Understanding MS agents

MS agents are installed on AD servers for use in certificate discovery and enrollment.

SCM uses MS agents to do the following:

Discover Certificates — An agent installed on a domain joined Windows server can discover assets such as web servers, domains, and certificates in Active Directory.
Proxy MS Enrollment Protocols to SCM — An agent installed on a domain joined Windows server can act as a proxy to issue private and public certificates by using MS AD certificate templates mapped to SCM certificate profiles.

As a redundancy measure, SCM enables you to create clusters of MS agents installed on different servers to act as a single agent. If any agent fails, the other agents in the cluster seamlessly continue certificate discovery and enrollment.

MS agents can be managed on the Integrations MS Agents page.

The following table describes the settings and controls of the MS Agents page.

Column	Description
Name	The name of the agent.
Active	Indicates whether the agent is active.
Connected Nodes	For clustered agents, the number of nodes in the cluster, and the number of nodes that are currently connected.
Status	The current connection status of the agent. The valid values are: Connected — The agent is communicating with SCM. Disconnected — the agent is not communicating with SCM. Degraded - not all nodes of a cluster are connected. Pending — Initial connection after install has not occurred.
Version	The version number of the installed agent software.
CA Proxy	Indicates whether the agent was installed with Proxy MS Enrollment Protocols to SCM enabled.
Table controls
Search	Enables you to search MS agents by name.
Filter	Enables you to sort the table information using custom filters.
Group	Enables you to sort the table information using predefined groups.
Refresh	Refreshes the information presented in the table.
Manage Columns	Enables you to select which table columns to display.
Admin controls
Add	Opens the Add MS Agent dialog where you can add new MS agents.
Create Cluster	Opens the Add MS Agent Cluster dialog where you can create an agent cluster.
Delete	Removes the selected agent.
Edit	Opens the Edit MS Agent dialog where you can manage agent properties.
Commands	Opens the Commands dialog where you can view commands executed by the selected agent.
View Audit	Opens the MS Agents Audit dialog where you can view or download audit logs.
Restore	Downloads the agent setup file for existing agents. This is useful if you have already configured, downloaded, and installed the agent on a server but need to re-install it for some reason. The new agent setup file is configured with the same parameters specified for the initial agent.

Column

Description

Name

The name of the agent.

Active

Indicates whether the agent is active.

Connected Nodes

For clustered agents, the number of nodes in the cluster, and the number of nodes that are currently connected.

Status

The current connection status of the agent.

The valid values are:

Connected — The agent is communicating with SCM.
Disconnected — the agent is not communicating with SCM.
Degraded - not all nodes of a cluster are connected.
Pending — Initial connection after install has not occurred.

Version

The version number of the installed agent software.

CA Proxy

Indicates whether the agent was installed with Proxy MS Enrollment Protocols to SCM enabled.

Table controls

Enables you to search MS agents by name.

Filter

Enables you to sort the table information using custom filters.

Group

Enables you to sort the table information using predefined groups.

Refresh

Refreshes the information presented in the table.

Manage Columns

Enables you to select which table columns to display.

Admin controls

Add

Opens the Add MS Agent dialog where you can add new MS agents.

Create Cluster

Opens the Add MS Agent Cluster dialog where you can create an agent cluster.

Delete

Removes the selected agent.

Edit

Opens the Edit MS Agent dialog where you can manage agent properties.

Commands

Opens the Commands dialog where you can view commands executed by the selected agent.

View Audit

Opens the MS Agents Audit dialog where you can view or download audit logs.

Restore

Downloads the agent setup file for existing agents.

This is useful if you have already configured, downloaded, and installed the agent on a server but need to re-install it for some reason. The new agent setup file is configured with the same parameters specified for the initial agent.