Windows 7 and VMWare Workstation #FAIL
I have been dual-booting my laptop for work w/ Kubuntu and Red Hat 5.3 for quite awhile, but noticed I spent most of my work time in Kubuntu in a Windows XP VM connected to the various work related tools I need, Exchange, Outlook, CRM, and a couple of programs. So I decided to make the plunge and reload my Kubuntu partition to Windows and selected Windows 7 64-bit to see what it was like.
I run a bunch of Virtual Machines through VMware Workstation (Domain Controller, Windows 2003 Server for demo’ing Altiris, a Windows 2003 Server for demo’ing Symantec DLP, and a Kubuntu VM for testing and documentation). The problem I have is I am unable to use NAT to access the Internet, each VM can reach each other, etc. So I tried using Bridged mode and the problem there is if my VMs are accessing the internet, my host machine (Windows 7) can’t access the internet.
I am thinking at this time about going back to Vista as I did not have these problems.
Running VMware Workstation 6.5.1 with Windows 7 64-bit Build 7100 fully patched and updated.
Managing the DLP Endpoint Agent with the Integrated Component
Summary:
In an earlier article I talked about installing the DLP Integrated Component within the Symantec Management Console. This article will cover how to manage the endpoint agent with this component
What can the DLP Agent Do?
The DLP Endpoint Agent provides control of Data Loss Prevention policies and manage the data on those machines. The DLP Endpoint Agent is made up of two agents, the endpoint agent and the watchdog agent. These two agents watch each other to make sure they are still running and will restart the service If one of those services are started.
With the endpoint agent, policies applied to the Data at Rest targets and the network via Data in Motion can be applied to laptops and desktops. All scans on endpoints are controlled through the agent and information is reported to the Enforce server.
Another important feature of the Endpoint Agent is it can control removable media and also can monitor the copy & paste buffer along with monitoring fax and print information. This controls information that is flowing on the endpoint.
For more information, see
Installing the DLP Agent
In order to install the DLP Agent from the Symantec Management Console, we first need to discover the computers, and then push the Altiris Agent followed by the DLP Endpoint Agent.
All work in deploying and configuring the Endpoint Agent is done through the Symantec Management Console and the Data Loss Prevention Portal. The portal looks like the following:
Discovering Computers
Before we deploy the Altiris Agent and the DLP Endpoint Agent we need to discover the computers to add them to the database. There are two types of discovery that can be done through the DLP Portal, a Domain Browse or an AD Import.
The Active Directory Import provides the best way to discover and import your machines into the Symantec Management Console. An important note is this is just a read of the Active Directory, we do not modify AD or even need to do an AD Schema modification.
To begin an Active Directory discovery, click on the link “AD Import” which will bring up the following page:
A couple of notes about this screenshot are that I have already selected the correct domain, subnet and sites to import. Also I have filled out a schedule, under “specified schedules” to automatically import and update the Management Console.
The second type of discovery is a Domain Browse import and can be run by clicking on the link in the Data Loss Prevention Portal and looks like the following:
Provide the domain information to browse and discover computers.
Installing the Altiris Agent
Once we have discovered the computers, we can install the Altiris Agent. After the Altiris Agent is installed we will push out the DLP Endpoint Agent. From the DLP Portal page under “2. Deploy Endpoint Data Loss Prevention,” select “Install Altiris Agent.” This will open up the following screen:
As you can see from the screenshot, the computers we have discovered show up in the list of computers. To install the Altiris Agent, highlight a computer and select “Install Altiris Agent.” Multiple machines can be selected by using either the shift key or control key.
Installing the DLP Endpoint Agent
Once the Altiris Agent is installed on the managed device we will install the DLP Endpoint Agent. From the Data Loss Prevention Portal in the Symantec Management Console, select “Install Symantec DLP Agent,” which will open up the following screen.
What is unique to this install is that it is a part of an ongoing policy on the Symantec Notification Server. By default any computer in the filter “Computers managed without DLP Agent” will receive the DLP Endpoint Agent the next time the computer checks in.
A brief note of explanation for those not familiar with the Notification Server. Polices are applied to groups of computers called “Filters.” A computer will be added into this filter when they have the Altiris Agent installed on them (managed) and do not have the DLP agent on them. Once the DLP agent is installed, the computer will automatically move out of the Filter.
This policy is not enabled by default. To do so, click on the Red button next to “Off” and select “On.” This will turn it to green. A client with the Altiris Agent will check in, receive this policy and install the DLP Agent.
