Unsupported content

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Agent Configuration steps

Agent Interface Access Configuration

This step defines which tabs of the agent browser interface are accessible and which authentication information is required. For options which are not activated in this step, the predefined default values will be used.

Parameter

Description

Access to "Tools"

Check this box if the access to the Tools pages is to specifically defined:

  • All : Allows all users to connect to the tab, that is, the locally logged user as well as any users on remote devices. Any user must log on to the page with an administrator login to the local device.
  • Local Only : Only allows the locally logged user to connect to the page. The user must log on to the page with an administrator login to the local device.
  • None : Prohibits the access to the tab for all users.

Access to "Inventories"

Check this box if the access to the Inventories pages is to specifically defined:

  • All : Allows all users to connect to the tab, that is, the locally logged user as well as any users on remote devices.
  • Local Only : Only allows the locally logged user to connect to the page.
  • None : Prohibits the access to the tab for all users.
Login for "Inventories"

Check this box if the access to the Inventories pages requires specific login parameters. If this option is not activated the default value (Remote Login) is used:

  • Authentication : Requires a valid user authentication to the local device for all permitted users.
  • Remote Login : Requires a login if the user tries to remotely log on to the page. Local users do not need to provide a login.
  • No Login : Neither local nor remote users need to provide a login to access the page.
Access to "Privacy"

Check this box if the access to the Privacy pages is to specifically defined:

  • All : Allows all users to connect to the tab, that is, the locally logged user as well as any users on remote devices. Any user must log on to the page with an administrator login to the local device.
  • Local Only : Only allows the locally logged user to connect to the page. The user must log on to the page with an administrator login to the local device.
  • None : Prohibits the access to the tab for all users.
Access to "Maintenance"

Check this box if the access to the Maintenance pages is to specifically defined:

  • All : Allows all users to connect to the tab, that is, the locally logged user as well as any users on remote devices. Any user must log on to the page with an administrator login to the local device.
  • Local Only : Only allows the locally logged user to connect to the page. The user must log on to the page with an administrator login to the local device.
  • None : Prohibits the access to the tab for all users.

Access to "MyApps"

Check this box if the access to MyApps is to be specifically defined:

  • Local Only : Only allows the locally logged user to connect to the page. The user must log on to the page with an administrator login to the local device.
  • None : Prohibits the access to the tab for all local users.

Agent Parameter Setup

This step allows you to define the parameter settings of the BCM agent.

Parameter

Description

Access Control

Defines the security when agents communicate with each other, that is, if the Precision Access Control (PAC) handshake is to be used for inter-agent communication:

  • No : as a server, allow PAC connections with client authentication as well as non PAC connections. As client, no PAC connections are required.
  • Securised Send, Receive Both : as server, allow PAC connections with client authentication as well as non PAC connections. As client, only allow PAC connections.
  • Yes : Only allow PAC connections (as server or client).
  • Yes with mutual authentication : Only allow PAC connections (as server or client) with mutual authentication.

Secure Communication

Defines if the agent communicates in secure format. The possible values are:

  • No : With this option the agent accepts both securized and non- securized communication, however it sends only non- securized communications.
  • Securized Send, Receive Both : This value indicates that the agent accepts both securized and non-securized communication, however it sends only securized communications.
  • Yes : When this option is selected the agent only communicates in secure mode, that is, it only receives and sends securized communication.Yes with mutual authentication: With this option the agents communicate in secure mode and in addition authenticate each other via SSL.

Authority Certificate

The authority certificate (CA Cert) to be used for signing the agent certificate if required. By default, the Numara CA is used unless a different CA Cert is configured. The parameter expects a certificate name (without extension) registered in the agent cert store (auth section), such as Numara_ca . This parameter is used on the server side and can also be used on the client side if the server is configured to authenticate the client.

Trusted Authorities

A comma separated list of certificates to be trusted when connecting to a secured server or client. By default, the agent trusts the default Numara CA unless a different list of certificates is configured. The parameter expects a list of certificate names (without extension) registered in the agent cert store (trusted section), for example, Numara_ca, enterprise_ca, startfleet_ca . This parameter is used on the client side as well as on the server, for the device to know if it can trust the answering device by comparing its certificate with the list of trusted certificates, if it does not match the authority certificate.

User Certificate

The user defined final certificate to be used for both the client and server roles. When this parameter is configured the agent ignores any other authority except the ones to be trusted. The parameter expects a certificate name (without extension) registered in the agent certificate store (user section), for example, Numara, enterprise, starfleet .

Block Navigation from Agent User Interface

Check this box if the agent user interface is to be run in the browser's kiosk mode (fullscreen without menus or naviation bar). The installation of an add-on may be necessary to be able to use this mode (for example, with Firefox).

Strict Agent User Interface Authentication

Indicate ifthe user can apply operational rules assigned to the device without explicit authentication. If the strict authentication mode is disabled the user is able to execute operational rules locally without authentication. Enabling this parameter forces user authentication for all cases. This parameter is ignored for rules that are assigned to users.

Icon Mode in SysTray (Windows only)

Defines the mode of the icon in the systray.

Message for New Packages (Windows only)

Indicates if a pop-up must appear if an operational rule is published while the systray is hidden.

New Advertisment Banner (Days)

Define the length of time in days that the New banner should be shown for operational rules that are newly advertized in MyApps. Setting this number to zero disables the new banner.

Send alert when an error occured

Check this box if an alert is to be sent to the master when an error is added to the agent log file.

Application Monitoring Module Setup

The Application Management module manages monitored and prohibited applications through the BCM agents. This step allows you to specify the default settings of application monitoring. This step does not apply to Mac OS systems.

If a reboot is scheduled, you can define the reboot parameters and message, which may also be localized. The logo of the message box may be customized as well. For this you only need to store the following customized images in their exact sizes in the //data//core//res directory of the BCM agent: FullSized.bmp (575 x 575 pixels), MediumSized.bmp (575 x 510 pixels), SmallSized.bmp (575 x 455 pixels), RebootAfterLogOut.bmp (575 x 275 pixels).

Parameter

Description

Verification Interval (sec)

Defines in seconds the interval at which any type of monitored application, that is, monitored and prohibited, are checked.

Stop Application if Prohibited

Check this box to prohibit applications. This means that applications which are monitored under the respective node is terminated if they are found running on the client.

Popup Window after Application Termination

Check this box to display a pop-up window on the screen to inform the user that the application he just tried to launch was automatically stopped because it is prohibited.

Event Creation Delay for Unterminated Monitored Applications (hours)

Specifies the number of hours after which an event is created, even if the launched application has not yet been terminated. In this case the end date of the generated event is the same as the start date. Once the application is terminated a new event is generated with the proper end date filled in.

Local Image File Path (bmp only)

The name and full path of the image file that is to be displayed in the pop-up window for a stopped application. The image file must be of type .bmp . If the image cannot be found, that is, because it is of another type, or it is too small, the default BMC image is used. If the image is too large it is cropped to fit the window. The default size of the BMC image is 460 x 310.

Popup Window Message Text

Enter the text that is to be displayed on the remote screen on which the application was stopped.

Application Synchronization

This step synchronizes applications defined for any type of application management, i.e., to be monitored, prohibited or to be protected, to which the managed devices are assigned.

When the client receives a synchronization request it sends back the list of its own managed applications linked to a checksum. The master then creates an up-to-date list of the device's managed applications and checks these with the list it received. If a managed application on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version of a managed application exists on the master, that is, the checksums on the master and the client are not identical, an update order will be sent to the device; and if a managed application is absent on the client but present on the master, then an assign order will be sent to the client device.

Parameter

Description

Check for Added Applications

Check this box to check for new applications that were added to be managed.

Check for Deleted Applications

Check this box to check for deleted applications in the base.

Check for Updated Applications

Check this box to check for updated applications in the base.

Asset Discovery Module Setup

This step modifies the default settings of the Asset Discovery Module, configuring the settings to execute an asset discovery scan on devices without BCM agent.

Parameter

Description

Excluded IP Address Range

Indicates the device range to be excluded from the previously defined range. The expected format is the same as for the included address range. This makes it possible to disable the scan for sensible devices even when using a short notation concerning the included device range (include: 192.168.1.0/24 and exclude: 192.168.1.255,mailserver,fileserver ).

