Configuring Server Agent connectivity

To set check-in intervals and times

1. From the Check-in Interval list, select the frequency with which the agents should check in with Trust Protection Foundation: Daily, Days of Week, Days of Month, or Hourly.

   When you select Hourly as the Check-in Interval, the Check-in Time field is hidden. When you select Days of Week or Days of Month, the Check-in Days field appears where you can specify days of the week or month.

2. From the Check-in Time list, select the hour of the day when you want the agents to begin checking in to Trust Protection Foundation.

   The default setting is daily at 2 a.m. (based on the system's time-zone where the agent is installed).

   BEST PRACTICE  Consider setting the check-in time to a value that falls into a non-peak period for network bandwidth usage and within an approved change window.

3. In the Randomize Check-in Time By field, specify in minutes the window of time to be used by all agents for checking in with Trust Protection Foundation.

   Without this option, all agents would likely check in at the same time, beginning at the hour you selected from the Check-in Time list. Randomizing check-ins reduces the load on both your network and the Trust Protection Foundation server.

4. Click Save.

(Optional) To change the Trust Protection Foundation server the agents check in to

1. Click Show advanced options to open additional settings.

2. In the Server URL field, type the Policy Tree URL of the server the agents should check in to.

   For example, https://dnshostname/VEDClient.

   IMPORTANT  Edit this field ONLY if you need to redirect installed agents to use an alternate server or load-balancer.

   If this is the first connection, an inaccurate URL can cause registration failure. During re-connections, an inaccurate URL will prevent subsequent agent connections. If you must edit this field, keep the following guidelines in mind:

   • You MUST use https
   • Do not place a forward slash (/) at the end of the URL:
     • Incorrect: https://dnshostname/VEDClient/
     • Correct: https://dnshostname/VEDClient

3. (Optional) If you are using a proxy server, enter it in the Proxy URL field, and then specify credentials in the Proxy User Credentials field.

   For example, https://proxyname:8080

   By default, Server Agent uses port 1080 when configured to connect to TPP via proxy. The proxy port can be overridden in the server agent configuration by specifying a port in the proxy_url setting.

   For example, vagent -m proxy_url=https://<proxy_url>:<proxy_port>

4. Click Save.

To change the logging threshold and minimum disk space requirements

1. Click Show advanced options to open additional settings.

2. Specify the Logging Threshold to use for this specific Agent Connectivity work. This threshold does not affect the threshold set on other agent work.

   For more information, see Logging thresholds for Agent-related log items.

3. Specify a minimum disk space value in Pause Agent work if disk space is lower than field.

   IMPORTANT  The disk space is calculated against the volume where the logs are written. If the minimum disk space is not available, all agent work will be paused until sufficient disk space is available.

4. Click Save.

Agent Connectivity won't execute on Server Agents until the work is enabled and assigned to a group, and a Server Agent member of that group has checked-in with the server.

1. From the Certificate Manager - Self-Hosted menu bar, click Clients > Work Settings.
2. On the Work page, click the agent connectivity work that you want to enable.
3. Under Agent Connectivity, select Yes.
4. Click Save.

To learn more about assigning the work to groups, see Working with Client Group Settings.

1. From the Certificate Manager - Self-Hosted menu bar, click Clients > Work Settings.
2. On the Work page, click the agent connectivity work that you want to disable.
3. Under Agent Connectivity, select No.
4. Click Save.