Agent-based scanning for AE customers without prior Endpoint Central installation
With the AssetExplorer 6900 release, agent-based scanning for Windows, Linux, and Mac machines is introduced. This feature is provided by ManageEngine Endpoint Central (formerly Desktop Central). So, all existing customers migrating to builds above AE 6900 must deploy ME Endpoint Central for scanning Windows, Linux, and Mac machines in their environment. They will also need Endpoint Central agents installed in the remote machine. The following document captures the steps to deploy Endpoint Central and its agents in AE setups that have no prior Endpoint Central installation.
Note for customers already using any other UEMS products other than ME Endpoint Central
If any of the following ME products are installed and used in your environment, we recommend you contact our support before proceeding with this installation for configuring changes in asset inventory.
-
Patch Manager Plus On-Premise/Cloud
-
Remote Access Plus On-Premise/Cloud
-
Device Control Plus
-
Vulnerability Manager Plus
-
Patch Manager Plus Cloud
-
Endpoint Central (formerly Desktop Central) Cloud
Feature changes related to scanning from AE 6900
-
Support for scanning Windows machines using WMI has been removed.
-
Support for scanning Linux and Mac machines using SSH/Telnet has been removed.
-
All Windows, Linux, and Mac machines can be scanned only by installing Endpoint Central agents in remote machines.
About Endpoint Central
Endpoint Central (formerly Desktop Central) is a robust unified endpoint management system. It comprises features like Patch Management, Software Deployment, Endpoint security, OS imaging, and deployment, etc. Agents from Endpoint Central improve AssetExplorer' asset scanning functionality by fetching complete hardware details during the scan as well as maintaining the uniformity of data fetched across Windows, Linux, and Mac machines. Endpoint Central agent integration also avoids the need to have two agents for users who already have integration between ServiceDesk Plus (or AssetExplorer) and Endpoint Central.
Features from Endpoint Central for existing customers of AE migrating to AE 6900 versions
i. Agent-based inventory of Windows, Mac, and Linux machines
ii. Warranty information for devices
iii. Remote control for Windows, Mac, and Linux machines
iv. Auto upgrade of agents to newer versions
Other features from Endpoint Central for existing customers of AE who migrate to AE 6900 versions and later purchase AE UEM Remote Access Plus Add on
a). Chat *
b). Wake-on-LAN *
c). Announcement (supported in ServiceDesk Plus and not supported in AssetExplorer) *
d). System manager *
No, the inventory and remote control functionalities for Windows, Linux, and Mac machines and warranty information of devices are the only features provided for AE customers through Endpoint Central after deployment of Endpoint Central agents. However, as Endpoint Central gets installed in trial edition for the first 30 days, all Endpoint Central functionalities like patch management, OS deployment, etc can be performed from the Endpoint Central console. After 30 days, the Endpoint Central version will get converted to a free edition and all Endpoint Central functionalities can be performed for only 25 assets and 1 technician. However, the Endpoint Central will cater to all AE functionalities like inventory or remote control for the number of nodes and technicians purchased in AE when the operations are performed from AE.
Prerequisites for Endpoint Central installation
Endpoint Central can only be installed on a Windows machine. If AE is installed on a Linux machine, then Endpoint Central has to be installed manually on another Windows machine and integrated with AE under Admin >> Integrations >> DesktopCentral. As Endpoint Central is installed within the AE folder, a minimum of 1 GB of free space is required.
If Endpoint Central is purchased separately, please refer here for detailed hardware requirements based on the number of assets purchased.
