Assigning Aliases to the Console
WARNING! Accidentally changing or deleting existing entries on the Console Alias Editor dialog may cause problems when your agents attempt to contact the console or when your agentless machines attempt to report deployment status messages. Only qualified system administrators should modify existing names or IP addresses.
TIP: The most common time to use this tool will be during an upgrade from an earlier version of Security Controls.
There are two primary uses for the Console Alias Editor tool.
- Agent communication: When an agent communicates with the Security Controls console (for example to check in or as part of its installation) it must verify that the machine it contacted is a trusted machine. It does this using the trusted names and IP addresses contained in the certificate that is exchanged between the agent and the console to establish a secure TLS connection. If you assign the console machine to a new domain or give it a new common name or IP address, any existing agents that recognize the console by its old name or address will no longer trust the console machine. To get around this issue you simply identify the old console names or addresses as trusted aliases. This is done using the Console Alias Editor tool.
- Patch deployment pingback: Patch deployments to your agentless machines can be monitored using the Security Controls Deployment Tracker. In order for your agentless machines to send status messages to the console they need to know the valid name or IP address of the console. The valid names and IP addresses are defined using the Console Alias Editor and are passed to the machines when a patch deployment is initiated from the console.
This menu command is not available to users assigned the Report Only role.
- Select Tools > Console alias editor.
The Console Alias Editor dialog is displayed. It will contain the names and IP addresses currently used to identify the console machine. - Type the name or IP address that you want to use as an alias for the console machine.
You can specify IP addresses using either an IPv4 or IPv6 format. - Determine if you want IP address aliases to function with Linux agents.
If you enable the check box, any IP address aliases that you specify will be encoded within the console certificate. This is required in order for the IP alias to be honored by Linux agents. - Click Update.
The Update dialog is displayed.
Warning! If you have Windows agents with an older version of the agent framework, they may not work after you enable this check box. You should force those agents to check in with the console and upgrade before enabling the check box. Use the Agent version column in Machine View to determine which agents are out of date.
In order to update the console aliases the console service must be restarted and Security Controls must be closed and then manually restarted.
The agents will not recognize a new alias until after they check-in with the restarted console. The check-in must be initiated by an agent either manually using the agent client program or via a scheduled check-in.
A check-in command issued from the console to an agent will not update the console certificate.