Agent Configuration steps
Agent Interface Access Configuration
This step defines which tabs of the agent browser interface are accessible and which authentication information is required. For options which are not activated in this step, the predefined default values will be used.
Parameter | Description |
---|---|
Access to "Tools" | Check this box if the access to the Tools pages is to specifically defined:
|
Access to "Inventories" | Check this box if the access to the Inventories pages is to specifically defined:
|
Login for "Inventories" | Check this box if the access to the Inventories pages requires specific login parameters. If this option is not activated the default value (Remote Login) is used:
|
Access to "Privacy" | Check this box if the access to the Privacy pages is to specifically defined:
|
Access to "Maintenance" | Check this box if the access to the Maintenance pages is to specifically defined:
|
Access to "MyApps" | Check this box if the access to MyApps is to be specifically defined:
|
Agent Parameter Setup
This step allows you to define the parameter settings of the BCM agent.
Parameter | Description |
---|---|
Access Control | Defines the security when agents communicate with each other, that is, if the Precision Access Control (PAC) handshake is to be used for inter-agent communication:
|
Secure Communication | Defines if the agent communicates in secure format. The possible values are:
|
Authority Certificate | The authority certificate (CA Cert) to be used for signing the agent certificate if required. By default, the Numara CA is used unless a different CA Cert is configured. The parameter expects a certificate name (without extension) registered in the agent cert store (auth section), such as Numara_ca . This parameter is used on the server side and can also be used on the client side if the server is configured to authenticate the client. |
Trusted Authorities | A comma separated list of certificates to be trusted when connecting to a secured server or client. By default, the agent trusts the default Numara CA unless a different list of certificates is configured. The parameter expects a list of certificate names (without extension) registered in the agent cert store (trusted section), for example, Numara_ca, enterprise_ca, startfleet_ca . This parameter is used on the client side as well as on the server, for the device to know if it can trust the answering device by comparing its certificate with the list of trusted certificates, if it does not match the authority certificate. |
User Certificate | The user defined final certificate to be used for both the client and server roles. When this parameter is configured the agent ignores any other authority except the ones to be trusted. The parameter expects a certificate name (without extension) registered in the agent certificate store (user section), for example, Numara, enterprise, starfleet . |
Block Navigation from Agent User Interface | Check this box if the agent user interface is to be run in the browser's kiosk mode (fullscreen without menus or naviation bar). The installation of an add-on may be necessary to be able to use this mode (for example, with Firefox). |
Strict Agent User Interface Authentication | Indicate ifthe user can apply operational rules assigned to the device without explicit authentication. If the strict authentication mode is disabled the user is able to execute operational rules locally without authentication. Enabling this parameter forces user authentication for all cases. This parameter is ignored for rules that are assigned to users. |
Icon Mode in SysTray (Windows only) | Defines the mode of the icon in the systray. |
Message for New Packages (Windows only) | Indicates if a pop-up must appear if an operational rule is published while the systray is hidden. |
New Advertisment Banner (Days) | Define the length of time in days that the New banner should be shown for operational rules that are newly advertized in MyApps. Setting this number to zero disables the new banner. |
Send alert when an error occured | Check this box if an alert is to be sent to the master when an error is added to the agent log file. |
Application Monitoring Module Setup
The Application Management module manages monitored and prohibited applications through the BCM agents. This step allows you to specify the default settings of application monitoring. This step does not apply to Mac OS systems.
If a reboot is scheduled, you can define the reboot parameters and message, which may also be localized. The logo of the message box may be customized as well. For this you only need to store the following customized images in their exact sizes in the //data//core//res directory of the BCM agent: FullSized.bmp (575 x 575 pixels), MediumSized.bmp (575 x 510 pixels), SmallSized.bmp (575 x 455 pixels), RebootAfterLogOut.bmp (575 x 275 pixels).
Parameter | Description |
---|---|
Verification Interval (sec) | Defines in seconds the interval at which any type of monitored application, that is, monitored and prohibited, are checked. |
Stop Application if Prohibited | Check this box to prohibit applications. This means that applications which are monitored under the respective node is terminated if they are found running on the client. |
Popup Window after Application Termination | Check this box to display a pop-up window on the screen to inform the user that the application he just tried to launch was automatically stopped because it is prohibited. |
Event Creation Delay for Unterminated Monitored Applications (hours) | Specifies the number of hours after which an event is created, even if the launched application has not yet been terminated. In this case the end date of the generated event is the same as the start date. Once the application is terminated a new event is generated with the proper end date filled in. |
Local Image File Path (bmp only) | The name and full path of the image file that is to be displayed in the pop-up window for a stopped application. The image file must be of type .bmp . If the image cannot be found, that is, because it is of another type, or it is too small, the default BMC image is used. If the image is too large it is cropped to fit the window. The default size of the BMC image is 460 x 310. |
Popup Window Message Text | Enter the text that is to be displayed on the remote screen on which the application was stopped. |
Application Synchronization
This step synchronizes applications defined for any type of application management, i.e., to be monitored, prohibited or to be protected, to which the managed devices are assigned.
When the client receives a synchronization request it sends back the list of its own managed applications linked to a checksum. The master then creates an up-to-date list of the device's managed applications and checks these with the list it received. If a managed application on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version of a managed application exists on the master, that is, the checksums on the master and the client are not identical, an update order will be sent to the device; and if a managed application is absent on the client but present on the master, then an assign order will be sent to the client device.
Parameter | Description |
---|---|
Check for Added Applications | Check this box to check for new applications that were added to be managed. |
Check for Deleted Applications | Check this box to check for deleted applications in the base. |
Check for Updated Applications | Check this box to check for updated applications in the base. |
Asset Discovery Module Setup
This step modifies the default settings of the Asset Discovery Module, configuring the settings to execute an asset discovery scan on devices without BCM agent.
Parameter | Description |
---|---|
Excluded IP Address Range | Indicates the device range to be excluded from the previously defined range. The expected format is the same as for the included address range. This makes it possible to disable the scan for sensible devices even when using a short notation concerning the included device range (include: 192.168.1.0/24 and exclude: 192.168.1.255,mailserver,fileserver ). |
Max. Timeout | Fine tunes the low level network packets sending, indicating the maximal time to use for scanning a single host. This allows to abort a device scan when it takes too long. |
IP Address Range | Indicates the device range to be scanned. The expected format is a comma separated list of IP addresses or IP ranges. For instance, IP ranges must be supplied using different notations such as complete address range (192.168.0.0-192.168.5.254 ), a CIDR range (192.168.1.0/24 or 2001:db8:85a3::8a2e:370:152/896 ), a byte range notation (192.168.0-5.0-254 ) or single named devices (DNS, NetBIOS).nIt is strongly recommended not to specify complete subnet IPv6 address ranges, scanning these is extremely time consuming. |
Hardware Inventory | Defines if a hardware inventory is to be executed on the remote device. |
Software Inventory | Defines if a software inventory is to be executed on the remote device. |
Max. Inventory Timeout | Indicates the global timeout for the whole session. The special value of 0 can be used to deactivate this option, that is, there is no timeout limit for the duration. Otherwise, the scan is aborted once the threshold value has been reached. The value is an integer followed by s for seconds or m for minutes or h for hours. |
Parallel Script Count | The maximum number of scripts that can be executed simultaneously, possible values for this are Low - 5 simultaneous scripts, Normal - 10 simultaneous scripts and High - 20 simultaneous scripts. |
Upload Policy | Indicates how and when to process the information upload. When set to Immediate Upload , the module uploads the inventories as soon as they are supplied by a scan. When set to Upload at Scan End , the inventories is uploaded when the scan is completed or aborted (except if the abort operation indicates not to upload). When set to No Upload , the module does not upload the inventories at all until specifically called for via the operational rule step. |
Use Nmap for Port/OS Detection | Defines if BCM, if installed, is used to detect the ports and operating system of the remotely inventoried device. |
Nmap Installation Path | Contains the relative installation path to the BCM software, relative to the agent installation directory, for example, ../bin if it is located in the bin directory of the agent. |
Prevent NMAP from sending IGMP paquets on the network | Check this box if some of your network devices have problems with IGMP traffic. In this case BCM is prohibited from sending IGMP paquets on the network. |
Asynchronous Actions Module Setup
This step modifies the asynchronous module parameters.
