Help Center/ Host Security Service/ User Guide/ Accessing HSS/ Installing the Agent on Servers/ Installing the Agent on Huawei Cloud Servers
Updated on 2025-08-26 GMT+08:00
View PDF
Share

Installing the Agent on Huawei Cloud Servers

Scenario

You can enable HSS for servers only after installing the agent. This section describes how to install the agent on Huawei Cloud servers.

If you use CBH, you can quickly install the agent on the servers through CBH. For details, see Installing the HSS Agent Using CBH.

Prerequisites

  • The settings of security group outbound ports, DNS server addresses, and third-party security software are appropriate and do not hinder agent installation. You have performed the operations in Checking the Installation Environment.
  • The VPCOperatePolicy and VPCEPOperatePolicy permissions have been granted to HSS. For details, see Authorization.

Constraints

  • The HSS agent has been embedded into Workspace images. If you purchase Workspace 23.6.0 or later, the agent will be automatically installed. If your Workspace version is earlier than 23.6.0, you can manually install the agent by referring to this section.
  • To install the agent on a target ECS on the HSS console, ensure there is already an executor ECS, which is in the same VPC as the target ECS and has an online HSS agent. If there are no executor ECSs, install the agent on an ECS by referring to Using the Commands or Script to Install the Agent on Huawei Cloud Servers (Current-Account Installation).

Agent Installation Modes

HSS supports two installation modes. For details about their differences, see Table 1.

Table 1 Installation modes

Agent Installation Mode

Description

Scenario

Reference

GUI
  • To install the agent on a target server, ensure an agent is already online on a server in the same VPC as the target server.
  • The operations are simple. You do not need to log in to the server.
  • You need to provide the account password or key to install the agent.

To install the agent on a target server, ensure an agent is already online on a server in the same VPC as the target server.

Installing the Agent on Huawei Cloud Servers on the HSS Console

Commands or script
  • You need to log in to the server and manually run the commands or scripts.
  • You can install the agent under the current account or across accounts. The operations for current-account and cross-account installation are as follows:
    • Current-account installation: The target servers and the HSS quota you purchased are under the same account. You can log in using this account to obtain the installation commands or script and install the agent on the servers.
    • Cross-account installation: The target servers and the HSS quota you purchased are under different accounts. You can log in to account A to obtain the installation command or script, and install the agent on the target server under account B. After the agent is successfully installed, you can view the target server on the Asset Management > Servers & Quota page of account A.
  • There are no servers with an online agent in the VPC of the target server.
  • Manage and protect servers across accounts.

Installing the Agent on Huawei Cloud Servers on the HSS Console

You can install the agent on servers on the HSS console. Various installation methods are provided below.

Using a Username and Password to Install the Agent on a Huawei Cloud Server

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select GUI.
    • Server Authentication Mode: Select Account and password.
    • Scale: Select Single.

  8. Select a server and click Next.
  9. Enter a username and password as prompted.

    • Linux
      Provide information based on whether the server can be logged in using the root account.
      • If Allow direct connection with root permissions is selected:

        The root account can be used to log in to the server. Provide the root user password and login port. HSS will use your root account to install the agent for the server.

      • If Allow direct connection with root permissions is not selected:

        The root account cannot be used to log in to the server. Provide another username and password for login, and the root password for privilege escalation. HSS will use the provided account information to install the agent for the server.

      Figure 1 Entering the username and password (Linux)
    • Windows

      Enter a username and its password.

      Figure 2 Entering the username and password (Windows)

  10. Confirm the information and click OK.

    You can view the Agent Status column to check the agent installation progress. If the Agent Status is Online, the agent has been installed.

Using a Username and Password to Install the Agent on Multiple Huawei Cloud Servers

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select GUI.
    • Server Authentication Mode: Select Account and password.
    • Scale: Select Batch.

  8. Upload the installation template.

    1. Click Download Template to download the batch installation template to your local PC.
      Figure 3 Downloading the batch installation template
    2. Open the downloaded file, fill in server information as required, and save the file.
    3. Click Select File and upload the file.

      HSS will automatically match the servers based on IP addresses. If the matching fails, you can click View Failed Servers and check the failure cause.

  9. Select servers.
  10. Confirm the information and click OK.

    You can view the Agent Status column to check the agent installation progress. If the Agent Status is Online, the agent has been installed.

Using DEW to Install the Agent on One or Multiple Huawei Cloud Servers

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select GUI.
    • Server Authentication Mode: Select Key.
    • Key Source: Select DEW

  8. Select servers and click OK.

    In the server list, only the servers bound to DEW are displayed.

