Add local network computers
If Workload Security ("the manager") cannot initiate communication with computers that you want to protect (for example, if computers are protected by a firewall), then computers must initiate connections to Workload Security instead. This includes the connection for agent activation. To use agent-initiated activation, you must install the Deep Security Agent on the computer and then run a set of command-line instructions that tell the agent to communicate with Workload Security. During the communication, Workload Security activates the agent and can be further instructed to perform a number of other actions such as assigning a security policy, making the computer a member of a computer group, and so on.
If you are going to add a large number of computers to Workload Security at one time, you can use the command-line instructions to create scripts to automate the process. For more information on agent-initiated activation, scripting, and command line options, see Command-line utilities.
Manually add a computer
You can manually add an individual computer by specifying its IP address or hostname.
- Go to the Computers page and click Add > Add Computer in the toolbar to display the New Computer wizard.
- Enter the new computer's IP address or hostname.
- Select a policy to assign to it from the list.
- Select a relay group from which the new computer will download security updates.
- Click Next to begin the search for the computer.
If the computer is detected and an agent is installed and running on that computer, the computer will be added to your computers list and the agent will be activated.
"Activating" an agent means that Workload Security communicates with the agent sending it a unique "fingerprint". The agent will then use this fingerprint to uniquely identify Workload Security and will not accept instructions from any other managers that might try to contact it.
If a policy has been assigned to the computer, the policy will be deployed to the agent and the computer will be protected with all the rules and configurations that make up the policy.
By default, the security updates delivered by relay groups include new malware patterns. If you have enabled the Support 9.0 (and earlier) agents option (on the Administration > System Settings > Updates page), updates to the engines will also be included.
If the computer is detected but no Deep Security Agent is present, you will be told that the computer can still be added to your computers list but that you still have to install an agent on the computer. Once you install an agent on the computer, you will have to find the computer in your computers list, right-click it, and choose Activate/Reactivate from the context menu.
If the computer is not detected (not visible to Workload Security), you will be told that you can still add the computer but that when it becomes visible to Workload Security you will have to activate it as above.