Documentation

Host inventory

Suggest Edits

On the Hosts Inventory page, you can find hosts that are accessible using SSH. Discovered assets are stored as hosts and can also be managed on the Hosts Inventory page.

This stage does not require a credential. It performs a port scan to test for an SSH connection.

Hosts are discovered in parallel batches to avoid saturating the network connection. The default size is 20. This can be configured by changing the pool settings option.

Discover host methods

Hosts are discovered through the following methods:

  • Scan for Hosts
  • Import Hosts
  • Scan the Registry Name Service

To access any of these methods, on the Host Inventory page, click the Add Hosts dropdown menu.

ℹ️

Note

While using any of these methods, the grid refreshes automatically every 5 seconds.

Scan for hosts

IP addresses can be added using one of the following formats:

  • Single IP: To discover a single host, type the IP address. For example, 10.1.100.15.
  • IP Range: Discover any hosts in a range. For example, 10.1.100.15–10.1.100.20.
  • CIDR Notation: Discover hosts in a CIDR block. For example, 10.100.1.10/24.

To manually discover hosts:

  1. Enter the IP addresses using one of the accepted formats.
  2. Enter an SSH port. The value should map to the SSH port for the host provided. If no SSH port is provided, the default port is 22. Each discovery scan uses a single port regardless of the number of machines.

ℹ️

Note

To update the SSH port for the host, navigate to Host Details. The value can then be configured under General > Connection Details.

  1. When discovering a single host, you can enter an SSH fingerprint using SHA-256 format. If the value matches the received fingerprint, the host is automatically accepted. This is optional and only applies when performing single IP discovery.
  2. Check the Automatically accept SSH fingerprints box to accept all SSH fingerprints for discovered hosts. If the host already exists in the system, the SSH fingerprint is ignored.
  3. Click Scan for Host.

ℹ️

Note

Search for non-sequential IP addresses at the same time by entering each IP address before clicking Scan for Host.

Import hosts

To import hosts, create a CSV file with a host address, port, and SSH fingerprint (optional) per line. Do not use headers in the file.

The contents of a valid file may look like the following:

"10.100.3.6",22,SHA256:HASHED-KEY
"10.100.3.7",22,SHA256:HASHED-KEY
"10.100.3.8",22,SHA256:HASHED-KEY
"10.100.3.9",22,SHA256:HASHED-KEY

ℹ️

Note

The CSV file can contain fingerprints in the SHA-256 format. If the fingerprint matches, the SSH fingerprint is accepted.

To import a CSV file:

  1. On the Host Inventory page, click the targeted area to upload a CSV file in the Import Hosts pane. Alternatively, drag the file into the targeted area.
  2. Check the Automatically accept SSH fingerprints from new hosts box to automatically accept discovered fingerprints.
  3. Locate the CSV file, and then click Open.

Scan the registry name service

The Registry Name Service can be scanned in order to discover hosts. This scans the servers listed in Primary Registry Servers for all of the hosts in the network, adding previously unknown hosts to the console as appropriate.

To scan the Registry Name Service:

  1. In the Registry Name Service section, enter an SSH Port. The value should map to the SSH port for the host provided. If no SSH port is provided, the default port is 22. Each discovery scan uses a single port regardless of the number of machines.
  2. Check the Automatically accept SSH fingerprints box to accept all SSH fingerprints for discovered hosts. If the host already exists in the system, the SSH fingerprint is ignored.
  3. Click Scan Registry Name Service.

ℹ️

Note

For more information on the Scan Registry Name Service action, see the Tasks > Task Details page. Any new hosts found will appear on the Hosts > Hosts Inventory page.

Hosts inventory grid

On the Hosts > Hosts Inventory page, you can manage hosts and software deployments. A smart form assists in generating actions to run on one or many hosts, and you are notified when actions are complete. Hosts can be filtered by Hostname, IP Address, Operating System, and Tags.

