The purpose of this document is to familiarize you with some of the KACE 1000 agent footprint on your managed systems and appliance communication details.
Windows Agent Footprint
- The KACE windows agent is deployed via a single 12.7MB package that covers all supported Windows, MAC, and Linux OS versions
- The executable files are in the same place for all Windows, under Program Files. The configuration and log file directory differs for WinXP/2003 and Win7/2008 installations.
- The executable files, including the service file, are installed in %PROGRAM FILES%\Dell\KACE.
- The data and configuration files are stored:
- Win Vista/Win7/Win2008 - C:\ProgramData\Dell\KACE
- Win2000/WinXP/Win2003 - C:\Users\All Users\Dell\KACE
- Once deployed, the agent is runs as a single Windows service, running as Local System User – no special Service Credentials are required. There are two directories installed by the KACE agent. The service takes 9k of memory. The process for the service is AMPAgent.exe
- For various tasks, messages will be sent to the service, and it will launch agent processes:
- KInventory.exe - to capture and send inventory to the Server
- KDeploy.exe - to deploy software packages via Managed Install
- KLaunch.exe - to run script processes
- KPatch.exe - to detect and deploy patches.
- KCopy.exe - to download files from the server via http or from a local repository via Windows Files Sharing
Agent – Server communication details:
All communication between the agent and the server is initiated by the agent.
- It first establishes a heart-beat connection on port 52230. This communication can be encrypted with SSL. The agent will attempt this connection whenever it is on a network and is not currently connected to the server. This initial packet is at most a few hundred bytes, and contains the NAME, Serial Number and KUID of the connecting machine. Once established, the server holds the socket open, and uses the socket as a message queue to let agents know to execute tasks. Once established, the heartbeat will send a few bytes a minute from each agent confirming that the agent is still there and its current IP address. If the machine loses connection, it will immediately attempt to reconnect.
- At a minimum, each agent will send inventory to the server on a configurable schedule. By default, that schedule is once every 4 hours. It can be set from 15 minutes to 99 hours. Using this setting, the server load balances inventory activity for the agent population evenly across the time period.
- For example, if you have 1000 agents and a 2 hour inventory interval, there will be an inventory sent to the server every 7.2 seconds.
- Inventory ranges from 100k-200k, depending on the amount of software on the agent machine.
- An example inventory is included with this document, to see exactly what is collected. Appendix A lists the WMI blocks that the agent calls in order to gather inventory.
- Inventory triggers Managed Installs and File Sync. If a machine needs a piece of software or set of files deployed based on inventory received, the server will instruct the agent to fetch and install those identified packages. This will happen at inventory time and the agent will first check to see if it has already downloaded the package, using MD5 and SH3 hash, and then ask the server where to get the file, and fetch it either from the server using HTTP(S) or SMB file copy from a local replication share.
- No other tasks will happen on the agent machine unless configured by the user.
Example Output from Kinventory Agent:
C:\Program Files (x86)\Dell\KACE>KInventory.exe
KInventory ----- Starting KInventory.exe [KInventory.exe]-----
KInventory Begin capturing Inventory...
KInventory Now gathering Version information...
KInventory Now gathering Process information...
KInventory Now gathering BIOS information...
KInventory Now gathering OperatingSystem information...
KInventory Now gathering ComputerSystem information...
KInventory Now gathering MotherboardDevice information...
KInventory Now gathering SoundDevice information...
KInventory Now gathering CDROMDrive information...
KInventory Now gathering VideoController information...
KInventory Now gathering DesktopMonitor information...
KInventory Now gathering Registry information...
KInventory Now gathering NetworkAdapter information...
KInventory Now gathering NetworkAdapterConfiguration information...
KInventory Now gathering Printer information...
KInventory Now gathering StartupCommand information...
KInventory Now gathering PhysicalMemory information...
KInventory Now gathering PhysicalMemoryArray information...
KInventory Now gathering InstalledSoftware32 information...
KInventory Now gathering InstalledSoftware64 information...
KInventory Now gathering UserAccount information...
KInventory Now gathering QuickFixEngineering information...
KInventory Now gathering Services information...
KInventory Now gathering OptionalFeature information...
KInventory Now gathering Subcomponents information...
KInventory Now gathering ServerFeature information...
KInventory Now gathering Processor information...
KInventory Now gathering WindowsProductActivation information...
KInventory Now gathering SoftwareLicensingProduct information...
KInventory Now gathering PortableBattery information...
KInventory Now gathering SystemEnclosure information...
KInventory Now gathering LogicalDisk information...
KInventory Now gathering DiskDrive information...
KInventory Now gathering DiskPartition information...
KInventory Now gathering DiskDriveToDiskPartition information...
KInventory Now gathering LogicalDiskToPartition information...
KInventory Now creating inventory report...
KInventory Inventory Capture completed and stored in C:\Users\MWILL_~1\AppData
\Local\Temp\inventory.html
KInventory ----- Ending KInventory.exe (0)-----
Comments