6.1.1. Multiplatform Agent - Introduction
The OpenNAC Agent is an application used in the OpenNAC Enterprise solution that allows you to have greater control and security over the devices that connect to a network. In this way, the openNAC Multiplatform Agent is capable of extracting information from the device and generating and storing this data so that it can be reviewed in the OpenNAC portal itself. In addition to this, the Agent also includes functionalities such as an embedded VPN connection and execution of scripts.
6.1.1.1. User Community Description
The Agent users can be individuals who require secure authentication and the security checks provided by OpenNAC Enterprise. These users can include third-party clients of companies utilizing the OpenNAC Enterprise solution, who wish to offer rule-based policy management, control over user and network devices, and other related features to their employees or clients.
6.1.1.2. Supported Operating Systems
ON Agent is supported on the following Operating Systems:
OS |
Version |
|---|---|
MICROSOFT WINDOWS |
10.0.14393 |
10.0.17763 |
|
10.0.18362 |
|
10.0.19042 |
|
10.0.19044 |
|
10.0.19045 |
|
10.0.22000 |
|
10.0.22621 |
|
10.0.22623 |
|
10.0.22631 |
|
11 |
|
LINUX MINT |
20.1 ULYSSA |
21 VANESSA |
|
21.1 VERA |
|
21.2 VICTORIA |
|
MAC OS |
MONTEREY 12 |
VENTURA 13 |
|
SONOMA 14 |
|
UBUNTU |
22.04 JAMMY JELLYFISH |
22.04 LTS JAMMY JELLYFISH |
|
22.04.1 LTS JAMMY JELLYFISH |
|
22.04.2 LTS JAMMY JELLYFISH |
|
22.04.3 LTS JAMMY JELLYFISH |
|
23.10 MANTIC MINOTAUR |
We will provide support and maintain compatibility for the latest publicly released version from the respective manufacturer and the immediately preceding one.
Note
Only x64 architecture is supported on Windows, macOS, and Linux, and ARM64 on macOS; the rest of the architectures will not be supported.
6.1.1.3. Functional Description
The Multiplatform Agent enhances visibility by extracting information from the device running the application. This information, also known as the payload, can be obtained manually through user-executed actions or automatically.
The automatic execution occurs every 24 hours by default with a full scan and every 1 hour by default with a normal scan. The key distinction between full and normal scans lies in the amount of information sent to OpenNAC. A full scan, as the name suggests, sends more comprehensive information, while a normal scan results in a lighter payload.
The Agent also enables scripts execution. When a payload is sent to the server, the server responds by sending a script back to the Agent. The Agent runs the script and performs a new full scan. The results of this scan, along with the script execution result, are then sent to the server.
In addition to performing scans and executing scripts, the application also offers VPN connectivity through the utilization of an OpenVPN or WireGuard configuration files.
This application relies on Microsoft’s libraries, files, and registers to obtain information related to hardware, processes, security center, certificates, USB devices, and more.
6.1.1.4. Technical Architecture
Type of process: The OpenNAC Agent extracts information from the system through Microsoft files and commands, and communicates the tasks carried out to the OpenNAC Core.
Major components: The major component of this application is a core server that receives data from the Agent. In addition, this server executes an API that contains one of the necessary calls for the agent, which is to post the information obtained from the device.
Data collected and managed: The information that the daemon service collects is that of the device, such as its hardware and operating system details, its network interfaces, its security status, the installed softwares, the processes running, the certificates, the connected USBs, the active Bluetooth connections, its WIFI and networks status, and its connection status to a VPN from the Agent itself. This information is collected internally and sent to the OpenNAC Core server when a scan is executed or when changes occur. For example, in a network interface, an updated software or in a security posture.
Application architecture: Two-tier architecture, as the Agent is a taskbar for user interaction and a daemon to execute tasks. A core server stores this information.
Programming language: The agent application is built on .NET framework using the C++ and C# programming languages.
Hardware platform: A processor that executes any of the supported operating systems.
User interface: A taskbar for user interaction and a daemon that makes the service listen to the client executed actions.
Network architecture: The taskbar works as a client that sends information to the running service as a server in same local area network. The Agent daemon service communicates with the openNAC Core server through the same network in VPN connection.
System host: OpenNAC datacenter.
Maintenance: Maintenance is carried out by the Open Cloud Factory developer team.