Max. Timeout

Fine tunes the low level network packets sending, indicating the maximal time to use for scanning a single host. This allows to abort a device scan when it takes too long.

IP Address Range

Indicates the device range to be scanned. The expected format is a comma separated list of IP addresses or IP ranges. For instance, IP ranges must be supplied using different notations such as complete address range (192.168.0.0-192.168.5.254 ), a CIDR range (192.168.1.0/24 or 2001:db8:85a3::8a2e:370:152/896 ), a byte range notation (192.168.0-5.0-254 ) or single named devices (DNS, NetBIOS).nIt is strongly recommended not to specify complete subnet IPv6 address ranges, scanning these is extremely time consuming.

Hardware Inventory

Defines if a hardware inventory is to be executed on the remote device.

Software Inventory

Defines if a software inventory is to be executed on the remote device.

Max. Inventory Timeout

Indicates the global timeout for the whole session. The special value of 0 can be used to deactivate this option, that is, there is no timeout limit for the duration. Otherwise, the scan is aborted once the threshold value has been reached. The value is an integer followed by s for seconds or m for minutes or h for hours.

Parallel Script Count

The maximum number of scripts that can be executed simultaneously, possible values for this are Low - 5 simultaneous scripts, Normal - 10 simultaneous scripts and High - 20 simultaneous scripts.

Upload Policy

Indicates how and when to process the information upload. When set to Immediate Upload , the module uploads the inventories as soon as they are supplied by a scan. When set to Upload at Scan End , the inventories is uploaded when the scan is completed or aborted (except if the abort operation indicates not to upload). When set to No Upload , the module does not upload the inventories at all until specifically called for via the operational rule step.

Use Nmap for Port/OS Detection

Defines if BCM, if installed, is used to detect the ports and operating system of the remotely inventoried device.

Nmap Installation Path

Contains the relative installation path to the BCM software, relative to the agent installation directory, for example, ../bin if it is located in the bin directory of the agent.

Prevent NMAP from sending IGMP paquets on the network

Check this box if some of your network devices have problems with IGMP traffic. In this case BCM is prohibited from sending IGMP paquets on the network.

Asynchronous Actions Module Setup

This step modifies the asynchronous module parameters.

Parameter

Description

Number of threads

Enter the number of threads to use for asynchronous calls

Retry Delay (Priority 0)

Enter the retry interval for calls of priority 0 in seconds (highest priority, currently not in use)

Retry Delay (Priority 1)

Enter the retry interval for calls of priority 1 in seconds (used for operational rule status and identity uploads)

Retry Delay (Priority 2)

Enter the retry interval for calls of priority 2 in seconds (used for operational rule assignments)

Retry Delay (Priority 3)

Enter the retry interval for calls of priority 3 in seconds (currently not in use)

Retry Delay (Priority 4)

Enter the retry interval for calls of priority 4 in seconds (lowest priority, currently not in use)

Prefer IP Addresses

Determines whether the identification for communication between the agents and with the master is effected via the agents' IP addresses or over their host names. This is to facilitate networking in environments that do not have DNS name resolution in place.

Time to Live (sec)

In order to prevent non-transferable data from remaining eternally in the queue, each object is assigned a specific time that it may stay in the queue and wait to be passed on its way to its destination. This Time To Live (TTL) for each object in seconds is displayed in this field.

Min Purge Delta Time (sec)

The minimum interval (in seconds) between two cleanup operations of the asynchronous actions database of all actions called since the last purge.

Maximum Action Count

The maximum number of actions that can be stored. The module refuses all incoming remote actions until the number of stored actions drops below this value.

Maximum File Count

The maximum number of files that can be stored. The module refuses all incoming remote files until the number of stored files drops below this value.

AutoDiscovery Module Setup

This step allows to modify the default settings for the parameters of the AutoDiscovery module.

Parameter

Description

Address Range

The list of addresses to be verified. The IP addresses can be listed in the following different notations:

  • Dotted notation, for example, 94.24.127.24
  • With the short or complete network name such as scotty or scotty.enterprise.com
  • A mixture of both: 94.24.127.24, scotty.enterprise.com .If the complete IP address range declaration is incorrect, the current subnet is scanned by default from address x.x.x.1 to x.x.x.254. If no IP address range is specified, the current subnet is scanned by default from address x.x.x.1 to x.x.x.254.

Can Learn

If set to true, this value specifies if the agent can get other agents' autodiscovered devices in order to establish its list.

Fast Address Verification Interval (sec)

Defines a fast search option to find the client's relay. If the list of devices is empty, the Fast Address Verification Interval value is used to verify devices until the Scan Count value is reached and all devices have been verified or a relay was found. If the client has a relay the Address Verification Interval value is used. If the IP address is modified, the Fast Address Verification Interval value is used to verify devices. The option is deactivated if the value is set to the same value as the Address Verification Interval value. As long as the AutoDiscovery is at the research for the device's relay, the Parent Selection Retry Interval to find the backup server is ignored.

HTTP Port Range

The range of ports to scan for an agent HTTP server. All specified port ranges is scanned for ALL listed IP address ranges! If no port range is specified only default ports 1610 and 8080 is scanned.

Maximum Device Age (sec)

The maximum age in seconds for an entry in the device list. This displays the maximum time a device can stay in the list of devices after last being verified.

Maximum Hop Count

The number of routers between the device providing the list and the device being read. The hop count is determined at discovery time using the ping. It provides an indication of the distance between the two devices and is used at the time of relay selection to sort the devices which are farther to the end of the list of relays being contacted. For example, all devices on the same LAN segment have a hop count of 0 as they can contact each other directly.

Number of Neighbors

Defines how many neighboring addresses to scan. The default value is 10, meaning 5 addresses below the device's own address and 5 addresses above it.

Only Learn Relays

Defines if the complete list of autodiscovered devices is sent to the master or if only the list of relays is uploaded.

Operating System Detection

Specifies if the operating system is discovered on the device found by AutoDiscovery.

Same Network Only

Specifies if devices found on other networks are to be accepted. The possible values are the following:

  • No filter applied : There is no filter applied to any of the discovered devices.
  • Clients only : All discovered client devices must be on the same network as the discovering device.
  • Relays only : All discovered devices, which have their relay function enabled, must be on the same network.
  • All devices : All discovered devices must be on the same network.

Scan Count

Each time scan count addresses have been verified, the module refreshes the list of addresses to verify by using the Address Range, Number of Neighbors and Use Network Neighborhood settings.

Timeout (sec)

The timeout in seconds for pings.

TCP Port Range

The range of ports to scan for a TCP connection. This is used in place of ping when raw sockets are not available. All specified port ranges is scanned for ALL listed IP address ranges! If no port range is specified only default ports 23, 25 and 139 is scanned. Each port range can consist of:

  • only one port number
  • one port range with the start and end port numbers separated by a dash ( - ),
  • several port ranges and/or individual port, for example: 10000-10100,20000,21000-22000
  • Several port ranges must be separated by either a space, a comma (,), a semicolon ( ; ) or a colon ( : ).If the whole range declaration is incorrect only default port 10000 is scanned.

Upload AutoDiscovery Objects

Defines if the objects discovered by the AutoDiscovery are uploaded.

Upload Interval (sec)

Defines the upload period for the autodiscovered list in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Upload on Startup

Defines if the autodiscovered list is uploaded to the master after being updated the first time on agent startup. It is not recommended to activate this option as, depending on the size of your network, this might be a very time and resource consuming process.

Use Network Neighborhood

Defines whether the network neighborhood should be used to get machine names and addresses.

Address Verification Interval (sec)

The gap in seconds between each address verification.

Cisco NAC Module Setup

This step allows you to modify the configuration settings of the Client Management-Cisco NAC module.

Parameter

Description

Notify Cisco agent on change of device status

Defines if the Cisco agent is informed if the 'compliancy' status of a network device changes.

Custom Inventory Module Setup

This step modifies the default settings of the parameters of the Custom Inventory module.

