Agent Deployments

This function is used to deploy an agent to individual machines or to machines contained in one or more machine groups.

The deployment will install a full agent from scratch. If you want to assign a different policy to an existing agent, you should use the Agents function.

Base URL

        https://<consoleFQDN:port>/st/console/api/v1.0/agents/deployment

Supported Requests

Method

URL

Input

Return

GET

https://<consoleFQDN:port>/st/console/api/v1.0/agents/deployment/{agentdeployment ID}

 

AgentDeploymentStatus

POST

https://<consoleFQDN:port>/st/console/api/v1.0/agents/deployment

Request Body

Success code

See the Deployment and Operation location links in the header

Input Model

If you initiate a deployment remotely via the REST API, you must add a session credential.

Name

Required?

Type

Default Value

Description

assignedGroup

No

String

None

Specifies the group that the agent will be assigned to within Machine View and Scan View.

The default group is the machine group name and it will be applied if an operation has been performed on the machine from the Security Controls user interface. If the machine has already been assigned a group name, this parameter will be ignored. To change the assigned group, use the Machine Properties dialog within Security Controls.

connectionMethod

No

Enum

None

Specifies the method used to connect to the machines to which the agent policy will be deployed. This parameter is only used if an endpoint name is specified using the endpointNames parameter. Valid values are:

Inherit: Use the global setting specified on the Scan Options dialog available from Tools > Options > Scan. For more information, see Ivanti Security Controls help (opens in a new window). This is the default.

IPAddress: A connection is made by IP address after name/machine resolution is performed.

Fqdn: A connection is made using the Fully Qualified Domain Name (FQDN). This supports SPN name validation, which may be required in networks using Kerberos authentication.

credentialId

No

Guid

None

Provides a credential ID for machine access.

endPointNames

No

String

None

Identifies the candidate endpoints where the agent will be installed.

machineGroupIds

No

Int32

None

Specifies the IDs of the machine groups used for the agent deployment.

policyId

Yes

Guid

None

Specifies the ID of the agent policy to deploy.

sshServerValidationMode

No

String

Blocked

Specifies if an SSH connection can be used when the console communicates with endpoints that support SSH and for which SMB fails. There are potential security risks when using an SSH connection, so be sure to review the SSH Authentication topic before making a decision.

Blocked: The console will not be able to make an SSH connection with the endpoints.

SkipServerAuthentication: An SSH connection is allowed between the console and the endpoints without the use of SSH server authentication. This should only be used if you are certain that the endpoints are trusted and safe Linux machines.

useMachineCredentialId

No

Boolean

False

Specifies whether machine credentials will be used during the agent deployment.

Example with Sample Response

Queue an installation of an agent policy to all machines contained in a machine group

POST Request

Copy 
https://<consoleFQDN:port>/st/console/api/v1.0/agents/deployment

{
    "machinegroupids": [1],
    "policyid": "4997c76c-3e47-4b97-bae5-265d586431e9'

}

Sample Response

Body

Status code: 202 Accepted

Headers

Contains links to track the progress of the installation. For example:

Copy 
Content-Length →0
Date →Tue, 01 Oct 2019 15:55:07 GMT
Location →https://device-name.example.com:3121/st/console/api/v1.0/agents/deployment/7fdb25e5-06ea-49b2-b148-6877f641cf2e
Operation-Location →https://device-name.example.com:3121/st/console/api/v1.0/operations/7fdb25e5-06ea-49b2-b148-6877f641cf2e
Server →Microsoft-HTTPAPI/2.0

Other Request Examples

GET Request

https://<consoleFQDN:port>/st/console/api/v1.0/agents/deployment/7fdb25e5-06ea-49b2-b148-6877f641cf2e

Output Models

Name Type Description

agentStatuses

AgentStatus

 

Agent operation statuses.

created

DateTime

The date and time that the operation was created.

error

OperationError

Operation specific error.

links

Link

Shows the related URL for the deployment.

percentComplete

Int32

The completion percentage.

status

AgentInstallStatus

The operation status. Possible values are:

Invalid: An unknown state.

Starting: Agent deployment is starting.

CopyingFiles: The agent deployment service is pushing files.

Installing: The remote installer is being executed by the deployment service.

WaitingRegistration: The agent has been installed and is awaiting a registration request.

DeployFailed: The agent installation package could not be pushed or launched.

InvalidAmbigousName: A machine name was provided that may not resolve to a specific machine.

RegistrationFailed: The agent registration request was invalid or was never received.

WaitingCheckin: The agent registration has succeeded and is awaiting the first check in.

CheckinFailed: The agent check in operation failed or timed out.

Succeeded: The agent has been successfully installed, registered and has performed a check-in to receive its engines and policy

ResolutionError: The machine failed resolution and no agent push was attempted.

VMwareWorkstationNotSupported: The VMware workstation is not supported.

Canceled: The operation was canceled.

CheckingConfiguration: The agent deployment service is checking the endpoint configuration.
Name Type Description

error

OperationError

Operation specific error.

id

Guid

The identifier.

name

String

The machine name.

percentComplete

Int32

The completion percentage.

status

AgentInstallStatus

The agent installation status. See above for possible values.

statusTime

DateTime

The date and time of the last status report.