Still can't find what you're looking for?Connection Managers
For the Agentless scanning of nodes, Cloudhouse Guardian (Guardian) utilizes Connection Managers. Essentially working as a connection proxy, the Guardian Connection Manager provides a single point of management for all configuration, logging, and updating of nodes. Once deployed, the Guardian Connection Manager has the capacity to scan hundreds of nodes remotely. With Connection Managers, the Guardian appliance does not need direct access to your entire network. For the best results, we encourage you to distribute Connection Managers throughout your network to allow for fine-grained network access control. The Connection Managers tab (
Tip: Whereas the Connection Manager tab is the location for accessing individual Connection Managers and organizing them into groups, the Connection Manager Groups drop-down menu in the Monitored tab is the location for accessing all of the nodes that are being scanned by each Connection Manager group.
Guardian offers two types of Connection Managers; a Windows and a Linux Connection Manager. Depending on your estate, you may find yourself using multiples of both Connection Manager types, as well as the Guardian Agent, an additional scanning service. Your Cloudhouse Representative can assist with capacity planning to ensure you have the correct amount of Connection Managers and/or Agents required for scanning your node set.
Note: The Guardian Agent is an additional service that works similarly to Connection Managers, the main difference being that the software is installed and run locally on the node that is intended to be scanned. For more information on the difference between the two scanning services, see Agent-Based or Agentless?
Windows Connection Manager (WinRM)
A single Windows Connection Manager can scan hundreds of remote nodes using WinRM or PowerShell. This Connection Manager can be deployed via two methods: using the Cloudhouse Guardian Connection Manager installer, or via Command Line. For both methods you are required to register the Connection Manager to the Guardian appliance and configure it to run as a Windows service user. See Windows Connection Manager for more information on this service, including the various deployment methods available. In the diagram below, you can see where the Windows Connection Manager sits within the overall structure of the Guardian appliance.
Windows Domains
Windows Only
To ease with setup and node scanning, it is highly recommended that a Windows Connection Manager is installed and registered with the Guardian appliance for each domain in your environment. These Connection Managers can be a part of the same Connection Manager group or different groups corresponding to the different domains in your environment.
Note: Connection Managers attempting to issue WinRM requests to machines in a different domain will need to have a TrustedHosts rule configured.
Linux Connection Manager (SSH)
The Linux Connection Manager is built-in to the Guardian application. There is no set up required, unless you opt for a satellite deployment. A single Linux Connection Manager is capable of scanning hundreds of remote nodes using SSH. If you have fewer than 100 nodes, one Linux Connection Manager is typically sufficient. You could use the built-in Linux Connection Manager, without needing to install and deploy additional Connection Managers. However, if you are scanning more than 100 SSH nodes, it is recommended that you install and deploy additional Linux Connection Managers and organize them into groups for sufficient load distribution. For more information on Connection Manager Groups, see below.
This Connection Manager can be deployed via two methods; either within your private network, requiring no Internet access for your target nodes to be scanned, or as a secure and self-contained virtual machine that only members of the Guardian Team can access and modify the internal configurations of. See Linux Connection Manager for more information on this service, including the various deployment methods available.
Groups
Within the Connection Managers tab, the Groups drop-down menu displays each of the Connection Managers that are currently configured within your Guardian instance within their respective groups. Here, you can access important information about your Connection Managers, including how frequently they're used, what software version they're running on, as well as the group they're assigned to. For more information on Connection Manager groups, see Connection Manager Groups.
Tip: The 'Default' Connection Manager group contains the built-in (default) Linux Connection Manager only. For more information on the difference between custom and default groups, see Custom / Default Groups.
In the example above, the 'SSH New' Connection Manager group has been selected. Select a Connection Manager group from the Groups drop-down menu to display the following information about each of Connection Managers within the group:
Note: If only the 'Default' group is displayed, this indicates that you do not have any Connection Manager groups configured within your current organization. For more information on how to set up a Connection Manager group, see Add Connection Manager Group.
| Heading | Description |
|---|---|
| Hostname | The hostname of the virtual appliance (Connection Manager). |
|
Last Contact |
The last time the Connection Manager was contacted by the Guardian appliance. |
| Created At | The date the Connection Manager was registered to the Guardian appliance. |
| Version | The software version the Connection Manager is currently running on. |
| IP Address |
The IP address of the operating system host that the Connection Manager is installed on. Note: This value is blank for the built-in Linux Connection Manager as it's IP is within the Guardian Kubernetes cluster. For more information, see Default Linux Connection Manager. |
Additionally, the following options are displayed:
-
Add Connection Manager button – Click to display the Group API Key for the selected Connection Manager group.
Note: For more information on the Group API Key, including it's purpose and alternative methods of sourcing it, see Group API Key.
Alternatively, click the drop-down to display the following options:
-
Edit Group – Option to edit the selected Connection Manager group. For more information, see Edit Connection Manager Group.
-
Delete Group – Option to permanently delete the selected Connection Manager group.
Warning: You cannot delete a Connection Manager group until each of the nodes assigned to that group have been re-assigned to another group. If you attempt to delete a Connection Manager group that is still actively scanning nodes, the following error message is displayed 'Error Deleting: The Connection Manager Group is still being used by other nodes.'
-