Responder for Golden Images

AIR supports Golden Image deployments for environments where the same operating system image is used to generate new machines with a Responder already installed. Because AIR uses the hostname of each machine as a unique identifier, you cannot clone an image that already has a registered Responder without following the Golden Image workflow described below.

Caution

Deployments Without Golden Image Parameters

If you are deploying AIR Responders in environments where systems are replicated using Golden Image, VDI, Master Image, VM Templates, or Image Cloning technologies, you must follow the steps in this article before continuing with your deployment.

If you do not apply the Golden Image workflow and proceed with standard installation, all cloned machines will share the same EndpointID and ResponderId. As a result, even if you create N clones, the AIR Console will display only a single Asset record. You will also observe continuous hostname changes on that Asset as each cloned machine connects to the console.

This behavior creates unnecessary load on the system and prevents proper asset management — instead of managing N individual Assets, you will only be able to manage the most recently connected clone.

The Golden Image workflow consists of two steps:

1. Before imaging — run --prepare-golden-image to clean registration-related configuration, stop the Responder service, and prepare the system for imaging.
2. After deployment — run --init-golden-image on each cloned instance before it connects to the AIR Console, so that a unique identity is generated for the new machine.

—prepare-golden-image

The user must use this flag before creating a golden image.

Windows:

"C:\Program Files (x86)\Binalyze\AIR\agent\AIR.exe" configure --prepare-golden-image

Linux/macOS:

/opt/binalyze/air/agent/air configure --prepare-golden-image

This flag does the following:

• Stops the service.
• Disables the service.
• Cleans the RegisteredTo, SecurityToken, ResponderID and EndpointID fields in the config.yml.
• Uninstalls the watchdog (if tamper detection was enabled)

—init-golden-image

The init command should be run after the hostname has been changed.

Windows:

"C:\Program Files (x86)\Binalyze\AIR\agent\AIR.exe" configure --init-golden-image --deployment-token 769aca0ff45a433a --console-address air-qa.binalyze.com --organization-id 0

Linux/macOS:

/opt/binalyze/air/agent/air configure --init-golden-image --deployment-token 769aca0ff45a433a --console-address air-qa.binalyze.com --organization-id 0

Note: The use of --deployment-token is required. Because the deployment token is clean after the registration of the AIR Responder. The use of --console-address and --organization-id is optional. They are used to overwrite the console address and organization id which are already set in the configuration file at the first installation before the image was taken.

This flag does the following:

• Generates the ResponderID for the asset.
• Updates the DeploymentToken, ConsoleAddress, and OrganizationID values entered as a command in the config.yml.
• Starts the service.
• Enables the service.
• Watchdog is installed automatically after registration if it is enabled by AIR Console.

Troubleshooting

Exit code other than 0 (zero) means an error occurred while executing commands. The terminal will print the error messages, and also log file will contain the error messages.

If something goes wrong first option is to re-run the same command.

If a re-run of the command doesn’t succeed, the user should perform the same steps manually.