Introduction to Agents

Overview

Decisions Agent Management allows communication with a client-server that is secured with a Firewall. The Decisions Agent is downloaded on the local server and then installed onto the Client server. and the firewall does not have to be changed. Decisions can then have access to the files from the client machine through an Agent and if there is a firewall in place, then it will not have to be changed.

Server – Client communications with Agent

How It Works

Administrators can define a Decisions Management Agent on a particular Decisions server or Multi-Tenant instance. Doing this creates an install package in the form of a .exe (executable) file to run. That executable can then be run on a target machine to install the Decisions Management Agent. The Agent contains the IP address of the Decisions server where it was created, and it contacts that Decisions server via TCP/IP to listen for instructions. The Decisions server can then tell the Agent to do a particular Active Directory task, like fetching the users or groups. The agent receives the Active Directory server information from the Decisions server it needs to connect to the Active Directory server as a machine on the Active Directory domain.

A username and password combination referred to as "Elevated" credentials would be input by the Active Directory administrator to allow for the Agent to make its requested queries of the specified Active Directory domain server. The Elevated User Name is stored in the Decisions database and the Elevated User Password is stored in encrypted form in the Decisions database, but it is unencrypted in RAM when being used.

The Agent carries out the Active Directory request and returns the resulting output to its Decisions server via an API call to the Decisions server's AgentService.

Port Communication

• The Agent uses Port 4502 to talk directly to its Decisions host server. The reverse communication path (Agent client to Decisions Application Server) is what needs to be open.  On the Decisions Server, a Firewall Rule should be added to allow incoming connections on Ports 4502-4534. Once that is in place, restarting the Agent should put it in Live Connection mode. If the Agent cannot connect to its Host Server on Port 4502, then it will use a polling mode on Port 80/443 instead.

• The Client Machine communicates with the Server through Port 80, (if the server is set up to http) or the Client Machine communicates through Port 443 (if Server is set up for https). Therefore, Port 80 or 443 should be open for outbound connections on the Client’s Firewall.

• The server communicates with a Client through the range of 4502-4534 Ports (the first in range that is not in use). Decisions Management Agent local service on the Client Machine needs to have permissions for the inbound connections on Client’s Firewall.

Logs

To help users track and identify any issues with their Agents, the Decisions Management Agent Folder provides a Log tracking system. 

Similar to other Logging in Decisions, Agents display Logs in the order of LogNumber, TimeStamp, Level, LevelName, Category, Message, ThreadId, and details of the Exception. These elements can be read and used to understand why there may be any problems with the Agent or any of its processes. 

Accessing Agent Logs from Decisions 

If a user wishes to access the Agent Logs from within Decisions, they must:

1. From the Decisions Studio, navigate to System > Designers > Agents.
2. Open the respective Agent's Folder.  
3. From the Agent's Folder, right-click one of the items in the Deployed Agents Report, then select Get Agent Log.
4. After selecting Get Agent Log, view the resulting Logs by navigating to the Folder View for the Agent by clicking the Folder View tab. 

Functions 

Currently in v.6, Agents are primarily used for AD Sync functionality, Login functions, Database Integration, as a method to update Database Value, and as a way to write a File to a Client Machine via Flow.