Parameter

Description

Data File

Specifies the location and name of the custom inventory .xml file. This file defines all attributes and values which is recovered from the remote clients to set up the custom inventory. The path to the file may be entered as a local path or as a URL such as _

ftp://master/custominventory.xml_

. The path is relative to the agent configuration file. You may modify the entry, but be aware, that if you wrongly modify, the custom inventory may not longer work.

Upload Interval (sec)

Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Minimum Gap Between Two Uploads (sec)

Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval.

Upload on Startup

Defines if the custom inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules.

Differential Upload

Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory.

Custom Package Module Setup

This step modifies the parameters of the configuration values of the custom packages.

No parameters need to be defined for this step.

Event Log Manager Module Setup

This step allows to modify the default settings for the parameters of the Event Log Manager module.

Parameter

Description

Enable Aggregation of Persistent Events

Defines whether aggregation of the events generated for the monitored models is enabled. This value is global for all the managed event log models. Aggregation computes automatic models content so disabling this option is recommended if such models should not be handled.

Minimum Upload Gap between Identical Alerts (min)

Defines the minimum interval between two same alerts that needs to pass before another alert is sent in minutes.

Enable Upload of Persistent Events

Defines whether the upload of the events generated for the monitored models is enabled. This value is global for all the managed event log models. When upload is executed for a model (automatically using model policy or manually using an operational rule), the module checks this value. If it is disabled, all events up to the current date are not be uploaded. This prevents huge amounts of events to be uploaded on activation.

Event Manager Module Setup

This step defines the configuration settings of the Event Manager module on the local clients

Parameter

Description

Upload Events

Specifies if events are uploaded from the client to the master database.

File Store Module Setup

This step modifies the default settings for the parameters of the File Store module.

Parameter

Description

Archive Type

Defines the type of archive to use for packing the files for upload.

Concatenation Mode

Defines if the file concatenation mode is active for the upload and if yes which one is used. Automatic concatenation means that all files to be uploaded are packed into one archive file and uploaded, manual concatenation indicates that all files are packed to be uploaded as in automatic with the exception of those specified in the Excluded File Types parameter which are uploaded separately.

Enable Dialup Downloads

Specifies if downloads are authorized via a RAS (Remote Access Service) connection (Windows devices only). If the value is set to false, then if a dialup connection is detected, the FileStore does not download any information such as inventory. It still receives information about files being available on its relay but it does not make any attempts to download them. Note that on a system which has a LAN connection AND a Dialup connection active at the same time, the module considers itself in dialup mode and behave as described above.

Enable Dialup Uploads

Specifies if uploads are authorized via a RAS (Remote Access Service) connection (Windows devices only). If the value is set to false, then, if a dialup connection is detected, the FileStore does not upload any information such as inventory. It is still receiving information about files being available on its relay but it does not make any attempts to download them. Note that on a system which has a LAN connection AND a Dialup connection active at the same time, the module considers itself in dialup mode and behave as described above.

Excluded File Types

This field is only required for manual concatenation and lists all types, separated with a comma (,), which are to be uploaded separately.

Check for Available Free Space before Downloading a Package

Check this box if the agent is to verify if there is enough disk space available before actually downloading the package. If not enough space is available an error is logged.

Frame Size (Bytes)

Defines the frame size of the network type which the device uses for communication. This parameter must only be modified for devices using non-Ethernet networks, such as token ring, frame relays or ATM networks.

Immediate Start of Notification Request Process

Defines if the thread is to be launched without its initial pause.

Max. Size for Package Conservation (MB)

Defines the maximum size that a package may have to be stored in the database in MB. If a package is larger than the indicated value it is stored until no more devices are in its target list and then it is deleted. If all packages are always to be kept and this option is to be deactivated enter 0 into this field.

Maximum Number of Files to Concatenate

Defines the maximum number of files that can be concatenated.

Multicast Transfer Address

Defines the range of multicast IP address. The server scans the address range and then uses the first available address for the multicast. The address range must be within the following range: 238.4.4.1 and 238.4.4.100 .

Multicast Block Size (Bytes)

Defines the rate used for data transfer. The value must be increased as the transfer rate increases. The default value (16384 byte) is the optimum value for a 128Kb/s transfers. The minimum value is 1024, the maximum 65535.

Multicast Differential Retry

Specifies if differential package retry is to be used. If activated only those frames that have not yet been received by the client are re-transferred. The differential retry is recommended for a smaller number of target clients (<50).

Multicast Minimum File Size (Bytes)

The minimum file size for a multicast transfer in bytes.

Multicast Minimum Requests

Specifies the minimum number of answers from target clients before launching a multicast transfer. If the number of answers is below the fixed threshold the file is sent unicast to the targets.

Multicast Listen Port

Defines the multicast port.

Multicast Retry Number

The number retries to transfer the file. This parameter is reinitialized at each wave of clients.

Multicast Minimum Success Rate (%)

Defines the minimum success rate in percent from which on the transfer is stopped. This parameter is reinitialized at each new wave of clients. To ensure that the retries continue throughout the network as long as possible, this value must be set very high, such as between 85 and 95% per wave of clients.

Multicast Transfer Delay (sec)

The delay in seconds before the notification is sent and before sending multicast data. This delay is based on the network resources as well as on the number of clients waiting for distribution. It allows the clients to demand the file from the relay.

Multicast TTL

The multicast Time To Live, that is, the maximum number of nodes the frames can pass before arriving on the target. Set to 1 for local networks up to 255 for worldwide network. To deploy to a national network 32 nodes should be enough.

Unicast Recovery on Multicast Failure

Defines if unicast recovery is to be done if the multicast delivery fails.

Copy from Repository to File Store

Defines if the package is copied into the FileStore. If the option is deactivated this means that the medium on which the package is stored must be available on the relay until the last target has collected and installed the package.

Package Repository Path

Defines the path to the storage location of referenced packages on the relay, for example, D:Packages , D being the local CD/DVD or USB drive. It is also possible to list more than one path, each path separated by a comma (,) from the next.

Synchronize Packages at Startup

Check this box if the packages are to be synchronized at every startup of the agent. Package synchronization allows a device to send its current list of packages it is assigned to as well as their checksum. The master compares the checksum and if it is different to its own, it sends the master list of packages to the device. In this case the local agent compares its list of packages assigned to the device with the master list and updates it accordingly by deleting the unassigned packages and adding the newly assigned ones.

Minimum gap between two automatic synchronizations (sec)

Defines the minimum interval in seconds at which the package synchronizations are to be done. This means that if a default synchronization is executed at 23:00 at night and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11 am even if the agent is started/restarted before, as the interval is fixed for 12 hours minimum.

Package TTL (days)

Defines the Time To Live in days for package files relative to the last time the respective package was asked for by a client. This option is also applicable to the rollout post install files which are kept as a .zip file on the file store.

Prefer IP Addresses

Determines whether the identification for communication between the agents and with the master is effected via the agents' IP addresses or over their host names. This is to facilitate networking in environments that do not have DNS name resolution in place.

Pull Timeout (sec)

The time to wait in seconds for the pull thread if it did not manage to contact our relay. Note that this timeout is randomised between (value - (value/2)) and (value + (value/2)) to smooth the relay load.

Push Timeout (sec)

The time to wait in seconds for the push thread if it did not manage to contact the relay. Note that this timeout is randomised between (value - (value/2)) and (value + (value/2)) to smooth the relay load.

Queue Delay (sec)

Defines the interval in seconds between each check of the queue of objects to move.

Request for Notifications Interval

Defines the interval in seconds which may elapse without communication from the relay after which the client re-activates its RequestThread to inquire for new notifications from the relay. After the first received notification, the thread is deactivated.

Timeout (sec)

The time to wait in seconds before a file transmission which has failed may be resent.

Threshold for Downloads (bit/sec)

Determines whether downstream transfers are blocked if a connection (whatever its type) is too slow. The thresholds must be indicated in bits/s such that 10000000 means 10Mbits/s.

Threshold for Uploads (bit/sec)

Determines whether upstream transfers are blocked if a connection (whatever its type) is too slow, 0 means no restriction is imposed on interface speed. The thresholds must be indicated in bits/s.