    Figure 4 Selecting servers

  9. In the row of a server, check its agent installation progress in the Agent Status column.

    If the Agent Status is Online, the agent has been installed.

Using a User-created Key to Install the Agent on One or Multiple Huawei Cloud Servers (Linux Only)

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select GUI.
    • Server Authentication Mode: Select Key.
    • Key Source: Select User-created key (Linux only).

  8. Upload the installation template.

    1. Click Download Template to download the batch installation template to your local PC.
      Figure 5 Downloading the batch installation template
    2. Open the downloaded file, fill in server information as required, and save the file.
    3. Click Select File and upload the file.

      HSS will automatically parse the file and identify the servers you specified. If the parsing fails, you can click View Failed Servers and check the failure cause.

  9. Confirm the information and click OK.
  10. In the row of a server, check its agent installation progress in the Agent Status column.

    If the Agent Status is Online, the agent has been installed.

Using the Commands or Script to Install the Agent on Huawei Cloud Servers (Current-Account Installation)

The HSS agent can be installed using commands. You can install the agent on different OSs. Various installation methods are provided below.

Using Commands to Install the Agent on a Huawei Cloud Linux Server (Current-Account Installation)

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select Command.
    • Owner Account: Select Current.
    • Server OS: Select Linux.
    • Scale: Select Single.

  8. (Optional) Select the servers that need to be connected to the current HSS region and click Next.

    • Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. HSS will automatically create a VPC endpoint, which occupies an IP address of your VPC subnet. Only one VPC endpoint will be created for each of your VPCs to ensure the communication between your servers and HSS.
    • In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

  9. Install the agent as prompted.

    For CN East2 and CN Southwest-Guiyang1 regions, wait until the network communication succeeds (that is, the VPC endpoint is created) before performing the following operations.

    1. On the console page, click in the Install HSS Agent dialog box to copy the installation command.
      Figure 6 Copying the installation command
    2. Log in to the server as the root user and paste the installation command.

      If the command output shown in Figure 7 is displayed, the agent has been installed.

      Figure 7 Agent installed
    3. Wait for 5 to 10 minutes and return to the HSS console. On the Server Install & Config page, click the Agents tab, and click Servers with Agents. Check the agent status of the target server.

      If the Agent Status is Online, the agent has been installed.

Using Commands to Install the Agent on Multiple Huawei Cloud Linux Servers (Current-Account Installation)

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select Command.
    • Owner Account: Select Current.
    • Server OS: Select Linux.
    • Scale: Select Batch.
    • Server Authentication Mode: Select Account and password or Key as needed.

  8. (Optional) Select the servers that need to be connected to the current HSS region and click Next.

    • Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. HSS will automatically create a VPC endpoint, which occupies an IP address of your VPC subnet. Only one VPC endpoint will be created for each of your VPCs to ensure the communication between your servers and HSS.
    • In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

  9. Install the agent as prompted.

    For CN East2 and CN Southwest-Guiyang1 regions, wait until the network communication succeeds (that is, the VPC endpoint is created) before you proceed. Perform the following operations on any server:

    1. On the console, click linux-host-list.csv in the Install HSS Agent dialog box to download the template.
      Figure 8 Downloading linux-host-list.csv
    2. Enter the server information based on the requirements in the linux-host-list.csv template and save the template.

      Ensure that the entered server verification information is consistent with the verification mode selected in 7.

    3. Use the root account to remotely log in to any target server.
    4. Use the SSH client to upload the linux-host-list.csv file to the /tmp directory on the server.
    5. Return to the HSS console. In the Install HSS Agent dialog box, click to copy the installation command.
      Figure 9 Copying the installation command
    6. Paste and run the installation command on the server to install the agent.

      If the information shown in Figure 10 is displayed, the installation is complete.

      Figure 10 Agent installed
    7. Wait for 5 to 10 minutes and return to the HSS console. On the Server Install & Config page, click the Agents tab, and click Servers with Agents. Check the agent status of the target server.

      If the Agent Status is Online, the agent has been installed.

Using the Script to Install the Agent on a Huawei Cloud Windows Server (Current-Account Installation)

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select Command.
    • Owner Account: Select Current.
    • Server OS: Select Windows.
    • Scale: Select Single.

  8. (Optional) Select the servers that need to be connected to the current HSS region and click Next.

    • Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. HSS will automatically create a VPC endpoint, which occupies an IP address of your VPC subnet. Only one VPC endpoint will be created for each of your VPCs to ensure the communication between your servers and HSS.
    • In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

  9. Install the agent as prompted.

    For CN East2 and CN Southwest-Guiyang1 regions, wait until the network communication succeeds (that is, the VPC endpoint is created) before performing the following operations.