Parameter | Description |
---|---|
Number of threads | Enter the number of threads to use for asynchronous calls |
Retry Delay (Priority 0) | Enter the retry interval for calls of priority 0 in seconds (highest priority, currently not in use) |
Retry Delay (Priority 1) | Enter the retry interval for calls of priority 1 in seconds (used for operational rule status and identity uploads) |
Retry Delay (Priority 2) | Enter the retry interval for calls of priority 2 in seconds (used for operational rule assignments) |
Retry Delay (Priority 3) | Enter the retry interval for calls of priority 3 in seconds (currently not in use) |
Retry Delay (Priority 4) | Enter the retry interval for calls of priority 4 in seconds (lowest priority, currently not in use) |
Prefer IP Addresses | Determines whether the identification for communication between the agents and with the master is effected via the agents' IP addresses or over their host names. This is to facilitate networking in environments that do not have DNS name resolution in place. |
Time to Live (sec) | In order to prevent non-transferable data from remaining eternally in the queue, each object is assigned a specific time that it may stay in the queue and wait to be passed on its way to its destination. This Time To Live (TTL) for each object in seconds is displayed in this field. |
Min Purge Delta Time (sec) | The minimum interval (in seconds) between two cleanup operations of the asynchronous actions database of all actions called since the last purge. |
Maximum Action Count | The maximum number of actions that can be stored. The module refuses all incoming remote actions until the number of stored actions drops below this value. |
Maximum File Count | The maximum number of files that can be stored. The module refuses all incoming remote files until the number of stored files drops below this value. |
AutoDiscovery Module Setup
This step allows to modify the default settings for the parameters of the AutoDiscovery module.
Parameter | Description |
---|---|
Address Range | The list of addresses to be verified. The IP addresses can be listed in the following different notations:
|
Can Learn | If set to true, this value specifies if the agent can get other agents' autodiscovered devices in order to establish its list. |
Fast Address Verification Interval (sec) | Defines a fast search option to find the client's relay. If the list of devices is empty, the Fast Address Verification Interval value is used to verify devices until the Scan Count value is reached and all devices have been verified or a relay was found. If the client has a relay the Address Verification Interval value is used. If the IP address is modified, the Fast Address Verification Interval value is used to verify devices. The option is deactivated if the value is set to the same value as the Address Verification Interval value. As long as the AutoDiscovery is at the research for the device's relay, the Parent Selection Retry Interval to find the backup server is ignored. |
HTTP Port Range | The range of ports to scan for an agent HTTP server. All specified port ranges is scanned for ALL listed IP address ranges! If no port range is specified only default ports 1610 and 8080 is scanned. |
Maximum Device Age (sec) | The maximum age in seconds for an entry in the device list. This displays the maximum time a device can stay in the list of devices after last being verified. |
Maximum Hop Count | The number of routers between the device providing the list and the device being read. The hop count is determined at discovery time using the ping. It provides an indication of the distance between the two devices and is used at the time of relay selection to sort the devices which are farther to the end of the list of relays being contacted. For example, all devices on the same LAN segment have a hop count of 0 as they can contact each other directly. |
Number of Neighbors | Defines how many neighboring addresses to scan. The default value is 10, meaning 5 addresses below the device's own address and 5 addresses above it. |
Only Learn Relays | Defines if the complete list of autodiscovered devices is sent to the master or if only the list of relays is uploaded. |
Operating System Detection | Specifies if the operating system is discovered on the device found by AutoDiscovery. |
Same Network Only | Specifies if devices found on other networks are to be accepted. The possible values are the following:
|
Scan Count | Each time scan count addresses have been verified, the module refreshes the list of addresses to verify by using the Address Range, Number of Neighbors and Use Network Neighborhood settings. |
Timeout (sec) | The timeout in seconds for pings. |
TCP Port Range | The range of ports to scan for a TCP connection. This is used in place of ping when raw sockets are not available. All specified port ranges is scanned for ALL listed IP address ranges! If no port range is specified only default ports 23, 25 and 139 is scanned. Each port range can consist of:
|
Upload AutoDiscovery Objects | Defines if the objects discovered by the AutoDiscovery are uploaded. |
Upload Interval (sec) | Defines the upload period for the autodiscovered list in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Upload on Startup | Defines if the autodiscovered list is uploaded to the master after being updated the first time on agent startup. It is not recommended to activate this option as, depending on the size of your network, this might be a very time and resource consuming process. |
Use Network Neighborhood | Defines whether the network neighborhood should be used to get machine names and addresses. |
Address Verification Interval (sec) | The gap in seconds between each address verification. |
Cisco NAC Module Setup
This step allows you to modify the configuration settings of the Client Management-Cisco NAC module.
Parameter | Description |
---|---|
Notify Cisco agent on change of device status | Defines if the Cisco agent is informed if the 'compliancy' status of a network device changes. |
Custom Inventory Module Setup
This step modifies the default settings of the parameters of the Custom Inventory module.
Parameter | Description |
---|---|
Data File | Specifies the location and name of the custom inventory .xml file. This file defines all attributes and values which is recovered from the remote clients to set up the custom inventory. The path to the file may be entered as a local path or as a URL such as _ ftp://master/custominventory.xml_. The path is relative to the agent configuration file. You may modify the entry, but be aware, that if you wrongly modify, the custom inventory may not longer work. |
Upload Interval (sec) | Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Minimum Gap Between Two Uploads (sec) | Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval. |
Upload on Startup | Defines if the custom inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules. |
Differential Upload | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory. |
Custom Package Module Setup
This step modifies the parameters of the configuration values of the custom packages.
No parameters need to be defined for this step.
Event Log Manager Module Setup
This step allows to modify the default settings for the parameters of the Event Log Manager module.
Parameter | Description |
---|---|
Enable Aggregation of Persistent Events | Defines whether aggregation of the events generated for the monitored models is enabled. This value is global for all the managed event log models. Aggregation computes automatic models content so disabling this option is recommended if such models should not be handled. |
Minimum Upload Gap between Identical Alerts (min) | Defines the minimum interval between two same alerts that needs to pass before another alert is sent in minutes. |
Enable Upload of Persistent Events | Defines whether the upload of the events generated for the monitored models is enabled. This value is global for all the managed event log models. When upload is executed for a model (automatically using model policy or manually using an operational rule), the module checks this value. If it is disabled, all events up to the current date are not be uploaded. This prevents huge amounts of events to be uploaded on activation. |
Event Manager Module Setup
This step defines the configuration settings of the Event Manager module on the local clients
Parameter | Description |
---|---|
Upload Events | Specifies if events are uploaded from the client to the master database. |
File Store Module Setup
This step modifies the default settings for the parameters of the File Store module.
