Scenario
You can enable HSS for servers only after installing the agent. For third-party cloud servers and on-premises data centers (IDCs) that can access the Internet, you can download and install the HSS agent through the Internet and connect the servers to the HSS console for protection management.
This section describes how to install the agent on a third-party server through the Internet.
Prerequisites
Perform the operations in Checking the Installation Environment to ensure agent installation is not affected by DNS server addresses, third-party security software, or the outbound port settings of security groups.
Constraints and Limitations
- Third-party cloud servers and on-premises IDC can be connected to HSS through the Internet in the following regions: CN North-Beijing1, CN North-Beijing4, CN East-Shanghai1, CN East-Shanghai2, CN South-Guangzhou, CN Southwest-Guiyang1, CN-Hong Kong, AP-Singapore, and AP-Jakarta.
- If your server cannot access the Internet and needs to be connected to HSS for protection, refer to the following solutions:
Installing the Agent on Third-party Linux Servers Using Commands
The following describes how to install the agent on the Linux server. You can select a method as required.
Installing the Agent on a Single Third-party Linux Server Using Commands
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane, choose .
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Click the Agents tab.
- In the upper right corner of the page, click Install HSS Agent.
- Select Third-party Cloud or Data Center Server and click Configure Now.
- Select an installation method.
- Network Mode: Internet access
- Server OS: Linux
- Scale: Single
- Click to copy the installation command.
Figure 1 Copying the installation command
- Log in to the server as user root, and paste and run the installation command.
If the command output shown in Figure 2 is displayed, the agent has been installed.
Figure 2 Agent installed
Installing the Agent on Multiple Third-party Linux Servers Using Commands
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane, choose .
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Click the Agents tab.
- In the upper right corner of the page, click Install HSS Agent.
- Select Third-party Cloud or Data Center Server and click Configure Now.
- Select an installation method.
- Network Mode: Internet access
- Server OS: Linux
- Scale: Batch
- Server Authentication Mode: Select Account and password or Key as needed.
- Install the agent as prompted.
Installing the Agent on Third-party Windows Servers Using a Script
The following describes how to install the agent on a Windows server. You can select a method as required.
Installing the Agent on a Single Third-party Windows Server Using a Script
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane, choose .
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Click the Agents tab.
- In the upper right corner of the page, click Install HSS Agent.
- Select Third-party Cloud or Data Center Server and click Configure Now.
- Select an installation method.
- Network Mode: Internet access
- Server OS: Windows
- Scale: Single
- Install the agent as prompted.
- On the console, click installAgent.ps1 in the Install HSS Agent dialog box to download the installation script.
Figure 6 Downloading installAgent.ps1
- Copy the installAgent.ps1 file to C:\Users\Administrator.
- Right-click installAgent.ps1 and choose Run with PowerShell.
- (Optional) In the dialog box that is displayed, enter Y to run the script to install the agent.
If no dialog box is displayed, skip this step.
Figure 7 Changing the execution policy
- After the execution, open the Task Manager and check whether hostguard.exe and hostwatch.exe exist. If they do, the agent has been installed.
Figure 8 Agent installed
Installing the Agent on Multiple Third-party Windows Servers Using a Script
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane, choose .
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Click the Agents tab.
- In the upper right corner of the page, click Install HSS Agent.
- Select Third-party Cloud or Data Center Server and click Configure Now.
- Select an installation method.
- Network Mode: Internet access
- Server OS: Windows
- Scale: Batch
- Install the agent as prompted.
- On the console, click windows-host-list.xlsx in the Install HSS Agent dialog box to download the template to the local PC.
Figure 9 Downloading windows-host-list.xlsx
- Enter server information based on the requirements in the windows-host-list.xlsx template and save it.
- Return to the HSS console and click BatchInstallAgent.ps1 to download the installation script.
Figure 10 Downloading BatchInstallAgent.ps1
- Copy the windows-host-list.xlsx and BatchInstallAgent.ps1 files to C:\Users\Administrator.
- Right-click BatchInstallAgent.ps1 and choose Run with PowerShell.
- (Optional) In the dialog box that is displayed, enter Y to run the script to install the agent.
If no dialog box is displayed, skip this step.
Figure 11 Changing the execution policy
- After the script is executed successfully, check whether the BatchInstallAgent.log file exists in C:\Users\Administrator.
If the BatchInstallAgent.log file exists, the agent has been installed.