Lightspeed Smart Agent Deployment (macOS v2.3.1+ using Certificate Manager)
Description
Need to deploy the latest version of Lightspeed Smart Agent version 2.3.1 along with your configurations. FileWave has got you covered in this step-by-step guide to creating the required Filesets to deploy to your macOS devices. Be sure that you have access to your administrative account in Lightspeed Filter app.
This KB article involves using the new Lightspeed Certificate Manager method. If using the version below v2.3.1 please review KB article here: Lightspeed Smart Agent Deployment (macOS 2023)
The new method involves using LightSpeed Certificate Manager. Certificate Manager leverages a cloud-based system to generate and monitor certificates and expiration, automatically pushing new certificate files to devices in the background (without disruption!) to ensure they always are current. In addition, Lightspeed is also leveraging root certificates for the trusting process, meaning that instead of repeatedly needing to re-trust the certificates every time they update - you now only need to trust the first time.
Note: You must use the MacOS Filter Agent 2.3.1+ to use Certificate Manager
Ingredients
-
FileWave Central
-
Lightspeed Relay Filter Agent PKG installer (version 2.3.1)
-
Lightspeed Root Certificate
- Supplied Fileset and Profile
Web Content Filter - InThe creatingprofile ashould Webnot Contentbe edited once uploaded. A bug (FW-12629) exists which prevents the Filter withinOrder FileWavebeing Centralset. itThe changesprovided profile has this preset, but editing the UDIDFileset andwill isundo unsuccessfulthis inkey/value deployment. The issue can be resolved by re-creating the Web Content Filter in FileWave Anywhere as a workaround. The issue should be resolved in the next release. See Known Issuespair.
Download Lightspeed Relay Filter Agent for macOS
-
Login to your Lightspeed Filter account
-
Navigate to Settings > Software
-
Choose Lightspeed Filter
-
Select the Mac tab
-
Select the version of the Relay Filter Agent by clicking on the download icon
-
Place the downloaded Relay Filter Agent PKG into your Downloads Folder
-
Generating the Certificate using Certificate Manager
Lightspeed has noted the importance of order of operations; until you have downloaded and trusted the certificate AND installed the agent on your devices, then you may proceed to complete the two Acknowledgement boxes in the macOS Certificate Confirmation step.
Filesets
Fileset Group
Create a Fileset Group to hold the Filesets to be included. At the end it will look something like the below image.
Configuration ProfileProfiles
Network Settings
The provided profile contains 2 payloads: System Extension and Web Content Filter.
-
intoOpenDownload the above payload and drag it into the FileWave CentralorFilesetFileWaveview,Anywherethe - above
Navigate to Filesets > Select New Desktopcreated Fileset> Click on Profile Enter the name of the Profile: General > Name: Lightspeed Agent ProfileGroup.
Web
- This entire profile should not be edited once uploaded. A bug (FW-12629) exists which prevents the Filter Order being set. The provided profile has this preset, but editing the Fileset will undo this key/value pair.ImportContent RootFilter
Certificate from Lightspeed Certificate ManagerPayload
- Create a new Profile within the Fileset Group folder
- Select Certificates
payloadandtoConfigure - Upload
yourtheLightspeedaboveRootgeneratedTrustedcertificateCertificate.into this Profile
Configure
Lightspeed Agent Installer
The provided Fileset includes a script to instal the Systemabove Extensiondownloaded PayloadPKG
ConfigureEdit the Web Content Filter Payload
The completedname configuration profile will have three payloads; these include: Certificates, System Extension Policy and Web Content Filter
Import the Relay Filter Agent PKG into FileWave
Navigate to Filesets > Create New Desktop Fileset > Select MSI / PKGNavigate to your downloaded and select the Relay Filter Agent (version 2.3.1) to upload into the FilesetPlease wait a few moments forof the PKGinstalleristoimportant.uploadTheintoinstallationyourscriptFileWaveisserverexpecting a file called SmartAgent.pkg. Rename if required.
The
After successfully uploading, highlight the Fileset > Select PropertiesUnder the Requirements tab, check the box Platform and check macOS only, then under System Version and checkboxes only for macOS 12.x and 13.x
Click OK to save
Note: If all of your devices are not on macOS 12 or greater, you will want to set the Requirements for the Fileset for macOS 12 and above
Editing the Relay Filter Agent PKG Fileset with Requirement Script
Highlight the newly created Fileset with your Smart Agent PKGClick on Script in the menu to open Script dialogue windowHighlightRequirement Scriptsand click on the Create button
Label script, check_LS.check_for_profile.shCopy and paste the entire check profilescriptbelow:#!/bin/zsh found_profile="" while [ $# -gt 0 ] do found_profile=$(profiles list all | awk -v search=$1 '$0 ~ search {print $NF}') if [ ! -z $found_profile ] then echo "Found installed profile: $found_profile" exit 0 else echo "Did not find $1" fi shift done exit 1Click OK to saveensures thescriptHighlight the check_LS.sh and right-click to selectProperties
Select the Executable tab, under theLaunch Argumentstab, click on the + button to add your Lightspeed Agent Profile’s Identifier (found by double-clicking on your Lightspeed Agent Profile)
Click OK to Apply to save changesClose out Properties of the Requirement ScriptClick OK to save changes to Smart Agent PKG Fileset
Note: This Requirement scripts verifies that the Lightspeed Agent Profile is installed successfully BEFORE runningbefore the installationPKG. This script relies upon the Profile ID of Lightspeed.
the supplied Profile.
Assignment
When all completed,Assign the Fileset contents will include your Relay Filter Agent PKG, Lightspeed Profile and Requirement script.
Creating Fileset Group for your Lightspeed Filter Agent Filesets
Keeping your Filesets organized is good practice, especially if there are multiple Filesets for software deployment. You may create a New Fileset Group, label it Lightspeed Filter Agent (macOS 2024), and move all the Filesets you created into that Fileset Group. Then you may associate the Fileset Group labeled Lightspeed Filter Agent (macOS 2024) to your devices versus individual Filesets.
Once all the Filesets and Profile have been created, you may associate the Fileset Group labeled Lightspeed Filter Agent macOS 2024 to a few deviceseither as a test.Deployment Thisor isan Association with one or more test devices. Once satisfied, consider assigning to verifyall andrequired confirm that the filter is installed, and filtering properly based on your configurations. For best practice, always test a few devices before mass deployment.devices.
Once that you have installed the agent and trusted the root certificate on your devices, go back to your Lightspeed Account and navigate to Settings > Certificates. Check the two acknowledgement boxes and click Save.
Optional
The Fileset Script is designed to check for the presence of Profiles prior to installing the PKG. The provided Profile ID is already of consideration, however the newly generated Certificate Profile cannot be, since the ID cannot be known in advance. Since both Profiles should instal at the same time, it is arguably not required to be included in this consideration. However, for completeness, the Generated ID of the Certificate Profile could also be added.
Bundle ID
First, the Bundle ID of the newly created needs to be copied.
- Open the Certificate Profile
- Highlight the Bundle ID and choose to copy
Script Info
- Open the Lightspeed Agent Installer Fileset
- Select the 'check_for_profile.sh' and choose Get Info
- Select the Executable tab
- Add a Launch Argument and paste the copied Bundle ID
Related Content
Needing to deploy Lightspeed for iOS devices? Review the KB article here: Lightspeed Smart Filter Deployment (iOS 2023).
Needing to deploy Lightspeed for non-Certificate Manager? Review the KB article here: Lightspeed Smart Filter Deployment (macOS 2023)