Most actions require credentials be provided so the console can authenticate with the selected host. Credentials are managed on the Credentials page.

Use the Hosts Inventory grid

The Hosts Inventory page displays all the assets found during a discovery.

Click on the Hostname and Updated headers to sort and refresh the grid. When performing an action, you can quickly select all of the hosts in a grid by checking the box in the header row. To view more details about a host, select a host, and then at the far right, click the ellipsis menu icon and select View Host Details.

Choose Host Inventory columns to display

You can choose which columns to display in the grid.

To select which columns to display, at the top-right of the grid, click the Choose Columns to Display icon and select one or more columns to display.

The columns appear from left to right in the grid, in the order that you select them.

Download the results data

You can download the results data as a JSON or CSV file. To download a results file, click the Download icon, and then select JSON File or CSV File. The file downloads to your Download folder.

Primary server columns

The following indicators are possible:

  • Indicates Primary License servers.

  • Indicates Primary Registry Name Service servers.

Hostname Column

The DNS name of the host. This column also contains the host IP address, operating system, and version.

Alerts Column

The following indicators are possible:

  • Indicates a critical issue with the host.

  • Indicates a problem with the host.

Install Status Columns

The following columns provide information on installed components. The available columns are:

AD Bridge

If AD Bridge is installed, the AD Bridge column displays the software version number, agent, and joined status.

  • Agent: Indicates if the agent is installed.
  • Joined: Indicates the domain joined status, which will either display it is not joined or the domain the host is joined to.

EPM-UL

If EPM-UL is installed, the EPM-UL column displays the version number and an icon for each feature and role the host has enabled.

  • Policy: Policy server
  • Log: Log server
  • Client: Submit or run host
  • FIM: FIM policy applied to the server
  • License: License server
  • RNS: Registry Name Service server

Solr

  • Server: Solr Server
  • Client: Client (indexed machine)

ℹ️

Note

As of version 23.1, Solr is deprecated. EPM-UL no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

Sudo Manager

  • Client: Client (index machine)

Updated column

The last time data related to the host changed.

Manage a host

On the Hosts > Hosts Inventory page, access host actions for a server from the vertical ellipsis menu. Select Peform Host Actions from the menu to start the Host Actions wizard. Host actions include:

  • Profile
  • Install software for AD Bridge, and EPM-UL
  • Join domain
  • Deploy keyfile

Additionally, from the menu for each server, you can:

  • View host details
  • Delete hosts

When using the Host Actions wizard, only 25 hosts are displayed at a time. Select Check All to apply settings to all discovered hosts.

Apply updates to servers using bulk actions

Alternatively, you can apply actions to more than one server at a time. On the Hosts > Hosts Inventory page, you can select more than one host and select the Actions menu.

Use Privilege Escalation for BIUL Credentials

Most actions require a credential be supplied in BeyondInsight for Unix & Linux (BIUL). This is the account BIUL authenticates as on selected servers. However, this account might not have sufficient privileges to execute the required commands. The console allows users to choose a Delegation Tool to escalate user privileges. Selecting sudo su requires the user to choose a second credential to delegate to.

Profile servers

Run a profile to gather preinstall information to ensure a host is prepared for software installs.

  • A valid SSH credential is required for a selected host. The credential requires, at minimum, write permission on the host’s remote working directory.
  • By default, the remote working directory is /tmp.
  • The Defaults requiretty setting in the sudoers file is not supported.

You can run a profile immediately, or run it as a scheduled task.

Profile a host immediately

Run a profile immediately, and the Tasks page appears, with the Task Summary panel open, displaying the results.

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Select Profile, and then click Next Step.

  4. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  5. Select Run Now, and then click Next Step.

  6. Review the Summary page, and then click Finish.

  7. Review the Task page and verify the completed status of attempted actions under Task Summary.

  8. To view more information about Task Status, click Task Details.

Profile a host as a scheduled task

Set up a profile to run as a scheduled task. After the task has run per your schedule, you can open the Tasks page and locate and click the task to see the results in the Task Summary panel.

