Pia Agent
During your onboarding of Pia, the Agent Service is deployed to all of your client environments (servers and workstations).
This agent is a process which executes on your end devices and listens for notifications from Pia.
When the agent receives a notification, it will query your Pia tenant to retrieve the activity required for execution. The activity (PowerShell) is then executed on the machine and the agent will return the results back to Pia in realtime (i.e. log outputs and result of PowerShell script).
Some facts about the Pia Agent Service:
- It is written in C++ for performance
- It typically runs with less than 5mb of memory on end devices
- It is always live connected back to Pia, so that commands can be sent to it at any time
- The connection to the agent is highly secure. Read more in Pia Security article.
Agent Installationβ
You can download the agent service from the download option in the Agent Screen of the Partner Portal. When the file is downloaded, run the executable, and click install. This action will require administrative privilege to install the agent under the system account.
Once this is completed, the agent will show up under the agents screen - you can search using the computer name. Shortly after the agent has started, you should see it come online in the agents list, but you will not be able to use Pia to execute activities on the agent until it is activated.
Use the activate button on the agents screen to activate the agent. This step is required to ensure that the agent is authorized by you to be used in your Pia tenant. This prevents rouge agents from being registered against your Pia tenant.
Agent Information Collectedβ
When the agent is installed, a certificate is generated locally on the end device under the system certificate store. Upon every startup of the agent service, it will perform a check-in with your Pia tenant.
During this check-in, "Agent Metadata" will be sent to your Pia tenant, including:
- Machine Type
- Machine Operating System
- Machine Roles
- PC Name
- Logged in user session(s)
This "Agent Metadata" is stored for every registered agent to help automation packages determine the correct machines to execute certain actions and to assist with automated configuration of Pia for a client.
Any other information required for the purpose of executing an automation (such as information about active directory policies or containers) is only evaluated during the execution of an automation.
The guiding principle here is that the agent/ machine is the "Source of Truth" for the majority of information required during execution of an automation such as user details, active directory objects, exchange information, file share information and so on.
It is for this reason that Pia does not store a copy of this information, but rather, will rely on the agent to retrieve it at the exact moment it needs.