About Agent-To-Agent Communication - Dell SonicWALL Administration Manual

2 SonicWALL PRO and TZ 190/180 series appliances to achieve Single Sign-On integration with Active
Directory.
The Dell SonicWALL appliance can use Active Directory or Novell eDirectory to authenticate users and determine
the filtering policies to assign to each user or user group. The SSO Agent identifies users by IP address and
automatically determines when a user has logged out to prevent unauthorized access.
Along with the username information, the SSO Agent sends the following information to the appliance:
• The domain controller on which information about logged in users is found.
• The User Detection mechanism used by the agent to find logged in users.
NOTE: It is normal for the system running Dell SonicWALL Directory Services Connector to have high CPU
activity for the first few hours after installation, while the software creates a database of the user
network.
Dell SonicWALL Directory Services Connector runs as a 32-bit application. This improves the performance of 64-
bit agent machines, especially in cases where the agent is set to use NETAPI or WMI as the query source.
Upon identifying a logged in user or finding updated user information, the SSO Agent sends login notifications to
the appliance in the following cases:
• If the query source is set to DC security log, the agent sends a notification with the User IP Address, User
Name and Login Session ID, User ID Mechanisms, domain controller IP Address, and Login Time.
• If using NETAPI or WMI, the agent sends a login notification only if an In_Progress status was
previously sent for the same IP address. The agent does not send a notification for an updated user, but
only updates its internal cache with the updated user information, if caching is enabled. When the
appliance sends a multi-user request to the SSO Agent and includes an Operation Timeout value, the
agent divides the time by the number of IP addresses present in the request. If the query times out, it is
aborted and an Operation_Time_Out status is included in the agent's reply to the appliance.
The Dell SonicWALL SSO Agent is not supported in a Citrix or Terminal Services Environment. In these
environments, you can use the Dell SonicWALL Terminal Services Agent (TSA) to communicate with Dell
SonicWALL SSO. The TSA is not included as part of this release. For more information about the TSA, see the
latest Terminal Services Agent Release Notes, the latest SonicOS Administration Guide and the SonicOS
Enhanced Single Sign-On Feature Module, available on https://support.software.dell.com.

About Agent-to-Agent communication

When multiple SSO Agents are configured in Directory Services Connector, these Agents can communicate with
each other to share information. This allows a global user database to be shared among all SSO Agents. This
feature is also called Agent Synchronization.
The Allow Agent synchronization option is available when a DC Security Log method is selected for Query
Source.
The benefits of Agent-to-Agent communication include:
• Shared User-detection Times — User detection information is shared among more than one Domain
Controller (DC). For example, when agent1 fetches logs from DC1 and DC2, and agent2 fetches logs from
DC3 and DC4, both agents can update each other when new users have been added. Even when user1 is
logged on to DC3 or DC4, the Dell SonicWALL network security appliance is able to retrieve information
from agent1. Both agents share user-identification times along with each add/update notification, which
helps to identify recently logged-in users.
• Decreased Redundancy — When Query Source is set to DC Security Log and no fallback query method is
configured, new and identified users logging in to that DC could be missed if that agent were to fail.
Agent-to-Agent communication takes over for the failed agent, preserving currently-identified users and
logs. It then begins fetching logs from the DC on the failed agent's behalf; ensuring that agents are
always correctly reporting usernames.
• Smart NetAPI/WMI Scanners — When one agent is overloaded with requests while other agents are
comparatively free, polling requests can be transferred to one of the free agents.
Dell SonicWALL Directory Services Connector 3.7
Administration Guide
7