search cancel

Identify Active Agents within Siteminder Infrastructure

book

Article ID: 255433

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

How to Identify list of active agents in a Siteminder environment.

Environment

Release : 12.8

Resolution

below couple of options to Identify Active agents in Siteminder

**** Option 1 --> Agent Discovery feature 

Link -->  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/agents-and-agent-groups/agent-discovery.html

The Agent Discovery feature was introduced to allow SiteMinder Agents to report data about themselves to the Policy Server which would create an Agent Instance object in the Policy Store making this data available to SiteMinder Administrators via the Adminui's 'Infrastructure>Agent>Agent Instances' Tab.
The Agent Discovery Instance feature was designed to provide SiteMinder Administrators with a visual representation of the Agent Instances that were active in their environment. 

This visual representation would allow Administrators to identify obsolete objects in their environment that were no longer in use such as TrustedHosts, Agent Configuration Objects (ACO), and Host Configuration Objects (HCO). 
Knowing which Agent Instances are no longer communicating with the Policy Servers in the environment by reviewing the 'Status" of an Agent Instance object allows a SiteMinder Administrator the ability to delete the obsolete objects a
associated with these Agent Instances to help improve Policy Server performance in a large SiteMinder environment.

This can be enabled from XPSConfig (please refer to the Link Above) 

Instructions:

1.) Upgrade the Policy Server to R12.51 CR-07 or higher.
2.) Open a command prompt on the Policy server system.
3.) Enter "XPSConfig".
4.) Enter "SM".
5.) Enter the number that corresponds to "AgentDiscoveryEnabled".
6.) Change the value to "0".
7.) Restart the Policy Servers in the environment to pick up this Global parameter.

Once done , you can go to the Adminui and you will see Agent Instances entries created for all active agents (the very first time the agent communicate to policy server after restart, the policy server will check if the agent has an Agent Instance entry
already created and if not , it will create one which is the one that you will see in Adminui) 


**** Option 2 --> Oneview Monitor 

You can use the oneview monitor (requires setup , please see link below) which will give you details on the Active agents as it logs all incoming requests for auth and Az .

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/administrating/use-oneview-monitor-to-analyze-performance.html