Time to Live (sec)

In order to prevent non-transferable data from remaining eternally in the queue, each object is assigned a specific time that it may stay in the queue and wait to be passed on its way to its destination. This Time To Live (TTL) for each object in seconds is displayed in this field.

Trusted Address

Defines a number of IP addresses from which the local agent is to accept communication in addition to its relay. This allow NAT and VPN communication to work within in the network and the BCM agent, as it recognizes VPN addresses also. Trusted addresses may be entered as single IP addresses or in form of address ranges:

  • Dotted notation, for example, 94.24.127.24 or 2001:db8:85a3::8a2e:370:7334
  • With the short or complete network name such as scotty or scotty.enterprise.com
  • A mixture of both: 94.24.127.24,2001:db8:85a3::8a2e:370:7334,scotty.enterprise.com .Several ranges must be separated by a comma (,) or a semi colon (;).

Hardware Filter Synchronisation

This step sends the list hardware inventory filters to the respective devices to be synchronized with the database content.

No parameters need to be defined for this step.

Hardware Inventory Module Setup

This step modifies the default settings of the parameters of the Hardware Inventory module.

Parameter

Description

Differential Upload

Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory.

Configuration File

Defines the path of the hardware inventory configuration file. The path is relative to the agent configuration file. You may modify the entry, but be aware that if you wrongly modify the inventory may no longer work.

Minimum Gap Between Two Uploads (sec)

Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval.

Upload Interval (sec)

Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Upload on Startup

Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules.

Identity Module Setup

This step modifies the default settings for the parameters of the Identity module.

Parameter

Description

Check Identity Time (sec)

Defines the interval in seconds at which the device's identity is verified via its IP address and GUID.

Launch Script if IP Address Changes to 127.0.0.1

Defines if the script is also to be executed for the 127.0.0.1 address.

Execute Script on Changed IP

Check this box to execute a specific script when the agent is launched for the first time and every time the IP address of the agent's device is changed.

Short Identity Time (sec)

A special short timer which is setup and executed once after startup to make sure each object is registered in the database right away. This timer can be disabled by setting it to 0.

Identity Time (sec)

Defines how often a device is to send its identity up to its parent relay.

User Time To Live (h)

Defines the time to live of the user record in hours. Every detected user entry with a detection time older than this threshold is removed.

Primary User Period (h)

Indicates the period in hours to use for computing the primary user.

Load/Unload Module

This step unloads and reloads modules that are required for the correct functioning of the agent, such as Identity and File Store. You need to make sure that these modules are immediately reloaded after being unloaded, otherwise the BCM agent will stop working.

Modules in Client Management are responsible for a certain functionality in the product. This step loads and activates or unloads specific modules at agent startup. Only one module can be loaded per step.

Parameter

Description

Activate

Defines if the module is to be directly activated at agent startup.

Module Name

Select the name of the module to be loaded.

Persistent

Check this box if the module is to be loaded at every startup. If this option is not checked it is only loaded once after the execution of the step.

Logging Configuration

This step configures the default parameters for agent logging for all log files.

Parameter

Description

Output File

Defines the path to the log file relative to the installation directory:

  • none : There is no debugger output regardless of the other settings.
  • stdout -sa -cw : The debugging output is sent to the standard output.
  • file : The debugging output is written to a file whose name is to be specified in this field with a path relative to the agent installation directory, for example, ../../logs/namp.log for a file located on the same level as the installation directory, not below.

List to Load First

Defines if the debugging is executed according to the principle of everything being disabled with some exceptions or everything being enabled with some exceptions. This system is defined through two lists, the Disable List and Enable List , which are explained following.

Enable List

A comma separated sequence of message filter names which are to be output to the log file. The special character * means all possible values, an empty string disables the list.

Disable List

A comma separated sequence of message filter names which are to be filtered from going to the log file. The special character * means all possible values. By default the disable list is applied AFTER the enable list and so has a higher precedence.

Displayed Types

A comma separated list of debug message types which are to be output to the log file. The special character * means all possible values.

Maximum Agent Log Size (Byte)

The maximum size of the log file in bytes. When the output file size reaches this limit, it is deleted and a new file of the same name created to start again. If the output file is stdout this setting has no effect. If set to 0 or not specified at all, there is no limit check on the size of the file.

Maximum Agent Log File Count

Maximum number of log file backups to keep. As a log file hits its maximum size it is copied to a backup file with an incrementing integer index. When the number of backups hits this limit, backup number 1 is removed and all the others are renumbered down.

Agent Log Clean Start

Defines if the specified log file is to be backed up at each start of the agent. If enabled the log file specified in Output File is backed up at agent start time.

Maximum Audit Log File Size (Bytes)

Controls the maximum size of the audit log file in bytes. When the output file size reaches this limit, it is deleted and a new file of the same name created to start again. If the output file is stdout this setting has no effect. If set to 0 or not specified the limit is the value of the Maximum Agent Log Size entry.

Maximum Audit Log File Count

Maximum number of audit log file backups to keep. As a log file hits its maximum size it is copied to a backup file with an incrementing integer index. When the number of backups hits this limit, backup number 1 is removed and all the others are renumbered down.

Audit Log Clean Start

Defines if the specified audit log file is to be backed up at each start of the agent.

Time Format

A formatting string used to format the timestamp part of the logged output. This field may however contain any string of characters the administrator deems appropriate and the variables may be ordered in any desired way. The variables this entry may contain are the following: %y for the year part of the timestamp with 4 digits, for example, 2004, %m for the month as its number, for example, 01 for January and 12 for December, %d for the day of the month, %H for the hour indication, %M for the minutes of the hour and %S for the seconds of the minute.

Column Separator

The separator character between the columns in the output. If no value is supplied, the output is padded out for readability. If a value is supplied, no text padding is done.

Send alert when an error occured

Check this box if an alert is to be sent to the master when an error is added to the agent log file.

MSI Package Module Setup

This step modifies the parameters of the configuration values of the MSI packages. This step is only applicable to Windows systems.

Parameter

Description

Maximum Number of Retries

Defines the number of times the publishing process is repeated after a failure before the whole process is declared failed.

Manual File Upload

This step uploads the files awaiting transfer in the file store.

No parameters need to be defined for this step.

Master Information Configuration

This step allows the administrator to modify the master configuration on all agents if the one of the master parameters listed in this step changed, i.e., to update the IP address or the port number of the master.

Be aware that a large part of the functionalities may no longer work, if any of the below entered information is incorrect.

Parameter

Description

Master Port for Console

Enter the new port number of the master to which the console connects. It is recommended to not use the standard communication ports between the agents and the master, for example, 1610 for the console connections to avoid overloading this port.

Master GUID

Enter the new GUID of the master.

Master Name or IP Address

The master name in form of its short or long network name or its IP address in dotted notation.

Master Port

Enter the new port number of the master if it was changed.

Master Port for MyApps

Defines the port number on which the agent is to connect to the master for MyApps. It is recommended to not use the standard communication ports between the agent, master and console, for example, 1610 and 1611 , for MyApps connections to avoid overloading these ports.

Non-intrusive Reboot Mode Configuration

This step allows the administrator to define the settings for a non-intrusive reboot after an operational rule or patch installation reboot request. A non-intrusive reboot groups reboot requests to one reboot at the end instead of individually executing them when they arrive.nObjects in Client Management, such as operational rules of patch jobs or groups, can be executed in parallel or sequentially. Many of these objects require rebooting the device on which they are executed. If there are a number of them executed one after the other, users on these devices may be disrupted quite often for the required reboots. The non-intrusive reboot makes an object wait for a specified amount of time after execution in which another object requiring a reboot could arrive. If this is the case the first object cancels its reboot and waits for the second object to terminate and use that reboot. If no other object arrives during the specified timeframe, the device is rebooted.nWith this step you can define how long the object is to wait for another object to arrive as well as the total number of reboots per day. In this case, if this value is set to 2 and these two reboots have already happened and another object requiring a reboot arrives, the object is run, but its reboot has to wait until the next day.

Parameter

Description

Non-intrusive Reboot Mode

Check this box if the reboot requested by an operational rule or a patch installations is to be effected in a non-intrusive way. If activated, any rule or patch waits after its execution for a specified amount of time for another object to arrive to combine their required reboot requests into one. If no other rule or patch arrives, the device is rebooted as defined.