Upgrading the DLP Agent
The first policy we talked about was the DLP Agent Install policy. This is the second policy in the DLP Portal page. To enable this policy, click on “Upgrade Symantec DLP link within the Symantec Management Platform. This will open up a window that looks like the following:
This policy is not enabled by default. To do so, click on the Red button next to “Off” and select “On.” The policy will then become active and will upgrade automatically any endpoint whose agent is older then the current policy.
Endpoint Agent Tasks
Within the DLP Portal Home page there are 8 default tasks created. The Symantec Management Console allows us to create and manage tasks to control the Altiris Agent and a managed (computer wit Altiris Agent on it) computer.
Start Agents/Stop Agents/Kill Agents/Restart
The first three agents are all about agent control and look and act the same way. This task allows us to control the status of the Endpoint Agent through the Altiris Agent. In case someone stops the Watchdog Agent or the Endpoint Agent, this task can reset the agent. The screenshot shows the Start Agent task
There are two ways we can execute this task, either via a quick run task or via a schedule. A quick run tasks executes immediately and through the drop down you can select the computer to run the task on. If you want to schedule one of these tasks over a time, you can do so through the scheduler.
Pull Agents Logs
The Pull Agent Logs task will copy the DLP Agent Logs from the managed computer to the Symantec Management Console server allowing you to review what is happening on the endpoints.
This task functions similar to the other tasks where you could schedule the task or run it immediately.
Set Log Level to Info/Set Log Level to Finest
This task allows you to change the logging level of the Endpoint Agent without having to interact with the agent locally or change things manually.
Get Agents Configuration
The final pre-built task allows you to get the configuration of the Endpoint Agent without visiting the machine.
Why I like Microsoft
THis post is a direct response to a blog post on Planet Ubuntu. Asking the question “Why do you like Microsoft?“
I will answer this question in response to this quote:
Fortunately for me, Microsoft is as good as dead anyway, the economics and the technical effects are going to roll right over them. Nothing to do with my idealism or my social concern, but a happy coincidence for me. A Microsoft without a monopoly might well change it’s tune, but are people really trying to convince me that I ‘ort to trust them right now?
First I appreciate the lack of the silly M$ in this post, and will concede the places I know Microsoft maybe be on the way is Search (though Bing.com is nice for certain things) and Internet Explorer (which is loosing market share)
Let explain why I like Microsoft and in fact feel that it is not dying. I am a consultant that works mostly on Windows machine, so the number one reason is it pays my bills. Secondly Windows 7 is everything that Vista that was supposed to be and in fact most of my customers are already making plans to migrate. Based on what I am seeing with companies moving full force to Server 2008, Exchange 2010, and Windows 7 I see MS far far from dying. In fact it will probablly recover from the stumble that was Vista as these enterprises skip Vista and move right to 7.
The other I like Microsoft is the ecosystem that is built around the product. Active Directory is a great product and things built around using it are great. Sharepoint is getting HUGE adoption in the corporate world and only increasing. Tools built around Sharepoint is a great place to be. Microsoft CRM/Dymanics is a great product and a just as good ecosystem is developing around these products. While some developers maybe leaving the Microsoft product line there are just as many companies building around it.
The other reason I like Microsoft, on the personal computing side things just work. They work out the box, I put my Install CD in and it installs. I have yet to have a license problem, yet to have a system lock up on me because of some DRM issue. Games work without problems. I don’t have to use some third party emulator to get everything to work correctly. My music plays, my iPod syncs with iTunes. The list could go on and on and on. I’m sure that all of this could/can work within the FLOSS world. It’s just a lot of time it doesn’t. And I’ve tried a ton of distros since early editions of Slackware.
Happy July 4th – Read the Constitution and Deceleration of Independence
July 4th is tomorrow and for those in the United States it is the day we celebrate the United States declaring itself independent from Great Britain. Before you head out to your picnics, fireworks, and family get together, please take time to read the two most important documents in our country’s history: the Declaration of Independence and the Constitution.
Full text of the Constitution can be found here
Full text of the Declaration can be found here
The preamble of Constitution sums everything up:
We the people of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.
And the opening of the Declaration of Independence:
When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature’s God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.
Installing the Dell Management Console
Summary:
This article will cover the steps to install and configure the Dell Management Console, including the steps to build a server, requirements for the server and steps for installing the DMC.
