioning mode set to 'Agent.' Depending on the environment current state, there are a few different ways to accomplish this task.
A. Adding the Agent to an existing server that is using agentless provisioning (a device object already exists):
- Enable device placement work for the group that the agent will belong to or setup a new group for device placement
- Set the asset management to from separate folders and set the folder location to the current location of the existing device object (Note: When device placement is set to single folder mode the system will look for existing devices with the same hostname and it will associate the Agent with the first device object it finds with the same hostname anywhere in the system). Make sure to create a separate folder for SSH agents
- Save the work object. It will take up to 10 minutes for the VedClient application pool to get the new/updated device placement work settings
- Once VedClient has been updated have the agent check-in and do device placement work
- Set Provisioning Mode to “Agent” on the device object, this can also be done for multiple devices by changing the device settings on a folder (policy)
B. An Agent that already created a device object prior to the Agent version being 15.3:
- Find the first group the Agent belongs to that has device placement work enabled
- View the device placement work to determine where the shared (same folder) / certificate (separate folders) device exists in policy
- Validate that the Agent has been upgraded to 15.3 (Note: The agent must be at 15.3 or higher before changing provisioning mode to Agent)
- Set Provisioning Mode to “Agent” on the device object, this can also be done for multiple devices by changing the device settings on a folder (policy)
C. A new 15.3 Agent or an existing Agent on a system that does not have a device object for the system where that agent is running:
- If using an existing agent verify that it has been upgraded to 15.3
- Enable device placement work for the group that the agent will belong to or setup a new group for device placement
- Set the asset manager to separate folders and select the folder location for agent certificate devices. Make sure to create a separate folder for SSH agents
- Save the work object. It will take up to 10 minutes for the VedClient application pool to get the new/updated device placement work settings
- Once VedClient has been updated have the agent check-in and do device placement work. The new device will automatically have provisioning mode set to “Agent” (Note: if the Agent is not running 15.3 or higher as required in step a then provisioning mode will be set to agentless)
Comments