Parameter | Description |
---|---|
Archive Type | Defines the type of archive to use for packing the files for upload. |
Concatenation Mode | Defines if the file concatenation mode is active for the upload and if yes which one is used. Automatic concatenation means that all files to be uploaded are packed into one archive file and uploaded, manual concatenation indicates that all files are packed to be uploaded as in automatic with the exception of those specified in the Excluded File Types parameter which are uploaded separately. |
Enable Dialup Downloads | Specifies if downloads are authorized via a RAS (Remote Access Service) connection (Windows devices only). If the value is set to false, then if a dialup connection is detected, the FileStore does not download any information such as inventory. It still receives information about files being available on its relay but it does not make any attempts to download them. Note that on a system which has a LAN connection AND a Dialup connection active at the same time, the module considers itself in dialup mode and behave as described above. |
Enable Dialup Uploads | Specifies if uploads are authorized via a RAS (Remote Access Service) connection (Windows devices only). If the value is set to false, then, if a dialup connection is detected, the FileStore does not upload any information such as inventory. It is still receiving information about files being available on its relay but it does not make any attempts to download them. Note that on a system which has a LAN connection AND a Dialup connection active at the same time, the module considers itself in dialup mode and behave as described above. |
Excluded File Types | This field is only required for manual concatenation and lists all types, separated with a comma (,), which are to be uploaded separately. |
Check for Available Free Space before Downloading a Package | Check this box if the agent is to verify if there is enough disk space available before actually downloading the package. If not enough space is available an error is logged. |
Frame Size (Bytes) | Defines the frame size of the network type which the device uses for communication. This parameter must only be modified for devices using non-Ethernet networks, such as token ring, frame relays or ATM networks. |
Immediate Start of Notification Request Process | Defines if the thread is to be launched without its initial pause. |
Max. Size for Package Conservation (MB) | Defines the maximum size that a package may have to be stored in the database in MB. If a package is larger than the indicated value it is stored until no more devices are in its target list and then it is deleted. If all packages are always to be kept and this option is to be deactivated enter 0 into this field. |
Maximum Number of Files to Concatenate | Defines the maximum number of files that can be concatenated. |
Multicast Transfer Address | Defines the range of multicast IP address. The server scans the address range and then uses the first available address for the multicast. The address range must be within the following range: 238.4.4.1 and 238.4.4.100 . |
Multicast Block Size (Bytes) | Defines the rate used for data transfer. The value must be increased as the transfer rate increases. The default value (16384 byte) is the optimum value for a 128Kb/s transfers. The minimum value is 1024, the maximum 65535. |
Multicast Differential Retry | Specifies if differential package retry is to be used. If activated only those frames that have not yet been received by the client are re-transferred. The differential retry is recommended for a smaller number of target clients (<50). |
Multicast Minimum File Size (Bytes) | The minimum file size for a multicast transfer in bytes. |
Multicast Minimum Requests | Specifies the minimum number of answers from target clients before launching a multicast transfer. If the number of answers is below the fixed threshold the file is sent unicast to the targets. |
Multicast Listen Port | Defines the multicast port. |
Multicast Retry Number | The number retries to transfer the file. This parameter is reinitialized at each wave of clients. |
Multicast Minimum Success Rate (%) | Defines the minimum success rate in percent from which on the transfer is stopped. This parameter is reinitialized at each new wave of clients. To ensure that the retries continue throughout the network as long as possible, this value must be set very high, such as between 85 and 95% per wave of clients. |
Multicast Transfer Delay (sec) | The delay in seconds before the notification is sent and before sending multicast data. This delay is based on the network resources as well as on the number of clients waiting for distribution. It allows the clients to demand the file from the relay. |
Multicast TTL | The multicast Time To Live, that is, the maximum number of nodes the frames can pass before arriving on the target. Set to 1 for local networks up to 255 for worldwide network. To deploy to a national network 32 nodes should be enough. |
Unicast Recovery on Multicast Failure | Defines if unicast recovery is to be done if the multicast delivery fails. |
Copy from Repository to File Store | Defines if the package is copied into the FileStore. If the option is deactivated this means that the medium on which the package is stored must be available on the relay until the last target has collected and installed the package. |
Package Repository Path | Defines the path to the storage location of referenced packages on the relay, for example, D:Packages , D being the local CD/DVD or USB drive. It is also possible to list more than one path, each path separated by a comma (,) from the next. |
Synchronize Packages at Startup | Check this box if the packages are to be synchronized at every startup of the agent. Package synchronization allows a device to send its current list of packages it is assigned to as well as their checksum. The master compares the checksum and if it is different to its own, it sends the master list of packages to the device. In this case the local agent compares its list of packages assigned to the device with the master list and updates it accordingly by deleting the unassigned packages and adding the newly assigned ones. |
Minimum gap between two automatic synchronizations (sec) | Defines the minimum interval in seconds at which the package synchronizations are to be done. This means that if a default synchronization is executed at 23:00 at night and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11 am even if the agent is started/restarted before, as the interval is fixed for 12 hours minimum. |
Package TTL (days) | Defines the Time To Live in days for package files relative to the last time the respective package was asked for by a client. This option is also applicable to the rollout post install files which are kept as a .zip file on the file store. |
Prefer IP Addresses | Determines whether the identification for communication between the agents and with the master is effected via the agents' IP addresses or over their host names. This is to facilitate networking in environments that do not have DNS name resolution in place. |
Pull Timeout (sec) | The time to wait in seconds for the pull thread if it did not manage to contact our relay. Note that this timeout is randomised between (value - (value/2)) and (value + (value/2)) to smooth the relay load. |
Push Timeout (sec) | The time to wait in seconds for the push thread if it did not manage to contact the relay. Note that this timeout is randomised between (value - (value/2)) and (value + (value/2)) to smooth the relay load. |
Queue Delay (sec) | Defines the interval in seconds between each check of the queue of objects to move. |
Request for Notifications Interval | Defines the interval in seconds which may elapse without communication from the relay after which the client re-activates its RequestThread to inquire for new notifications from the relay. After the first received notification, the thread is deactivated. |
Timeout (sec) | The time to wait in seconds before a file transmission which has failed may be resent. |
Threshold for Downloads (bit/sec) | Determines whether downstream transfers are blocked if a connection (whatever its type) is too slow. The thresholds must be indicated in bits/s such that 10000000 means 10Mbits/s. |
Threshold for Uploads (bit/sec) | Determines whether upstream transfers are blocked if a connection (whatever its type) is too slow, 0 means no restriction is imposed on interface speed. The thresholds must be indicated in bits/s. |
Time to Live (sec) | In order to prevent non-transferable data from remaining eternally in the queue, each object is assigned a specific time that it may stay in the queue and wait to be passed on its way to its destination. This Time To Live (TTL) for each object in seconds is displayed in this field. |
Trusted Address | Defines a number of IP addresses from which the local agent is to accept communication in addition to its relay. This allow NAT and VPN communication to work within in the network and the BCM agent, as it recognizes VPN addresses also. Trusted addresses may be entered as single IP addresses or in form of address ranges:
|
Hardware Filter Synchronisation
This step sends the list hardware inventory filters to the respective devices to be synchronized with the database content.
No parameters need to be defined for this step.
Hardware Inventory Module Setup
This step modifies the default settings of the parameters of the Hardware Inventory module.
Parameter | Description |
---|---|
Differential Upload | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory. |
Configuration File | Defines the path of the hardware inventory configuration file. The path is relative to the agent configuration file. You may modify the entry, but be aware that if you wrongly modify the inventory may no longer work. |
Minimum Gap Between Two Uploads (sec) | Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval. |
Upload Interval (sec) | Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Upload on Startup | Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules. |
Identity Module Setup
This step modifies the default settings for the parameters of the Identity module.
