Hi there David,
The idea of using a self-contained executable is coming from the necessity to deploy an agent and retrieve the certificate for devices outside the network.
The method work also for agents you are pushing or installing with other methods, as long as you include the lng file in the agent configuration and you leave it available on the core.
However, for clients that are directly connected to the Core, a simple execution of brokerconfig.exe -r should be enough.
You can have your clients running the command in several ways, however, there is a script already available you can use to schedule this operation on the clients you want.
In a Management Suite 9.6 it's in Tools > Distribution > Manage Scripts and it's called Create Management gateway Client Certificate.
Last, if the certificate is already there from a 9.5 agent, if the upgrade process doesn't remove it (and this depends on which way you are upgrading your agents), it should be good enough for your 9.6 agents as well, provided that your 9.6 Core will use the same certificate as your old 9.5.
My recommendation would be first testing all these scenarios on a selected number of clients and verify that your processes are going to produce the desired outcome and only after that move forward and roll out your new LANDESK Agent.
Hope this helps
I ran a couple of machines through the transition process I plan on using in production and the certificates were retained. My plan is to discover devices in 9.6 and then push the agent to them.
For new machines, it should be fairly simple to add the brokerconfig as an action in the provisioning template after the agent has been configured.
There will be times when the self contained agent install will be needed, but those will be few and far between, so I'll deal with that later.
Thanks for the information.