Priveon Labs Security Blog

One of the more difficult tasks associated with any agent based deployment is actually getting the agent software installed in the environment. With a Cisco Security Agent deployment, the Management Center (MC) can be configured and ready to go, but without installed agents, the CSA administrator can proceed only so far with the implementation plan. In many environments, where the number of hosts can range from the hundreds to the thousands and tens of thousands, manually installing the agent is not an option. It can be beneficial to utilize a systems management suite with software distribution capabilities to assist in installing CSA. While CSA does offer the ability to schedule upgrades from within the MC, the MC does not perform the initial agent installation on the hosts. Various upgrade scenarios can leverage software distribution tools as well. The ability to target systems with much more granularity as well as enhanced reporting and inventory capabilities are all features of a good systems management suite that can help a CSA deployment move forward.

This posting is the first in a series where I will provide the information needed to assist with automating the deployment of CSA to client machines. Details on how to deploy CSA using two popular systems management suites (BigFix and Microsoft Systems Management Server/Systems Center Configuration Manager) will be covered.

I will be going over deployment scenarios that include new deployments as well as version upgrades. Some of the topics covered will include:

• Protect mode upgrades (how to upgrade CSA on clients without using Test or Audit mode)
• Configuring CSA to work with SMS and BigFix
• Command line parameters for the agent installation
• BigFix relevance and action language examples for creating a deployment task
• Query syntax for SMS/SCCM
• Collections and Package Creation for SMS
• SMS Installer script for a protect mode upgrade