You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 42 Next »

The client part of Agent is installed on user workstations. The parameters required to connect to Axidian CertiFlow server are configured during installation via Group Policy or Windows registry.

To obtain Axidian CertiFlow Agent installation package, please contact Axidian technical support.

Run the IndeedCM.Agent.msi from Axidian CertiFlow installation package and complete the procedure, following the Wizard instructions. The Agent starts up automatically after installation.

Setting up the Agent parameters via Group Policy

To add an Axidian CertiFlow administrative template (ADMX), proceed as follows:

  1. Copy the contents of IndeedCM.Client\Misc\PolicyDefinitions folder to the central ADMX file storage of domain controller C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions.

    When using local ADMX file storage, Axidian CertiFlow templates are to be placed to C:\Windows\PolicyDefinitions folder.

  2. Open the Group Policy Management console.
  3. Create a new group policy object in the console tree or select an existing one.

  4. Open the context menu and select the Edit item.
  5. In the opened Group Policy Management Editor select Computer Configuration > Policies > Administrative Templates > Axidian CertiFlow > Agent.
  6. Enable the Agent's URL Settings policy and specify its values:
    • Specify the path to the agentregistrationapi application, located on Axidian CertiFlow server, in the Agents registration service URL parameter.
    • Specify the path to the agentserviceapi application in the Agents service URL parameter.

      For example:

      Agent registration service URL: https://srv.demo.local:3003/agentregistrationapi/
      Agent service URL: https://srv.demo.local:3003/agentserviceapi/

  7. Link this policy object to a group, where Axidian CertiFlow CM user workstations reside.
  8. Click Apply and perform policy update.

Policies are updated when the workstation is rebooted with the client agent installed. To force Group Policy updates without rebooting, run the gpupdate /force command.

Configure additional policies that define the work of Agents, if required:

Agent's timeouts settings

This policy defines:

  • Timeout of requests to agent services (default: 30 sec.)
  • Frequency of agent status update request (default: 300 sec.)
  • Frequency of agent settings, bindings, tasks and sessions update request (default: 30 sec.)
  • Timeout request to disconnect the agent from the server (default: 3 sec.)

Events caching settings

This policy defines the period in minutes during which the agent will try to send events from the cache to the Axidian CertiFlow server (default: 10 min.) and number of events sent to the server per one request (default: 500 events).

Proxy server settings

The policy defines the proxy server settings for connection to Axidian CertiFlow CM server.

If the policy is not defined or is disabled, then proxy server will not be used.
Set proxy server address in "Proxy server" field.

Event log settings 

This policy defines events level for Axidian CertiFlow server Event Log:

  • All (default)
  • Errors only
  • Warnings and errors only

Tasks caching settings

This policy defines:

  • Frequency of updating the task cache and sending the task execution status to the server if sending failed for the first time (default: 60 sec)
  • Timeout at which the tasks will be removed from the cache during the next cache update (default: 300 sec.)
  • Timeout after which it will be possible to rerun the task canceled by the user (default: 60 sec.)

Smart card status update settings

This policy defines smart card status update (default: 30 sec.):

  • Lock user\administrator PIN
  • User\administrator PIN input retries

Setting up the Agent parameters via Registry

Create a registry file (.reg) file with the following contents:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IndeedCM\Agent]
"AgentRegistrationServiceUrl"=""
"AgentServiceUrl"=""
"ProxyEnable"=
"ProxyServer"=""

For 32-bit systems, the parameter branch is:

[HKEY_LOCAL_MACHINE\SOFTWARE\IndeedCM\Agent]

The AgentRegistrationServiceUrl parameter specifies a link and port to connect to agentregistrationapi application.
The AgentServiceUrl parameter specifies a web-address and port to connect to agentserviceapi application.
If a proxy is used on workstations where the client agent is installed, specify the ProxyEnable and ProxyServer parameters (proxy server URL).

Possible parameter values:

  1.  "ProxyEnable"=dword:00000000 - proxy is not used.
  2.  "ProxyEnable"=dword:00000001 и "ProxyServer"="" - default proxy settings are used.
  3.  "ProxyEnable"=dword:00000001 и ProxyServer="<proxy server URL>" - the proxy server specified in the setting is used.

Here is an example of .reg file to connect to Axidian CertiFlow CM server named srv.demo.local via https protocol and 3003 port using the proxy server https://192.168.10.10:443.

Example:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IndeedCM\Agent]
"AgentRegistrationServiceUrl"="https://srv.demo.local:3003/agentregistrationapi/"
"AgentServiceUrl"="https://srv.demo.local:3003/agentserviceapi/"
"ProxyEnable"=dword:00000001
"ProxyServer"="https://192.168.10.10:443"

Distribute the registry file and make changes to user workstations’ settings. For the changes to take effect, restart the workstation with Axidian CertiFlow Agent installed or restart Axidian CertiFlow Agent Service.


  • No labels