[ER] How Node Agents receive instructions

Introduction

This article shall articulate how instructions set by the User through the Web Console are relayed to the Node Agent from the Master Server.

 

Summary

When the User creates a Scan Schedule or act upon existing Scan Schedules or running scans, this instruction is sent to the Master Server.
When this happens, some specific ER services come into play:

Services.PNG

  1. The UI Service sends a message to the Policy Manager with its request (User instructions)
  2. The Policy Manager create/updates the Scan Schedule record in the Master Data Store
  3. The Node Agent assigned for the Scan Schedule detects the change and re-loads the record
  4. The Node Agent sees the instructions and instructs its scanning engine over its control socket to do whatever it's told at its earliest convenience
  5. The scanning engine periodically checks the control socket to see if the Node Agent has requested any changes, this check is done at every 128kb of data passed through the scanning engine if a scan is running

 

Under what circumstances would the Node Agent seemingly appear not to respond to requests?

Let us take for example a scenario where the User pauses the scan in the Web console.
First we need to know what the observed behavior & expectations of the "paused" state is.

During the 'Paused' state:

  • The scanning process will still exist on the system executing the scan
  • The scanning process will continue to occupy the memory footprint at the time the scan was paused, however these memory pages will likely be swapped out by the host system if the memory is needed, and the scanning process will not be actively using them as it is paused
  • The scanning process will not use any noticeable amount of CPU resources

The User should not expect the scanning process to disappear from the system (for example, if monitoring use a process viewer like Task Manager) unless the scan is stopped instead.

Likely reasons why the scan might not pause when requested:

  • The scanning engine is not currently scanning data due to a decoding event or 3rd party API stoppage, eg;
    - Decoding the primary index of a large MDF file (database) can take a long time
    - Performing an OCR scan on a very large image file
    - Calling a read on an Oracle Database API which is taking a long time to return
    - Etc.
  • The Node Agent has disconnected from the Master Server and does not receive the updated instructions

What should I do when this happens?

  • Evaluate if the scanning engine is still running. Is it utilizing a significant amount of CPU?
  • Ensure if the Node Agent being observed is the correct one assigned for the affected Scan Schedule.
  • Ensure the Node Agent is connected to the Master Server by checking the 'Agent Manager' on the Web Console
  • Contact Ground Labs Support and send us a copy of your Agent log (usually found in Program Files\Ground Labs\Enterprise Recon 2 or /var/lib/er2)
    We would also likely need to check your Master Data Store via a WebEx session with access to your Master Server

 

 

All information in this article is accurate and true as of the last edited date.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.