Contents x
    Installing SAFE Agent - Windows
    • 8 Minutes to read
    • Print
    • PDF
    Contents

    Installing SAFE Agent - Windows

    • 8 Minutes to read
    • Print
    • PDF
    Article Summary

    About this document

    This document provides step-by-step instructions to install the SAFE in a Windows Operating System.

    Pre-Installation

    Environment Prerequisites

    1. .Net Framework must be 4.5 or above on the asset.
       If .Net Framework is less than 4.5 on an asset, then it will be logged in the installer logs on the asset, and installation will not proceed.
    2. Windows Management Instrumentation service should be enabled on the asset.
    3. Guidelines for VDI:
      1. The SAFE Agent should NOT be pre-installed in the VDI Gold image.
      2. The agent should be installed individually after each VDI has been created.
    4. For agents that will connect via a Site Coordinator, you will need:
      1. a routable URL to the target Site Coordinator
      2. to have installed the CA certificate in the assets certificate repository if using a private key.
    Note
    The Windows  requires local administrative privileges in order to perform configuration assessments

    Download Agent from SAFE

    Follow the below steps to download the agent from the SAFE UI:

    1. Navigate to Manage Assets.
    2. On the Manage Assets page, Click the Download Agent button.
    3. Click the Download link available for each listed agent version.
    4. The system downloads a zip file containing the agent.

    Generate Activation Key from SAFE

    are used at the time of agent installation for authentication. With these activation keys, only authenticated agents will be allowed to register themselves, and thereby communicate with SAFE.

    Follow the below steps to generate an activation key from SAFE:

    1. Navigate to Administration > Asset Management > Agent & Site Management.
    2. Click the Generate Activation Key button.
    3. Enter a Name to identify the Activation Keys you are generating. This could be a department name, group of servers, end-points. 
    4. Each Activation Key can be set with a limit on how many agents can register using that key and within a specific date. It is recommended to create keys with installation limits and expiration dates in order to ensure that agents can only be installed on approved endpoints. Click the Set Limit checkbox and enter the Installation Limit and Expiry Date of Activation Key, if necessary. You can keep the checkbox unselected if no limits are needed.
    5. Click the Generate button. The system generates and displays the Activation Key.  This activation will be displayed only once. 
    6. Copy the Activation Key and save it for future use.
    Note
    All  should be kept confidential since a malicious actor can use these keys to register agents to SAFE. It is not recommended to create keys with unlimited usage or expiry unless absolutely required.
    Important
    1. You can temporarily disable or permanently delete a key using the Status Toggle and Delete button corresponding to the Activation Key.
    2. In order to support agent communication to the SAFE server through Site-Coordinator, the certificate used in should be trusted by the host machine. 
    3. If the site coordinator also needs to be accessed using IP (IP can be configured using an additional server section in UI), then while creating the certificate for the , the subject alternate name should mention the IP for the agent host machine to trust the certificate.

    Install Agent on a Windows machine

    Follow the below steps to install the agent:

    1. Open the downloaded agent file. This file contains an MSI file and a batch file.
    2. Double-click the MSI file to start the installation.
    3. Click the Next button.
    4. Accept the agreement and click Next.
    5. Enter the SAFE server URL and click on Next. The SAFE server must be HTTPS only.
    6. Optional - For agents connecting to SAFE via a Site Coordinator, this step is required. Enter the Site Coordinator URLs and click the Next button.
      *Passing Site Coordinator URLs is optional as part of the installation. It can be added later using the command-line option (refer to User Guide). Users can enter multiple comma-separated site coordinator URLs. If Site Coordinator URLs are left empty during the upgrade through MSI, the previously saved URL in the config will be used by the agent. Note that the URL entered should be HTTPS and URLs with HTTP will be ignored.
      Note: If a site coordinator is registered later with SAFE and an agent is able to communicate with existing servers, it will receive the newly added Site Coordinator URL.
    7. Enter the Activation Key generated from SAFE and click Next.
    8. If required, change the location, and click Next.
    9. Click Install.
    10. Once the installation completes, click the Finish button.
    11. Validate the asset in SAFE for assessment.