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Select Profile, and then click Next Step.

  4. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  5. Select Schedule, and the Calendar tool appears.

  6. Select the month, week, and day for the task. The full day hours are displayed. To display just the business hours, at the bottom left of the hours, click the Show business hours button. Click it again for full day hours.

  7. Double-click the top or bottom of the hour you want to select, and the Event scheduling dialog box appears.

  8. Verify/set the Start date and time, and then select the Timezone.

  9. (Optional). Set the number of Retries.

  10. If you want the task to be repeated, select the frequency to repeat.

  11. Click Save.

  12. Click Next Step.

  13. Review the Summary page, and then click Finish.

  14. The Tasks page appears. Verify that the information in the Scheduled Summary panel is accurate.

  15. (Optional). You can update, pause, or delete the schedule by using the buttons at the bottom of the panel.

Profile a host using a credential rule

To avoid requiring password authentication when you run a host profile, configure a credential rule. Use default credentials to run a profile on one or many hosts.

  1. Go to the Hosts > Hosts Inventory page.
  2. Select the hosts you want to profile:
    • Single host: Select the host, and then at the far right, click the ellipsis menu icon and select Profile Host with Default Credentials.
    • Multiple hosts: To select the hosts to profile, check the boxes on the left of the hostnames. From the Actions menu, select Profile Host with Default Credentials.

Manage AD Bridge hosts

ℹ️

Note

To access the hosts, a valid SSH credential with administrative rights on the host is required.

Install and upgrade AD Bridge

To install or upgrade AD Bridge hosts:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. On the Primary Action page, select Active Directory Bridge.

  4. On the Secondary Action page, select one from the following:

    • Install: Install AD Bridge software.
    • Upgrade: Upgrade AD Bridge software to the version loaded in the console. If you select Upgrade, you can skip to step 6.

  5. If you select Install, you can configure the Active Directory information on the Action Requirements page. By default, the Use Domain Browser toggle is turned on. To manually enter the information, click the toggle to turn it off.

    • Perform optional Domain join: Select to join the Active Directory host to the domain. The join action occurs after the AD Bridge software installation completes. The toggle is turned on by default. Click the toggle if you do not want to join the host to the domain at this time.
    • Forest: Select the forest from the list. The forest listed here is the directory service connection already configured from the Settings > Directory Services menu.
    • Domain: Select a domain from the list.
    • OU: Click Browse to search for the OU.
    • AD Credential: Select the credential you want to use to access Active Directory. This credential is added when you create the directory services connection.
    • Additional Arguments: Add domain-join cli arguments.

  6. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  7. Review the Summary page, and then click Finish.

  8. Review the Task page and verify the completed status of attempted actions under Task Summary.

  9. To view more information about Task Status, click Task Details.

Join the host to an Active Directory domain

To join selected AD Bridge hosts to a domain:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. On the Primary Action page, select Active Directory Bridge.

  4. On the Secondary Action page, select Domain join.

  5. On the Action Requirements page, select the Active Directory information. By default, the Use Domain Browser toggle is turned on. To manually enter the information, click the toggle to turn it off.

    • Forest: Select the forest from the list. The forest listed here is the directory service connection already configured from the Settings > Directory Services menu.
    • Domain: Select a domain from the list.
    • OU: Click Browse to search for the OU.
    • AD Credential: Select the credential you want to use to access Active Directory. This credential is added when you create the directory services connection.
    • Additional Arguments: Add domain-join cli arguments.

  6. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  7. Review the Summary page, and then click Finish.

  8. Review the Task page and verify the completed status of attempted actions under Task Summary.

  9. To view more information about Task Status, click Task Details.

Remove the host from an Active Directory domain

You can remove an Active Directory host from a domain.

To remove a joined domain:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. On the Primary Action page, select Active Directory Bridge.

