Updated on 2025-08-26 GMT+08:00

Installing the Agent on Huawei Cloud Servers

Scenario

You can enable HSS for servers only after installing the agent. This section describes how to install the agent on Huawei Cloud servers.

If you use CBH, you can quickly install the agent on the servers through CBH. For details, see Installing the HSS Agent Using CBH.

Prerequisites

  • The settings of security group outbound ports, DNS server addresses, and third-party security software are appropriate and do not hinder agent installation. You have performed the operations in Checking the Installation Environment.
  • The VPCOperatePolicy and VPCEPOperatePolicy permissions have been granted to HSS. For details, see Authorization.

Constraints

  • The HSS agent has been embedded into Workspace images. If you purchase Workspace 23.6.0 or later, the agent will be automatically installed. If your Workspace version is earlier than 23.6.0, you can manually install the agent by referring to this section.
  • To install the agent on a target ECS on the HSS console, ensure there is already an executor ECS, which is in the same VPC as the target ECS and has an online HSS agent. If there are no executor ECSs, install the agent on an ECS by referring to Using the Commands or Script to Install the Agent on Huawei Cloud Servers (Current-Account Installation).

Agent Installation Modes

HSS supports two installation modes. For details about their differences, see Table 1.

Table 1 Installation modes

Agent Installation Mode

Description

Scenario

Reference

GUI

  • To install the agent on a target server, ensure an agent is already online on a server in the same VPC as the target server.
  • The operations are simple. You do not need to log in to the server.
  • You need to provide the account password or key to install the agent.

To install the agent on a target server, ensure an agent is already online on a server in the same VPC as the target server.

Installing the Agent on Huawei Cloud Servers on the HSS Console

Commands or script

  • You need to log in to the server and manually run the commands or scripts.
  • You can install the agent under the current account or across accounts. The operations for current-account and cross-account installation are as follows:
    • Current-account installation: The target servers and the HSS quota you purchased are under the same account. You can log in using this account to obtain the installation commands or script and install the agent on the servers.
    • Cross-account installation: The target servers and the HSS quota you purchased are under different accounts. You can log in to account A to obtain the installation command or script, and install the agent on the target server under account B. After the agent is successfully installed, you can view the target server on the Asset Management > Servers & Quota page of account A.

  • There are no servers with an online agent in the VPC of the target server.
  • Manage and protect servers across accounts.

Installing the Agent on Huawei Cloud Servers on the HSS Console

You can install the agent on servers on the HSS console. Various installation methods are provided below.

Using the Commands or Script to Install the Agent on Huawei Cloud Servers (Current-Account Installation)

The HSS agent can be installed using commands. You can install the agent on different OSs. Various installation methods are provided below.

Using the Commands or Script to Install the Agent on Huawei Cloud Servers (Cross-Account Installation)

Assume you have two accounts. Account A is your management account. It needs to manage the servers under account B, a member account. You can log in to account A, copy the agent installation command or script, and run it on a server under account B. After the agent is installed, you can choose Asset Management > Servers & Quota under account A to view the servers and enable HSS for them. In this way, servers can be protected across accounts.

You can install the agent on different OSs. Various installation methods are as follows. The procedures assume you have account A (management account) and account B (its servers need to be managed by account A).

FAQ

For details about how to troubleshoot the agent installation failure, see What Should I Do If Agent Installation Failed?

Follow-up Procedure

After the agent is installed on the server or container node, enable protection.