You can add non-discoverable (can't be discovered using JetPatch Discovery Sources, on-prem and ) endpoints to JetPatch server from either the JetPatch server or from the Endpoint itself.
There are two ways to manage a non-discoverable endpoint for:
- Add Physical Server in JetPatch Console - if the endpoint is reachable from the JetPatch Manager.
Note - To deploy the JetPatch Agent (Connector) needs to add an additional account to JetPatch - Deploy Connector on the endpoint itself - When the communications available only from the endpoints to JetPatch (EP behind NAT).
- Using Connector binary
- Using WSUS Connector MSI (with additional configuration capabilities) - Windows only
Add Physical Server
Note - Newly-added endpoints appear in the endpoint list with the initial status of Untested. Upon first vAgent/Connector deployment or upon a manual Refresh status from the Servers tab, the connection status will be updated and JetPatch server will attempt to install the connector on the machine.
Single Endpoint
To add a single endpoint into JetPatch Console:
- In the Servers tab, go to Server Actions > Add Physical Server:
- Configure the following:
- The endpoint's Hostname and IP Address
- The endpoint's Operating System
- Access Credentials: If the credentials to this endpoint have already been provided, you can assign them to the endpoint here. Otherwise, you can do this later.
- Click Save.
- Configure endpoint user accounts.
Multiple Endpoints
When the need is to create multiple physical servers, the preferred why is to leverage the JetPatch API capabilities.
More information can be found in Adding Endpoints in Bulk via REST API
Deploy Connector on the Endpoint itself
Deploy JetPatch Connector binary
You can locally install the connector on any endpoint server. This is useful for connecting servers which are not otherwise accessible to the management server, and also for adding the connector to a base image that will be used to spawn multiple servers later.
To install the connector on a supported endpoint:
- Make sure organizational firewalls allow HTTPS (port 443) communication from the endpoint to the JetPatch server.
- Copy the Connector installation file (can be found in the JetPatch server file system in /usr/share/intigua/bin/)
For Windows - vlink-win-win32_x64-<version>.exe
For Linux - vlink_installer_linux_x64_<version>_Release.bsx
into the endpoint.- For Windows put the file in a tmp or download directory
- For Linux put the installation file in /tmp
- On the endpoint, run the following command (make sure to copy all quote signs and slashes correctly):
<connector> -coreserverurl="https://<host>/vmanage-server/"
where
<connector>
is the path and filename of the connector file executable, and<host>
is the IP address or DNS Name of the server host.For example:
vlink-win-win32_x64-Release-3.2.exe -coreserverurl="https://<host>/vmanage-server/"
After that, the connector is installed and initiates communication with the JetPatch server. If the coreserverurl needs to be modified, see article. If there are still issues, generate connector logs from the endpoint.
- To test that the connector has been properly installed, check that the service is running:
- In Windows:
- Service name: vAgentManager
- Display Name: Intigua vAgentManager Service
- Process name: vlinkservice64.exe
- In Linux, run:
- /etc/init.d/intigua status
- In Windows:
Deploy JetPatch WSUS Connector MSI
The WSUS Connector MSI installation doing the following thing:
- Pulling the latest JetPatch Agent for Windows (Connector).
- Installing the Connector & Configuring the Connector to communicate with the JetPatch Manager
- Optional: Configuring the Windows Update Agent:
- Setup WSUS communication.
- Setup the appropriate Computer Group to be set in WSUS
- Optional: Pulling & installing the WSUS certificate (if exist)
Notes:
- Removing the MSI installation (Using the "Programs and Features" control panel) won't restore the previous Windows Update Agent configuration (But Connector will be removed.)
- The WSUS Computer Group assignment will work only if WSUS is configured to assign the computers to groups by configured it to "Use Group Policy or registry settings on computers". See Client-side Targeting in MS documentation.
Pre-Requisites
- WSUS Connector MSI downloaded.
- The endpoint should have a connection to the JetPatch Manager in the installation time.
- The configuration file should be in the same directory as the MSI installation.
- JetPatch API key to connect to JetPatch and download the needed files.
- The initiating user that installing the MSI should have administrator privileges.
- Optional: The computer group in the settings file (wsus_group) should exist in WSUS.
- Optional: If there is a WSUS certificate located in the environment - check WSUS Certificate section. Only applicable if SSL is enabled on WSUS
Configuration File (vlink.settings)
When installing the Connector using MSI Installer the configuration file (vlink.settings) should exist in the same directory and with the following properties:
- manager_ip_hostname - The IP or full hostname of the manager server.
- username - The username for accessing the API of the manager.
- apikey - The API key for accessing the API of the manager.
- wsus_ip_hostname (Optional) - The IP or full hostname of the WSUS server (if not applicable, delete this line).
- wsus_cert (Optional) - The filename of the WSUS certificate that’s located in the JetPatch Manager (if not applicable, delete this line).
- wsus_group (Optional) - The name of the WSUS group we would like to associate the endpoint to (if not applicable, delete this line. Only required if using WSUS with SSL).
Recommendations
The endpoint should have a connection to the WSUS in the installation time. Necessary if you want to setup the WSUS group.
Installation and verification process
- Generate the vlink.settings with the right properties, based on your environment.
- Put the MSI Installation and the vlink.properties in the same folder.
- Run the MSI installation
To verify the Connector was installed successfully -
- On the endpoint:
- check that the Connector root folder has been created - "%SystemDrive%:\program files\Intigua" (usually located in "C" drive).
- check that the Connector service - "Intigua vAgentManager Service" (service name = "vAgentManager") is running
- On the JetPatch Manager:
- The new endpoint should appear in JetPatch Console -> Platform Configuration -> Servers Tab, with a connected (green lighting) status.
Troubleshooting
In case there are problems
Relevant Articles
Comments
0 comments
Please sign in to leave a comment.