Reboot Interval

Defines the waiting time in seconds that the agent waits after receiving the reboot command and executing it.

Max. Number of Reboots

Specifies the maximum number of times a device can be rebooted per day. The default value is 2 reboots per day, 99 is the maximum number of times a device can be rebooted per day. 0 deactivates this option, that is, the device is not rebooted, even if a patch requests it or it is assigned a reboot window; all reboots must be launched manually.

Synchronize at Startup

Check this box if the reboot windows are to be synchronized at every startup of the agent. Reboot window synchronization allows a device to send its current list of reboot windows it is assigned to as well as their checksum. The master compares the checksum and, if it is different to its own, it sends the master list of reboot windows to the device. In this case the local agent compares its list of reboot windows assigned to the device with the master list and updates it accordingly by deleting the unassigned reboot windows and adding the newly assigned ones.

Additional Automatic Synchronization Hour

Enter here the hour at which an additional reboot window synchronization is to be effected, that is, the comparison of locally available reboot window with the reboot window master list. The format is 24-hour format, for example, 23 for 11 pm .

Minimum Gap between Two Automatic Synchronizations (sec)

Defines the minimum interval in seconds at which the reboot window synchronizations are to be done. This means that if a default synchronization is executed at 23:00 at night and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11 am even if the agent is started/restarted before, as the interval is fixed for 12 hours minimum.

Operational Rule Module Setup

This step allows the administrator to modify the parameters of the operational rules module.

Parameter

Description

Automatic Status Upload

Defines if the current status of the operational rule is automatically updated. If the option is deactivated, no status value is updated, however status actualization may still be done via the Update Operational Rule step or via an operational rule synchronization.

Failed to check the chronological dependencies if the rule execution is failed

Check this box if an operational rule that depends on another rule is not executed if the rule it depends on does not have the status Executed OK . If this option is not activated, the depending rule is executed even if the first rule's execution failed.

Delete Package after Successful Distribution

Check this option, to delete the package on the client (to free up disk space) once the software distribution has executed successfully.

Recreate Local Database If Integrity Check Fails

Defines the actions to be executed if the database check fails at agent startup due to its corruption. If activated the local database is recreated and the master reassigns all operational rules for the concerned devices, depending on the settings defined in the system variables (Automatic reassignment of all general operational rules if the local database is corrupted and Automatic reassignment of all software distribution rules if the local database is corrupted). Otherwise the database is not recreated and the master does not perform any action. If this case occurs the module is executed in suspend mode, which means amongst others that no status values is updated anymore and no synchronizations be performed.

Activate Operational Rule Publication for Users

Defines if rules may be published to users. If activated, the module checks on the master if rules are available to be published to a user, otherwise rules are not published.

Output File

Defines the path to the log file relative to the installation directory:

  • none : There is no debugger output regardless of the other settings.
  • stdout -sa -cw : The debugging output is sent to the standard output.
  • file : The debugging output is written to a file whose name is to be specified in this field with a path relative to the agent installation directory, for example, ../../logs/bcm.log for a file located on the same level as the installation directory, not below.

Maximum Log File Count

Maximum number of log file backups to keep. As a log file hits its maximum size it is copied to a backup file with an incrementing integer index. When the number of backups hits this limit, backup number 1 is removed and all the others are renumbered down.

Maximum Log File Size (bytes)

Defines the maximum size of the log file in bytes.

Enable Simultaneous Rule Execution

Defines if operational rules may be executed in parallel mode.

Resume Rule Execution at Startup

Defines if any not terminated operational rule is to be continued after a restart of the client.

Status Interval (sec)

The interval in seconds at which the status values of the operational rules are updated. Any file which has is not yet in transfer is requested again.

Check for Added Rules

Check this box to check for new rules in the base.

Synchronize at Startup

Check this box if the operational rules are to be synchronized at every startup of the agent. Operational rule synchronization allows a device to send its current list of operational rules it is assigned to as well as their checksum. The master compares the checksum and, if it is different to its own, it sends the master list of operational rules to the device. In this case the local agent compares its list of operational rules assigned to the device with the master list and updates it accordingly by deleting the unassigned operational rules and adding the newly assigned ones.

Check for Deleted Rules

Check this box to check for deleted rules in the base.

Minimum Gap between Two Automatic Synchronizations (sec)

Defines the minimum interval at which the synchronizations are to be done. This means that if a default synchronization is executed at 23:00 with a minimum interval of 12 hours and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11:00 am even if the agent is started/restarted before.

Only Check for Not Received Rules

Check this box if only those rules are to be synchronized, for which the assignment was sent but after 12 hours still was not received by the local agent.

Check for Operational Rules

Check this box to check only for operational rules in the database.

Check for Software Distribution Rules

Check this box to check for distribution rules only in the database.

Check for Published Rules

Check this box to check for published rules in the database.

Additional Automatic Synchronization Hour

Enter here the hour at which an additional synchronization is to be effected, that is, the comparison of locally available operational rules with the operational rules master list. The format is 24-hour format, for example, 23 for 11 pm .

Check for Updated Rules

Check this box to check for updated rules in the base.

Package Synchronization

When the client receives a synchronization request it sends back the list of its own packages linked to a checksum. The master then creates an up-to-date list of the device's packages and checks these with the list it received. If a package on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version exists on the master i.e., the checksums on the master and the client are not identical, an update order will be sent to the device; and if a package is absent on the client but present on the master, then an assign order will be sent to the client device. Any packages which is 'paused' will not be taken into account.

This step synchronizes the packages on the managed devices and the master to make sure none of them got lost.

Parameter

Description

Bypass Transfer Window

Check this box to bypass the transfer window defined for the device. This means that the upload takes place immediately without taking into account any bandwidth definitions. It can only be activated if the Upload after update option is activated.

Patch Management Module Setup

This step modifies the default settings of the parameters of the Patch Management module.

Parameter

Description

Archive Type

Defines if the patch packages are to be of type zip or pkg.

Block Patch Installation

Check this box to prepare the patch installation on all targets of the group for execution, without launching the installation itself.

Knowledge Base Update Delay from Parent (sec)

Defines the interval in seconds between the automatic update of the Knowledge Base on all BCM devices apart from the master. If the value is set to 0, the automatic update functionality is deactivated. To update the local Knowledge Base at the defined interval the clients asks its direct parent if a newer version is available and, if yes, requests its download.

Knowledge Base Internet Download Delay (sec)

Defines the delay in seconds at which the Knowledge Base is automatically downloaded and updated to a Patch Manager. This value is only applicable to the Patch Manager, for all other devices this value should be set to 0 to deactivate the option. The Knowledge Base is only downloaded if it is of a newer version than the version currently available on the Patch Manager or if the Force Parse parameter is activated.

Update Knowledge Base at Startup

Defines if the local agent verifies with the master if its Knowledge Base is up-to-date at agent startup and, if this is not the case, downloads it.

Interval Before Patch Inventory Update (sec)

Defines the delay in seconds to wait for a possible update to arrive before any operations, such as a patch inventory or a patch installation, are executed.

Differential Upload

Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory.

Download Retry Interval (sec)

Defines the interval in seconds between each retry for the patch download.

Download Retry Count

Specifies the number of retries for a patch download.

Path for Local Patch Repository

Indicates a local path which the patch module checks if the patch to be downloaded is already available locally there before actually downloading it from the Internet.

Patch Process Interval (sec)

Manages the patch module thread execution, defining the interval in seconds at which requests on the database are executed.

Patch Time To Live (sec)

Defines the Time To Live in seconds for patch package files relative to the last time the respective package was asked for by a client. If the value is set to 0 the option is deactivated, that is, the patch packages are never deleted.

Upload New Inventory if New Version is Detected

If a new version of the Knowledge Base is detected on the Patch Manager, it automatically launches a new patch inventory scan via the respective operational rule and uploads the results.

Scan Machine On Startup

Defines if the device is scanned for the current patch situation at agent startup.

Archiving of Downloaded Patches after Publication

Defines if the patches are stored in the download directory of the Patch Manager after the patch custom package was created and successfully published to the Master. If the option Move is selected, you need to fill in the following field Path for Local Patch Repository which defines the path to the local storage location.

