Option A: Deploy the DSA when the image is reprovisioned.
In this method:
- The Agent is installed as part of the startup script when deploying a new gold image.
- The Generate Deployment Scripts functionality is used to deploy the DSA on a Linux image. It is the preferred method and involves less scripting.
Do the following on the Deep Security Manager (DSM) console:
- Click the Administration tab in the top section and then click Updates in the left sidebar.
- If the Linux agent is not listed, click the Import Software button, and then import the Agent into the DSM from the location of your downloaded copy.
- Click the View Imported Software button at the bottom part of the console.
- Select the Linux agent and then click the Generate Deployment Scripts button.
You can set the script to automatically activate the Agent after the deployment and set a specific policy for the Agent.
- Include the generated deployment script in a startup script and place it on your GOLD Linux image.
For a cleaner process, we suggest deleting the startup script after running it.
Option B: Deploy the DSA before the image is reprovisioned.
In this method, the DSA is already installed but not yet activated. Some scripting is required to start and activate the Agent.
Perform the following on the gold image before reprovisioning:
- Install the DSA software on the image.
- Stop the ds_agent process.
- Delete all the DB, INI, and CRT files.
- Place a startup script on the image that would start the ds_agent as well as activate the agent using the dsa_config command.
- Stop the gold image.
When the Linux image is provisioned, the startup script would need to run to start and then activate the agent.