Protect Cloud Overview - FAQ

Version 6


    The Protect Cloud synchronization feature enables your agents to check in and receive policy updates from the cloud. This allows you to manage agents on machines that are not able to communicate directly with the console. This feature also provides you with the ability to install a Shavlik Protect Agent using the cloud.

    Agents that are configured to use Protect Cloud will have two check-in options: they can continue to check in with the Shavlik Protect console, but they will also be capable of checking in and receiving policy updates via the cloud. This is particularly useful for disconnected agent machines that are away from the corporate network and unable to contact the console for updates. As long as an agent machine has Internet access, it will be able to send results and get updates using the cloud.

    The following diagram illustrates the two agent check-in options:




    1) How does the cloud work?

    The console makes changes to agent policies and syncs to the Protect Cloud server. The  Protect Cloud server is where Protect Cloud agents check in since they can't talk to the console. All patches that are needed are downloaded straight from the vendor's website.


    2) How does a traveling worker get updates?

    The cloud agent on the traveling worker's machine will first try to establish communication with the Protect Console in the domain even if its VPN. If that communication is not established, it will next try to connect to the Protect Cloud server and look for any updates to the policy. If there are updates, the policy change will be made to the Protect Cloud agent and if there are new patches they are downloaded straight from the vendor.


    3) Is any activity from the Protect Cloud agent sent back to the console for reporting?

    Yes, results will be sent back to the main Shavlik Protect Console, however it will take longer for those results to show up since there are more steps with the sync.


    4) Will installing the Protect Cloud agent on a target machine take up another license seat?

    No, since the machine was already used as a target machine either by being doing an agentless scan or if there was already an agent installed, it won't take up another license seat.


    5) Does it cost more to use Protect Cloud?

    No, this service does not cost any extra even if you are using Shavlik Protect Standard or Shavlik Protect Advanced. All you have to do is register your account by going into the Shavlik Protect Console and clicking on Tools > Operations > Protext Sync Cloud > Create a Protect Cloud account.


    6) Can you initiate a scan from the console to the target machine through Protect Cloud?

    No, you can only make changes to the Agent Policy and schedule the scan through that policy. The Protect Cloud agent is treated just like an agent on a target machine connected to the Protect Console and has all the same properties, except that instead of directly communicating to the Protect Console, it is instead communicating with the Protect Cloud server.


    You can allow a user to initiate a task on their own. For more instructions on how to do this, please see the following article: Initiating a Task with an Off-Network Protect Cloud Agent


    7) Is all the traffic encrypted between Console to Cloud and Cloud to Agent?

    Yes, the Console and Agent talk to the Cloud so neither has to open an inbound port.  The Protect Cloud acts as the proxy between the two.  Communication between console\cloud and agent\cloud is HTTPS web service calls using a token to provide mutual authentication.  All policy and result data is encrypted so only the console and the agent can decrypt.  The Cloud cannot decrypt your data only ensure delivery to authorized agents\console.  All data is encrypted in transit and at rest.  Results are picked up every 15 minutes so there is only a small windows of the results data being at rest before the console picks it up.


    8) How often does the Shavlik Protect Console synchronize with  Protect Cloud servers?

    Every 15 minutes. This can be manually updated if the user needs a full sync by going into the Shavlik Protect Console and clicking on Tools > Operations > Protect Sync Cloud > Force full update now button.


    9) Can I uninstall Protect Cloud agent but keep the Shavlik Protect agent still on the target machine without having to completely uninstall and reinstall the agent?

    Yes, just go to the Shavlik Protect Console and change the Policy to not sync with Protect Cloud and update the policy on the target machine.


    Affected Product(s)


    Shavlik Protect 9.x