cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restricting connection between beacons and agents

we are in the initial stage of deployment.  the agent execution setting is "as soon as possible".  there are certain sensitive servers where we have deployed the agents, and they have executed once.  what we now want to do is that we want to change the agent execution to a weekly routine but want the agents on the sensitive servers to not execute again.  Therefore, we need to prevent the push of policy from beacon to these sensitive servers (and only these).  can we set up a exclusion rule on the beacons?

(3) Replies

Unfortunately there is no way to restrict the inventory schedule deployment within the current product, all the agent talking to beacon will get policy and schedule. 

Thanks
Aamer

The recommended approach for this scenario is to NOT install the agent on these types of servers.  Instead, the "Core Executable" method is used.  With the approach, the agent scanner binaries are simply copied into a local folder on the server.  The agent scanner is then launched via a cron job with the appropriate command line parameters and with sudo to root credentials.  In this manner, you have complete control over the agent inventory schedule.  The only downside is that you must do the deployment and you must also perform the upgrade to a new agent by replacing the binaries with the new ones.

On a Windows Server, the same approach would be used by creating a Scheduled Task that runs with Local Admin credentials.

More information can be found in Chapter 6 (Core Deployment Details) of the Gathering FlexNet Inventory document:

https://docs.flexera.com/fnms/EN/WebHelp/PDF%20Documents/Cloud/GatheringFlexNetInventory.pdf#page=136&zoom=100,0,114

 

what i understood during my discussions with the flexera inventory team is that this is a network intensive method, and while it might provide the desired results, it is not recommended in my scenario. we are planning a separate instance for these servers, so that the schedule can be controlled separately.