Synchronize at Startup

Check this box if the patches are to be synchronized at every startup of the agent. Patch synchronization allows a device to send its current list of patch groups it is assigned to as well as their checksum. The master compares the checksum and if it is different to its own, it sends the master list of patch groups to the device. In this case the local agent compares its list of patch groups assigned to the device with the master list and updates it accordingly by deleting the unassigned patch groups and adding the newly assigned ones.

Minimum Gap between Two Automatic Synchronizations (sec)

Defines the minimum interval in seconds at which the patch synchronizations are to be done. This means that if a default synchronization is executed at 23:00 at night and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11 am even if the agent is started/restarted before, as the interval is fixed for 12 hours minimum.

Additional Automatic Synchronization Hour

Enter here the hour at which an additional patch synchronization is to be effected, that is, the comparison of available patches with the patch master list. The format for this entry is 24-hour time format, for example, 23 for 11 pm .

Minimum Gap Between Two Uploads (sec)

Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval.

Upload Installed Patches

Check this box to also upload the list of patches and service packs that are already installed on the device.

Upload Interval (sec)

Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Upload on Startup

Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules.

Patch Installation Timeout (sec)

The maximum time in seconds that a patch has to install on the target. If the patch has not finished its installation within the defined timeframe its installation is aborted. The patch is then added at the end of the list of all patches to install and retry installing after all others at the next patch installation process.

Patch Synchronization

Clients that are members of patch groups receive a list containing all the patches they will receive for installation. This step allows the master to verify that all clients have the most up-to-date list and if this is not the case, to update it.

No parameters need to be defined for this step.

Power Management Module Setup

This step modifies the parameters of the Power Management module.

Parameter

Description

Differential Upload

Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory.

Log Events

Specifies if the events that are generated are to be logged on the local database.

Minimum Gap Between Two Uploads (sec)

Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval.

Upload Interval (sec)

Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Upload on Startup

Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules.

Reboot Window Synchronization

This step synchronizes the reboot windows on the managed devices and the master to make sure none of them got lost.

No parameters need to be defined for this step.

RPM Package Module Setup

This step modifies the parameters of the configuration values of the RPM packages.

Parameter

Description

Maximum Number of Retries

Defines the number of times the publishing process is repeated after a failure before the whole process is declared failed.

Archive File Extension

Defines the type of extension for the package to be created. Be aware that this extension is valid for all packages which are created. If you modify the extension after having created a number of packages already the packager does not recognize the packages with the old extension any more.

Retry Interval (sec)

The retry interval defines the interval at which the step is to effect its retries in seconds.

Relay Module Setup

This step modifies the default settings for the parameters of the Relay module.

Parameter

Description

Is Enabled

Defines if the current device is a relay. If the relay functionality is deactivated the device is only a simple client.

Parent Name

The name of the direct parent to which the target device is to be connected. This is either the master or the new device's relay on the next higher level. The name may be entered as the short or long network name, that is, scotty or scotty.enterprise.com or as its IP address in dotted notation, that is, 192.168.1.1 or 2001:db8:85a3::8a2e:370:7334 . You may also select the parent from the list of available devices by clicking the Add Device icon and selecting the desired parent from the appearing list.

Parent Port

The port number of the relay of the currently selected remote device on the next higher level.

Tunnel to Parent

Defines if the agent creates and maintains a tunnel with its parent. Be aware that Auto Detection has a slight impact on the performance. Use Yes if the network configuration is such that the relay cannot directly connect to its clients.

Tunnel Compression Level

Defines compression level to use when building a tunnel to the parent, the possible values range from 0 to 9, 0 meaning no compression and 9 the highest compression.

Child IP Address Range

The IP address range in which the children below the currently selected device may be found if it is enabled as a relay. If a client outside the IP range specified here, tries to define this device as its relay, it is rejected. The addresses may be entered as single IP addresses or in form of address ranges:

  • Dotted notation, for example, 94.24.127.0-94.24.127.24 - 2001:db8:85a3::8a2e:370:152-2001:db8:85a3::8a2e:370:896 , or 94.24.127.0-24 - 2001:db8:85a3::8a2e:370:152-896 or 94.24.127.0/24 - 2001:db8:85a3::8a2e:370:152/896
  • With the short or complete network name such as scotty or scotty.enterprise.com
  • A mixture of both: 94.24.127.24, 2001:db8:85a3::8a2e:370:152, scotty.enterprise.com .Several ranges must be separated by a comma (,).

Rejected Relays

Defines a list of clients, which are NOT to be used as a relay for other clients, such as the master server or other specific devices. The devices may be listed with their short or long network names, such as scotty or scotty.enterprise.com or their IP address in dotted notation. The field may also contain a range of devices in the form of 192.1.1.1-192.1.1.4,2001:db8:85a3::8a2e:370:152-896,kirk,scotty or 192.1.1.1-kirk or kirk-scotty .

Auto-select Enabled

Defines if the device is set to check automatically for its parent relay.

Parent Selection Retry Interval (sec)

The number displays the interval in seconds at which the client tries to locate the parent relay it belongs to. This parameter is used in two cases: If the parameter Auto-Select Enabled is active and if a backup relay has been set.

Reselection Interval (sec)

Defines the interval in seconds between attempts at selecting a 'better' parent than the current one. This selection is done even if the current parent is contactable. This option is disabled if the value is set to 0 or if currently no parent is connected.

List of Backup Relays

A list of backup parents to be scanned if during the auto selection no suitable parent is found through AutoDiscovery. The format is host1:port1,host2:port2, etc. Host 1 is the closest alternative to the regular relay and the last host listed is typically the master. The host name can be entered either as its long or short network name, for example, scotty or scotty.enterprise.com or as its IP address in dotted notation, for example, 192.168.56.4 or 2001:db8:85a3::8a2e:370:7334 . If the port number is not listed the default port 1610 is assumed.

Execute Script at Connection to Backup Relay

Allows to execute a specific Chilli script every time when a connection is established with a backup relay. Enter here the absolute path to the Chilli script.

Execute Script at Disconnection from Backup Relay

Allows to execute a specific Chilli script every time when the connection with a backup relay is terminated. Enter here the absolute path to the Chilli script.

Parent Verification Retry Count

The number of times a device tries to contact the device defined as its parent, if the contact cannot be established at the first try. If after this count the contact still cannot be established the agent moves on to the selecion mechanisms defined by the Sequence parameter.

Interval between Verification Retries (sec)

The time interval in seconds between each try to contact the parent.

Bandwidth Check Port

Specifies the port number on which the bandwidth is calculated, which is available to the device for downloads from the relay.

Bandwidth Check Frequency (sec)

The delay in seconds between two calculation phase.

Bandwidth Check Duration (ms)

The calculation phase's duration in milli-seconds.

Client Check Frequency (sec)

Defines the interval at which the device verifies with the relay how many devices are currently downloading from the relay in seconds. If set to 0 the client check is disabled.

Share Point Path for Network Install

The path to the network installation point for custom packages. You may define the path as a UNC path with the following syntax: UNC[IPAddress][CustomFiles] , whereby [IPAddress] is the remote device and [CustomFiles] the remote network share. When using an UNC path the Administrator Login and Password must be specified as they is used to perform a Run As on the machine. If the agent is running under a LocalSystem account, this option does not work because this account cannot access network shares.

Share Point Name for Network Install

The path to the network installation point for custom packages. You may define the path as a UNC path with the following syntax: UNC<IPAddress><CustomFiles> , whereby <IPAddress> is the remote device and <CustomFiles> the remote network share. When using an UNC path the administrator login and password must be specified as they is used to perform a Run As on the machine. This option does not work if the agent is running under a LocalSystem account that cannot access network shares.

Share Point Path for Administrative or Network Install

The path to the administrative installation point for MSI packages. You may define the path as a UNC path with the following syntax: UNC<IPAddress><MsiFiles> , whereby <IPAddress> is the remote device and <MsiFiles> the remote network share. When using an UNC path the administrator login and password must be specified as they is used to perform a RunAs on the machine. This option does not work if the agent is running under a LocalSystem account that cannot access network shares. If you are using IPv6 addresses you must use the following format: FD43-0-0-0-8C84-4BAD-D413-DD68.ipv6-literal.net .

