6 Replies Latest reply on Oct 5, 2015 7:43 AM by jabramson

    How to set up Mac clients to use the CSA in v9.6, SP1

    Rookie

      Hi all,

       

      So i have documentation to create a Windows standalone installer that can communicate to the CSA without need to run brokerconfig and i am looking to make a Mac client that can do the same thing. However i have found very little documentation on how to do it and the only doc that i have found that is close is for version 9.5 or older and even that seems a little sparse in terms of information. Does anyone know of a way to achieve this goal for the Mac client for version 9.6?

        • 1. Re: How to set up Mac clients to use the CSA in v9.6, SP1
          Peter Massa Expert

          Hello econnell,

           

          You actually have feature parity (or the ability to add that parity) between Windows and OS X agents on this matter - but as you stated it is not well documented.

           

          Immediate activation:

          The OS X agent acts slightly different from the Windows agent during installation.  The Windows agent installs and does not attempt to broker immediately unless you edit the installer and add a broker -r command to it.  The OS X agent however already has the broker -r command added in.  This means that if the OS X agent is in-band (can reach core and CSA) during installation it will (mixed results here) automatically broker.

           

          Activation via policy:

          In the case that this fails you may also create a sh script to execute the following command via policy on any device that is not brokered, but is in-band.

          #!/bin/sh

          /usr/LANDesk/common/brokerconfig -r


          Activation while out-of-band:

          The Windows agent supports using a .lng file for out-of-band brokering: Unattended configuration of client for the Cloud Services Appliance

          The Windows agent may also be brokered using the ldgatewayassistant:  LDGatewayAssistant [Windows Version]  or  LDGatewayAssistant – Windows Version

          The OS X agent may be brokered using the ldgatewayassistant: LDGatewayAssistant [Macintosh Version]  or  LDGatewayAssistant – OSX Version


          *Note: I have not released a new version of the ldgatewayassistant yet to support the new miniscan technology - so it may not function correctly with 9.6.1 Windows agents.  The service will likely crash.  The OS X version should still work though.


          Hopefully this helps,

          Peter

          • 2. Re: How to set up Mac clients to use the CSA in v9.6, SP1
            Rookie

            hi peter, i talked to support and they said that it's even more simple than that. for 9.6, sp1, the only thing that you have to do is attach the csa to the core server first and THEN create the mac agent. the command to run brokerconfig is built into the agent creator. so basically, if the core server has a csa associated with it, that csa name and external ip will be built into the agent so that when the agent is out of band and switches to the mac version of gateway mode, it will look for the csa and present the csa certificate to start communication. i have tested this out and it has worked. the core server has seen the test mac change ip addresses from internal to external and i was able to remote to it both ways. thanks for your help on this!

            • 3. Re: How to set up Mac clients to use the CSA in v9.6, SP1
              Peter Massa Expert

              That is the same as what I had listed for immediate activation:

               

              "Immediate activation:

              The OS X agent acts slightly different from the Windows agent during installation.  The Windows agent installs and does not attempt to broker immediately unless you edit the installer and add a broker -r command to it.  The OS X agent however already has the broker -r command added in.  This means that if the OS X agent is in-band (can reach core and CSA) during installation it will (mixed results here) automatically broker."

               

              That method will work - I was just providing all three cases to trigger the activation for a more complete and detailed answer.

               

              With the way that you currently have it setup; if you install the agent while it is off the network and not on vpn - it will not automatically connect to the CSA and broker.  You will still need to use the methods I listed above.  The reason for this is that the agent does not have embedded credentials to initiate the broker'ing process.  However if you can get all of your devices to broker during their initial setup then you should not have to worry about out-of-band activation.

               

              -Peter

              • 4. Re: How to set up Mac clients to use the CSA in v9.6, SP1
                jabramson Apprentice

                I am curious about this. I have SP2 with 2 gateways. When the mac agent is installed to a device that is not directly connected to the network it won't retrieve a cert to be able to upload an inventory to the core server. But if I do a cert retrieve, then it will work. Is this how it is supposed to work or perhaps is something in the configuration perhaps not correct?

                 

                -Jonathan

                • 5. Re: How to set up Mac clients to use the CSA in v9.6, SP1
                  Peter Massa Expert

                  Jonathan,

                   

                  Doing a brokerconfig -r while not able to directly connect to the core will not work.  As a work around if you do it via the GUI brokerconfig.exe and put in credentials then it will work.  It uses the credentials to connect via the gateway to get a certificate.

                   

                  So you are correct, that is how it is supposed to work.

                   

                  Hope this helps,

                  Peter

                  • 6. Re: How to set up Mac clients to use the CSA in v9.6, SP1
                    jabramson Apprentice

                    Thanks Peter. As I mentioned in my previous reply, we can do a manual retrieve but I wasn't sure about the -r and working while not connected to the core through either a VPN or direct connection. But your reply answers that.