What Logic Does the Agent Use When Selecting an ESM Server?
At regular heartbeat intervals, the Traps agent receives a list of all known ESM Servers. To evaluate the ESM Server to which the agent will connect, Traps considers the priority and TTL (in terms of number of hops) for each server. Traps prioritizes the list of ESM Servers by internal IP address (priority 1), external IP address (priority 2), followed by the ESM Server specified during the agent installation (priority 3). For example, consider the following scenario with four ESM Servers:
Internal Address TTL
External Address TTL
D (default install)
After evaluating the TTL value for each ESM Server, Traps builds an ordered list:
Priority=1, TTL=1, Latency=10.00ms, Address=https://esmserverB.example.com:2125/
Priority=1, TTL=2, Latency=20.00ms, Address=https://esmserverA.example.com:2125/
Priority=1, TTL=2, Latency=20.00ms, Address=https://esmserverC.example.com:2125/
Priority=2, TTL=3, Latency=30.00ms, Address=https://10.31.32.1:2125/
Priority=2, TTL=4, Latency=40.00ms, Address=https://10.31.32.2:2125/
Priority=2, TTL=5, Latency=50.00ms, Address=https://10.31.32.3:2125/
Priority=3, TTL=2, Latency=20.00ms, Address=https://esmserverD.example.com:2125/
In this example, ESM Server B has the lowest TTL value (fewest number of hops) and highest priority. If Traps cannot establish a connection to ESM Server B—the preferred ESM Server—it moves on down the list until it is able to successfully establish an ESM Server connection.
In the event of a tie—where two ESM Servers have the same priority and the same TTL value—the Traps agent selects a server at random.
If no ESM Servers are reachable (the ESM Server list is empty), the agent status changes to No Connection. After a period of inactivity, the agent tries to connect again (by default once every minute or as specified in an Agent Settings communication rule). The Traps agent also periodically verifies the integrity of the ESM Server list (by default once every hour or as specified in an Agent Settings communication rule). The Traps agent can also immediately validate the list of ESM Servers when any of the following occur:
- The network address of the endpoint changes
- The endpoint resumes or restarts
- The IP address for an ESM Server changes
- A manual Check-In Now is initiated from the Traps console
- A communication request from the agent to the server times out or failsIf you remove or temporarily disable an ESM Server, the ESM Console removes the ESM Server from the list of available ESM Servers and pushes it to Traps agents at the next heartbeat. However, if you specified the (now disabled) ESM Server during the Traps installation, those agents retain the (priority 3) ESM Server in the list of available ESM Servers to which they can connect.
Manage Multiple ESM Servers
Manage Multiple ESM Servers After installing each ESM Server (see Install the Endpoint Security Manager Server Software ), the ESM Console displays identifying information about ...
Known Limitations with Multi-ESM Deployments
Known Limitations with Multi-ESM Deployments In a multi-ESM deployment, each ESM Server must meet the requirements specified in ESM Server Software Requirements . Multi-ESM deployments ...
Manage ESM Server Settings
Manage ESM Server Settings The ESM Server facilitates communication between Traps agents and WildFire. The ESM Server periodically communicates with WildFire to send unknown files ...
Define Communication Settings Between the Agent and the ESM...
Define Communication Settings Between the Agent and the ESM Server By default, the Traps agent applies a No Connection policy to all unknown executable files ...
Multi-ESM Deployments To support large scale or multi-site deployments, you can configure and manage multiple Endpoint Security Manager (ESM) Servers from the ESM Console. Each ...
Install Traps on Mac Endpoints
Install Traps on Mac Endpoints Before you can install or upgrade Traps for Mac, you must download the software from the Support portal and then ...
Traps Endpoint Security Manager Known Issues
Known issues with the Traps Endpoint Security Manager and Traps agent 4.1. ...
Define Communication Settings Between the Endpoint and the ESM Server
Define Communication Settings Between the Endpoint and the ESM Server The Traps agent on the endpoint communicates with the ESM Server at specific intervals by ...
Upgrade Considerations The following table lists the new features that have upgrade or downgrade impact. Before you upgrade ESM components to or downgrade from release ...