Activate and protect agents using agent-initiated activation and communication
When you enable agent-initiated activation (AIA), instead of Workload Security contacting the agents directly, the agents initiate communication with Workload Security and establish an encrypted TCP connection over the Workload Security heartbeat port (443).
Enabling AIA can prevent communication issues between Workload Security and agents, and simplify agent deployment when used with deployment scripts. Trend Micro recommends that you use AIA if:
- Your network environment prevents Workload Security from initiating connections to agents.
- You need to deploy many agents at once.
- You are protecting computers in cloud accounts.
Workload Security has agent-initiated communication enabled by default.
Enable agent-initiated activation and communication
Proceed with the following steps:
- Create or modify a policy with agent-initiated communication enabled.
- Enable agent-initiated activation.
- Assign the policy to agents.
- Use a deployment script to activate the agents.
For your agents to continue initiating communication with Workload Security after activation, you'll need to enable agent-initiated communication on any policies the agents will use. You can do this by either modifying an existing policy or by creating a new one, which you'll assign to the agents.
You can quickly create a new policy from an existing policy by right-clicking it and selecting Duplicate.
- On the Policies page, double-click the policy.
- Go to Settings > General.
- Under Communication Direction, select Agent/Appliance Initiated.
- Click Save.
- Go to Administration > System Settings > Agents.
- Select Allow Agent-Initiated Activation.
- Select Allow Agent to specify hostname.
- From the If a computer with the same name exists list, select Re-activate the existing computer.
- Click Save.
You can either assign the policy to the agents during the deployment script configuration, or by using an event-based task after the deployment script has been run.
If all the agents will use the same policy, you can assign the policy in the deployment script as part of the next step. If groups of agents need to use different policies, create an event-based task to assign the policies before proceeding with the next step.
See the Generate a deployment section of Generate a deployment script to learn how to use a deployment script to activate the agents. If you are assigning a policy during deployment script configuration, you'll select it from the Security Policy list.