Configuring settings for SVM discovery by Light Agents and general tenant protection settings
5 September 2024
ID 259232
At this stage of deployment of the tenant protection infrastructure, you need to create a Light Agent policy in one of the following folders:
- In the Multitenancy KSV LA → <Tenant name> folder, if you want to configure general operating settings for all Light Agents that will be installed on the virtual machines of one particular tenant. A policy in the Multitenancy KSV LA → <Tenant name> folder must be created for each tenant.
- In the Multitenancy KSV LA folder, if you want to configure general operating settings for all Light Agents that will be installed on the virtual machines of all tenants.
In the Light Agent policy, configure the Light Agent operation settings as follows:
- Settings for connecting Light Agents to SVMs:
- Enable the use of the Integration Server for SVM discovery in the Light Agent policy. Light Agents installed on the virtual machines of complete tenants must use the Integration Server to discover SVMs that are available for connection.
- If you want to restrict Light Agents access to SVMs using the mechanism of connection tags, you can assign connection tags to Light Agents.
To restrict Light Agents' access to SVMs, you can also block network connections from the tenant subnet to the subnet with the SVM on TCP ports 80, 9876, 9877, 11111, and 11112.
The default values can be used for other settings for connecting Light Agents to SVMs.
It is recommended to "lock" all the settings for connecting Light Agents to SVMs in order to prevent these settings from being changed in child policies.
- If required, you can configure general operating settings for the Light Agents that will be installed on the tenant virtual machines.
You can use the "lock" attribute to allow or block changing of settings or groups of settings in task settings or in nested policies (for nested administration groups and secondary Administration Servers). Tenant administrators cannot configure "locked" settings. If the "locks" are open, the tenant administrator can independently configure the operation of Light Agent components.
It is not recommended to configure the general operating settings of Light Agents in the policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.