    Install agent via Command Prompt

    Follow the below steps to install the agent using the command prompt:

    1. Open CMD as administrator.
    2. Navigate to the location of the agent.
    3. Install the agent by running the command
      msiexec /i <Agent MSI Name>.msi SAFE_URL=”<SAFE_URL>”
    4. For silent installation, use the command
      msiexec /i <Agent MSI Name>.msi SAFE_URL=”<SAFE_URL>” ACTIVATE="<ACTIVATION_KEY>" SITE_URLS=”<Site Url One>,<Site Url Two>” /qn
    5. For changing default installation directory during silent installation, use the  command
      msiexec /i <Agent MSI Name>.msi INSTALLDIR="<FOLDER_LOCATION>" SAFE_URL="<SAFE_URL>" ACTIVATE="<ACTIVATION_KEY>" SITE_URLS=”<Site Url One>,<Site Url Two>” /qn
    6. Follow the steps from step 2 onward in the Install Agent section.
    Note
    If the site coordinator is not configured at the customer, skip the optional parameter “SITE_URLS” while installing.

    Enable Automatic Agent Update

    Follow the below steps to enable the automatic agent update:

    1. Navigate to Administration > Asset Management > Agent Global Policy.
    2. Enable the toggle for Automatic Agent Update.
    3. Click the Save Configuration button.
    4. The agent will be automatically updated to the latest version whenever a new version of the agent is available.

    Manual Agent Update

    Follow the below steps to update the agent individually:

    1. Navigate to Manage Assets > Endpoints/Server/Middleware/All Assets.
    2. Select the Active Assets option in the dropdown.
    3. Click the Filter icon and select Agent Type as Agent-Based.
    4. Select the assets by marking the checkboxes available against them to be updated as per requirement.
    5. Click on the Update Agent button.
    6. Click Yes on the confirmation screen.

    Enable Automatic Content Update

    Follow the below steps to enable the automatic content update:

    1. Navigate to Administration > Asset Management > Agent Global Policy.
    2. Enable the toggle for Automatic Content Update.
    3. Click the Save Configuration button.
    4. The agent will download the latest control JSON files, and the content version will be automatically updated to the latest version.


    Manual Content Updates

    Follow the below steps to update content individually:

    1. Navigate to Manage Assets > Endpoints/Server/Middleware/All Assets.
    2. Select the Active Assets option in the dropdown.
    3. Click the Filter icon and select Agent Type as Agent-Based.
    4. Select the assets by marking the checkboxes available against them to be updated as per requirement.
    5. Click on the Update Content button.
    6. Click Yes on the confirmation screen.

    Update Agent Activation Key

    If you make changes to the Agent Configuration, such as changing the target URL, or the activation key expires, you will need to update the agent with a new activation key. You may see the following log entries in the agent logs if an Activation Key has expired

    [2022-01-21 17:04:32][Hostname FORECAST][Pid 2260][Thread 444][INFO][Attempting to get next reachable safe server.]
[2022-01-21 17:04:32][Hostname FORECAST][Pid 2260][Thread 445][INFO][Changing last known good server uri from https://pidilite.safescore.ai/ to https://pidilite.safescore.ai/]
[2022-01-21 18:04:32][Hostname FORECAST][Pid 2260][Thread 9][INFO][Starting registration]
[2022-01-21 18:04:33][Hostname FORECAST][Pid 2260][Thread 9][ERROR][Unable to do registartion due to exception:Lucideus.Safe.Agent.SafeException: Neither Activation key nor Access token present, Cannot add required headers

    To update the activation key, stop the SAFE agent service and run:

    Safe.exe --Activate="<Activation-Key>"

    The following commands can be used to automate the update of an activation key:

    sc stop LucideusSafe
cd C:\"Program Files (x86)"\Lucideus\Safe\
.\Safe.exe --Activate="<Activation-Key>"
sc start LucideusSafe

    Uninstall Agent

    You can uninstall the agent from the Control Panel of your computer. Find and select Lucideus Safe in the Control Panel, click Uninstall, and then click Yes. 


    Uninstall agent using command prompt

    1. Open cmd with admin privileges. (Right-click and select Run as Administrator)
    2. Change directory to msilocation (example: cd Users\admin\Desktop\)
    3. Run the command: msiexec /x msifilename.msi
    4. Click Yes on confirmation prompt.
    Was this article helpful?
    What's Next