This topic describes how to install the Security Center agent on servers that are not deployed on Alibaba Cloud.

Background information

Security Center protects both Elastic Compute Service (ECS) instances and the servers that are not deployed on Alibaba Cloud. The servers include servers that are provided by third-party providers, such as Amazon Web Services (AWS). Security Center protects ECS instances and servers not deployed on Alibaba Cloud only after they have the Security Center agent installed.

Your server is protected by Security Center and the information about the server is displayed in the Security Center console only after your server has the Security Center agent installed. The information includes vulnerabilities, alerts, baseline risks, and asset fingerprints.

The Security Center agent cannot be automatically installed on servers not deployed on Alibaba Cloud. You must manually install the agent on these servers.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Agent tab.
  4. Click the Client Installation Guide tab.
    Security Center provides four default installation commands on the Client Installation Guide tab. If you do not want Security Center to create an image based on an installation command, or you do not want the server on which the installation command is run to be automatically added to a specified server group, you can select an installation command based on the type of your server and the operating system that your server runs. Then, you can run a default command to install the Security Center agent on your server.
  5. Optional:On the Client Installation Guide tab, click Add Installation Command to create an installation command.
    Notice If you use a default installation command, skip this step.
    You can create an installation command to achieve the following purposes:
    • Enable Security Center to create an image based on the installation command, and use the image to preinstall the Security Center agent on multiple servers.
    • Bind a server group to the installation command. After you run the command to install the Security Center agent on a server, the server is automatically added to the server group.
    1. In the Add Installation Command dialog box, configure the parameters.

      The following table describes the parameters.

      Parameter Description
      Expiration time The time when the installation command expires.
      Service Provider The provider of your server.
      Default grouping The server group that you want to bind to the installation command.
      Operating system The operating system in which the installation command can be run. Valid values: Windows, Linux, and windows-2003.
      Making Image System Specifies whether to enable Security Center to create an image. Valid values: Yes and No.
      • If you select Yes, Security Center automatically creates an image based on the installation command. You can use the image to preinstall the Security Center agent on multiple servers at a time without the need to run the installation command on each server.
        Note After you run the installation command on your server, only the installation package of the Security Center agent is downloaded to the server. The process of the Security Center agent is not started. If you want Security Center to protect your server, you must restart the server to start the process of the Security Center agent.
      • If you select No, Security Center generates an installation command but does not create an image based on the installation command.
    2. Click OK. An installation command is generated. Then, copy the command.

      You can view the generated installation command on the Client Installation Guide tab.

  6. Log on to the server on which you want to install the agent by using an account that has administrative rights.
    The tool that you can use to run the installation command varies based on the operating system of the server.
    • Windows: Open the Command Prompt and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded to and installed on the server.
    • Linux: Open the CLI and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded to and installed on the server.
    Notice After you run the installation command, the latest version of the Security Center agent is downloaded from Alibaba Cloud. If you use a server that is not deployed on Alibaba Cloud, make sure that the server is connected to the Internet before you run the installation command.
    You can view the status of the agent on the Assets page approximately 5 minutes after the agent is installed.
    • If you use an ECS instance, the status in the Agent column of the instance changes from Close to Enable.
    • If you use a server that is not deployed on Alibaba Cloud, the server is added to the server list on the Assets page.
      Notice Due to network latency, a server that is not deployed on Alibaba Cloud and has the Security Center agent installed may not be immediately displayed on the Assets page. In this case, you must click Synchronize Asset on the Server(s) tab of the Assets page to update the information about the server.

Install the Security Center agent on multiple servers not deployed on Alibaba Cloud at a time

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Agent tab.
  4. On the Agent tab, click the Client Installation Guide tab. On the Client Installation Guide tab, click Add Installation Command.
  5. In the Add Installation Command dialog box, configure the following parameters.
    Add Installation Command
    Parameter Description
    Expiration time The date on which the installation command expires.
    Service Provider The provider of the servers.
    Default grouping The server group in which the installation command takes effect.
    Operating system The operating system in which the installation command is run. Valid values: Windows, Linux, and windows-2003.
    Making Image System Specifies whether to create an image. Valid values: Yes and No.
    • If you select Yes, Security Center automatically creates an image based on the installation command. You can use the image to preinstall the Security Center agent on multiple servers at a time without the need to run the installation command on each server.
    • If you select No, Security Center generates an installation command but does not create an image based on the installation command.
  6. Click OK.
  7. Open your bastion host or self-managed O&M system such as Xshell or SecureCRT. Then, run the installation commands on your servers. The Security Center agent is downloaded and installed on your servers.
    Approximately five minutes after the agent is installed, your servers are displayed in the server list on the Assets page in the Security Center console.
    Notice Due to network latency, servers that are not deployed on Alibaba Cloud and have the Security Center agent installed may not be immediately displayed on the Assets page. In this case, you must click Synchronize Asset on the Server(s) tab of the Assets page to update the information about the servers.

References

Troubleshoot why the Security Center agent is offline

Install the Security Center agent