Parameter | Description |
---|---|
Check Identity Time (sec) | Defines the interval in seconds at which the device's identity is verified via its IP address and GUID. |
Launch Script if IP Address Changes to 127.0.0.1 | Defines if the script is also to be executed for the 127.0.0.1 address. |
Execute Script on Changed IP | Check this box to execute a specific script when the agent is launched for the first time and every time the IP address of the agent's device is changed. |
Short Identity Time (sec) | A special short timer which is setup and executed once after startup to make sure each object is registered in the database right away. This timer can be disabled by setting it to 0. |
Identity Time (sec) | Defines how often a device is to send its identity up to its parent relay. |
User Time To Live (h) | Defines the time to live of the user record in hours. Every detected user entry with a detection time older than this threshold is removed. |
Primary User Period (h) | Indicates the period in hours to use for computing the primary user. |
Load/Unload Module
This step unloads and reloads modules that are required for the correct functioning of the agent, such as Identity and File Store. You need to make sure that these modules are immediately reloaded after being unloaded, otherwise the BCM agent will stop working.
Modules in Client Management are responsible for a certain functionality in the product. This step loads and activates or unloads specific modules at agent startup. Only one module can be loaded per step.
Parameter | Description |
---|---|
Activate | Defines if the module is to be directly activated at agent startup. |
Module Name | Select the name of the module to be loaded. |
Persistent | Check this box if the module is to be loaded at every startup. If this option is not checked it is only loaded once after the execution of the step. |
Logging Configuration
This step configures the default parameters for agent logging for all log files.
Parameter | Description |
---|---|
Output File | Defines the path to the log file relative to the installation directory:
|
List to Load First | Defines if the debugging is executed according to the principle of everything being disabled with some exceptions or everything being enabled with some exceptions. This system is defined through two lists, the Disable List and Enable List , which are explained following. |
Enable List | A comma separated sequence of message filter names which are to be output to the log file. The special character * means all possible values, an empty string disables the list. |
Disable List | A comma separated sequence of message filter names which are to be filtered from going to the log file. The special character * means all possible values. By default the disable list is applied AFTER the enable list and so has a higher precedence. |
Displayed Types | A comma separated list of debug message types which are to be output to the log file. The special character * means all possible values. |
Maximum Agent Log Size (Byte) | The maximum size of the log file in bytes. When the output file size reaches this limit, it is deleted and a new file of the same name created to start again. If the output file is stdout this setting has no effect. If set to 0 or not specified at all, there is no limit check on the size of the file. |
Maximum Agent Log File Count | Maximum number of log file backups to keep. As a log file hits its maximum size it is copied to a backup file with an incrementing integer index. When the number of backups hits this limit, backup number 1 is removed and all the others are renumbered down. |
Agent Log Clean Start | Defines if the specified log file is to be backed up at each start of the agent. If enabled the log file specified in Output File is backed up at agent start time. |
Maximum Audit Log File Size (Bytes) | Controls the maximum size of the audit log file in bytes. When the output file size reaches this limit, it is deleted and a new file of the same name created to start again. If the output file is stdout this setting has no effect. If set to 0 or not specified the limit is the value of the Maximum Agent Log Size entry. |
Maximum Audit Log File Count | Maximum number of audit log file backups to keep. As a log file hits its maximum size it is copied to a backup file with an incrementing integer index. When the number of backups hits this limit, backup number 1 is removed and all the others are renumbered down. |
Audit Log Clean Start | Defines if the specified audit log file is to be backed up at each start of the agent. |
Time Format | A formatting string used to format the timestamp part of the logged output. This field may however contain any string of characters the administrator deems appropriate and the variables may be ordered in any desired way. The variables this entry may contain are the following: %y for the year part of the timestamp with 4 digits, for example, 2004, %m for the month as its number, for example, 01 for January and 12 for December, %d for the day of the month, %H for the hour indication, %M for the minutes of the hour and %S for the seconds of the minute. |
Column Separator | The separator character between the columns in the output. If no value is supplied, the output is padded out for readability. If a value is supplied, no text padding is done. |
Send alert when an error occured | Check this box if an alert is to be sent to the master when an error is added to the agent log file. |
MSI Package Module Setup
This step modifies the parameters of the configuration values of the MSI packages. This step is only applicable to Windows systems.
Parameter | Description |
---|---|
Maximum Number of Retries | Defines the number of times the publishing process is repeated after a failure before the whole process is declared failed. |
Manual File Upload
This step uploads the files awaiting transfer in the file store.
No parameters need to be defined for this step.
Master Information Configuration
This step allows the administrator to modify the master configuration on all agents if the one of the master parameters listed in this step changed, i.e., to update the IP address or the port number of the master.
Be aware that a large part of the functionalities may no longer work, if any of the below entered information is incorrect.
Parameter | Description |
---|---|
Master Port for Console | Enter the new port number of the master to which the console connects. It is recommended to not use the standard communication ports between the agents and the master, for example, 1610 for the console connections to avoid overloading this port. |
Master GUID | Enter the new GUID of the master. |
Master Name or IP Address | The master name in form of its short or long network name or its IP address in dotted notation. |
Master Port | Enter the new port number of the master if it was changed. |
Master Port for MyApps | Defines the port number on which the agent is to connect to the master for MyApps. It is recommended to not use the standard communication ports between the agent, master and console, for example, 1610 and 1611 , for MyApps connections to avoid overloading these ports. |
Non-intrusive Reboot Mode Configuration
This step allows the administrator to define the settings for a non-intrusive reboot after an operational rule or patch installation reboot request. A non-intrusive reboot groups reboot requests to one reboot at the end instead of individually executing them when they arrive.nObjects in Client Management, such as operational rules of patch jobs or groups, can be executed in parallel or sequentially. Many of these objects require rebooting the device on which they are executed. If there are a number of them executed one after the other, users on these devices may be disrupted quite often for the required reboots. The non-intrusive reboot makes an object wait for a specified amount of time after execution in which another object requiring a reboot could arrive. If this is the case the first object cancels its reboot and waits for the second object to terminate and use that reboot. If no other object arrives during the specified timeframe, the device is rebooted.nWith this step you can define how long the object is to wait for another object to arrive as well as the total number of reboots per day. In this case, if this value is set to 2 and these two reboots have already happened and another object requiring a reboot arrives, the object is run, but its reboot has to wait until the next day.
Parameter | Description |
---|---|
Non-intrusive Reboot Mode | Check this box if the reboot requested by an operational rule or a patch installations is to be effected in a non-intrusive way. If activated, any rule or patch waits after its execution for a specified amount of time for another object to arrive to combine their required reboot requests into one. If no other rule or patch arrives, the device is rebooted as defined. |
Reboot Interval | Defines the waiting time in seconds that the agent waits after receiving the reboot command and executing it. |
Max. Number of Reboots | Specifies the maximum number of times a device can be rebooted per day. The default value is 2 reboots per day, 99 is the maximum number of times a device can be rebooted per day. 0 deactivates this option, that is, the device is not rebooted, even if a patch requests it or it is assigned a reboot window; all reboots must be launched manually. |
Synchronize at Startup | Check this box if the reboot windows are to be synchronized at every startup of the agent. Reboot window synchronization allows a device to send its current list of reboot windows it is assigned to as well as their checksum. The master compares the checksum and, if it is different to its own, it sends the master list of reboot windows to the device. In this case the local agent compares its list of reboot windows assigned to the device with the master list and updates it accordingly by deleting the unassigned reboot windows and adding the newly assigned ones. |
Additional Automatic Synchronization Hour | Enter here the hour at which an additional reboot window synchronization is to be effected, that is, the comparison of locally available reboot window with the reboot window master list. The format is 24-hour format, for example, 23 for 11 pm . |
Minimum Gap between Two Automatic Synchronizations (sec) | Defines the minimum interval in seconds at which the reboot window synchronizations are to be done. This means that if a default synchronization is executed at 23:00 at night and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11 am even if the agent is started/restarted before, as the interval is fixed for 12 hours minimum. |
Operational Rule Module Setup
This step allows the administrator to modify the parameters of the operational rules module.
