Using ICEcap Manager to Control RealSecure Agents
19
Using ICEcap Manager to Control RealSecure Age ntsIntroduction ICEcap Manager manages agents by applying policies to groups of agents. Any
configuration change made to a group is distributed to all the members of that group. This
reduces the effort required to support remotely installed systems.
Pushing to agents To modify the configuration of agents on the network, you can make the changes on the
ICEcap server and have ICEcap Manager push those changes to all agents in one or more
groups. This ensures that all members of a group share the same configuration.
How ICEcap
Manager
communicates with
agents
ICEcap Manager and Desktop Protector communicate with each other using encrypted
HTTP packets. Both Desktop Protector and ICEcap Manager can transmit these packets
through a proxy server.
Although ICEcap Manager initiates configuration updates and software updates, the local
agents actually download the files from ICEcap Manager. This prevents intruders from
“pushing” unauthorized security settings to agents.
Note: ICEcap Manager does not maintain a link to all the agents on the network. Each
individual system reports events to the ICEcap server.
Criteria for ICEcap
control
For ICEcap Manager to assume total or partial control of an agent, the agent must meet
these criteria:
●The remote system must belong to one ICEcap group.
●A policy must be associated with that group.
If a system belongs to a group, but that group does not have a policy associated with it,
ICEcap Manager cannot make any configuration changes on the remote system. Software
updates are distributed to the agents, but configuration settings are not.
Important: ISS recommends that each group have a properly configured policy. This
ensures that configuration settings are standardized on ICEcap Manager.