SSH Tectia

Management Agent on Windows

The Windows version of Management Agent carries out the same tasks as its Unix counterpart. However, its architecture is slightly different.

The Management Agent on Windows consists of:

  • service named ssh-mgmt-sysmonitor.exe

  • configuration file agent-secsh.dat

All components are installed from the ssh-mgmt-agent-<v>-windows-x86.msi package (where v is the version number) by Windows Installer service 2.0 (required in the target machine). The agent also requires an ICB file, icb.dat, to be installed in the same directory as the executables at installation time to be able to connect to the Management Server.

All components are installed from the ssh-mgmt-agent-<v>-windows-x86.msi package (where v is the version number) by Windows Installer service 2.0 (required in the target machine). The agent also requires an ICB file, icb.dat, to be installed in the same directory as the executables at installation time to be able to connect to the Management Server.

SSH Tectia Management Agent Service

The main component of the Management Agent is the ssh-mgmt-sysmonitor service. The Management Agent takes care of connecting to the server, receiving updates and informing the server about installed products, status, and so on.

When the service is launched for the first time, it needs an ICB file (icb.dat) to make a connection to the Management Server. If a connection is established, the Management Server sends the Management Agent a configuration which the agent writes to disk (router.dat). The Management Agent then disconnects from the server and reconnects using the router.dat configuration options. From this point on, the icb.dat is no longer used.

If Management Agent is started without either the icb.dat or the router.dat files present (it checks in the directory where the service binary is located), it will wait for a file to appear and then try to connect. Therefore, the service does not have to be restarted if the icb.dat file is installed after the service has been started. The poll interval to check for this file is a few minutes, so if you require the Management Agent to connect immediately, restarting the service will speed things up.

If the host is deleted from the server via the administration interface, it will no longer be able to use the router.dat file to make a connection. In such a situation, the router.dat file located in the installation directory should be removed and a new or existing (if still valid) ICB file will initiate a new configuration for the host.

If the router.dat file is deleted, but a valid ICB file exists, the host will negotiate a new configuration from the server the next time it connects. It will appear as a new host in the system, even if it was already registered there before. In this case, you need to manually delete the old host from the administration interface.

The Management Agent synchronizes user-specific configuration files between a centrally stored set of configuration files and their own set.

When the Management Agent receives configuration files for SSH Tectia Client they are stored in "%ALLUSERSPROFILE%\Application Data\SSH" for Client 4.x and in "C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker" for Client G3. Host keys are stored in the "%ALLUSERSPROFILE%\Application Data\SSH\HostKeys" directory.

The Management Agent then synchronizes the configuration (and HostKeys) between those centrally stored files and the user's own files, typically stored in %APPDATA%\SSH (and HostKeys subdirectory) for that user.