A central computer manages configuration group components and the collected data. Configuration groups can have multiple central computers. The central computer performs the following functions:
Installs, uninstalls, and configures Windows agents
Distributes rules to Windows agent computers
Controls data flow between all agents and the Sentinel server
Hosts the Agent Manager Console
The setup program installs the following Sentinel Agent Manager components on the central computer:
Installs and configures agents on Windows computers.
Receives collected information from Windows agents.
If a change occurs to a processing rule that applies to a Windows agent on a Windows computer, the Consolidator ensures that the change reaches the Windows agent. The Consolidator sends processing rules to agents on Windows computers when the Windows agent is installed and whenever the rules change. You can configure how often the Consolidator polls for rule changes.
Processes queued event data using the Business Services, Log Handler, and Log Watcher subcomponents.
Allows the Agent Manager database to access agent configuration.
Configuration groups can contain more than one central computer. Configuring more than one central computer in a configuration group might be necessary for the following reasons:
When assigning agents to central computers, assign no more agents to the central computer than it can handle.
NOTE:The number of agents you can assign to a central computer depends on your environment, such as the total number of events you expect agents to send to the central computer. If you need help planning your Sentinel Agent Manager environment, contact NetIQ Technical Support.
Following the installation of central computers and agents, you can re-balance the distribution of agents across central computers, using the Agent Administrator to assign agents to different central computers. If you install more than one central computer, use the Agent Administrator to reassign agents among central computers.
If a central computer fails, or a managed or unmanaged agent cannot otherwise contact the central computer, the agent can temporarily send event and alert data to another central computer. If you want to ensure data is delivered to the databases when a central computer is unavailable, you can install multiple central computers for redundancy. The central computer assigned to manage the agent still retains control over the agent for upgrade, installation, and uninstallation purposes. For more information about configuring failover, see Specifying Central Computers for Failover.
If you want a configuration group to monitor computers in different supported domains and do not want the central computers to share a common service account, you can install multiple central computers, with different service accounts. For more information about creating service accounts, see Section 3.3, Creating a Service Account.
Because you can deploy Sentinel Agent Manager in a wide variety of situations, there is no simple formula for determining the required number of central computers, their location, or the required hardware. The central computers should be server‑class computers and should be located to allow maximum bandwidth between the databases, the central computers, and the agent computers.
NOTE:You cannot install a central computer on an existing managed agent computer.
The following table lists the system requirements and recommendations for central computers.
|
Category |
Requirement |
|---|---|
|
Processor |
See System Requirements. |
|
Disk Space |
|
|
Memory |
|
|
Display |
|
|
Operating System |
|
|
Software |
|
|
Network Access |
|
|
Additional Requirements |
On each central computer and agent computer you scan for viruses, configure your antivirus software to exclude from scanning the specified folders and files. On Windows Server 2016 and Windows Server 2019 computers, exclude:
|
NOTE:
When you install central computer components on a Windows Server 2016 or Windows Server 2019 computer, the setup program prompts you to restart the central computer to finish the installation process.
NetIQ recommends installing the latest Microsoft Windows service packs and hotfixes on all computers before installing Sentinel Agent Manager components.
After you install the Microsoft Message Queuing prerequisite, NetIQ recommends disabling the Active Directory Integration sub-component of MSMQ. For more information about disabling Active Directory Integration, see Section 3.4, Disabling Active Directory Integration with Message Queuing.