6.1.1. Multiplatform Agent - Introduction

The OpenNAC Agent is an application used in the OpenNAC Enterprise solution that allows you to have greater control and security over the devices that connect to a network. In this way, the openNAC Multiplatform Agent is capable of extracting information from the device and generating and storing this data so that it can be reviewed in the OpenNAC portal itself. In addition to this, the Agent also includes functionalities such as an embedded VPN connection and execution of scripts.

6.1.1.1. Functional Description

The Multiplatform Agent enhances visibility by extracting information from the device running the application. This information, also known as the payload, can be obtained manually through user-executed actions or automatically.

The automatic execution occurs every 24 hours by default with a full scan and every 1 hour by default with a normal scan. The key distinction between full and normal scans lies in the amount of information sent to OpenNAC. A full scan, as the name suggests, sends more comprehensive information, while a normal scan results in a lighter payload.

The Agent also enables scripts execution. When a payload is sent to the server, the server responds by sending a script back to the Agent. The Agent runs the script and performs a new full scan. The results of this scan, along with the script execution result, are then sent to the server.

In addition to performing scans and executing scripts, the application also offers VPN connectivity through the utilization of WireGuard configuration files.

This application relies on Microsoft’s libraries, files, and registers to obtain information related to hardware, processes, security center, certificates, USB devices, and more.

6.1.1.2. Technical Architecture

  • Type of process: The OpenNAC Agent extracts information from the system through Microsoft files and commands, and communicates the tasks carried out to the OpenNAC Core.

  • Major components: The major component of this application is a core server that receives data from the Agent. In addition, this server executes an API that contains one of the necessary calls for the agent, which is to post the information obtained from the device.

  • Data collected and managed: The information that the daemon service collects is that of the device, such as its hardware and operating system details, its network interfaces, its security status, the installed softwares, the processes running, the certificates, the connected USBs, the active Bluetooth connections, its WIFI and networks status, and its connection status to a VPN from the Agent itself. This information is collected internally and sent to the OpenNAC Core server when a scan is executed or when changes occur. For example, in a network interface, an updated software or in a security posture.

  • Application architecture: Two-tier architecture, as the Agent is a taskbar for user interaction and a daemon to execute tasks. A core server stores this information.

  • Programming language: The agent application is built on .NET framework using the C++ and C# programming languages.

  • Hardware platform: A processor that executes any of the supported operating systems.

  • User interface: A taskbar for user interaction and a daemon that makes the service listen to the client executed actions.

  • Network architecture: The taskbar works as a client that sends information to the running service as a server in same local area network. The Agent daemon service communicates with the openNAC Core server through the same network in VPN connection.

  • System host: OpenNAC datacenter.

  • Maintenance: Maintenance is carried out by the Open Cloud Factory developer team.

6.1.1.3. Supported Operating Systems

ON Agent is supported on the following Operating Systems:

OS

Version

MICROSOFT WINDOWS

10

11

LINUX MINT

21

22

MAC OS

VENTURA 13

SONOMA 14

SEQUOIA 15

UBUNTU

22.04

24.04

We will provide support and maintain compatibility for the latest publicly released version from the respective manufacturer and the immediately preceding one.

Note

Only x64 architecture is supported on Windows, macOS, and Linux, and ARM64 on macOS; the rest of the architectures will not be supported.

6.1.1.4. Android Agent Alfa Version

The Android Agent is currently in its Alpha phase and is not fully stable. However, it already includes key features for early testing and use.

Warning

The Android Agent only works against servers with a trusted SSL certificate.

Compatibility

  • OpenNAC: Compatible with OpenNAC version 1.2.5 or higher.

  • Android: Supports Android 10 and above.

Key Functionalities

  • Device Information Payload: Although it retrieves less information in comparison with other operating systems, the payload provides essential data.

  • Standard VPN Connection: Establishes VPN connections using user and password.

  • VPN Connection via SAML: Supports VPN connections through SAML authentication.

  • OTP: Supports One-Time Password (OTP) functionality.

  • OAuth: Enables secure authentication and authorization using the OAuth framework. allowing integration with various identity providers and applications.

  • VPN autoconnection: Automatically manages VPN reconnection in case of connectivity loss or device reboot. This functionality leverages both the internal Agent mechanisms and the Android operating system’s ‘Always ON VPN’ feature to ensure uninterrupted VPN connectivity.

6.1.1.5. Windows-Specific Requirements

On Windows-based systems, the OpenNAC Agent can collect information about Pending System Updates.

For this to work, Windows clients (where the Agent is installed or runs the Soluble version) need access to the Windows Update server at update.microsoft.com/.