Attributes play a key role in how devices are tracked and managed. They provide detailed information about a device’s hardware and software, allow administrators to configure devices remotely, and help in organizing devices for management tasks. Attributes also facilitate auditing and device updates by ensuring that you are viewing an up-to-date snapshot of each device’s status and configuration in Device Trust Manager.
Device Trust Manager supports the following attribute types:
The following table summarizes the key characteristics of each attribute type:
Attribute type | Definition | Used in certificate management policy | Value handling |
---|---|---|---|
Inventory attributes | Default device properties collected by TrustEdge agent. | Yes | Reported by the agent; can be overridden using |
Identity attributes | Selected inventory attributes used to uniquely identify a device. | Yes | Cannot be changed after the registration of the device. Also, does not change during the entire lifetime of a device. |
Custom inventory attributes | User-defined attributes beyond the default inventory list. | Yes | Defined and managed using |
Desired attributes | Key/value pairs defined in Device Trust Manager and delivered to devices for configuration purposes. | No | Defined in Device Trust Manager; delivered to devices when they connect to the Rendezvous service. |
Inventory attributes are default properties automatically collected by TrustEdge agent on the device. These attributes provide information about the hardware and software configuration of a device. TrustEdge agent periodically collects and reports these attributes to Device Trust Manager, overriding any existing values.
Common inventory attributes include:
MAC address
Serial number
Hardware model
Location
Operating system
Operating system version
IP address
CPU ID
Suggerimento
You can override the reported values by editing the attributes.json
file located at /etc/digicert/conf/
on the device.
Identity attributes are specific inventory attributes designated to uniquely identify a device within your fleet. By default, the MAC address is used, but you can change this to other attributes like IP address or CPU ID. A device's identity attribute must be unique across your fleet to ensure reliable device identification and management.
If a single attribute is not sufficient to ensure uniqueness—perhaps due to devices sharing similar hardware—you can combine up to three attributes to form a composite identity. This composite identity must be unique across your entire fleet to prevent identification conflicts and maintain consistent device recognition. For example, you could combine MAC address + IP address + CPU ID to create a unique identity attribute.
Importante
Device identity attributes do not change over the lifetime of a device. This ensures consistent device recognition even after hardware changes, such as replacing a network interface card.
Custom inventory attributes allow you to define additional properties beyond the default inventory attributes. By configuring the TrustEdge file located at /etc/digicert/conf/attributes.json
on the device, you can specify custom keys and variable values. These values can be dynamically obtained through environment variables or custom scripts. TrustEdge periodically discovers and reports these custom attributes to Device Trust Manager.
Desired attributes are key/value pairs defined in Device Trust Manager and delivered to devices to provide additional configuration information.
Defined at the device group level, all devices within a device group receive these attributes when TrustEdge agent connects to Device Trust Manager Rendezvous Service (RZ). Desired attributes are useful for distributing settings like URL endpoints or operational parameters.
The combination of inventory attributes, desired attributes, and any deployed artifacts forms the device's cyber twin. This digital representation enables comprehensive device management and operational efficiency.
Attributes play a role in certificate management policies. Inventory, identity, and custom inventory attributes can be embedded into certificates, aiding in secure device authentication and communication.
Ensure uniqueness of identity attributes: Select identity attributes that uniquely identify each device to prevent conflicts.
Maintain immutability: Avoid changing identity attributes after device registration to preserve consistent device identities.
Use custom attributes wisely: Use custom inventory attributes to capture additional device information relevant to your organization's needs.
Leverage desired attributes for group configurations: Use desired attributes to efficiently manage settings across device groups.