AAPM Agent Installation in Windows Environments

the agent files found in the kron repository are uploaded to the windows environment where the agent will run, and the kron aapm agent exe is executed to perform the agent installation additionally, sdk files are included in the repository these sdk files do not need to run in the same environment as the agent further details will be provided under the section docid\ gv3v0xzkxuo4mtswmkjkp when running the executable installation file, a package installation popup appears in the popup, the agent , sdk , and tool packages are selected, and then the kron pam ip address , registration key , and grpc port are configured to complete the installation after installation, the status of the agent service can be checked by running s ervices msc in the search field to verify the kron aapm agent service is running logs related to the agent can be checked under the kron aapm agent out log file in the directory where the agent is installed in case of a service restart or agent cache status changes, logs are recorded with a timestamp windows aapm agent installation silent installation overview the silent installation process is automated through a setup script that manages all necessary steps this script includes install jar – the main installation package that performs the deployment silent install properties – a configuration file that defines the installation parameters silent installation properties file the silent install properties file contains key configuration parameters that must be customized before running the installation script the parameters and description information in the configuration file are provided in the table below parameter description install path target directory where the agent will be installed (default installation path is " /opt/kronpam/") sc primaryip ip address of kron pam's primary node sc secondaryip ip address of kron pam's secondary node sc initialtoken registration token required during the initial installation sc agentname name assigned to the aapm agent instance sc ssl ignored ignores kron pam ssl certificate errors (true/false) sc hostname ignored ignores hostname verification of the kron pam environment sc verified hostname enforces hostname verification of the kron pam security enabled enables aapm agent certificate validation security cert ca signed or self signed certificate's path ( jks) ("kron agent" user must have access to the file and must have read permission) security password ca signed or self signed certificate's keystore password grpc port loc grpc p ort number to be used for communication between the agent and sdks agent includes aapm agent installation (default value=1) sdk includes kron pam aapm sdks to installation silent install to perform a silent installation, place both the install jar file and the silent install properties file in the same directory before proceeding, verify that all required installation parameters are correctly specified within the silent install properties file once configured, execute the install jar file to initiate the installation process linux agent silent install java jar install jar console defaults file silent install properties auto the install aapm agent sh script automatically creates the necessary service definitions configures agent user and permissions starts the aapm agent service upon successful installation aapm agent application properties the parameters in the application properties file located in the aapm agent installation folder can be changed after installation if needed changing these parameters requires a restart parameter name description grpc port grpc p ort number to be used for communication between the agent and sdks singleconnect address ip address/hostname of kron pam's primary node singleconnect failoveraddress ip address/hostname of kron pam's secondary node singleconnect agentname name assigned to the aapm agent instance singleconnect ssl ignored parameter to be used to ignore certificate validation errors singleconnect hostname ignored parameter to be used to ignore certificate hostname validation errors singleconnect installtoken registration token required during the re registration app grpc security protocols ssl version to be used (comma seperated e g tlsv1 2,tlsv1 3) app grpc security ciphers ssl ciphers to be used (comma seperated e g tls ecdhe rsa with aes 256 gcm sha384,tls ecdhe rsa with aes 128 gcm sha256) app grpc security enabled enables grpc over ssl app grpc security dist cert chain ca signed or self signed certificate's path ( jks) ("kron agent" user must have access to the file and must have read permission) app grpc security keystore password ca signed or self signed certificate's keystore password aapm agent cache parameters the parameters related to the aapm agent cache can be configured in the application properties file after installation password statuscheck period regular defines how frequently the aapm agent verifies the password statuses of cached accounts by querying kron pam password statuscheck period intensive specifies an accelerated polling interval used to verify the password status of cached accounts against kron pam as the password nears its expiration date, the system increases the frequency of status checks to ensure timely detection and synchronization password statuscheck period bufferinseconds defines an additional buffer interval applied during password rotation for cached accounts the buffer duration is determined by the execution status of the password change job in kron pam, ensuring sufficient time for successful completion and synchronization before subsequent actions are triggered password statuscheck period graceinminutes this parameter refers to the extended cache time that takes effect when the aapm agent cannot reach either of the redundant kron pam addresses when the kron pam servers cannot be reached, the password is stored in the aapm agent's cache for this extended cache time if the password request time exceeds this period, this parameter is discarded for that password