Ports used in Endpoint Central
Server
|
Port |
Purpose |
Type |
Connection |
|
8383 |
For communication between the agent and the Endpoint Central server
Source: Agent
Destination: Endpoint Central server
|
HTTPS |
In bound to server |
|
8027 |
The notification server port is responsible for communicating on-demand operations from the server to the agent. |
|
In bound to server |
Tools and Remote Control
|
Port |
Purpose |
Type |
Connection |
|
8444 |
For Sharing remote desktops, System Manager, Chat |
HTTP |
In bound to server |
|
8032 |
For transferring files |
HTTP |
In bound to server |
|
8443 |
For Sharing Remote Desktops, System Manager, Chat |
HTTPS/UDP (for voice & video chat) |
In bound to server |
|
8031 |
For transferring files |
|
In bound to server |
Database supported by Endpoint Central
OS supported by Endpoint Central agents
Endpoint Central agents can be installed on machines with the following OS
Windows OS
-
Windows 11
-
Windows 10
-
Windows 8.1
-
Windows 8
-
Windows 7
-
Windows Vista
-
Windows XP
Windows Server OS
-
Windows server 2019
-
Windows server 2016
-
Windows server 2012 R2
-
Windows server 2012
-
Windows server 2008 R2
-
Windows server 2008
-
Windows server 2003 R2
-
Windows server 2003
Mac
-
10.7 Lion
-
10.8 Mountain Lion
-
10.9 Mavericks
-
10.10 Yosemite
-
10.11 El Capitan
-
10.12 Sierra
-
10.13 High Sierra
-
10.14 Mojave
-
10.15 Catalina
-
11.0 Big Sur
Linux
-
Ubuntu 10.04 and later versions
-
RedHat Enterprise Linux 6 and later versions
-
CentOS 6 and later versions
-
Fedora 19 and later versions
-
Mandriva 2010 and later versions
-
Debian 7 and later versions
-
Linux Mint 13 and later versions
-
Open SuSe 11 and later versions
-
Suse Enterprise Linux 11 and later versions
-
Pardus 17, and 19
-
Oracle Linux Server 6, 7, and 8
Steps for switching to Endpoint Central agents
Previously, AE agents were supported only for Windows OS, from the 6.9 version of AE, Endpoint Central is being used for agent-based scan for Windows, Linux, and Mac OS. Therefore, users are requested to switch to Endpoint Central agents.
Below are the steps for switching to Endpoint Central agents.
Step 1: Downloading and installation of Endpoint Central
Step 2: Configuring the Agent settings
Step 3: Ensure ports used by Endpoint Central are open
Step 4: Downloading Endpoint Central agents for Windows, Linux, and Mac machines
Step 5 : Replacing AE agents with Endpoint Central agents in Windows machines
Step 6 : Uninstalling Windows AE agents
Step 7 : Other methods for deploying Endpoint Central agents in Windows
Step 8: Imaging a Windows computer with a Endpoint Central agent
Step 9: Deploying Endpoint Central agents in Linux
Step 10: Deploying Endpoint Central agents in Mac
Step 11: What if Remote AE servers are used?
Step 12: Procedure for AE running with Fail Over Service(FOS) enabled
Agent - Server communication in Endpoint Central
Operations such as scanning a device, taking remote control of a device or tools action from AE is performed in the remote machines through Endpoint Central server and Endpoint Central agents.
The Endpoint Central agent communicates with the Endpoint Central server immediately after its installation in the remote machine and posts the inventory data. The Endpoint Central agent communicates with the Endpoint Central server through HTTPS during system startup and every 90 minutes thereafter till the system is shut down, gets the actions to be performed in the remote machine, and executes it. This 90 minutes policy is majorly used for any asynchronous operations like schedule scan, any agent configuration changes, etc.
Endpoint Central agents also establish a session with the Endpoint Central server through TCP for getting notified for actions that have to be executed on demand like Scan Now or remote control.
Is agent server communication secure?
By default, the Agent-Server communication will happen through HTTPS (Encrypted) communication. These steps enforce trusted HTTPS communication between agent and server. These configurations can be enabled under Agent security settings
Enable certificate-based authentication for agent-server communication
Enabling this option would have the agent-server communication with client certificate authentication. Enabling this option in AE would in turn enable this setting in Endpoint Central too. Click here for more details on the procedure.
Enable agent-server trusted communication
Before enabling this setting, it is required that a valid third-party SSL certificate is applied in Endpoint Central. Click here for steps to configure SSL certificate in Endpoint Central, this has to be done only from the Endpoint Central console.
Note: Once this setting is enabled it cannot be disabled again as the agents will fail to communicate with the server again. Enabling this setting would enable it in Endpoint Central too and have the agent-server communication to be trusted. Click here for a detailed procedure.
Agent resource utilization
All the below data are predicted from a single agent machine. Disk space will be consumed up to 1GB (approximately) from the agent installed drive.
|
Agent Process |
Running application name |
Bandwidth consumption(approximately) |
CPU consumption(approximately) |
Memory (RAM) consumption (approximately) |
|
At Agent Idle state |
dcagentservice.exedcondemand.exedcagenttrayicon.exe(Running separateapplication for eachlogged on user)(For windows andMac)[ Above 3 are everrunning processes ] |
1 Kbps |
0-2% |
11 MB |
|
Refresh policy(90 mins once -without any deployment) |
dcconfig.exe |
4KB |
0-2% |
6MB |
|
Inventory scan(At Scheduled time in server) |
dcinventory.exe |
2MB |
17-20% |
14MB |
|
Agent Upgrade(Applying PPMand If agentversionchanges) |
dcconfig.exe AgentUpgrader.exe |
20MB |
2-5% |
3MB |