Remote Agent Updates
Each Remote Agent receives the initial rule set assigned to it, along with API key (GUID), certificates, etc. from its assigned template. After the Remote Agent enrolls itself with EFT, it then calls home periodically to receive updated rule sets (i.e., gets new orders). This topic describes that process.
Automatic Upgrades
-
If the agent determines that the agent installer version (on disk) being advertised by EFT is different than its own version, the agent will download and run that installer (auto-upgrade)
-
Agents will log their update process including any errors
-
EFT will log from its perspective when it detects an agent update occurred, including any errors detected or provided by the agent
-
EFT's installer will backup prior agent installers when performing a general (EFT) upgrade
-
Agent update process only occurs for enrolled active or enrolled paused agents, but not pending enrollment or pending removal agents.
-
Only agents that support auto-update will be able to update to a newer version. Agents installed prior to EFT v7.4.7 will not have this functionality.
-
Failure to download the new agent installer will result in a logged failure and the agent will retry again on its next call home.
-
After successfully downloading the new agent installer, if an agent fails to spawn the process to run the new installer, the agent will log and take itself offline.
Enrolled remote agents will call home to obtain updated orders at agent service startup and at the defined update interval set obtained at enrollment for that agent template.
-
Near real time - The Agent will check for updates every 15-30 seconds.
-
Every 5 minutes - The Agent will check for updates every 5 minutes.
-
Every 30 minutes - The Agent will check for updates every 30 minutes.
-
Hourly - The Agent will check for updates every 60 minutes. The start timer is based on service start time (+60 minutes and repeat)
-
Daily - The Agent will check for updates randomly any time of the day and repeat daily at that same time
-
Daily - afterhours - The Agent will check for updates randomly between 11PM and 6AM local time and repeat nightly at same the time.
-
Time zones are with respect to the Agent's location
-
For manual updates, "update now"
If the Remote Agent fails to connect to EFT to receive updated instructions:
EFT allows a "grace period before failure" of one day for all update intervals. Below is an example of what happens when a failure occurs:
-
The agent logs a temporary update failure.
-
The agent tries again in 5 minutes, then 15 minutes, then 30 minutes. (These attempts will occur only for hourly and daily options.)
-
After 1 day of re-trying, the agent logs a failed update and then performs the specified option for update failure described below.
-
On the next scheduled update cycle, the agent will try to connect to EFT again.
-
If the agent service is restarted, the agent will repeat the connection process above.
If an Agent fails to connect to EFT after repeated attempts in a 24-hour period, one of three actions can take place, as specified by the EFT administrator:
-
Stop and disable the agent service and un-enroll the agent
-
Stop and disable the agent service
-
Stop the agent service only.
If the agent is unable to connect after two entire update cycles, the agent will:
-
Log "critical failure to update."
-
Take itself offline (service stop)
-
Set its service to disabled.
-
Not reset itself to the pre-enrollment state.
If the agent fails to authenticate when attempting to update its instructions (authentication or certification failure):
-
The agent will log the authentication failure(s)
-
The agent will try again in 5 minutes, then 15 minutes, then 30 minutes.
-
Once all retries are exhausted, the agent will log a failed update, then reset itself to pre-enrollment state. (Resetting itself provides an opportunity for admin to forcibly remove enrolled agents from EFT.)
-
The agent will agent will bring itself offline (service stop), as there is no point in trying again or to keep rules active if unable to authenticate.
-
The agent will set its service to disabled.
-
If the agent service is restarted, the enrollment process will occur again.
If the agent successfully connected and authenticated:
-
The agent will communicate its agent version to EFT.
-
The agent will obtains its update interval, based on the agent's parent template.
-
The agent will obtain its designated list of rules associated with that agent, based on the agent's parent template
-
The agent and EFT will exchange when next call home will occur
-
The agent will obtain status information from EFT:
-
Whether agent should suspend (pause) its rules until further notification
-
Whether agent should re-activate (resume) its rules
-
-
EFT updates the last called home and next call home times in the agent list
If the agent service is ever stopped (regardless of how/why),
-
The ruleset and update interval is lost.
-
When the agent service is started, it will call home and obtain updated orders.
When an agent is removed, that agent is unknown to EFT; all records of that agent's existence are removed. After a certain number of failed authentication attempts, the agent will essentially un-enroll itself and take itself offline.