Overview
The Dell Management Console (DMC) is built around the Symantec Management Console and the Symantec Management Platform. DMC allows you to centrally manage your Dell Servers and clients along with managing the OpenManage Server Administration Agent (OMSA). DMC allows you to manage things like BIOS level, Dell specific patches, and allows you to create monitoring policies to monitor the health of your servers. For more information visit http://dell.symantec.com
Requirements for installing the Dell Management Console
The following tables come from the Symantec Planning and Configuration Guide for Altiris Notification Server 7. This document can be found on the Altiris knowledge base, http://kb.altiris.com. The tables are broken up into whether or not you are installing the DMC with SQL on the same box or off box. Also the requirements are for managing under 3000 nodes. Following the requirements for the server, are the requirements for installing the Altiris Agent (the Altiris Agent will then be used for managing, pushing out the OMSA agent, and then creating monitoring policies).
Notification Server managing under 3000 Endpoints with SQL on Box
| Hardware | Recommendation |
| CPU | 8 Cores |
| CPU Speed | 2.4 GHZ |
| Memory | 8 GB |
| Network | Gigabit |
| Disk | 10 GB free |
| Operating System | Windows 2003 Server Enterprise (32-bit) |
| Software | Recommendation |
| .NET | Microsoft .NET 3.5 |
| Web Browser | IE 7 |
| Web Server | IIS 6.0 |
Notification Server managing under 3000 Endpoints with SQL off box
| Notification Server Hardware | Recommendation |
| CPU | 4 cores |
| CPU Speed | 2.4 GHz |
| Memory | 4 GB |
| Network | Gigabit |
| Disk | 10 GB free |
| Operating System | Windows 2003 Server (32 bit) |
| SQL | SQL Server 2005 off box |
| Software | Recommendations |
| Web browser | Internet Explorer 7 |
| .NET | Microsoft .NET 3.5 |
| IIS | IIS 7.0 |
| SQL Hardware | Recommendation |
| CPU | 4 Cores |
| CPU Speed | 2.4 GHz |
| Memory | 8 GB |
| Network | Gigabit |
| Disk | 10,0000 RPM SCSI or better with RAID 1+0 |
| Operating System | Windows 2003 Server Enterprise (64-bit) |
| SQL | SQL Server 2005 |
| See Microsoft KB for optimal SQL Configuration |
Altiris Agent Requirements
| Item | Specification |
| Operating System | Windows 2000 SP4, Windows 2003 (32-bit, 64-bit), Windows XP SP2/SP3, Windows Vista (32-bit, 64-bit), Windows 2008 (32-bit, 64-bit (not core) |
| Hard Disk Space | 60 MB |
| RAM | 64 MB minimum (128 recommended) |
| Internet Explorer | IE 5.0 or later |
| Access Rights | Account used to install agent must have local admin rights |
| Windows XP Items | Turn off simple file sharing, open port 80/445 directed to Notification Server IP |
Steps for Installing the DMC
Installing the Server
Follow your standard build documents for installing and building a new server. A couple of pieces of software to make sure you need to have. IIS and ASP.net need to be installed and enabled. The easiest way to do this is through the “Configure Your Server” wizard and turn the server into an Application Server. .NET 3.5 needs to be installed, an important note is to NOT install .NET 3.5 Service Pack 1. IE 7 needs to be installed as well.
If you are going to be using SSL (HTTPS), please install and configure IIS to use SSL before installing DMC. If you try to make this change after the install, there will be problems within the system.
If you are running SQL Server on the same box, please install this and configure it correctly before proceeding to the next steps.
The Symantec Management Console is installed under the Default Web site which will cause problems if you have other web servers running on the DMC system.
Installing SIM
The Symantec Management Console utilizes the Symantec Installation Manager (SIM) to install all parts of the Management Console. SIM can be downloaded from the Symantec Website (http://www.symantec.com/business/products/trialware.jsp?pcid=pcat_infrastruct_op&pvid=cm_suite_1). Once this is downloaded launch the executable and you will be greeted with this screen:
Select Next and you will be presented with the directory to install SMC into. A quick word of warning, the directory you select here is the directory all of the Console will be installed to.
Once the installation is finished, the Symantec Installation Manager will start allowing you to install other portions of the console.
Installing the Symantec Management Console
When the Symantec Installation Manager is launched it will be default open up to Install New Solutions. While you can install both the DLP component and also the Management Console at the same time, I recommend installing just the Console and then the component.
