2 Replies Latest reply on Mar 14, 2017 1:52 AM by MatthewPlumb

    Help to understand CSA

    MatthewPlumb Rookie

      Hi

       

      To cut a long story short our CSA was 'accidentally' decommissioned several months ago and today I have created a new vCSA with the same settings as the one that was previously running.

       

      I haven't yet dealt with the client certificates yet but I am a little worried about the amount of data I am seeing hitting the new vCSA since it came online. The Gateway Service Status is showing almost 50000 'Total connections serviced' since it was last restarted less than 3 hours ago.

       

      Capture1.PNG

      I have looked at the 'CSA Connection Table' report and I see a fair amount of connections from devices that are no longer listed in the LDMS inventory (and do not physically exist any more) and others from devices that are in the inventory list. For example:

       

      Capture.PNG

      Capture3.PNG

       

      The vast majority of the have the UserAgent set as LANDESK Remote Agent/8.6 or (mostly) LANDESK Remote Agent/9.5 as shown above.

       

      I also see a large amount of records going through the connection tablet such as this which I am not sure about:

       

      Capture4.PNG

       

      There are a few things that are worrying me:

       

      1. Why is the 'Connections Serviced" number so high when I believe there should be no where near this number of devices going through the CSA. The devices that I am seeing in the connection log that are in the inventory list should be connecting directly to the Core server and not going through the vCSA, What could be causing devices to be going through the vCSA when, in theory, they should just be connecting directly to the core server?

       

      2. Why are there records appearing in the 'CSA Connection Table' report for devices that don't exist in the inventory list and do not physically exist any more?

       

      3. What are the 'Broker Service Requests' that are seemingly coming from (or going to) our core LDMS server?

       

      Our LDMS system is v9.6 with SP3 applied and the vCSA is 4.3 with the latest available (as of today) updates applied.

       

      Thanks for any info anyone can share on this and for letting me whether I am panicking for no reason(s)?

       

      Matthew

        • 1. Re: Help to understand CSA
          Peter Massa Expert

          Hello MatthewPlumb,

           

          1. Why is the 'Connections Serviced" number so high when I believe there should be no where near this number of devices going through the CSA. The devices that I am seeing in the connection log that are in the inventory list should be connecting directly to the Core server and not going through the vCSA, What could be causing devices to be going through the vCSA when, in theory, they should just be connecting directly to the core server?

          A: Few items here.

          1. This is a record of each communication to the server - not the count of devices.  So if a single device attempted to connect 10 times, it would log that as 10 connections serviced.  The actual number of clients authenticated and connecting will be listed as "Client-Level Connections" at the top.  Which shows as 2 systems currently connected.  These are systems that have been given the Client Connectivity Agent Setting and have an approved certificate on the core server.

          2. "Unpriviledged connections" are usually when a client is pending Remote Control services - it is not allowed past the CSA to the core, but is just pending a remote control session.  These do not require the client certificate to be approved by the core server, nor does it require the Client Connectivity Agent Setting.  This setting is actually controlled by the core servers .0 certificate file.  When you add a "default" CSA to the core, it updates it .0 certificate with the CSAs information.  This means that immediately once your clients begin to run their next vulscan, they will update to the new .0 file and automatically begin connecting to the CSA for remote control sessions even if they are internal.

           

           

          2. Why are there records appearing in the 'CSA Connection Table' report for devices that don't exist in the inventory list and do not physically exist any more?

          A: My assumption is that you named your server the same name as a previous CSA that you had, and clients that you believed did not exist anymore, or are running an old agent but not properly managed now are starting to do "Unpriviledged" attempts at connecting.  Another thing to note: "LANDESK Remote Agent/8.6 or (mostly) LANDESK Remote Agent/9.5 as shown above"  Some services do not actually update their version to match the main product version.  So Remote Agent 9.5 may still be the latest version for 9.6 - I am not positive, but this does occur - 8.6 does seem pretty old though.

           

           

          3. What are the 'Broker Service Requests' that are seemingly coming from (or going to) our core LDMS server?

          A: Whenever a client requests a service (patch, inventory, etc) it will communicate it to the CSA and it will pend a connection from the Core server to establish a link.  The core usually keeps atleast 8+ available service connections open at a time to immediately link a clients request to once its certificate is approved.  These are probably what you are seeing being logged - that its "brokering" the requests.

           

          Peter

          1 of 1 people found this helpful
          • 2. Re: Help to understand CSA
            MatthewPlumb Rookie

            Thanks Peter, that's a great help, much appreciated...