Deploy the Application Discovery server

This topic explains how to deploy the Application Discovery server and move it between the Central Manager or a dedicated Application Discovery Remote Agent.

Application Discovery is typically installed on the Central Manager for a PoC environment; for a production environment, on a dedicated Application Discovery Remote Agent.

Note: When Application Discovery server is deployed on a dedicated Application Discovery Remote Agent in ASMS, the Application Discovery Remote Agent does not monitor devices.

Deploy the Application Discovery server on a Remote Agent

You can deploy the Application Discovery server on a new or repurposed Remote Agent.

Do the following:

  1. Make sure the Application Discovery Remote Agent complies with the system requirements. For details, see Application Discovery server system requirements.

  2. Both the CM and the machine that will be used as the Application Discovery Remote Agent must have the same build number installed.
    If the Central Manager is not updated to the latest A32.50 build, update it now.

    Install the latest build A32.50 on the Application Discovery Remote Agent machine.

  3. On the Central Manager, go to the algosec_conf menu, and select option 14 - Product configuration. Enter option 2 - Application Discovery configuration and then enter option 2 - Configure Application Discovery on Remote Agent.

  4. Enter the IP of the Remote Agent hosting the Application Discovery server. Application Discovery is installed on the Remote Agent.

  5. Direct the NetFlow output to the IP address of the Remote Agent. We recommend you use port 2055.

  6. Connect to remote sensors, if any. See Define remote network sensors and subnets.
  7. Configure load balancers, if any. See Configure Load Balancers.

Deploy the Application Discovery server on the Central Manager

Do the following:

  1. On the Central Manager, go to the algosec_conf menu, and select option 14 - Product configuration. Enter option 2 - Application Discovery configuration and then enter option 1 - Configure Application Discovery on local machine (POC). Application Discovery is installed on the Central Manager.

  2. Direct the NetFlow output to the IP address of the Central Manager ( do not use 'localhost').
    We recommend you use port 2055.

  3. Connect to remote sensors, if any. See Define remote network sensors and subnets.
  4. Configure load balancers, if any. See Configure Load Balancers.

Move the Application Discovery server from the Central Manager to a Remote Agent

You can deploy the Application Discovery server on a new or repurposed Remote Agent. If your Application Discovery server is installed on the Central Manager, you can move the server to a dedicated Application Discovery Remote Agent as follows:

Do the following:

  1. Make sure the Application Discovery Remote Agent complies with the system requirements. For details, see Application Discovery server system requirements.

  2. If the Central Manager is not updated to the latest build, update it now.

    Install the latest build A32.50 on the Remote Agent.

  3. On the Central Manager, go to the algosec_conf menu, and select option 14 - Product configuration. Enter option 2 - Application Discovery configuration and then enter option 1 - Move Application Discovery from local Machine (Central Manager) to Remote Agent.

  4. Enter the IP of the Remote Agent hosting the Application Discovery server.
  5. Enter the password for user afa on the Remote Agent. The Application Discovery server (with local sensor) are moved to the Application Discovery Remote Agent.

  6. Direct the NetFlow output to the new IP address of the Application Discovery machine. We recommend you use port 2055.

Move the Application Discovery server from the Remote Agent to the Central Manager

If your Application Discovery server is installed on a dedicated Application Discovery Remote Agent, you can move the server to the Central Manager as follows:

Do the following:

  1. On the Central Manager, go to the algosec_conf menu, and select option 14 - Product configuration. Enter option 2 - Application Discovery configuration and then enter option 1 - Move Application Discovery from Remote Agent to local Machine (Central Manager).

  2. Enter the password for user afa on the Central Manager. The Application Discovery server (with local sensor) are moved to the Central Manager.

  3. Direct the NetFlow output to the IP address of the Central Manager. We recommend you use port 2055.

Note: We recommend to reset the RA and re-install ASMS on it after it is no longer in use as the Application Discovery server.

Disable the Application Discovery server

To disable the Application Discovery server after it has been deployed:

Do the following:

  1. If the Application Discovery server is installed on a Remote Agent, move it to the Central Manager. See Move the Application Discovery server from the Remote Agent to the Central Manager.

  2. Connect to the Central Manager on the CLI and run the following commands:

  3. Run:

    service ms-autodiscovery stop

  4. Run:

    service ms-autodiscovery disable

  5. Run:

    service networksensor stop

  6. Run:

    service networksensor disable

  7. Run:

    service ms-aad-log-sensor stop

  8. Run:

    service ms-aad-log-sensor disable

  9. Edit the file /etc/hosts:

    Remove the line:

    127.0.0.1 AutoDiscovery

  1. Edit the file ~afa/.fa/config:

    Remove the line:

    Auto_Discovery_Configured=yes

  2. Edit the file /data/algosec/syslog_processor/ProcessLogs.conf:

    Remove the line:

    Auto_Discovery_Configured=yes