Confirmation of STAS Setup

Question

Hi 
 
 I'm currently evaluating Sophos XG for a fairly large installation of 5-10k users and about 1Gb of internet traffic. I'm trying to work out the requirements for STAS installation and it _looks_ like I would need to manually install the agent on every single domain controller for it to work properly. I can't find any command line options to automate that nor can I find any way to not have to install it on every DC. 
 
 To be fair I may have missed something as the documentation seems fragmented and old in a lost of cases. For example the Admin Guide for v16 here points to a document from Feb 2016 for V9 of UTM with an obviously different interface 
 
 The Watchguard solution didn't require an agent on every DC so I'm hoping i'm just missing something, but if not then at the very least would be an automated installation option. 
 
 Am I missing something or is the above actually correct? 
 
 Thanks

lferrara · Answer

Dave, 
 at this link you can find the procedure to activate STAS and AD integration: 
 https://community.sophos.com/kb/en-us/123156 
 Make sure to follow all the links inside each article. 
 XG uses STAS because data can be more accurated. I mean that users logoff is intercepted by the STAS agent and so the firewall rules and logs are accurated. Without an agent on the DC, it can require up to 15 minutes, before the userA is logged out and userB log-in on the same workstation because of AD mechanisms and this can produce some navigation issues. 
 Regards

lferrara · Answer

Dave, 
 use RADIUS instead. Installing STAS on 50 DC is quite a long process. The link can be used for multiple AD: 
 https://community.sophos.com/kb/en-us/123154 
 With RADIUS you should be ok. 
 https://community.sophos.com/kb/en-us/123164 
 Regards