Overview

Endpoint agents execute validation on customer-controlled machines, physical workstations, VDI sessions, build agents, or isolated network segments. They enable desktop application testing, legacy system access, and scenarios where cloud runtime cannot reach target environments.

Each endpoint agent registers with the Zof control plane, maintains a heartbeat, advertises labels and capabilities, and receives jobs routed by organizational policy. Operators manage endpoint fleet health from Agent Console alongside cloud pools.

Endpoint deployments require coordination between QA platform teams, infrastructure, and security stakeholders to satisfy connectivity, credential, and host hardening requirements.

Who should read this

Enterprise QA platform teams, desktop application owners, and infrastructure engineers deploying validation on customer-controlled hosts.

Prerequisites

Security approval for endpoint agent software on target hosts
Outbound HTTPS connectivity from endpoint hosts to the Zof control plane
Admin Center role or delegated permission to register endpoint agents
Endpoint applications configured for desktop or restricted-network workloads

When to use this workflow

Onboarding new team members to Zof terminology and workflows
Authoring internal runbooks aligned with Console labels
Designing CI/CD or webhook integrations against documented behavior

Step-by-step procedure

Plan endpoint topology

Inventory hosts, VDI pools, or CI runners that will run endpoint agents.

Document network paths, proxy requirements, and certificate trust stores for each segment.

Assign environment and region labels consistent with your cloud agent naming conventions.

Prepare host environments

Apply organizational host hardening baselines before agent installation.

Configure outbound firewall rules permitting control-plane communication over HTTPS.

Install required runtime dependencies for desktop or hybrid application validation.

Install and register endpoint agents

Deploy the endpoint agent package using your standard software distribution tooling.

Complete registration in Agent Console with organization credentials and assigned labels.

Verify heartbeat status transitions to online within expected telemetry intervals.

Configure endpoint applications

Create endpoint application records linking desktop or internal systems to registered agents.

Specify launch parameters, working directories, and authentication context for each application.

Validate with a minimal smoke case before assigning release-critical suites.

Test job routing and execution

Launch a targeted run referencing endpoint labels and capabilities.

Confirm job assignment in Agent Console executions view and monitor progress telemetry.

Review artifacts, screenshots, logs, traces, in the associated run detail page.

Operate and maintain the endpoint fleet

Include endpoint heartbeat checks in on-call and release readiness procedures.

Patch and rotate credentials on endpoint hosts according to security policy.

Decommission agents promptly when hosts are retired to prevent stale registrations.

Key concepts

Organization scope: All Zof Console and API operations are isolated to your authenticated tenant.
Governed execution: Agent output and remediation follow policy packs with human approval when configured.

Best practices

Restrict endpoint agent installation to managed devices under your MDM or configuration management program.
Use dedicated service accounts with least privilege for agent registration and application authentication.
Segment endpoint pools by business unit or data classification to enforce policy boundaries.
Never store long-lived secrets in plain text on endpoint hosts, use approved secret management integrations.
Test failover behavior when primary endpoint agents are offline before production release dependencies.

Common issues

Registration succeeds but heartbeat never stabilizes: Inspect proxy configuration, system clock skew, and TLS interception appliances that may disrupt control-plane communication.
Desktop application fails to launch during execution: Verify endpoint application paths, display session availability on VDI hosts, and interactive login requirements for the target application.
Jobs routed to wrong endpoint segment: Reconcile labels on agents, applications, and run policy. A single misapplied staging label can divert jobs to unintended hosts.