Allow Agent-Initiated Activation
- For Any Computers: Any computers, whether they are already listed on the Deep Security Manager's Computers page or not.
- For Existing Computers: Only computers already listed on the Computers page.
- For Computers on the following IP List: Only computers whose IP address has a match on the specified IP List.
Policy to assign (if Policy not assigned by activation script): The security policy to assign to the computer if no policy has been specified in the activation script.
Allow Agent to specify hostname: Select this option to allow the agent to specify the hostname by providing it to the Deep Security Manager during the agent activation process.
If a computer with the same name already exists: If a computer, VMware virtual machine, AWS instance, or Azure VM with the same Agent GUID or certificate is already listed on the Computers page, you can configure the Deep Security Manager to take the following actions:
- Do not allow activation: The computer object will not be activated.
- Activate a new Computer with the same name: The Deep Security Manager will create a new computer object with a new name.
- Re-activate the existing Computer: The existing computer object will be re-activated.
Reactivate cloned Agents: When a new computer (computer, VMware virtual machine, AWS instance, or Azure VM) that is running an already activated Deep Security Agent sends a heartbeat to the Deep Security Manager, the Deep Security Manager will recognize it as a clone and reactivate it as a new computer. No policies or rules that may have been in place on the original computer will be assigned to the new one. It will be just a like a newly activated computer.
Reactivate unknown Agents:This setting allows previously activated computers (computers, VMware virtual machines, AWS instances, or Azure VMs) that have been removed from their cloud environment and deleted from the Deep Security Manager to be reactivated if they are added back to the inventory of computers. Deep Security Manager will recognize a valid certificate on the computer and allow it to be reactivated. No policies or rules that may have been in place on the original computer will be assigned to the new one. It will be just a like a newly activated computer.
Inactive Agent Cleanup
If your Deep Security deployment has a large number of offline computers not communicating with the Deep Security Manager that no longer need to managed, you can automatically remove them with Inactive Agent Cleanup.
Delete Agents that have been inactive for: The period that a computer must be inactive for before being removed.
For more information on configuring Inactive Agent Cleanup, seeAutomate offline computer removal with inactive agent cleanup.