Assigning Servers to Server Groups
If you have both created Halo groups and installed Halo agents on your servers, you can now assign the servers to the groups. A server must be a member of a group to receive the Halo security policies that protect it.
Manually Assign Servers to Groups
- On the Halo portal Dashboard page, Locate the servers on which you have installed agents but have not yet explicitly assigned to a group. They are listed in the root group:
- If you want to assign any of the servers in the root group to a group that you have created, select the checkboxes for those root-group servers, then select Move Server(s) from the Actions drop-down list, and finally select from the group list the name of the group to move those servers into.
Your selected servers are now assigned to the server group you chose. As you create policies (see following sections), you can return to the Dashboard page to assign the policies to the appropriate groups.
Automatically Assign Servers to Groups
Halo also allows you to automate the process of assigning servers to groups, bypassing manual assignment in the portal. To set it up, do this:
- When you create or edit a server group in the Halo portal, specify a server tag for that group. The server tag is a string of your choice. Enter the string into the Server Tag field on the Edit Group Details page for that group.
Note: A server tag can be up to 40 characters long and can contain only alphanumeric characters plus dots, dashes, and underscores. No spaces or other characters are allowed.
- Then, when you install a Halo agent on a server, supply the server tag of the group to be associated with that agent. If an agent's server tag matches that of any existing server group, that server is automatically assigned to the group whenever the agent starts up.
There are several ways to assign a server tag to an agent:
- (Linux) Modify the server startup script:
--tagoption on the line before the start command line, as in
sudo /opt/cloudpassage/bin/configure --agent-key=yourAgentKey --tag=servertag
sudo /etc/init.d/cphalod start
- (Windows) Run the installer:
The installer includes a screen that you can enter the tag into.
- (Windows) Execute an unattended installation:
/TAG servertagoption on the command line.
- (Windows) Use the Windows Service Manager after installation:
- Open the Services control panel. For example, from the Start menu, select Administrative Tools and then Services.
- Right-click the line for the CloudPassage Halo Daemon service, then select Properties from the drop-down menu.
- In the Properties dialog, enter the tag assignment in the Start parameters field, using this format:
- Now start the service by clicking Start.
Important: Do not click OK without first clicking Start. If you click OK first, the tag will not be assigned to the agent.
Maintain and Manage Your Servers
Use the Halo portal on an ongoing basis to manage any of your servers. On the Dashboard page, activate a Halo module by clicking its icon (such as ), and then select a server group. Then scroll or search to find the server(s) of interest, selecting the checkbox for each server you want to act on.
Searching for a server
To use the Dashboard search to find a server, enter any portion of the server's hostname, fully qualified domain name (FQDN), or server label into the search box, then click Search. The search results are limited to the currently active Halo module and the currently selected server group.
From the search results, select the checkboxes of the servers you want to act on.
Acting on a selection of servers
Once you have selected one or more servers to act on, use the Actions drop-down menu to
- Launch scans of the servers.
- Move the servers servers from one server group to another, including the root group if you do not want the servers to belong to any explicitly created group.
- Retire the servers if they are not currently needed, putting them into the "Retired" group.
- Unretire the servers from the "Retired" group, transferring them to the root group.
- Delete the servers when you no longer need them and are sure that you never will again. The servers disappear from the server group on the Dashboard and cannot be recovered.
Note: The Delete action removes the server's record from Halo, but it does not uninstall the Halo agent from the server, and the Linux or Windows server still exists as a virtual or physical server, even though it is no longer visible to Halo. To actually remove the agent from the server, follow the instructions in Uninstall Halo Agents.
// <![CDATA[ var pdfTitle="Halo Operations Guide"; var pdfURL="http://www.cloudpassage.com/document_images/ops/halo-operations.pdf"; specifyPDF(pdfTitle, pdfURL); // ]]>