After the Management Agent has been installed to a host, it initiates the management connection to the Management Server. The Management Server then pushes the Tectia installations, upgrades, and configurations through the management connection to the host.
If the managed or monitored hosts are running personal firewall software, user interaction on the host is typically required for allowing the new or changed binary to access the network.
The TLS-protected management connection, as well as all actions, software and data flows through it, are permanently open after the connection has been initiated. Opening and re-opening the management connection is always initiated by the Management Agent. This means that there is no need to have any new open ports on the managed host.