Supported OSes and prerequisites
The following is the list of OS families and OSes on which Xshield agents can be deployed and the prerequisites to deploy the agents.
Supported workload OSes
Xshield agents for workloads ( Agent type = Microsegmentation) are available for AIX, CentOS, macOS, RHEL, SUSE, Ubuntu, and Windows OS families.
| OS family |
Supported versions |
|---|---|
| AIX | 7.1 |
| CentOS | 6.7, 6.8, 6.9, 6.10, 7.2, 7.3, 7.6 |
| macOS | 10.10, 10.11, 10.12, 10.13, 10.14, 10.15 |
| RHEL | 6.7, 6.8, 7.1, 7.2, 7.3, 7.4 |
| SUSE | 12, 12 SP2, 12 SP3, 12 SP4 |
| Ubuntu | 12.04, 14.04, 16.04, 18.04 |
| Windows 32-bit | XP SP3, 7, 2003 SP2, 2003 R2, 2008 SP1, 2008 SP2, 2008 R2 |
| Windows 64-bit | 2003 SP2, 2003 R2, 2008 SP1, 2008 SP2, 2008 R2, 2012, 2012 R2, 2016, 2019 Standard, 2019 Datacenter, Windows 7 Embedded Standard, 10 Pro, 10 Home, 11 |
Supported user OSes
Xshield agents for endpoints or user assets ( Agent type = User Access) are available for CentOS, macOS, RHEL, SUSE, Ubuntu, and Windows OS families.
| OS family |
Supported versions |
|---|---|
| macOS | 10.10, 10.11, 10.12, 10.13, 10.14, 10.15 |
| Windows 64-bit | 7, 8, 8.1, 10, 10 Pro, 10 Home, 11 |
Agents are available for download on the Settings > Agents & Downloads > Agent Download page.
Prerequisites
To install the agents on the hosts, the hosts must meet some prerequisites.
Otherwise, you'll run into issues when you install and/or use the agent!
-
Administrative privileges – the user who is installing the agent must have administrative privileges on the asset.
-
Windows PowerShell version – the minimum version of the Windows PowerShell required to install the agent on a Windows asset from its CLI is 3.1.
-
Uninterrupted connectivity to the DNS servers – the Xshield agent must resolve the domain name of Xshield to establish connectivity with Xshield. This requires uninterrupted connectivity to the DNS servers.
-
Outbound HTTPS connectivity on port 443 from the asset and Xshield – the Xshield agent communicates with Xshield to enroll the asset, receive policy updates from Xshield, and send telemetry data to Xshield. The agent uses HTTPS port 443 to make outbound connections to Xshield.
-
No interference from existing Endpoint Security solutions – Endpoint Security solutions previously installed on an asset can sometimes prevent you from installing the agent and/or hinder the agent processes from running satisfactorily. We recommend that you check the asset for such solutions and add exceptions to allow the Xshield agent to work seamlessly.
Windows GPO or third-party Endpoint Security solutions that use the asset’s native firewall must be disabled. This is needed to ensure that the asset is fully available to Xshield for policy simulation in the Observe mode and enforce policies in the Enforce mode.
-
Bash shell on AIX assets – AIX assets come with and use ksh as the default shell. Xshield agent installation and decommissioning, and log collection require the bash shell. So, you must install bash on the AIX assets.
If you are unable to install the Xshield agent or the Xshield agent processes do not run, despite meeting all the prerequisites, please email us at customer.support@colortokens.com.