The Client

The client is a part of the TrustPort Management application that is installed on stations in a local computer network. The main part of the client is the 'agent', which communicates with the server and with other applications installed on the station. These applications are centrally managed. The agent can be described as an interlink between the server and the application.

Installation
It is not possible to manage the computer and its applications by TrustPort Management if the client is not installed on the computer. It is possible to install the client remotely using the management console or manually at the station. Manual installation of the client is performed by running setup.exe (the program icon is displayed below). The installation program is designed as an easy to use wizard that is clear even for inexperienced users. The installation program wizard is described in detail on page Installation and Uninstallation of the TrustPort Management Client Component.

Behavior of TrustPort Management Client Installer can be influenced by parameters that are entered after the command setup.exe. For further details see: Command Line Parameters of the TrustPort Management Client Installer.

Starting the Client for the First Time
After the client has been installed on the station, the client will attempt to register on the TrustPort Management server. If the parameter identifying the IP address of the server was entered on set up, the client will attempt to register directly on that server. This parameter is normally used when performing a remote installation of the client by way of the management console. If no IP address was supplied, TrustPort Management will be detected in the local network. If no server responds to the client, the client will try to detect a server periodically. It is possible to specify which server of TrustPort Management should be used in Command Line Parameters of the TrustPort Management Client Installer.

Registration
Once the connection to a server has been successful, the newly created profile of the new client is transferred to the server and the client waits for whether the TrustPort Management administrator approves or denies its registration. The client periodically queries the server whether the registration has been approved or not. In implicit behavior all clients are automatically registered into the server. This mode is naturally possible to change and approve all registrations from the clients manually. If the registration is denied, then the client stops querying the server and the agent adopts a state whereby it can no longer be managed by TrustPort Management. From this point on, in order to include such a denied workstation among permitted workstations, it is necessary to reinstall the client component of TrustPort Management on the station with the parameter /NEWREG. The list of all refused stations is displayed in the TrustPort Management Console. If the registration of the client is allowed, then the profile of the workstation is created on the server. From this moment on, the station can be managed by the TrustPort Management. Each newly registered workstation is automatically placed into the default group Unclassified group and from there the administrator can move it to any other group.

Logging in
Once the client has been successfully registered on the server, the client is able to log on to the server for the first time. Logging on is performed every time the TrustPort Management agent is launched on the workstation, either when starting the station or restarting the agent service. When the client is logged on to the server, the following information is sent: information about applications managed by TrustPort Management, the operating system version, IP address, computer name and name of the domain to which the station belongs (if it is included in one). No other information is transferred to the server. The server responds to a successful log in by transmitting user account login details in order to access network resources and execute applications. This data is transferred in encrypted form for security reasons. This log-in data is not stored on the client. If this logging in is not successful, then the TrustPort Management agent will not be able to access network resources needed to perform downloading of applications, etc.

Synchronization
Once the client has logged in to the system of TrustPort Management, it is possible to synchronize the workstation with the server. Synchronization of the station is initiated by the client, periodically, every so many minutes. By default the station is synchronized with the server every 120 minutes but this amount can be set according to the requirements of the administrator. In the policy area of TrustPort Management synchronization can be set to use so called Time-Shaking. This feature serves to spread out the synchronization of stations over a predefined interval, making each station's specific time different. Time-Shaking is active after installation. Synchronization can also be initiated by the server, if required by the administrator. Such a call from the server side is done manually from the management console and can target one or more clients at the same time. During this process the configuration of the given workstation/application is checked for consistency, and if any changes need to be applied, such as new updates performed, etc., then the relevant data files are downloaded and applied. During the synchronization client sends information about managed applications and all alerts that were created by managed applications.

Superagent
Clients of TrustPort Management can operate in superagent mode. When operating in this mode, the client will automatically download the latest virus definitions from the server and distribute them to other TrustPort Management clients in the same sub-network. It allows to delegate one or more superagents for each sub-network and spread out the load of the TrustPort Management server. When a station desires to update its virus definitions, the first place it will look is at the sub-network superagent. If one exists, then the client will access the superagent and download the virus definitions. If more than one superagent exists in the same sub-network, the client will select one that is available and perform the download. If no superagent exists in the same network, which is the initial state, or no superagent is available at the time, the client will download definitions directly from the server, which in cases of very large networks, can cause a significant load on its resources.

An example of deploying superagents in a network:

An example of a network without using of superagents:

If the superagent still has not downloaded virus definitions, (the planned download has not yet occurred) and a client attempts to download them from the superagent, this operation will fail. The following attempt, however, will succeed, once the superagent has obtained a set of definitions. The TrustPort Management server will automatically at a predetermined time interval download the latest virus definitions from TrustPort, a.s. The initial download can be performed immediately after installation.

Individual clients can be set to superagent mode by selecting the Act as a superagent check box in the Properties tab of the Manage pane for a specified station. Stations will not begin to act in superagent mode until synchronizing with the server. Surrounding stations must be informed that a superagent is operating in their vicinity. This information is supplied when these stations synchronize with the server.

Related references

Main Menu
TrustPort Management Console
Server
Recommended Procedures
Installation and Uninstallation of the TrustPort Management Client Component
Command Line Parameters of the TrustPort Management Client Installer

Copyright © 2008, TrustPort, a.s., All Rights Reserved.