Trusts

By default, all Agents in a Ivanti Automation environment are allowed to use all Modules and all Resources when they execute Jobs. This behavior may not always be desirable in multi-tenant sites that serve multiple customers. In multi-tenant sites, "ownership" of customer-specific Agents, Modules and Resources often lies with customer representatives. You therefore may want to create a situation in which you let customer representatives determine which Modules and Resources are used by that customer's Agents.

You can tackle these situations by configuring Trust relationships ("Trusts") between these objects. By configuring Trusts, you can create relationships between Agents and Modules and between Agents and Resources. This relationship is determined, on the one hand, by the Agent(s) that are trusted by the Module and/or Resource and, on the other hand, by the Module(s) and/or Resource(s) that are trusted by the Agent. As Trusts are evaluated at the moment of Job execution, it is the combination of these Trusts that determines whether or not an Agent can execute a Job with these Modules and Resources. This is only possible when a full Trust exists (i.e. the Module or Resource is trusted by the Agent AND the Agent is trusted by the Module or Resource).

Schematically:

Trusts2

For example:

If a full Trust exists between an Agent and a Module, the Agent is allowed to execute the Module. If it does not exist, the Module will fail.
If a Task in a Module uses a specific Resource, a full Trust must also exist between the Agent and the Resource. If it does not exist, the Task that uses the Resource will fail. Depending on the error control settings of the Task, this may fail the entire Module.

Trusts can be configured for Teams and Team folders, Agents, Modules and Module folders and on Resources and Resource folders.

Because you can delegate control over Trusts to the owners of Agents, Modules and Resources, this makes it possible for a customer to determine which of his Agents are authorized to use which of his Modules and Resources.

Scenarios

Trusts are ideal in the following situations:

When owners of a customer-specific Module or Resource need to specify that it may only be used by that customer's Teams.
When owners of a customer-specific Team need to specify that only certain Modules and Resources may be used by that customer's Teams.
When only a specific Agent is allowed to use a specific Module with a specific Resource (for example, a specific AutoCad installation or an ISO with specific licensing information).