Parameter | Description |
---|---|
Automatic Status Upload | Defines if the current status of the operational rule is automatically updated. If the option is deactivated, no status value is updated, however status actualization may still be done via the Update Operational Rule step or via an operational rule synchronization. |
Failed to check the chronological dependencies if the rule execution is failed | Check this box if an operational rule that depends on another rule is not executed if the rule it depends on does not have the status Executed OK . If this option is not activated, the depending rule is executed even if the first rule's execution failed. |
Delete Package after Successful Distribution | Check this option, to delete the package on the client (to free up disk space) once the software distribution has executed successfully. |
Recreate Local Database If Integrity Check Fails | Defines the actions to be executed if the database check fails at agent startup due to its corruption. If activated the local database is recreated and the master reassigns all operational rules for the concerned devices, depending on the settings defined in the system variables (Automatic reassignment of all general operational rules if the local database is corrupted and Automatic reassignment of all software distribution rules if the local database is corrupted). Otherwise the database is not recreated and the master does not perform any action. If this case occurs the module is executed in suspend mode, which means amongst others that no status values is updated anymore and no synchronizations be performed. |
Activate Operational Rule Publication for Users | Defines if rules may be published to users. If activated, the module checks on the master if rules are available to be published to a user, otherwise rules are not published. |
Output File | Defines the path to the log file relative to the installation directory:
|
Maximum Log File Count | Maximum number of log file backups to keep. As a log file hits its maximum size it is copied to a backup file with an incrementing integer index. When the number of backups hits this limit, backup number 1 is removed and all the others are renumbered down. |
Maximum Log File Size (bytes) | Defines the maximum size of the log file in bytes. |
Enable Simultaneous Rule Execution | Defines if operational rules may be executed in parallel mode. |
Resume Rule Execution at Startup | Defines if any not terminated operational rule is to be continued after a restart of the client. |
Status Interval (sec) | The interval in seconds at which the status values of the operational rules are updated. Any file which has is not yet in transfer is requested again. |
Check for Added Rules | Check this box to check for new rules in the base. |
Synchronize at Startup | Check this box if the operational rules are to be synchronized at every startup of the agent. Operational rule synchronization allows a device to send its current list of operational rules it is assigned to as well as their checksum. The master compares the checksum and, if it is different to its own, it sends the master list of operational rules to the device. In this case the local agent compares its list of operational rules assigned to the device with the master list and updates it accordingly by deleting the unassigned operational rules and adding the newly assigned ones. |
Check for Deleted Rules | Check this box to check for deleted rules in the base. |
Minimum Gap between Two Automatic Synchronizations (sec) | Defines the minimum interval at which the synchronizations are to be done. This means that if a default synchronization is executed at 23:00 with a minimum interval of 12 hours and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11:00 am even if the agent is started/restarted before. |
Only Check for Not Received Rules | Check this box if only those rules are to be synchronized, for which the assignment was sent but after 12 hours still was not received by the local agent. |
Check for Operational Rules | Check this box to check only for operational rules in the database. |
Check for Software Distribution Rules | Check this box to check for distribution rules only in the database. |
Check for Published Rules | Check this box to check for published rules in the database. |
Additional Automatic Synchronization Hour | Enter here the hour at which an additional synchronization is to be effected, that is, the comparison of locally available operational rules with the operational rules master list. The format is 24-hour format, for example, 23 for 11 pm . |
Check for Updated Rules | Check this box to check for updated rules in the base. |
Package Synchronization
When the client receives a synchronization request it sends back the list of its own packages linked to a checksum. The master then creates an up-to-date list of the device's packages and checks these with the list it received. If a package on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version exists on the master i.e., the checksums on the master and the client are not identical, an update order will be sent to the device; and if a package is absent on the client but present on the master, then an assign order will be sent to the client device. Any packages which is 'paused' will not be taken into account.
This step synchronizes the packages on the managed devices and the master to make sure none of them got lost.
Parameter | Description |
---|---|
Bypass Transfer Window | Check this box to bypass the transfer window defined for the device. This means that the upload takes place immediately without taking into account any bandwidth definitions. It can only be activated if the Upload after update option is activated. |
Patch Management Module Setup
This step modifies the default settings of the parameters of the Patch Management module.
Parameter | Description |
---|---|
Archive Type | Defines if the patch packages are to be of type zip or pkg. |
Block Patch Installation | Check this box to prepare the patch installation on all targets of the group for execution, without launching the installation itself. |
Knowledge Base Update Delay from Parent (sec) | Defines the interval in seconds between the automatic update of the Knowledge Base on all BCM devices apart from the master. If the value is set to 0, the automatic update functionality is deactivated. To update the local Knowledge Base at the defined interval the clients asks its direct parent if a newer version is available and, if yes, requests its download. |
Knowledge Base Internet Download Delay (sec) | Defines the delay in seconds at which the Knowledge Base is automatically downloaded and updated to a Patch Manager. This value is only applicable to the Patch Manager, for all other devices this value should be set to 0 to deactivate the option. The Knowledge Base is only downloaded if it is of a newer version than the version currently available on the Patch Manager or if the Force Parse parameter is activated. |
Update Knowledge Base at Startup | Defines if the local agent verifies with the master if its Knowledge Base is up-to-date at agent startup and, if this is not the case, downloads it. |
Interval Before Patch Inventory Update (sec) | Defines the delay in seconds to wait for a possible update to arrive before any operations, such as a patch inventory or a patch installation, are executed. |
Differential Upload | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory. |
Download Retry Interval (sec) | Defines the interval in seconds between each retry for the patch download. |
Download Retry Count | Specifies the number of retries for a patch download. |
Path for Local Patch Repository | Indicates a local path which the patch module checks if the patch to be downloaded is already available locally there before actually downloading it from the Internet. |
Patch Process Interval (sec) | Manages the patch module thread execution, defining the interval in seconds at which requests on the database are executed. |
Patch Time To Live (sec) | Defines the Time To Live in seconds for patch package files relative to the last time the respective package was asked for by a client. If the value is set to 0 the option is deactivated, that is, the patch packages are never deleted. |
Upload New Inventory if New Version is Detected | If a new version of the Knowledge Base is detected on the Patch Manager, it automatically launches a new patch inventory scan via the respective operational rule and uploads the results. |
Scan Machine On Startup | Defines if the device is scanned for the current patch situation at agent startup. |
Archiving of Downloaded Patches after Publication | Defines if the patches are stored in the download directory of the Patch Manager after the patch custom package was created and successfully published to the Master. If the option Move is selected, you need to fill in the following field Path for Local Patch Repository which defines the path to the local storage location. |
Synchronize at Startup | Check this box if the patches are to be synchronized at every startup of the agent. Patch synchronization allows a device to send its current list of patch groups it is assigned to as well as their checksum. The master compares the checksum and if it is different to its own, it sends the master list of patch groups to the device. In this case the local agent compares its list of patch groups assigned to the device with the master list and updates it accordingly by deleting the unassigned patch groups and adding the newly assigned ones. |
Minimum Gap between Two Automatic Synchronizations (sec) | Defines the minimum interval in seconds at which the patch synchronizations are to be done. This means that if a default synchronization is executed at 23:00 at night and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11 am even if the agent is started/restarted before, as the interval is fixed for 12 hours minimum. |
Additional Automatic Synchronization Hour | Enter here the hour at which an additional patch synchronization is to be effected, that is, the comparison of available patches with the patch master list. The format for this entry is 24-hour time format, for example, 23 for 11 pm . |
Minimum Gap Between Two Uploads (sec) | Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval. |
Upload Installed Patches | Check this box to also upload the list of patches and service packs that are already installed on the device. |
Upload Interval (sec) | Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Upload on Startup | Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules. |
Patch Installation Timeout (sec) | The maximum time in seconds that a patch has to install on the target. If the patch has not finished its installation within the defined timeframe its installation is aborted. The patch is then added at the end of the list of all patches to install and retry installing after all others at the next patch installation process. |
Patch Synchronization
Clients that are members of patch groups receive a list containing all the patches they will receive for installation. This step allows the master to verify that all clients have the most up-to-date list and if this is not the case, to update it.
