Did you know that when you’re initially deploying EPM-W or EPM-M, you can simply deploy Package Manager and it will handle installing the other Privilege Management components (Client and Console Adapter) for you?
The configuration for Package Manager is set at the Computer Group level, so the computer does not need to be listed in the PM Console first. During the installation of Package Manager, we specify which Computer Group we want the endpoint to reside within the install string. In other words, if Package Manager is installed first, it will list the computer in the PM Console immediately after install, so there is no need for the Console Adapter installed first as long as Package Manager is present on the endpoint. The endpoint should show up in the console after Package Manager checks in, and the Computer will show "Awaiting Updates" until the EPM Client and Console Adapter are fully installed.
With this in mind, we recommend using Package Manager for handling the installation for clients and adapters as this can help eliminate manual deployment efforts.
What is Package Manager and how does it work?
The PM Cloud Package Manager is a piece of software which runs as a service on the endpoint. The Package Manager Service communicates with your PM Cloud instance similar to your Console Adapter. Its primary purpose is to scan for available installs and upgrades for your Client and Adapter, and then facilitates the installation of those components throughout your estate.
Can Package Manager handle rollbacks or downgrades?
Currently this functionality is not available, Package Manager only handles installations and upgrades. That being said, our development team is working hard to add this to Package Manager! Stay tuned.
Is a reboot required after installing Package Manager?
Rebooting is not typically needed when installing Package Manager, however it is worth noting that a reboot might be necessary if the components managed by Package Manager require it (e.g. an install of the EPM client may require a reboot depending on the state of the OS, or a net-new install may need a reboot to ensure the product is hooking into all processes at start up).
How long do I need to wait after deploying Package Manager for the client and adapter installs/upgrades to happen?
Once the Package Manager service is initiated, it will begin scanning for available updates within 3 minutes. After this initial scan, it will continue to scan for updates every 2 hours. In cases where you need to expedite the check-in process, for example if you don't want to wait for the next 2 hour window, you can simply bounce the Package Manager service. Once it starts back up, it will scan within 3 minutes.
If I already have EPM clients deployed, will Package Manager work?
Yes, Package Manager will work for existing installs. However, if installed, the Package Manager version will not show up in your PM Cloud Console unless the Console Adapter is on version 23.5+ for EPM-W, and 24.3+ on EPM-M. Before that version, the Console Adapter will be unaware of Package Manager's existence.
Where are the Package Manager logs located?
C:\ProgramData\Avecto\IC3 Adapter\Logs
Notable Package Manager documentation:
- Package Manager (Admin Guide) - (beyondtrust.com)
- Add URLs to allowlist - (beyondtrust.com)
- Endpoint Privilege Management Adapter Reset tool and Package Manager utility - (service-now.com)
- Port, IP, SSL, and Domain requirements for Endpoint Privilege Management Cloud - (service-now.com)
- Conflicts with anti-virus/endpoint products for Endpoint Privilege Management (service-now.com)