    1. On the console, click installAgent.ps1 in the Install HSS Agent dialog box to download the installation script.
      Figure 11 Downloading installAgent.ps1
    2. Copy the installAgent.ps1 file to the C:\Users directory of the server where the agent is to be installed.
    3. Right-click installAgent.ps1 and choose Run with PowerShell.
    4. (Optional) In the dialog box that is displayed, enter Y to run the script to install the agent.

      If no dialog box is displayed, skip this step.

      Figure 12 Changing the execution policy
    5. After the execution, open the Task Manager and check whether hostguard.exe and hostwatch.exe exist. If they do, the agent has been installed.
      Figure 13 Agent installed
    6. Wait for 5 to 10 minutes and return to the HSS console. On the Server Install & Config page, click the Agents tab, and click Servers with Agents. Check the agent status of the target server.

      If the Agent Status is Online, the agent has been installed.

Using the Script to Install the Agent on Multiple Huawei Cloud Windows Servers (Current-Account Installation)

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Configure installation parameters as follows:

    • Install Mode: Select Command.
    • Owner Account: Select Current.
    • Server OS: Select Windows.
    • Scale: Select Batch.

  8. (Optional) Select the servers that need to be connected to the current HSS region and click Next.

    • Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. HSS will automatically create a VPC endpoint, which occupies an IP address of your VPC subnet. Only one VPC endpoint will be created for each of your VPCs to ensure the communication between your servers and HSS.
    • In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

  9. Install the agent as prompted.

    • For CN East2 and CN Southwest-Guiyang1 regions, wait until the network communication succeeds (that is, the VPC endpoint is created) before performing the following operations.
    • Perform the following operations on any server.
    • To install the agent, the server where the script is executed needs to access the port 5985 on other servers. Modify the inbound rules of the security groups on those servers to allow such access, or HSS will temporarily modify their security group rules while installing the agent. After the agent is installed, the modified settings will be deleted.
    1. On the console, click windows-host-list.xlsx in the Install HSS Agent dialog box to download the template to the local PC.
      Figure 14 Downloading windows-host-list.xlsx
    2. Enter server information based on the requirements in the windows-host-list.xlsx template and save it.
    3. Return to the HSS console and click BatchInstallAgent.ps1 to download the installation script.
      Figure 15 Downloading BatchInstallAgent.ps1
    4. Copy the windows-host-list.xlsx and BatchInstallAgent.ps1 files to the C:\Users directory of the server where the agent is to be installed.
    5. Right-click BatchInstallAgent.ps1 and choose Run with PowerShell.
    6. (Optional) In the dialog box that is displayed, enter Y to run the script to install the agent.

      If no dialog box is displayed, skip this step.

      Figure 16 Changing the execution policy
    7. After the script is executed successfully, check whether the BatchInstallAgent.log file exists in C:\Users\Administrator.

      If the BatchInstallAgent.log file exists, the agent has been installed.

    8. Wait for 5 to 10 minutes and return to the HSS console. On the Server Install & Config page, click the Agents tab, and click Servers with Agents. Check the agent status of the target server.

      If the Agent Status is Online, the agent has been installed.

Using the Commands or Script to Install the Agent on Huawei Cloud Servers (Cross-Account Installation)

Assume you have two accounts. Account A is your management account. It needs to manage the servers under account B, a member account. You can log in to account A, copy the agent installation command or script, and run it on a server under account B. After the agent is installed, you can choose Asset Management > Servers & Quota under account A to view the servers and enable HSS for them. In this way, servers can be protected across accounts.

You can install the agent on different OSs. Various installation methods are as follows. The procedures assume you have account A (management account) and account B (its servers need to be managed by account A).

Using Commands to Install the Agent on a Huawei Cloud Linux Server (Cross-Account Installation)

  1. Log in to the management console using account A.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Select an installation mode and click Next.

    • Install Mode: Select Command.
    • Owner Account: Select Other.
    • Server OS: Select Linux.
    • Scale: Select Single.

  8. (Optional) Go to the VPCEP console and manually create a VPC endpoint for communication between the server and HSS.

    Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. Only one VPC endpoint needs to be created for each VPC. In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

    1. Click in the upper left corner of the page and choose Networking > VPC Endpoint to switch to the VPC Endpoint page.
    2. In the upper right corner of the VPC Endpoints page, click Buy VPC Endpoint.
    3. Set the parameters.
      1. Region: Select CN East2 or CN Southwest-Guiyang1. Set the parameter based on the region to which the server is connected.
      2. Service Category: Select Cloud service.
      3. Selecting a service
        • Select com.myhuaweicloud.xxx.hss-agent. xxx indicates the region ID. For example, the region ID of CN East 2 is cn-east-4.
        • Select Create a Private Domain Name.
      4. VPC: Select a VPC that communicates with your server.
      5. Subnet: Select or create a subnet.
      6. IPv4 Address: Select Automatically assign IP address.
      7. Other parameters: Set parameters as prompted.
    4. Click Next to submit the order.
    5. Return to the VPC Endpoints page and confirm that the VPC endpoint is created.