  4. On the Secondary Action page, select Domain Leave.

  5. On the Action Requirements page, check the box Delete Computer account in Active Directory, and then select an Active Directory credential from the list.

  6. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  7. Review the Summary page, and then click Finish.

Join the host to an Azure tenant application

To join selected AD Bridge hosts to a Azure application, an application must have already been appropriately configured in Azure.

To join selected AD Bridge hosts to an Azure application:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. On the Primary Action page, select Active Directory Bridge.

  4. On the Secondary Action page, select Tenant Join.

  5. On the Action Requirements page, enter the Azure application information. As noted above, an Azure application must already have been configured.

    • Tenant ID: The tenant ID from the Azure application configuration.
    • Application ID: The application ID from the Azure application configuration.
    • Secret: An application secret value from Azure. This value must have been created in the Azure application (see link below).
    • License Key: An AD Bridge license key to license the endpoint at the same time as joining the Azure tenant.

  6. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  7. Select Run Now.

  8. Review the Summary page, and then click Finish.

  9. Review the Task page and verify the completed status of attempted actions under Task Summary.

  10. To view more information about Task Status, click Task Details.

ℹ️

Note

To reduce the data entry required at Step 5 above, it is possible to create a Join template under Settings > Software > AD Bridge > (ellipsis menu at right) > Manage Join Templates. Here you can save the tenant ID, application ID, and license key as a template, and then, at step 5 above, select that template to populate those fields when joining a specific host to the tenant. Note that you will still need to provide an application secret.

Remove the host from an Azure tenant application

To remove a host from an Azure application:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. On the Primary Action page, select Active Directory Bridge.

  4. On the Secondary Action page, select Tenant Leave.

  5. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  6. Select Run Now.

  7. Review the Summary page, and then click Finish.

Update the Azure application secret for a host

The Azure application secret has a configurable expiration date. When BeyondInsight for Unix & Linux identifies that a host is using an Azure application secret that will expire soon, a notification is generated. The notification details provides you with some guidance to update the application secret.

To update the application secret used by a host to connect to an Azure application, a secret must have already been configured in Azure.

ℹ️

Note

If you view an Azure Secret Key Expiring Soon notification, you can update the secret from the Notification Details panel by clicking the Update Secret button. Alternately, follow the procedure that appears next to perform the update.

To update the application secret:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. On the Primary Action page, select Active Directory Bridge.

  4. On the Secondary Action page, select Tenant Secret.

  5. On the Action Requirements page, enter the new Azure application secret value. As noted above, an Azure application must already have been configured.

  6. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  7. Select Run Now.

  8. Review the Summary page, and then click Finish.

  9. Review the Task page and verify the completed status of attempted actions under Task Summary.

  10. To view more information about Task Status, click Task Details.

Uninstall AD Bridge

When you uninstall AD Bridge, you can also choose to leave the domain and delete the Active Directory account.

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. On the Primary Action page, select Active Directory Bridge.

  4. Select Uninstall.

  5. On the Action Requirements page, select one of the following:

    • Uninstall: Uninstall AD Bridge software from the host.
    • Leave and Uninstall: Remove the host from the domain and uninstall AD Bridge software.
    • Leave Domain, Delete Account, and Uninstall: Remove the host from the domain, delete the Active Directory account in Active Directory, and remove the AD Bridge software.
    • AD Credential: The credential to use to access Active Directory. The setting is required when you select Leave Domain, Delete Account, and Uninstall. This credential is added when you create the directory services connection.

  6. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  7. Review the Summary page, and then click Finish.

Manage EPM-UL hosts

ℹ️

Note

To access the hosts, a valid SSH credential with administrative rights on the host is required.

To manage Endpoint Privilege Management for Unix and Linux (EPM-UL) hosts:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Choose the action to perform, and then follow the procedures in this section.

Software is installed with default configuration values, unless RNS Primary and All Components is selected. If not detected during installation, the installer generates network and REST encryption keys. All future EPM-UL installations will use these keys. The keys can be managed on the Settings page.

