The Windows connection manager allows you to scan (additional) nodes agentlessly using WinRM and remote PowerShell. In essence, it is a connection proxy that provides for a single point of management, configuration, logging and updating. A single connection manager can scan several thousand remote nodes using WinRM.

System Requirements

  • A Windows virtual machine to install the connection manager. Recommended specs: Windows 2012, 8GB, 4 Core.
  • .NET framework version 4.5.2 or higher
  • PowerShell (Windows Management Framework) version 3 or higher installed on both the connection manager and the target nodes.
  • WinRM to be enabled in your environment. Each target node that you wish to scan agentlessly will need to have port 5985/5986 exposed for the connection manager.

Creating a Connection Manager Group

Connection manager groups help you logically organize connection managers and a connection manager group can include one or more connection managers of the same type.

  1. To configure the UpGuard website to communicate with a connection manager click the Discover button on the top toolbar and choose Connection Managers.

  2. Click the Add Group button on the left bar. You will see the following screen:

    windows-connection-manager-01

  3. Give the Connection Manager group a unique name that makes sense to you.

  4. Click the green Add Group button and you will be given an API Key. Copy the key as you will need this during the Windows connection manager installer setup.

    windows-connection-manager-02

Windows Domains

To ease with setup and node scanning, it is highly recommended that a Windows connection manager is installed and registered with the UpGuard appliance for each domain in your environment. These connection managers can be a part of the same connection manager group or different groups corresponding to the different domains in your environment.

Connection managers attempting to issue WinRM requests to machines in a different domain will need to have a TrustedHosts rule configured.

Downloading and Installing

  1. Download and install the latest Windows connection manager to the provisioned virtual machine.
  2. You will be prompted during the installation process for a “Group API Key”. Paste in the key generated for you in step 2. “Creating a Connection Manager Group” (see above).
  3. Review “Target URL” and “Configuration Directory” options. If you are appliance customer, you will need to change the “Target URL” to point at your appliance URL.
  4. Click next to continue. The connection manager will proceed with the installation process and will attempt to register against the “Target URL” with the “Group API Key” you provided.

Installation Verification

If the connection manager has been successfully installed and registered, you will see the connection manager be listed in the connection manager group that you created earlier. This connection manager group can now be used when adding additional nodes to UpGuard.

Registration Failed

The connection manager registration process (a step of the installation process) will fail if a self-signed certificate is detected on the UpGuard website (target URL). This is a security mechanism that prevents the connection manager from being vulnerable to man-in-the-middle attacks. Please contact support@upguard.com to speak to a customer success engineer who can guide you through an alternative installation process.

Updating

You can update the UpGuard connection manager by installing a new version right over the top of an existing install.

  1. Visit our downloads page to obtain the latest installer.
  2. New versions of the UpGuard connection manager can then be installed in-place.

Uninstalling

The UpGuard connection manager can be uninstalled either through “Add/Remove Programs” or via the “UpGuard Uninstaller” link located in the install directory. By default this is C:\Program Files (x86)\UpGuard.

Additional Help

Adjusting Settings When Adding Connection Managers via Command Line

Windows:

You can adjust the Settings for Connection Managers via appending the following to

upguard -r --target_url=<URL> --api_key=<KEY>

Enable Debug Mode:

--log_level=debug

Disable Debug Mode:

--log_level=info

Change Timeout Settings when Adding New CMs

--reg_timeout=30

30 seconds is the default timeout; change number to the desired amount in seconds.