No parameters need to be defined for this step.
Power Management Module Setup
This step modifies the parameters of the Power Management module.
Parameter | Description |
---|---|
Differential Upload | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory. |
Log Events | Specifies if the events that are generated are to be logged on the local database. |
Minimum Gap Between Two Uploads (sec) | Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval. |
Upload Interval (sec) | Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Upload on Startup | Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules. |
Reboot Window Synchronization
This step synchronizes the reboot windows on the managed devices and the master to make sure none of them got lost.
No parameters need to be defined for this step.
RPM Package Module Setup
This step modifies the parameters of the configuration values of the RPM packages.
Parameter | Description |
---|---|
Maximum Number of Retries | Defines the number of times the publishing process is repeated after a failure before the whole process is declared failed. |
Archive File Extension | Defines the type of extension for the package to be created. Be aware that this extension is valid for all packages which are created. If you modify the extension after having created a number of packages already the packager does not recognize the packages with the old extension any more. |
Retry Interval (sec) | The retry interval defines the interval at which the step is to effect its retries in seconds. |
Relay Module Setup
This step modifies the default settings for the parameters of the Relay module.
Parameter | Description |
---|---|
Is Enabled | Defines if the current device is a relay. If the relay functionality is deactivated the device is only a simple client. |
Parent Name | The name of the direct parent to which the target device is to be connected. This is either the master or the new device's relay on the next higher level. The name may be entered as the short or long network name, that is, scotty or scotty.enterprise.com or as its IP address in dotted notation, that is, 192.168.1.1 or 2001:db8:85a3::8a2e:370:7334 . You may also select the parent from the list of available devices by clicking the Add Device icon and selecting the desired parent from the appearing list. |
Parent Port | The port number of the relay of the currently selected remote device on the next higher level. |
Tunnel to Parent | Defines if the agent creates and maintains a tunnel with its parent. Be aware that Auto Detection has a slight impact on the performance. Use Yes if the network configuration is such that the relay cannot directly connect to its clients. |
Tunnel Compression Level | Defines compression level to use when building a tunnel to the parent, the possible values range from 0 to 9, 0 meaning no compression and 9 the highest compression. |
Child IP Address Range | The IP address range in which the children below the currently selected device may be found if it is enabled as a relay. If a client outside the IP range specified here, tries to define this device as its relay, it is rejected. The addresses may be entered as single IP addresses or in form of address ranges:
|
Rejected Relays | Defines a list of clients, which are NOT to be used as a relay for other clients, such as the master server or other specific devices. The devices may be listed with their short or long network names, such as scotty or scotty.enterprise.com or their IP address in dotted notation. The field may also contain a range of devices in the form of 192.1.1.1-192.1.1.4,2001:db8:85a3::8a2e:370:152-896,kirk,scotty or 192.1.1.1-kirk or kirk-scotty . |
Auto-select Enabled | Defines if the device is set to check automatically for its parent relay. |
Parent Selection Retry Interval (sec) | The number displays the interval in seconds at which the client tries to locate the parent relay it belongs to. This parameter is used in two cases: If the parameter Auto-Select Enabled is active and if a backup relay has been set. |
Reselection Interval (sec) | Defines the interval in seconds between attempts at selecting a 'better' parent than the current one. This selection is done even if the current parent is contactable. This option is disabled if the value is set to 0 or if currently no parent is connected. |
List of Backup Relays | A list of backup parents to be scanned if during the auto selection no suitable parent is found through AutoDiscovery. The format is host1:port1,host2:port2, etc. Host 1 is the closest alternative to the regular relay and the last host listed is typically the master. The host name can be entered either as its long or short network name, for example, scotty or scotty.enterprise.com or as its IP address in dotted notation, for example, 192.168.56.4 or 2001:db8:85a3::8a2e:370:7334 . If the port number is not listed the default port 1610 is assumed. |
Execute Script at Connection to Backup Relay | Allows to execute a specific Chilli script every time when a connection is established with a backup relay. Enter here the absolute path to the Chilli script. |
Execute Script at Disconnection from Backup Relay | Allows to execute a specific Chilli script every time when the connection with a backup relay is terminated. Enter here the absolute path to the Chilli script. |
Parent Verification Retry Count | The number of times a device tries to contact the device defined as its parent, if the contact cannot be established at the first try. If after this count the contact still cannot be established the agent moves on to the selecion mechanisms defined by the Sequence parameter. |
Interval between Verification Retries (sec) | The time interval in seconds between each try to contact the parent. |
Bandwidth Check Port | Specifies the port number on which the bandwidth is calculated, which is available to the device for downloads from the relay. |
Bandwidth Check Frequency (sec) | The delay in seconds between two calculation phase. |
Bandwidth Check Duration (ms) | The calculation phase's duration in milli-seconds. |
Client Check Frequency (sec) | Defines the interval at which the device verifies with the relay how many devices are currently downloading from the relay in seconds. If set to 0 the client check is disabled. |
Share Point Path for Network Install | The path to the network installation point for custom packages. You may define the path as a UNC path with the following syntax: UNC[IPAddress][CustomFiles] , whereby [IPAddress] is the remote device and [CustomFiles] the remote network share. When using an UNC path the Administrator Login and Password must be specified as they is used to perform a Run As on the machine. If the agent is running under a LocalSystem account, this option does not work because this account cannot access network shares. |
Share Point Name for Network Install | The path to the network installation point for custom packages. You may define the path as a UNC path with the following syntax: UNC<IPAddress><CustomFiles> , whereby <IPAddress> is the remote device and <CustomFiles> the remote network share. When using an UNC path the administrator login and password must be specified as they is used to perform a Run As on the machine. This option does not work if the agent is running under a LocalSystem account that cannot access network shares. |
Share Point Path for Administrative or Network Install | The path to the administrative installation point for MSI packages. You may define the path as a UNC path with the following syntax: UNC<IPAddress><MsiFiles> , whereby <IPAddress> is the remote device and <MsiFiles> the remote network share. When using an UNC path the administrator login and password must be specified as they is used to perform a RunAs on the machine. This option does not work if the agent is running under a LocalSystem account that cannot access network shares. If you are using IPv6 addresses you must use the following format: FD43-0-0-0-8C84-4BAD-D413-DD68.ipv6-literal.net . |
Share Point Name for Administrative or Network Install | The name of the administrative installation point for MSI packages. |
Administrator Login for Administrative/Network Installation | The login name of the device's administrator who has all necessary access rights to log on to remote devices. |
Administrator Password for Administrative/Network Installation | Enter the corresponding password. For security reasons the keyword is only displayed in the form of asterisks (*). |
Short Storage Path | Defines if the short or the long storage path for the network and administrative installation is used on the relay. By default this option is set to false (0), meaning the package is stored under the location <RelativePath>/<PackageName.msi>/checksum , whereby <RelativePath> represents the directory structure in the Console under which the package was created. If activated, the package is stored directly under the <RelativePath> directory and a checksum subdirectory is created containing the installpackage.zip file. |
Automatically Install Package on Network Share | Defines if the packages are installed on the relay via an administrative and/or network install. At module startup, the relay performs a check on the disk to look for packages that are to be installed on the network share:
|
Remote Control Module Setup
This step modifies the default Remote Control module parameters.
