Previous: Create server groups
Next: Assign policy templates
Task 2. Install Halo agents
Halo cloud components
Halo is built with a patented distributed architecture that provides for maximum protection with minimum performance burden on your organization's resources. Halo's extreme scalability and dynamic coverage allow it to keep up with rapid changes in the most elastic of cloud implementations.
In use, the components of Halo are distributed across your organization's clouds and the Halo cloud, as shown below.
- The Halo agent is a lightweight and secure software component that runs continuously as a service on each server instance, no matter where the instance resides. The agent automatically collects factual data about the state of the server and communicates it to the Halo analytics engine for processing. As directed by policies created in the Halo portal, the Halo agent can examine specific configuration settings or make changes such as updating firewall policies or user accounts.
Because each server has its own agent, scaling up Halo protection when scaling up a server installation comes at essentially no performance cost to the customer. Each new server gets its own Halo agent, whose only task is to monitor that one server.
Full-functionality and audit operational modes. The Halo agent has the ability to effect changes on its host machine, such as updating host firewalls and managing user accounts. However, the agent can also run in audit mode if its ability to make changes to its host is not needed or desired.
- The Halo security analytics engine is a powerful computational grid that is run and maintained by CloudPassage. The analytics engine performs sophisticated analytics that evaluate data collected by the Halo agents. The Halo analytics engine does the "heavy lifting" on behalf of the agents, conserving the servers' resources so they can continue to run applications with negligible impact from the agent.
The engine is dynamically scalable, meaning that it can handle both small and very large numbers of agents. As you increase the number of servers in your deployment, the Halo analytics engine bears the increased processing load and scales dynamically to meet the increasing demand. You do not need to do anything other than deploy the agents onto your additional servers.
The engine is extremely hardened and highly secure. The only access to it (other than that used by Halo agents) is an HTTPS interface that requires authentication to initiate any operation. Furthermore, the analytics engine never initiates contact with any Halo agents; to protect customer security, the engine only responds to connections initiated by the agents.
- The Halo portal is the convenient "single pane of glass" used to manage all Halo product capabilities, create policies, set up alerting, view reports, manage users, and perform other tasks. The Halo portal is accessible with recent versions of popular browsers and requires no additional client installation..
- The Halo REST API gives you an alternative to the Halo portal for managing Halo operations. Your developers can use it to automate Halo capabilities in new or existing management tools.
Every Halo-protected server must have a running Halo agent that performs security tasks and communicates with the Halo analytics engine on a regular basis.
For this exercise, start by installing agents on a small number of servers, in one or more of your server groups. The example shown here uses 24 servers in total, which is more than enough to see how Halo works. With as few as five servers you can demonstrate use of multiple operating systems, multiple server groups, group hierarchy, multiple policies, policy inheritance, and automatic scanning with multiple Halo security modules.
Install Halo agents
Take the following steps for every server that you want Halo to protect:
- In the group tree in the Halo portal, select the group to which the new server will belong.
- Select Servers from the New menu. The Install Agents dialog opens.
- Select the server's Linux distribution or Windows version from the the drop-down list. The appropriate script appears in the window.
- Copy the script from the window into your clipboard.
- SSH (on Linux, with sudo privileges) or RDP (on Windows) into the server on which you want to install the agent.
- Paste and run the script from the shell command line. (On Windows it must be PowerShell running as Administrator.) The script installs the agent and starts it.
- Verify the installation in Halo, by selecting the server's group from the group tree and verifying that the new server appears in the group's server list.
Note: See "Related Topics" (below) for links to other methods and optons for installing Halo agents.
That's it for installation. Now you have active, Halo-protected servers populating a set of server groups. All that remains for the initial setup of Halo is to assign security policies to each of your groups. (See next task, Assign Policy templates.)
|Related Topics||CloudPassage Community|
// <![CDATA[ var pdfTitle="Halo QuickStart and Tour"; var pdfURL="http://res.cloudinary.com/ljufltxil/image/upload/document_images/quickstart2/halo-quickstart-and-tour.pdf"; specifyPDF(pdfTitle, pdfURL); // ]]>