  9. Return to the HSS console and install the agent as prompted.

    1. On the console page, click in the Install HSS Agent dialog box to copy the installation command.
      Figure 17 Copying the installation command
    2. Log in to the server under account B. Paste and run the installation command.

      If the command output shown in Figure 18 is displayed, the agent has been installed.

      Figure 18 Agent installed
    3. Wait for 5 to 10 minutes. Return to the HSS console, choose Asset Management > Servers & Quota, and click the Servers tab. Check whether managed servers are online. If yes, the cross-account management is successful.

Using Commands to Install the Agent on Multiple Huawei Cloud Linux Servers (Cross-Account Installation)

  1. Log in to the management console using account A.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Select an installation mode and click Next.

    • Install Mode: Select Command.
    • Owner Account: Select Other.
    • Server OS: Select Linux.
    • Scale: Select Batch.
    • Server Authentication Mode: Select Account and password or Key as needed.

  8. (Optional) Go to the VPCEP console and manually create a VPC endpoint for communication between the server and HSS.

    Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. Only one VPC endpoint needs to be created for each VPC. In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

    1. Click in the upper left corner of the page and choose Networking > VPC Endpoint to switch to the VPC Endpoint page.
    2. In the upper right corner of the VPC Endpoints page, click Buy VPC Endpoint.
    3. Set the parameters.
      1. Region: Select CN East2 or CN Southwest-Guiyang1. Set the parameter based on the region to which the server is connected.
      2. Service Category: Select Cloud service.
      3. Selecting a service
        • Select com.myhuaweicloud.xxx.hss-agent. xxx indicates the region ID. For example, the region ID of CN East 2 is cn-east-4.
        • Select Create a Private Domain Name.
      4. VPC: Select a VPC that communicates with your server.
      5. Subnet: Select or create a subnet.
      6. IPv4 Address: Select Automatically assign IP address.
      7. Other parameters: Set parameters as prompted.
    4. Click Next to submit the order.
    5. Return to the VPC Endpoints page and confirm that the VPC endpoint is created.

  9. Return to the HSS console and install the agent as prompted.

    1. On the console, click linux-host-list.csv in the Install HSS Agent dialog box to download the template.
      Figure 19 Downloading linux-host-list.csv
    2. In the linux-host-list.csv template, fill in the information about account B's servers that need to be managed, and save the information.

      Ensure that the entered server verification information is consistent with the verification mode selected in 7.

    3. Use the root account to remotely log in to any of account B's servers that need to be managed.
    4. Use the SSH client to upload the linux-host-list.csv file to the /tmp directory on the server.
    5. Return to the HSS console. In the Install HSS Agent dialog box, click to copy the installation command.
      Figure 20 Copying the installation command
    6. Paste and run the installation command on the server to install the agent.

      If the information shown in Figure 21 is displayed, the installation is complete.

      Figure 21 Agent installed
    7. Wait for 5 to 10 minutes. Return to the HSS console, choose Asset Management > Servers & Quota, and click the Servers tab. Check whether managed servers are online. If yes, the cross-account management is successful.

Using the Script to Install the Agent on a Huawei Cloud Windows Server (Cross-Account Installation)

  1. Log in to the management console using account A.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Select an installation mode and click Next.

    • Install Mode: Select Command.
    • Owner Account: Select Other.
    • Server OS: Select Windows.
    • Scale: Select Single.

  8. (Optional) Go to the VPCEP console and manually create a VPC endpoint for communication between the server and HSS.

    Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. Only one VPC endpoint needs to be created for each VPC. In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

    1. Click in the upper left corner of the page and choose Networking > VPC Endpoint to switch to the VPC Endpoint page.
    2. In the upper right corner of the VPC Endpoints page, click Buy VPC Endpoint.
    3. Set the parameters.
      1. Region: Select CN East2 or CN Southwest-Guiyang1. Set the parameter based on the region to which the server is connected.
      2. Service Category: Select Cloud service.
      3. Selecting a service
        • Select com.myhuaweicloud.xxx.hss-agent. xxx indicates the region ID. For example, the region ID of CN East 2 is cn-east-4.
        • Select Create a Private Domain Name.
      4. VPC: Select a VPC that communicates with your server.
      5. Subnet: Select or create a subnet.
      6. IPv4 Address: Select Automatically assign IP address.
      7. Other parameters: Set parameters as prompted.
    4. Click Next to submit the order.
    5. Return to the VPC Endpoints page and confirm that the VPC endpoint is created.

