- Determine your initial agent rollout plan. Although you will deploy Host Intrusion Prevention agents to every host (servers and desktops) in your company, we recommend that you start by installing agents on a limited number of representative systems and tuning their configuration. After you have fine-tuned the deployment, you can then deploy more agents and leverage the policies, exceptions, and client rules created in the initial rollout.
- Establish a naming convention for your agents. Agents are identified by name in the console tree, in certain reports, and in event data generated by activity on the agent. Agents can take the names of the hosts on which they are installed, or you can assign a specific agent name during installation. We recommend establishing a naming convention for agents that is easy to interpret by anyone working with the Host Intrusion Prevention deployment.
- Install the agents. Agents are installed with a default set of IPS, firewall, application blocking, and general rule policies. New policies with updated rules can later be pushed from the server.
- Group the agents logically. Agents can be grouped according to any criteria that fits in the console tree hierarchy. For example, you might group agents according to their geographic location, corporate function, or the characteristics of the system.