Parameter | Description |
---|---|
Activate Connection Logging | Defines if administrator connections are to be logged. |
Hour(s) | The number of hours of inactivity after which the connection is automatically terminated. This value is mandatory if the Automatic Disconnection parameter is activated. |
Minute(s) | The number of minutes of inactivity after which the connection is automatically terminated. This value is mandatory if the Automatic Disconnection parameter is activated. |
Second(s) | The number of seconds of inactivity after which the connection is automatically terminated. This value is mandatory if the Automatic Disconnection parameter is activated. |
Automatic Disconnection | Specifies automatic disconnection, that is, if the Remote Control is left inactive for a given period of time, the administrator is automatically disconnected. |
Activate Remote Control Information in the Log | Defines if logging is enabled, If it is activated, logging is enabled in the agent log file, mtxagent.log. |
Host IP Address | Specifies the listen address of the remote control server. This parameter is useful if the target device of the remote control has several network interfaces and the server should only listen on one specific address (Manual address mode). If it is set to &&auto (Automatic detection mode) the server listens on the address 0.0.0.0, which means it is reachable on all its active network interfaces. Be aware that the modification of this parameter requires an agent reboot to be taken into account. |
Activate Detailed Logging | Defines the detail level of remote control logging. If activated, logging takes places with maximum information. |
Dialog Port | The port at which the local client listens for incoming remote control calls and on which the connection is established. |
Install and use the Client Management video driver | Defines if the BMC video driver is to be installed during the rollout to be available for use at remote control connections. Using this driver allows you for example to view the remote cursor and its movements on your screen. If this option is activated it is recommended to reboot the device. |
Restart Agent
This step restarts the agent on a local device. It may be used, for example, to start an agent upgrade, which is launched at agent startup, at a specific date and time. The daemon atd must be running on Linux devices for this step to work.
Parameter | Description |
---|---|
Service Name (Windows only) | Defines the name of the service to be managed. |
Stored Service Name (Windows only) | If this box checked, the agent is restarted with the name specified at the installation. |
Rollout Module Setup
This step modifies the configuration parameters of the rollout module.
Parameter | Description |
---|---|
Max. Number of Simultaneous Devices | The number of devices a rollout can install at the same time. |
Rule Synchronization
This step synchronizes the operational rules on the managed devices and the master to make sure none of them got lost.
When the client receives a synchronization request it sends back the list of its own operational rules linked to a checksum. The master then creates an up-to-date list of the device's operational rules and checks these with the received list. If an operational rule on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version of an operational rule exists on the master,that is, the checksums on the master and the client are not identical, an update order is sent to the device; and if a rule is absent on the client but present on the master, then an assignment order is sent to the client device. Any rule which is "paused" is not taken into account. Published operational rules that were already executed, are newly published, but not automatically executed.
Parameter | Description |
---|---|
Proceed with Added Rules | Check this box to check for new rules in the base. |
Bypass Transfer Window | Check this box to bypass the transfer window defined for the device. This means that the upload takes place immediately without taking into account any bandwidth definitions. It can only be activated if the Upload after update option is activated. |
Proceed with Deleted Rules | Check this box to check for deleted rules in the base. |
Proceed with Operational Rules | Check this box to check only for operational rules in the database. |
Proceed with Published Rules | Check this box to check for published rules in the database. |
Proceed with Software Distribution Rules | Check this box to check only for distribution rules in the database. |
Only Check for Not Received Rules | Check this box, if only rules for which the assignment has been sent but after 12 hours still have not been received by the local agent. |
Check for Software Distribution Rules | Check this box to check only for distribution rules in the database. |
Check for Quick Link Rules | Check this box to check only for Quick Link rules in the database. |
Proceed with Updated Rules | Check this box to check for updated rules in the base. |
Security Configuration
This step configures the default parameters for secure communication between the agents.
Parameter | Description |
---|---|
Authority Certificate | The authority certificate (CA Cert) to be used for signing the agent certificate if required. By default, the Numara CA is used unless a different CA Cert is configured. The parameter expects a certificate name (without extension) registered in the agent cert store (auth section), such as Numara_ca . This parameter is used on the server side and can also be used on the client side if the server is configured to authenticate the client. |
Trusted Authorities | A comma separated list of certificates to be trusted when connecting to a secured server or client. By default, the agent trusts the default Numara CA unless a different list of certificates is configured. The parameter expects a list of certificate names (without extension) registered in the agent cert store (trusted section), for example, Numara_ca, enterprise_ca, startfleet_ca . This parameter is used on the client side as well as on the server, for the device to know if it can trust the answering device by comparing its certificate with the list of trusted certificates, if it does not match the authority certificate. |
User Certificate | The user defined final certificate to be used for both the client and server roles. When this parameter is configured the agent ignores any other authority except the ones to be trusted. The parameter expects a certificate name (without extension) registered in the agent certificate store (user section), for example, Numara, enterprise, starfleet . |
Access Control | Defines the security when agents communicate with each other, that is, if the Precision Access Control (PAC) handshake is to be used for inter-agent communication:
|
Secure Communication | Defines if the agent communicates in secure format. The possible values are:
|
SCAP Compliance Module Setup
This step allows to modify the default settings of the parameters of the SCAP Compliance Module.
Parameter | Description |
---|---|
OVAL Directives | This parameter defines the OVAL directives that must be applied to OVAL results. This has an impact on the level of detail for generated XML result files which are temporary files emitted during the scans. |
Security Settings Inventory Module Setup
This step modifies the default settings of the parameters of the Security Settings Inventory module.
Parameter | Description |
---|---|
Data File | Specifies the location and name of the security settings inventory .xml file. This file defines all attributes and values which is recovered from the remote clients to set up the custom inventory. The path to the file may be entered as a local path or as a URL such as _ ftp://master/SecurityInventory.xml_. |
Differential Upload | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory. |
Minimum Gap Between Two Uploads (sec) | Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval. |
Upload Interval (sec) | Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Upload on Startup | Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules. |
Security Products Management Module Setup
This step modifies the default settings for the parameters of the Security Products Management module.
Parameter | Description |
---|---|
Data File | Specifies the location and name of the security products inventory .xml file. This file defines all attributes and values which is recovered from the remote clients to set up the security products inventory. The path to the file may be entered as a local path or as a URL such as _ ftp://master/securityproductsinventory.xml_. The path is relative to the agent configuration file. You may modify the entry, but be aware, that if you wrongly modify, the security products inventory may not longer work. |
Upload Interval (sec) | Defines the upload period for the autodiscovered list in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Minimum Gap Between Two Uploads (sec) | Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval. |
Upload on Startup | Defines if the custom inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules. |
Differential Upload | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory. |
Additional Anti-Virus Data | Check this box to collect advanced data on installed anti-virus software products (virus definition file date, etc.) and upload them to the Security Products Inventory. |
Additional Firewall Data | Check this box to collect advanced data on installed firewall software products (firewall status) and upload them to the Security Products Inventory. |
Additional Anti-Spyware Data | Check this box to collect advanced data on installed anti-spyware software products (anti-spyware definition file date, etc.) and upload them to the Security Products Inventory. |
Additional Browsers Data | Check this box to collect advanced data on installed browser software products (CERT compliance, etc.) and upload them to the Security Products Inventory. |
Selfhealing Module Setup
This step modifies the default settings of the parameter of the Selfhealing module. This functionality is only applicable to Windows and Linux devices.