  9. Return to the HSS console and install the agent as prompted.

    1. On the console, click installAgent.ps1 in the Install HSS Agent dialog box to download the installation script.
      Figure 22 Downloading installAgent.ps1
    2. Copy the installAgent.ps1 file to the C:\Users directory of the server under account B.
    3. Right-click installAgent.ps1 and choose Run with PowerShell.
    4. (Optional) In the dialog box that is displayed, enter Y to run the script to install the agent.

      If no dialog box is displayed, skip this step.

      Figure 23 Changing the execution policy
    5. After the execution, open the Task Manager and check whether hostguard.exe and hostwatch.exe exist. If they do, the agent has been installed.
      Figure 24 Agent installed
    6. Wait for 5 to 10 minutes. Return to the HSS console, choose Asset Management > Servers & Quota, and click the Servers tab. Check whether managed servers are online. If yes, the cross-account management is successful.

Using the Script to Install the Agent on Multiple Huawei Cloud Windows Servers (Cross-Account Installation)

  1. Log in to the management console using account A.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Installation & Configuration > Server Install & Config.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. In the upper right corner of the page, click Install HSS Agent.
  6. Select ECS and click Configure Now.
  7. Select an installation mode and click Next.

    • Install Mode: Select Command.
    • Owner Account: Select Other.
    • Server OS: Select Windows.
    • Scale: Select Batch.

  8. (Optional) Go to the VPCEP console and manually create a VPC endpoint for communication between the server and HSS.

    Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. Only one VPC endpoint needs to be created for each VPC. In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

    1. Click in the upper left corner of the page and choose Networking > VPC Endpoint to switch to the VPC Endpoint page.
    2. In the upper right corner of the VPC Endpoints page, click Buy VPC Endpoint.
    3. Set the parameters.
      1. Region: Select CN East2 or CN Southwest-Guiyang1. Set the parameter based on the region to which the server is connected.
      2. Service Category: Select Cloud service.
      3. Selecting a service
        • Select com.myhuaweicloud.xxx.hss-agent. xxx indicates the region ID. For example, the region ID of CN East 2 is cn-east-4.
        • Select Create a Private Domain Name.
      4. VPC: Select a VPC that communicates with your server.
      5. Subnet: Select or create a subnet.
      6. IPv4 Address: Select Automatically assign IP address.
      7. Other parameters: Set parameters as prompted.
    4. Click Next to submit the order.
    5. Return to the VPC Endpoints page and confirm that the VPC endpoint is created.

  9. Return to the HSS console and install the agent as prompted.

    Perform this operation only in the CN East2 and CN Southwest-Guiyang1 regions. Only one VPC endpoint needs to be created for each VPC. In other regions, ensure the security groups of your servers allow outbound traffic through port 10180 of the 100.125.0.0/16 CIDR block. This port is used to communicate with HSS.

    1. On the console, click windows-host-list.xlsx in the Install HSS Agent dialog box to download the template to the local PC.
      Figure 25 Downloading windows-host-list.xlsx
    2. In the windows-host-list.xlsx template, fill in the information about account B's servers that need to be managed, and save the information.
    3. Return to the HSS console and click BatchInstallAgent.ps1 to download the installation script.
      Figure 26 Downloading BatchInstallAgent.ps1
    4. Copy and paste the windows-host-list.xlsx and BatchInstallAgent.ps1 files to the C:\Users directory on any of account B's servers to be managed.
    5. Right-click BatchInstallAgent.ps1 and choose Run with PowerShell.
    6. (Optional) In the dialog box that is displayed, enter Y to run the script to install the agent.

      If no dialog box is displayed, skip this step.

      Figure 27 Changing the execution policy
    7. After the script is executed successfully, check whether the BatchInstallAgent.log file exists in C:\Users\Administrator.

      If the BatchInstallAgent.log file exists, the agent has been installed.

    8. Wait for 5 to 10 minutes. Return to the HSS console, choose Asset Management > Servers & Quota, and click the Servers tab. Check whether managed servers are online. If yes, the cross-account management is successful.

FAQ

For details about how to troubleshoot the agent installation failure, see What Should I Do If Agent Installation Failed?

Follow-up Procedure

After the agent is installed on the server or container node, enable protection.

Parent Topic: Installing the Agent on Servers