From the Installation Manager scroll down until you find the Symantec Management Console
After selecting “Review selected products” and then Next, aceept the license agreement and continue. Fill out the required information. This information is required to verify export controls.
After the information is filled out, select Next for the systems requirement check
The Symantec Management Console requires ASP.net, IIS, IE 7.0, at least 2.0 gigs of RAM, and Windows 2003 Server along with MS SQL 2005. As you can see in the screenshot I do not meet the requirements. If you do not, close the Installation Manager and resolve any problems.
If you meet the requirements select Next to begin installation of the Symantec Management Console. While it is not necessary to restart after the installation is complete, I have had the best luck rebooting before moving on to other installations.
Installing DMC
After the Symantec Management Console has been installed, reboot the system. While this is not a requirement, after much testing this provides the best option.
Launch the Symantec Installation Manager from Start – All Programs -> Altiris -> Symantec Installation Manager and launch the Symantec Installation Manager.
Select Install new products and once you find the Dell Management Console from the list
After selecting the DMC, all of the dependencies will be installed as well
Click on Ok to proceed and move on. Once the install is complete we begin installing the Altiris Agent and the OMSA Agent.
Deploying the Altiris and OMSA Agent
Discovering Dell Servers
There are 3 ways to discover computers within the DMC, import from Active Directory, domain discover and network discovery.
An Active Directory import is the most reliable discover of all of the methods. An important item to remember is this is just an import, nothing is modified in Active Directory, no schema modification, nothing. To perform the Active Directory Import, within the DMC, navigate to Actions -> Discover -> Import Active Directory. The console will look like the following:
Fill out the correct information and run the import. More information on running the AD import can be found in the DMC Manual.
The second way to discover computers is through a domain membership or domain browse. This type of discovery will query the Master Browse list for computers. To perform this discovery, navigate in the DMC to Actions -> Discover -> Import Domain Membership/WINS. The screen will look like the following:
Fill out the correct information and run the discover. More information can be found in the DMC Manual.
The third way of discovery computers is through a network discovery. This can take the longest depending on how large of a discovery you are running. To perform a network discover navigate in the DMC to Actions -> Discover -> Network Devices. The console will look like the following:
Fill out the correct information and run the discover. More information can be found in the DMC Manual.
Pushing out Agents
Once we have discovered Dell Servers we can roll out our agents. The first agent we need to push is the Altiris Agent, and then the OMSA Agent.
To deliver the Altiris Agent, navigate in the DMC to Actions -> Agents/Plug-ins -> Push Altiris Agent
Select the server from the list of computers and select Install Altiris Agent. For more help on the pushing the Altiris Agent, see the DMC Manual.
To install the OpenManage Administrator Agent, navigate to the DMC Home Portal and select Deploy OpenManage Administrator.
From this part of the console, select Launch Dell OpenManage Server Administrator Deployment Wizard. Select the computers from the drop down and then hit next. By default the installation of the OMSA agent is scheduled for now. There will be a task at the bottom of the Dell OpenManage Server Portal page that will turn green when the installation is complete.
Sharing home directory between Kubuntu and RHEL5?
I’ve posted previously on setting up my laptop to dual boot between Kubuntu and Red Hat Enterprise Linux 5.3 but have run into one snag, I don’t know enough to fix.
As an aside, I ran into a lot of problems with the program I needed for work running in 64-bit version, so I am working reloading to 32-bit.
What I would like to do if possible, is to share my home directory between the two boxes. Part of the reason is I use an XP VM and shared folders to work on files in Office 2007 and outside of the XP VM and connect via shared folders.
So my /home/jonathan/Documents folder is configured as a shared folder on VM and then I can write statements of work, and utilize other work related apps, and then if I was sharing my home, I could access the same files whether I am running RHEL or Kubuntu.
Is it just as simple as creating /home in a seperate paritition and using the same username on RHEL and Kubuntu? Or is there some magical voodoo I need to do?
Hope this makes sense
Symantec Government Symposium Part II
Earlier I wrote about the Symantec Government Symposium, and was just notified that content and presentations are now available online.
For more information including PowerPoint presentations, look here
-
Archives
- October 2009 (8)
- September 2009 (5)
- August 2009 (8)
- July 2009 (7)
- June 2009 (8)
- May 2009 (5)
- April 2009 (6)
- March 2009 (7)
- February 2009 (8)
- January 2009 (7)
- December 2008 (7)
- November 2008 (8)
-
Categories
-
RSS
Entries RSS
Comments RSS
