The purpose of this document is to familiarize you with some of the KACE 1000 agent footprint on your managed systems and appliance communication details.

 

Windows Agent Footprint

 

  • The KACE windows agent is deployed via a single 12.7MB package that covers all supported Windows, MAC, and Linux OS versions

 

  • The executable files are in the same place for all Windows, under Program Files.  The configuration and log file directory differs for WinXP/2003 and Win7/2008 installations.
  • The executable files, including the service file, are installed in %PROGRAM FILES%\Dell\KACE.
  • The data and configuration files are stored:
    • Win Vista/Win7/Win2008 - C:\ProgramData\Dell\KACE
    • Win2000/WinXP/Win2003 - C:\Users\All Users\Dell\KACE

 

  • Once deployed, the agent is runs as a single Windows service, running as Local System User – no special Service Credentials are required.  There are two directories installed by the KACE agent.  The service takes 9k of memory.  The process for the service is AMPAgent.exe

 

  • For various tasks, messages will be sent to the service, and it will launch agent processes:
  • KInventory.exe - to capture and send inventory to the Server
  • KDeploy.exe  - to deploy software packages via Managed Install
  • KLaunch.exe - to run script processes
  • KPatch.exe - to detect and deploy patches.
  • KCopy.exe - to download files from the server via http or from a local repository via Windows Files Sharing

 

 

Agent – Server communication details:

All communication between the agent and the server is initiated by the agent. 

 

  • It first establishes a heart-beat connection on port 52230.  This communication can be encrypted with SSL.  The agent will attempt this connection whenever it is on a network and is not currently connected to the server.  This initial packet is at most a few hundred bytes, and contains the NAME, Serial Number and KUID of the connecting machine.  Once established, the server holds the socket open, and uses the socket as a message queue to let agents know to execute tasks.  Once established, the heartbeat will send a few bytes a minute from each agent confirming that the agent is still there and its current IP address.   If the machine loses connection, it will immediately attempt to reconnect.

 

  • At a minimum, each agent will send inventory to the server on a configurable schedule.  By default, that schedule is once every 4 hours.  It can be set from 15 minutes to 99 hours.  Using this setting, the server load balances inventory activity for the agent population evenly across the time period. 
  • For example, if you have 1000 agents and a 2 hour inventory interval, there will be an inventory sent to the server every 7.2 seconds. 

 

  • Inventory ranges from 100k-200k, depending on the amount of software on the agent machine. 
  • An example inventory is included with this document, to see exactly what is collected.  Appendix A lists the WMI blocks that the agent calls in order to gather inventory.

 

  • Inventory triggers Managed Installs and File Sync.  If a machine needs a piece of software or set of files deployed based on inventory received, the server will instruct the agent to fetch and install those identified packages.  This will happen at inventory time and the agent will first check to see if it has already downloaded the package, using MD5 and SH3 hash, and then ask the server where to get the file, and fetch it either from the server using HTTP(S) or SMB file copy from a local replication share.

 

  • No other tasks will happen on the agent machine unless configured by the user. 

 

 

Example Output from Kinventory Agent:

 

C:\Program Files (x86)\Dell\KACE>KInventory.exe

KInventory    ----- Starting KInventory.exe [KInventory.exe]-----

KInventory   Begin capturing Inventory...

KInventory   Now gathering Version information...

KInventory   Now gathering Process information...

KInventory   Now gathering BIOS information...

KInventory   Now gathering OperatingSystem information...

KInventory   Now gathering ComputerSystem information...

KInventory   Now gathering MotherboardDevice information...

KInventory   Now gathering SoundDevice information...

KInventory   Now gathering CDROMDrive information...

KInventory   Now gathering VideoController information...

KInventory   Now gathering DesktopMonitor information...

KInventory   Now gathering Registry information...

KInventory   Now gathering NetworkAdapter information...

KInventory   Now gathering NetworkAdapterConfiguration information...

KInventory   Now gathering Printer information...

KInventory   Now gathering StartupCommand information...

KInventory   Now gathering PhysicalMemory information...

KInventory   Now gathering PhysicalMemoryArray information...

KInventory   Now gathering InstalledSoftware32 information...

KInventory   Now gathering InstalledSoftware64 information...

KInventory   Now gathering UserAccount information...

KInventory   Now gathering QuickFixEngineering information...

KInventory   Now gathering Services information...

KInventory   Now gathering OptionalFeature information...

KInventory   Now gathering Subcomponents information...

KInventory   Now gathering ServerFeature information...

KInventory   Now gathering Processor information...

KInventory   Now gathering WindowsProductActivation information...

KInventory   Now gathering SoftwareLicensingProduct information...

KInventory   Now gathering PortableBattery information...

KInventory   Now gathering SystemEnclosure information...

KInventory   Now gathering LogicalDisk information...

KInventory   Now gathering DiskDrive information...

KInventory   Now gathering DiskPartition information...

KInventory   Now gathering DiskDriveToDiskPartition information...

KInventory   Now gathering LogicalDiskToPartition information...

KInventory   Now creating inventory report...

KInventory   Inventory Capture completed and stored in C:\Users\MWILL_~1\AppData

\Local\Temp\inventory.html

KInventory    ----- Ending KInventory.exe (0)-----