Install the EPM-UL policy server

To install the EPM-UL Policy Server:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Select Endpoint Privilege Management for Unix and Linux, and then select Next Step.

  4. Select Install, and then click Next Step.

  5. On the Action Requirements page, select an installation template. The features enabled in the template affect the options available. The following list displays default templates.

    • All Components: All EPM-UL components will be installed except for RNS server.
    • License Server Only: Only the EPM-UL license server will be installed.
    • Policy and Log Server Only: All server components of EPM-UL will be installed except for RNS server.
    • Submit and Run Host Only: The client components of EPM-UL will be installed.
    • Primary Registry Server and All Components: All EPM-UL components will be installed including RNS server.

  6. After selecting a template, you can choose to use client registration. Note that some features selected in installation templates may require or disallow using client registration. To use client registration select a Client Registration Server, and then select a Client Registration Profile.

  7. If you choose not to use client registration, you can manually select multiple policy, log, and license servers if your Installation template allows it. If you are installing a new primary policy, log, or license server click the toggle switch to indicate that this host will become a new primary policy, log, or license server.

  8. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  9. Review the Summary page, and then click Finish.

  10. Review the Task page and verify the completed status of attempted actions under Task Summary.

  11. To view more information about Task Status, click Task Details.

Upgrade the EPM-UL policy server

To upgrade the Policy Server to the version loaded in the console:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Select Endpoint Privilege Management for Unix and Linux, and then click Next Step.

  4. Select Upgrade, and then click Next Step.

  5. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  6. Review the Summary page, and then click Finish.

  7. Review the Task page and verify the completed status of attempted actions under Task Summary.

  8. To view more information about Task Status, click Task Details.

Uninstall the EPM-UL policy server

To remove the Policy Server:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Select Endpoint Privilege Management for Unix and Linux, and then click Next Step.

  4. Select Uninstall, and then click Next Step.

  5. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  6. Review the Summary page, and then click Finish.

  7. Review the Task page and verify the completed status of attempted actions under Task Summary.

  8. To view more information about Task Status, click Task Details.

Configure SIEM for use with an Endpoint Privilege Management for Unix and Linux server

ℹ️

Note

To configure a SIEM connection, it must first be set up under Settings > SIEM Connection.

To configure SIEM for use with an EPM-UL server:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Select Endpoint Privilege Management for Unix and Linux, and then click Next Step.

  4. Select Configure a SIEM for use with one or more Endpoint Privilege Management for Unix and Linux servers, and then click Next Step.

  5. On the Action Requirements page, select a SIEM connection from the dropdown.

  6. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  7. Review the Summary page, and then click Finish.

  8. Review the Task page and verify the completed status of attempted actions under Task Summary.

  9. To view more information about Task Status, click Task Details.

Manage Solr

ℹ️

Note

As of version 23.1, Solr is deprecated. EPM-UL no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

Deploy keyfiles

The Deploy PMUL Network and REST encryption key files action uses the network and encryption keys configured on the Settings > Integration page.

To deploy keyfiles:

  1. Go to the Hosts > Host Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.

  3. Select Endpoint Privilege Management for Unix and Linux, and then select Next Step.

  4. Select Deploy PMUL Network and REST encryption key files, and then click Next Step.

  5. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.

  6. Review the Summary page, and then click Finish.

  7. Review the Task page and verify the completed status of attempted actions under Task Summary.

  8. To view more information about Task Status, click Task Details.

Delete hosts

The Delete Host action removes the selected host from the console database. No action is taken on the host nor on any credentials the console may have stored for it.

To delete a host:

  1. Go to the Hosts > Hosts Inventory page.
  2. Select the host you want to delete:
    • Single host: Select the host, and then at the far right, click the ellipsis menu icon and select Delete Hosts.
    • Multiple hosts: For all hosts you want to delete, check the boxes on the left of the hostnames. From the Actions menu, select Delete Hosts.
  3. To confirm, click Delete.