Parameter | Description |
---|---|
Verification Interval (sec) | Defines the interval in seconds at which the protected applications are verified for their integrity on the local client. |
Snapshot Package Module Setup
This step modifies the parameters of the configuration values of the snapshot packages.
Parameter | Description |
---|---|
Maximum Number of Retries | Defines the number of times the publishing process is repeated after a failure before the whole process is declared failed. |
Archive File Extension | Defines the type of extension for the package to be created. Be aware that this extension is valid for all packages which are created. If you modify the extension after having created a number of packages already the packager does not recognize the packages with the old extension any more. |
Retry Interval (sec) | The retry interval defines the interval at which the step is to effect its retries in seconds. |
Software Filter Synchronisation
This step sends the list software inventory filters to the respective devices to be synchronized with the database content.
No parameters need to be defined for this step.
Software Inventory Module Setup
This step allows you to modify the default settings of the parameters of the Software Inventory module.
Parameter | Description |
---|---|
Differential Upload | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only with the delta, that is, the modifications of the inventory. |
Scanned Extensions | Defines the file types by their extension, which are included in the software directory scan. |
Scan Add/Remove Programs | Check or uncheck this box to define if registry entries for the Add/Remove Programs are to be scanned and added for the software inventory update. Be aware that this only checks for software installed for all users; applications installed for an individual user are not inventoried. |
Excluded Directories | Enter the directories which are NOT to be scanned to create the list of installed software applications. The separator character between a list of directories is a comma (,). You can also enter the path to the directories as an environment variable enclosed in ${}. |
Scan Hidden Directories | Check or uncheck this box to define if hidden directories are to be scanned for the software inventory update. |
Included Directories | If you are only scanning Scan Add/Remove Programs but you also want to inventory the applications installed for a user, you must enter here the directory in which they are installed, for example |
Scan MSI Database | Check or uncheck this box to define if the MSI Windows database is to be scanned for the software inventory update. |
Configuration File | Defines the .xml format file used to post process the inventory data, which contains an extensive list of software products available for scanning. The path to the file may be entered as a local path or as a URL such as _ ftp://master/swinvcfg.xml_. |
Update Interval (sec) | Defines the update period in seconds for software inventory scans on the remote machines. |
Minimum Gap Between Two Uploads (sec) | Defines the minimum time interval between inventory uploads in seconds. If the value is set to 0 this option is deactivated and there is no minimum interval. |
Upload Interval (sec) | Defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by the module, but they can still be managed through operational rules. The setting only configures the upload of existing data, it does not include an update of the inventory. |
Upload on Startup | Defines if the inventory is uploaded to the master after being updated the first time on agent startup. It is recommended to activate this option to ensure that the inventory is updated at least at every startup of the agent. If it is deactivated a regular update and upload of the inventory must be configured through operational rules. |
Timer Module Setup
This step defines the general behavior of the Timer module.
Parameter | Description |
---|---|
Take Logged User into Account | Defines if the connected user is to be taken into account when executing an operational rule. By default the rule is executed when the user, who activated the rule in MyApps, is connected. If another user is connected to the device it is not executed. |
Transfer Window Synchronization
When the client receives a synchronization request it sends back the list of its own transfer windows linked to a checksum. The master then creates an up-to-date list of the device's transfer windows and checks these with the list it received. If a transfer window on the list from the device does not exist any more, the master sends an order to the device to delete it; if a more recent version of a transfer window exists on the master i.e., the checksums on the master and the client are not identical, an update order will be sent to the device; and if a transfer window is absent on the client but present on the master, then an assign order will be sent to the client device.
This step synchronizes the transfer windows to which the managed devices are assigned and the master to make sure none of them get lost.
Parameter | Description |
---|---|
Check for New Transfer Windows | Check this box to check for new transfer windows in the base. |
Check for Deleted Transfer Windows | Check this box to check for deleted transfer windows in the base. |
Check for Updated Transfer Windows | Check this box to check for updated transfer windows in the base. |
Upload Operational Rule Status
This step uploads the status of an operational rule. This may be useful when the status has been lost.
Parameter | Description |
---|---|
Bypass Transfer Window | Check this box to bypass the transfer window defined for the device. This means that the upload takes place immediately without taking into account any bandwidth definitions. It can only be activated if the Upload after update option is activated. |
User Access Module Setup
This step allows you to add an entry to or remove it from the list of users of the User Access module.
Parameter | Description |
---|---|
Login | The login name for a specific user or group of users. |
Authentication Type | The Authentication Type is related to the login and can be one of the following categories:
|
Password | Passwords depend on Authentication Type :
|
Action Name | The name of the action which is responsible for processing the authentication. By default this is V64DbAdminCheckLogin . |
Order | Specifies the order in which the user access is handled. This order is important, as the Http Protocol Handler goes through this list and accepts the first match it finds. |
Operation | Select from the drop-down list the type of operation to be executed on the user access defined above, that is, if it is to be added to or removed from the list of valid user accesses. |
Virtual Infrastructure Manager Module Setup
Parameter | Description |
---|---|
Local Inventory Check Interval | Defines the interval in seconds between each upload of the inventory of the local virtual machine and its upload to the master. |
WakeOnLan Module Setup
This step allows to modify the configuration settings of the Wake on LAN module.
Parameter | Description |
---|---|
List of wake up devices (format: device1:port1,device2:port2) | The comma separated list of devices elected for the wake-up process. In this case, the registered devices are used as static proxies and the module respects the list order (from left to right). There is no deep check concerning the wake-up devices such as IP address and network mask. |
Automatic Wake-up Mechanism | Agents have the capability to monitor the data flow and remember the list of devices for which they are the direct relay. Therefore, modules are able to look up possible devices that share a common subnet with another device to wake up. This option enables the capability to look up this dynamic knowledge base and detect the list of possible wake-up devices. This is the dynamic version of the previous option. |
Fallback Wake-up Mechanism | This fallback parameter allows trying a last wake-up mechanism. It is often used when none of the previous mechanisms have succeeded, or if some of them were disabled. The aim is to proceed to the wake-up using a blind method. When set to Unicast the module tries a simple host directed unicast wake-up (a simple UDP packet sent to the exact destination address). When set to Broadcast , the module tries a subnet-directed broadcast (a simple UDP packet sent to the entire network). When set to DirectBroadcast , the module tries a direct broadcast considering the target network address. When set to None , the fallback mechanism is disabled. |
Local Wake-up Mechanism | When enabled, the module checks whether the target and itself is part of a common subnet. In that case, the wakeup is performed by the module itself using the subnet broadcast address. |
Web Services Module Setup
This step allows you to modify the default settings of the Web API module parameters.
Parameter | Description |
---|---|
Server Port | Defines the TCP port dedicated to the web services. |
Windows Device Management Module Setup
This step defines the default settings for managing Windows peripheral devices trying to connect to the managed network devices.
Parameter | Description |
---|---|
Log Events | Specifies if the events that are generated are to be logged on the local database. |
Comments
Log in or register to comment.