Deploying the Harmony SASE Agent
You can deploy the Harmony SASE Agent manually or using a Mobile Device Management (MDM) provider.
Deploying the Agent Manually
To deploy the agent manually:
-
The system sends an email to members with a link to accept the invite and download the Harmony SASE Agent. The invitation is valid for 30 days. If the invitation expires, you must resend the invitation.
-
Download the agent and distribute it manually, for example, through email.
-
Copy the agent download link and share it manually, for example, through email.
Deploying the Agent Using an MDM Application
You can deploy the agent using any of these popular Mobile Device Management (MDM) applications:
-
ManageEngine
-
Microsoft System Center Configuration Manager (SCCM)
Transparent Internet Access Installation
|
Note - Applies to Harmony SASE Agent version 11.5 and higher. |
The Transparent Internet Access enforces internet security immediately upon agent installation, without requiring any end-user interaction.
The remote installation process bypasses both device and member registration while ensuring that users receive the latest security policies, even if they have not signed in to the agent.
You can generate a unique installation key from the platform download page. This key is visible only to Admin users. Once generated, the key validity cannot be modified.
|
Note - Private Access remains restricted until the user authenticates and registers on the platform. |
Seamless Internet Access installation requires sending a combination of three command line parameters during the agent installation process:
-
REGION
-
INSTALLATION_KEY
-
USER_EMAIL
Common Commands
Operating System |
Windows (.msi installation flags for versions 11.0 and above): |
Windows (.msi installation flags for legacy versions (up to 11.0): |
macOS |
Linux (installation flags): |
---|---|---|---|---|
Command for |
||||
Silent Installation | msiexec /quiet /i Harmony_SASE_x.x.x.xxx.msi
To know the installation status after the silent installation, run:
|
msiexec /quiet /i Perimeter81_x.x.x.xxx.msi
To know the installation status after the silent installation, run:
|
To change the agent permissions after the installation, run:
|
|
Pre-populating the tenant or workspace name | msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"
|
msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"
|
$ sudo defaults write com.perimeter81d workspace workspace_name
To remove pre-populated workspace/tenant name, run:
This is supported only with agent version 8.0.4.116 and higher. |
To pre-populae the workspace name, run:
Replace " |
Pre-populating the data residency region | msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet REGION="EU or US"
For |
msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet REGION="EU or US"
For |
$ sudo defaults write com.perimeter81d region "EU or US"
For |
|
Pre-populating the tenant or workspace name and data residency region | msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"
For |
msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"
For |
To pre-populating the tenant or workspace name, run:
To pre-populating the data residency region, run:
For |
|
Transparent user registration, using tenant installation and user installation (applies for version 11.5 and above) |
|
|
|
|
Transparent user registration, using tenant installation and user installation (applies for version 11.3 and higher) |
|
|
|
|
Uninstallation |
|
|
Run the uninstall script. |
|