View host details

You can view more information about host servers including errors and warnings for particular products deployed.

On the Host Details panel, you can manage the following settings:

  • Configure the Endpoint Privilege Management for Unix and Linux (EPM-UL) Rest API Time Correction, which is the acceptable time offset between BeyondInsight for Unix & Linux (BIUL) and the EPM-UL host in seconds.

To view more information about a host:

  1. On the Hosts > Host Inventory page, select a server, and then at the far right, click the ellipsis menu icon and then select View Host Details. At the top, general host details are displayed, including:
    • Discovered
    • Last Profiled
    • IP
    • Operating System
    • Architecture
    • Default Gateway
    • Tags
  2. Select an entry in the Host Details panel to view details about the host collected by BIUL. Details on errors and warnings are included here, if any.

REST API connectivity

BIUL automatically configures a REST connection to EPM-UL Policy Servers.

Note the following when using the REST API:

  • REST API connections can only be made to a Policy Server with EPM-UL v 9.4 or later.
  • REST connectivity does not open any firewall ports. This must be done by the user.
  • By default, EPM-UL uses self-signed certificates. BIUL does not verify a certificate authority.

To assist in sourcing errors and troubleshooting connections, a task displays on the Tasks page. Additional troubleshooting information may be available on the Host Details page.

Tag a discovered host

Tags are user-defined values that can be assigned to hosts to aid in filtering the discovered hosts in the Hosts Inventory grid. Tags are freely entered and as such allow the user to navigate to and manage hosts quickly.

Example

You can create a tag for all hosts in a group such as Log Servers. Assign that tag to the log servers in your environment. Tags can then be used for filtering throughout the application. To find the log servers in the Hosts Inventory grid, simply filter by the Log Servers tag.

Create a new tag

To create a new tag for a discovered host:

  1. Go to Hosts > Hosts Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select View Host Details.

  3. Under General Details, type the desired tag name in the Add tags field, and press Enter.

Assign tags to hosts

To assign an existing tag to a discovered host:

  1. Go to Hosts > Hosts Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select View Host Details.

  3. Under General Details, click the Add tags field and enter the tag name or scroll until you find the desired tag.

  4. Select the tag to apply it to the host.

Filter hosts by tags

To filter discovered hosts by a specific tag:

  1. Go to Hosts > Hosts Inventory page.
  2. Click the Tags dropdown menu at the top of the Host Inventory grid.
  3. Enter the tag name in the Search Term field and click Update to filter the results.

Delete an existing tag

To delete an existing tag on a discovered host:

  1. Go to Hosts > Hosts Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select View Host Details.

  3. Under General Details, click the Add tags field, and scroll till you find the desired tag.

  4. Click the X that appears beside the tag name to delete it from the list.

Set up policy caching

A cached policy can be used when the client is offline and cannot connect to the policy server. Setting up policy caching is optional.

The following must be in place to activate policy caching:

  • The policy server must allow caching of policy by clients. Set this option during the policy server installation or set allowcaching in the pb.settings file after installation.
  • The client must enable caching of policy from the server. Set this option during the installation of the client.

Policy caching can be configured during policy server or client installations, if the installation template used:

  • Includes installation of a policy server. Set the Allow Caching option.
  • Includes installation of a submit host and run host, and the installation uses client registration. Set the Enable caching option.

Policy caching is not supported on license server installs.

Since one applies to policy servers and one applies to policy clients, an EPM-UL host would not typically have both Allow Caching and Enable caching set.

To view the status of policy caching:

  1. Go to Hosts > Hosts Inventory page.

  2. Select a host, and then at the far right, click the ellipsis menu icon and select View Host Details.

  3. Under Endpoint Privilege Management for Unix and Linux, scroll to the Configuration section, and verify the values for Policy Caching Allowed? and Policy Caching enabled?

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.