Share Point Name for Administrative or Network Install

The name of the administrative installation point for MSI packages.

Administrator Login for Administrative/Network Installation

The login name of the device's administrator who has all necessary access rights to log on to remote devices.

Administrator Password for Administrative/Network Installation

Enter the corresponding password. For security reasons the keyword is only displayed in the form of asterisks (*).

Short Storage Path

Defines if the short or the long storage path for the network and administrative installation is used on the relay. By default this option is set to false (0), meaning the package is stored under the location <RelativePath>/<PackageName.msi>/checksum , whereby <RelativePath> represents the directory structure in the Console under which the package was created. If activated, the package is stored directly under the <RelativePath> directory and a checksum subdirectory is created containing the installpackage.zip file.

Automatically Install Package on Network Share

Defines if the packages are installed on the relay via an administrative and/or network install. At module startup, the relay performs a check on the disk to look for packages that are to be installed on the network share:

  • None : The relay only stores the packages but not install them.
  • Administrative : The respective MSI packages is put on the share as defined in the Share Point Name for Administrative Install parameter and installed on their destination.
  • Network : The respective packages (MSI and custom) is put on the share as indicated in the Share Point Path for Network Install parameter and installed on their destination if they are MSI packages.
  • All : Both network and administrative packages is put on the shares as defined by the Share Point Path parameters above and installed on their destination if they are MSI packages.

Remote Control Module Setup

This step modifies the default Remote Control module parameters.

Parameter

Description

Activate Connection Logging

Defines if administrator connections are to be logged.

Hour(s)

The number of hours of inactivity after which the connection is automatically terminated. This value is mandatory if the Automatic Disconnection parameter is activated.

Minute(s)

The number of minutes of inactivity after which the connection is automatically terminated. This value is mandatory if the Automatic Disconnection parameter is activated.

Second(s)

The number of seconds of inactivity after which the connection is automatically terminated. This value is mandatory if the Automatic Disconnection parameter is activated.

Automatic Disconnection

Specifies automatic disconnection, that is, if the Remote Control is left inactive for a given period of time, the administrator is automatically disconnected.

Activate Remote Control Information in the Log

Defines if logging is enabled, If it is activated, logging is enabled in the agent log file, mtxagent.log.

Host IP Address

Specifies the listen address of the remote control server. This parameter is useful if the target device of the remote control has several network interfaces and the server should only listen on one specific address (Manual address mode). If it is set to &&auto (Automatic detection mode) the server listens on the address 0.0.0.0, which means it is reachable on all its active network interfaces. Be aware that the modification of this parameter requires an agent reboot to be taken into account.

Activate Detailed Logging

Defines the detail level of remote control logging. If activated, logging takes places with maximum information.

Dialog Port

The port at which the local client listens for incoming remote control calls and on which the connection is established.

Install and use the Client Management video driver

Defines if the BMC video driver is to be installed during the rollout to be available for use at remote control connections. Using this driver allows you for example to view the remote cursor and its movements on your screen. If this option is activated it is recommended to reboot the device.

Restart Agent

This step restarts the agent on a local device. It may be used, for example, to start an agent upgrade, which is launched at agent startup, at a specific date and time. The daemon atd must be running on Linux devices for this step to work.

Parameter

Description

Service Name (Windows only)

Defines the name of the service to be managed.

Stored Service Name (Windows only)

If this box checked, the agent is restarted with the name specified at the installation.

Rollout Module Setup

This step modifies the configuration parameters of the rollout module.

Parameter

Description

Max. Number of Simultaneous Devices

The number of devices a rollout can install at the same time.

Rule Synchronization

This step synchronizes the operational rules on the managed devices and the master to make sure none of them got lost.

When the client receives a synchronization request it sends back the list of its own operational rules linked to a checksum. The master then creates an up-to-date list of the device's operational rules and checks these with the received list. If an operational rule on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version of an operational rule exists on the master,that is, the checksums on the master and the client are not identical, an update order is sent to the device; and if a rule is absent on the client but present on the master, then an assignment order is sent to the client device. Any rule which is "paused" is not taken into account. Published operational rules that were already executed, are newly published, but not automatically executed.

Parameter

Description

Proceed with Added Rules

Check this box to check for new rules in the base.

Bypass Transfer Window

Check this box to bypass the transfer window defined for the device. This means that the upload takes place immediately without taking into account any bandwidth definitions. It can only be activated if the Upload after update option is activated.

Proceed with Deleted Rules

Check this box to check for deleted rules in the base.

Proceed with Operational Rules

Check this box to check only for operational rules in the database.

Proceed with Published Rules

Check this box to check for published rules in the database.

Proceed with Software Distribution Rules

Check this box to check only for distribution rules in the database.

Only Check for Not Received Rules

Check this box, if only rules for which the assignment has been sent but after 12 hours still have not been received by the local agent.

Check for Software Distribution Rules

Check this box to check only for distribution rules in the database.

Check for Quick Link Rules

Check this box to check only for Quick Link rules in the database.

Proceed with Updated Rules

Check this box to check for updated rules in the base.

Security Configuration

This step configures the default parameters for secure communication between the agents.

Parameter

Description

Authority Certificate

The authority certificate (CA Cert) to be used for signing the agent certificate if required. By default, the Numara CA is used unless a different CA Cert is configured. The parameter expects a certificate name (without extension) registered in the agent cert store (auth section), such as Numara_ca . This parameter is used on the server side and can also be used on the client side if the server is configured to authenticate the client.

Trusted Authorities

A comma separated list of certificates to be trusted when connecting to a secured server or client. By default, the agent trusts the default Numara CA unless a different list of certificates is configured. The parameter expects a list of certificate names (without extension) registered in the agent cert store (trusted section), for example, Numara_ca, enterprise_ca, startfleet_ca . This parameter is used on the client side as well as on the server, for the device to know if it can trust the answering device by comparing its certificate with the list of trusted certificates, if it does not match the authority certificate.

User Certificate

The user defined final certificate to be used for both the client and server roles. When this parameter is configured the agent ignores any other authority except the ones to be trusted. The parameter expects a certificate name (without extension) registered in the agent certificate store (user section), for example, Numara, enterprise, starfleet .

Access Control

Defines the security when agents communicate with each other, that is, if the Precision Access Control (PAC) handshake is to be used for inter-agent communication:

  • No : as a server, allow PAC connections with client authentication as well as non PAC connections. As client, no PAC connections are required.
  • Securised Send, Receive Both : as server, allow PAC connections with client authentication as well as non PAC connections. As client, only allow PAC connections.
  • Yes : Only allow PAC connections (as server or client).
  • Yes with mutual authentication : Only allow PAC connections (as server or client) with mutual authentication.

Secure Communication

Defines if the agent communicates in secure format. The possible values are:

  • No : With this option the agent accepts both securized and non- securized communication, however it sends only non- securized communications.
  • Securized Send, Receive Both : This value indicates that the agent accepts both securized and non-securized communication, however it sends only securized communications.
  • Yes : When this option is selected the agent only communicates in secure mode, that is, it only receives and sends securized communication.Yes with mutual authentication: With this option the agents communicate in secure mode and in addition authenticate each other via SSL.

SCAP Compliance Module Setup

This step allows to modify the default settings of the parameters of the SCAP Compliance Module.

Parameter

Description

OVAL Directives

This parameter defines the OVAL directives that must be applied to OVAL results. This has an impact on the level of detail for generated XML result files which are temporary files emitted during the scans.

Security Settings Inventory Module Setup

This step modifies the default settings of the parameters of the Security Settings Inventory module.

Parameter

Description

Data File

Specifies the location and name of the security settings inventory .xml file. This file defines all attributes and values which is recovered from the remote clients to set up the custom inventory. The path to the file may be entered as a local path or as a URL such as _

ftp://master/SecurityInventory.xml_

.

Differential Upload

Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory.

Minimum Gap Between Two Uploads (sec)

Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval.

Upload Interval (sec)

Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Upload on Startup

Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules.

