Hi all,
Since I dont need improvements that the new agent controller component gives (push mode or TLS) I wonder if I can leave this service disabled in the agents.
Please, Can someone tell me if this component is mandatory for the correct operation of the agents?
BR
Hi @jorgejuan
You can use the agent without TLS. You cannot “disable
the service”, as far as I know, but you can use a rule, to
“ignore” the state of TLS registration. Search for “audit”
in Rule search. You could create a rule, similar
to this one:
Push mode is a “paid” feature, only available in the “Cloud” edition
anyway (and in “free”, albeit only for the restricted number of
hosts/services it allows).
HTH,
Thomas
Hello @openmindz,
Thank you for your reply. Yes, I know the rule you mentioned. My doubst are more focused in try to understand what exactly the agent-controller does. Since I did not register this component in the agent installation, It is really doing something? It is mandatory register the agent- controller when installing the agent for the correcto operation of the agent in every case or can I leave it unregistered and disabled if I dont need the featuers it offers?
BR
Hi @jorgejuan
On its own: It does nothing as far as I understand.
It is not mandatory to register your agent via TLS, but:
If you don’t “TLS-register” your agent, you simply don’t have
encrypted communication between the server and the agent.
You could still do it otherwise (e.g. via ssh), if you’d want to, but
the “current best practice” is to use TLS. We certainly do it, to
not have “discussions” with Security… 
In any case: For the time being, it’s basically your choice whether
you do or don’t register the agent via TLS.
If you want more “background”, what this part of the agent
is, and what it exactly does, please consult the official documentation.
Relevant section is: 2. Architecture of the agent (scroll down to the paragraph
referring to the Agent Controller).
HTH,
Thomas
