What Logic Does the Agent Use When Selecting an ESM Server?
At regular heartbeat intervals, the Traps agent receives a list of all known ESM Servers. To evaluate the ESM Server to which the agent will connect, Traps considers the priority and TTL (in terms of number of hops) for each server. Traps prioritizes the list of ESM Servers by internal IP address (priority 1), external IP address (priority 2), followed by the ESM Server specified during the agent installation (priority 3). For example, consider the following scenario with four ESM Servers:
Internal Address TTL
External Address TTL
D (default install)
After evaluating the TTL value for each ESM Server, Traps builds an ordered list:
Priority=1, TTL=1, Latency=10.00ms, Address=https://esmserverB.example.com:2125/
Priority=1, TTL=2, Latency=20.00ms, Address=https://esmserverA.example.com:2125/
Priority=1, TTL=2, Latency=20.00ms, Address=https://esmserverC.example.com:2125/
Priority=2, TTL=3, Latency=30.00ms, Address=https://10.31.32.1:2125/
Priority=2, TTL=4, Latency=40.00ms, Address=https://10.31.32.2:2125/
Priority=2, TTL=5, Latency=50.00ms, Address=https://10.31.32.3:2125/
Priority=3, TTL=2, Latency=20.00ms, Address=https://esmserverD.example.com:2125/
In this example, ESM Server B has the lowest TTL value (fewest number of hops) and highest priority. If Traps cannot establish a connection to ESM Server B—the preferred ESM Server—it moves on down the list until it is able to successfully establish an ESM Server connection.
In the event of a tie—where two ESM Servers have the same priority and the same TTL value—the Traps agent selects a server at random.
If no ESM Servers are reachable (the ESM Server list is empty), the agent status changes to No Connection. After a period of inactivity, the agent tries to connect again (by default once every minute or as specified in an Agent Settings communication rule). The Traps agent also periodically verifies the integrity of the ESM Server list (by default once every hour or as specified in an Agent Settings communication rule). The Traps agent can also immediately validate the list of ESM Servers when any of the following occur:
- The network address of the endpoint changes
- The endpoint resumes or restarts
- The IP address for an ESM Server changes
- A manual Check-In Now is initiated from the Traps console
- A communication request from the agent to the server times out or failsIf you remove or temporarily disable an ESM Server, the ESM Console removes the ESM Server from the list of available ESM Servers and pushes it to Traps agents at the next heartbeat. However, if you specified the (now disabled) ESM Server during the Traps installation, those agents retain the (priority 3) ESM Server in the list of available ESM Servers to which they can connect.
Manage Multiple ESM Servers
Manage Multiple ESM Servers After installing each ESM Server (see Install the Endpoint Security Manager Server Software ), the ESM Console displays identifying information about ...
Known Limitations with Multi-ESM Deployments
Known Limitations with Multi-ESM Deployments In a multi-ESM deployment, each ESM Server must meet the requirements specified in ESM Server Software Requirements . Multi-ESM deployments ...
Manage ESM Server Settings
Manage ESM Server Settings The ESM Server facilitates communication between Traps agents and WildFire. The ESM Server periodically communicates with WildFire to send unknown files ...
Issues Addressed in Traps Endpoint Security Manager 4.2
List of addressed issues in the Traps Endpoint Security Manager 4.2. ...
Define Communication Settings Between the Agent and the ESM...
Define Communication Settings Between the Agent and the ESM Server By default, the Traps agent applies a No Connection policy to all unknown executable files ...
Multi-ESM Deployments To support large scale or multi-site deployments, you can configure and manage multiple Endpoint Security Manager (ESM) Servers from the ESM Console. Each ...
Manage Traps Installation Packages
Manage Traps Installation Packages To ensure that your endpoints remain secure, you must download the Traps software and install it on your endpoints. Before you ...
Define Communication Settings Between the Endpoint and the ESM Server
Define Communication Settings Between the Endpoint and the ESM Server The Traps agent on the endpoint communicates with the ESM Server at specific intervals by ...
Install the Traps Agent for Windows
Use the following workflows to install the Traps agent 4.2 on Windows endpoints. This topic provides options to use the MSI, Msiexec, and how to ...