Security Products Management Module Setup

This step modifies the default settings for the parameters of the Security Products Management module.

Parameter

Description

Data File

Specifies the location and name of the security products inventory .xml file. This file defines all attributes and values which is recovered from the remote clients to set up the security products inventory. The path to the file may be entered as a local path or as a URL such as _

ftp://master/securityproductsinventory.xml_

. The path is relative to the agent configuration file. You may modify the entry, but be aware, that if you wrongly modify, the security products inventory may not longer work.

Upload Interval (sec)

Defines the upload period for the autodiscovered list in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Minimum Gap Between Two Uploads (sec)

Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval.

Upload on Startup

Defines if the custom inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules.

Differential Upload

Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory.

Additional Anti-Virus Data

Check this box to collect advanced data on installed anti-virus software products (virus definition file date, etc.) and upload them to the Security Products Inventory.

Additional Firewall Data

Check this box to collect advanced data on installed firewall software products (firewall status) and upload them to the Security Products Inventory.

Additional Anti-Spyware Data

Check this box to collect advanced data on installed anti-spyware software products (anti-spyware definition file date, etc.) and upload them to the Security Products Inventory.

Additional Browsers Data

Check this box to collect advanced data on installed browser software products (CERT compliance, etc.) and upload them to the Security Products Inventory.

Selfhealing Module Setup

This step modifies the default settings of the parameter of the Selfhealing module. This functionality is only applicable to Windows and Linux devices.

Parameter

Description

Verification Interval (sec)

Defines the interval in seconds at which the protected applications are verified for their integrity on the local client.

Snapshot Package Module Setup

This step modifies the parameters of the configuration values of the snapshot packages.

Parameter

Description

Maximum Number of Retries

Defines the number of times the publishing process is repeated after a failure before the whole process is declared failed.

Archive File Extension

Defines the type of extension for the package to be created. Be aware that this extension is valid for all packages which are created. If you modify the extension after having created a number of packages already the packager does not recognize the packages with the old extension any more.

Retry Interval (sec)

The retry interval defines the interval at which the step is to effect its retries in seconds.

Software Filter Synchronisation

This step sends the list software inventory filters to the respective devices to be synchronized with the database content.

No parameters need to be defined for this step.

Software Inventory Module Setup

This step allows you to modify the default settings of the parameters of the Software Inventory module.

Parameter

Description

Differential Upload

Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory.

Scanned Extensions

Defines the file types by their extension, which are included in the software directory scan.

Scan Add/Remove Programs

Check or uncheck this box to define if registry entries for the Add/Remove Programs are to be scanned and added for the software inventory update. Be aware that this only checks for software installed for all users; applications installed for an individual user are not inventoried.

Excluded Directories

Enter the directories which are NOT to be scanned to create the list of installed software applications. The separator character between a list of directories is a comma (,). You can also enter the path to the directories as an environment variable enclosed in ${}.

Scan Hidden Directories

Check or uncheck this box to define if hidden directories are to be scanned for the software inventory update.

Included Directories

If you are only scanning Scan Add/Remove Programs but you also want to inventory the applications installed for a user, you must enter here the directory in which they are installed, for example c:/users for Windows 7 systems.

Scan MSI Database

Check or uncheck this box to define if the MSI Windows database is to be scanned for the software inventory update.

Configuration File

Defines the .xml format file used to post process the inventory data, which contains an extensive list of software products available for scanning. The path to the file may be entered as a local path or as a URL such as _

ftp://master/swinvcfg.xml_

.

Update Interval (sec)

Defines the update period in seconds for software inventory scans on the remote machines.

Minimum Gap Between Two Uploads (sec)

Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval.

Upload Interval (sec)

Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory.

Upload on Startup

Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules.

Timer Module Setup

This step defines the general behavior of the Timer module.

Parameter

Description

Take Logged User into Account

Defines if the connected user is to be taken into account when executing an operational rule. By default the rule is executed when the user, who activated the rule in MyApps, is connected. If another user is connected to the device it is not executed.

Transfer Window Synchronization

When the client receives a synchronization request it sends back the list of its own transfer windows linked to a checksum. The master then creates an up-to-date list of the device's transfer windows and checks these with the list it received. If a transfer window on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version of a transfer window exists on the master i.e., the checksums on the master and the client are not identical, an update order will be sent to the device; and if a transfer window is absent on the client but present on the master, then an assign order will be sent to the client device.

This step synchronizes the transfer windows to which the managed devices are assigned and the master to make sure none of them get lost.

Parameter

Description

Check for New Transfer Windows

Check this box to check for new transfer windows in the base.

Check for Deleted Transfer Windows

Check this box to check for deleted transfer windows in the base.

Check for Updated Transfer Windows

Check this box to check for updated transfer windows in the base.

Upload Operational Rule Status

This step uploads the status of an operational rule. This may be useful when the status has been lost.

Parameter

Description

Bypass Transfer Window

Check this box to bypass the transfer window defined for the device. This means that the upload takes place immediately without taking into account any bandwidth definitions. It can only be activated if the Upload after update option is activated.

User Access Module Setup

This step allows you to add an entry to or remove it from the list of users of the User Access module.

Parameter

Description

Login

The login name for a specific user or group of users.

Authentication Type

The Authentication Type is related to the login and can be one of the following categories:

  • Private : Should be used if the user is to log on with a proper name, for example, Scotty, Kirk , etc. A user logged on in this category is required to give a password which is to be defined below.
  • System : If this authentication is used the login and password are verified by the system.
  • Action : If an access is defined as Action, its login and password are verified by the call of the specified action.

Password

Passwords depend on Authentication Type :

  • A Private user login is required to give a password, then to confirm it.
  • If the authentication type is defined as Action , the name of the action which is to be called and which authenticates the login must be entered into the Action Name field. The action defined in this field must exist on the agent to create a valid user login.
  • A System user login does not need any password or other further information. This login is mostly used by system processes.

Action Name

The name of the action which is responsible for processing the authentication. By default this is V64DbAdminCheckLogin .

Order

Specifies the order in which the user access is handled. This order is important, as the Http Protocol Handler goes through this list and accepts the first match it finds.

Operation

Select from the drop-down list the type of operation to be executed on the user access defined above, that is, if it is to be added to or removed from the list of valid user accesses.

Virtual Infrastructure Manager Module Setup

Parameter

Description

Local Inventory Check Interval

Defines the interval in seconds between each upload of the inventory of the local virtual machine and its upload to the master.

WakeOnLan Module Setup

This step allows to modify the configuration settings of the Wake on LAN module.

Parameter

Description

List of wake up devices (format: device1:port1,device2:port2)

The comma separated list of devices elected for the wake-up process. In this case, the registered devices are used as static proxies and the module respects the list order (from left to right). There is no deep check concerning the wake-up devices such as IP address and network mask.

Automatic Wake-up Mechanism

Agents have the capability to monitor the data flow and remember the list of devices for which they are the direct relay. Therefore, modules are able to look up possible devices that share a common subnet with another device to wake up. This option enables the capability to look up this dynamic knowledge base and detect the list of possible wake-up devices. This is the dynamic version of the previous option.

Fallback Wake-up Mechanism

This fallback parameter allows trying a last wake-up mechanism. It is often used when none of the previous mechanisms have succeeded, or if some of them were disabled. The aim is to proceed to the wake-up using a blind method. When set to Unicast the module tries a simple host directed unicast wake-up (a simple UDP packet sent to the exact destination address). When set to Broadcast , the module tries a subnet-directed broadcast (a simple UDP packet sent to the entire network). When set to DirectBroadcast , the module tries a direct broadcast considering the target network address. When set to None , the fallback mechanism is disabled.

Local Wake-up Mechanism

When enabled, the module checks whether the target and itself is part of a common subnet. In that case, the wakeup is performed by the module itself using the subnet broadcast address.

Web Services Module Setup

This step allows you to modify the default settings of the Web API module parameters.

Parameter

Description

Server Port

Defines the TCP port dedicated to the web services.

Windows Device Management Module Setup

This step defines the default settings for managing Windows peripheral devices trying to connect to the managed network devices.

Parameter

Description

Log Events

Specifies if the events that are generated are to be logged on the local database.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments