Introduction to Agents

Overview

Decisions Agent Management allows communication with a Client-server that is secured via Firewall. The Decisions Agent is downloaded on a Local server and then installed onto the Client server. This allows Decisions access to the files from the Client machine via the Agent. 

The following diagram demonstrates communication between a Decisions server and Client machine when an Agent is installed.

How It Works

Administrators can define a Decisions Management Agent on a particular Decisions server. Doing so creates an install package in the form of a .zip file that contains an executable File DecisionsAgent.msi file, as well as the AgentSettings.xml and PortalPublicKey.key files.

This executable can then be run on a target machine to install the Decisions Management Agent. The Agent contains the IP address of the Decisions server where it was created; the Agent contacts that Decisions server via TCP/IP to listen for instructions. The Decisions server can then tell the Agent to do a particular Active Directory task, such as fetching the users or groups. The Agent receives the Active Directory server information from the Decisions server it needs to connect to the Active Directory server as a machine on the Active Directory domain.

A username and password combination, referred to as "Elevated" credentials, would be input by the Active Directory Administrator to allow for the Agent to make its requested queries of the specified Active Directory domain server. The Elevated User Name is stored in the Decisions database and the Elevated User Password is stored in encrypted form in the Decisions database, but it is unencrypted in RAM when being used.

The Agent carries out the Active Directory request and returns the resulting output to its Decisions server via an API call to the Decisions server's AgentService.

Port Communication

• The Agent uses Port 4502 to talk directly to its Decisions host server. The reverse communication path (Agent client to Decisions Application Server) is what needs to be open.  On the Decisions Server, a Firewall Rule should be added to allow incoming connections on Ports 4502-4534. Once that is in place, restarting the Agent should put it in Live Connection mode. If the Agent cannot connect to its HostServer on Port 4502, then it will use a polling mode on Port 80/443 instead.
• The Client Machine communicates with the Server through Port 80, (if the server is set up to http) or the Client Machine communicates through Port 443 (if Server is set up for https). Therefore, Port 80 or 443 should be open for outbound connections on the Client’s Firewall.
• The server communicates with a Client through the range of 4502-4534 Ports (the first in range that is not in use). Decisions Management Agent local service on the Client Machine needs to have permissions for the inbound connections on Client’s Firewall.

Logs

To help users track and identify any issues with their Agents, the Decisions Agent Folder provides a Log tracking system. 

Similar to other Logging in Decisions, Agents display Logs in the order of LogNumber, TimeStamp, Level, LevelName, Category, Message, ThreadId, and details of the Exception. These elements can be read and used to understand why there may be any problems with the Agent or any of its processes. 

Accessing Agent Logs from Decisions 

If a user wishes to access the Agent Logs from within Decisions, they must:

1. From the Decisions Studio, navigate to System > Designers > Agents.
2. Open the respective Agent's Folder.  
3. From the Agent's Folder, right-click one of the items in the Deployed Agents Report, then select Get Agent Log.
4. After selecting Get Agent Log, view the resulting Logs by navigating to the Folder View for the Agent by clicking the FOLDER VIEW tab. 

Functions 

Currently in v.7, Agents are primarily used for AD Sync functionality, Login functions, Database Integration, and as a method to update Database Values.