A review of ITSM 7.1 Beta: ZOMG it’s a new console

The beta everyone has been waiting for is here, the release where Altiris finally joins the 64-bit age, the release everyone has been waiting for. The screenshots in this guide reference the beta and can and will probably change before release. This is not an exhaustive review of the system, but quick impressions.

The big change is the requirements software/operating system wise that are required:

  • Windows Server 2008 R2
    • This is 64-bit only
  • SQL Server 2005 and SQL Server 2008
  • Microsoft Silverlight
  • Microsoft .NET 3.5 SP1 or higher

The biggest thing to note is finally we are moving to a 64-bit platform and I can stop cringing before I explain that Altiris still runs on Windows 32-bit only. There are some minor gotchas during the install but the Install Readiness Check should take care of all of them for you.

Let’s get on to the cool stuff…

The above screenshot covers the new console shown from the computers point of view. The first thing I noticed was it looks a bit like Outlook, but overall pretty excited about the change.

The computer section is broken down into Saved Searches and All Computer Views. Saved Searches is prepopulated with New Computers and Installed Agent. Other saved searches can be created and saved in this location. The All Computer Views is built from the Organizational View and Groups and utilizes what you have setup there.

By clicking on the computer (in this case Beta7) it provides a basic resource manager view on the device (same view as the Resource Summary page in Resource Manager). All other functionality is similar in this section including right click options.

New to the computer view is the fly-out on the right side of the console that include options such as the Resource Manager, Installed Software Reports, and other right click options (see the following screenshot).

The Jobs and Tasks and Policies sections are similar to navigating to Manage -> Jobs and Tasks or Manage -> Policies. See the following screenshot.

The other that has gone through a lot of change is the “Software” portion of the console (see the next screenshot) and is broken into three sections: Installed Software, Metered Software, and Deliverable Software.

All of the software listed here is either from the software catalog or from software inventory. Since I have Asset Management installed, I have the ability to add or manage my license for the particular piece of software. Metered Software allows me to leverage Usage Tracking and create new Application Metering policies. Deliverable Software is where I work w/ the Software Catalog and have the ability to create software delivery policies.

When I select a piece of software and click on “Manage this software” a new window opens:

From here I can define the inventory information, whether or not I am metering the software, configure the software delivery information, and then if you are using Asset what software licenses.

Adding a new software resource is done through managing the software catalog.

One of the cool things I haven’t figured out is the changes to Workflow in ITSM 7.1. The following screenshot shows some of the changes.

The Workflow Enterprise Management provides health of your different workflow servers. But I don’t know much more about it and looking forward to learning more.

 

I hope this brief overview of some of the changes to ITSM 7.1

What is missing from Ubuntu?: Manageability

A recent blog post on planet.ubuntu.com, argues the one thing that is missing is manageability of the Ubuntu system.  I couldn’t agree more with this post.  In the post the author argues the problem with Ubuntu adoption in business is not how shinny things look, or how well the software works in the cloud, the problem is management of systems.

A little background here:  For the last 4 years or so I have been an endpoint management consultant (laptops/desktops/severs).  I have clients that manage anywhere between 50 desktops and 150,000 desktops.  For Windows desktops there are numerous companies that allow you to manage those machines and reduce full time equivalencies (FTE’s).  Some examples are:  Altiris, Landesk, Kace, etc.  Canonical has created its own solution Landscape instead of working with the existing companies to get their product (Ubuntu) supported.

What really stands out from this entry is this section:

And so, Microsoft continues to win on the desktop. Not because an individual PC running Windows is easier for most people to use, but because its easier to set up Active Directory to work with Outlook and Exchange than it is to roll your own directory service with the tools available out of the box on Ubuntu. Bug #1 will never be solved until directory services and authentication are integrated into every aspect of Ubuntu.

And he couldn’t be more correct.  Until there is a true competitor to Active Directory, Exchange, Outlook, and the MANAGEMENT of the machines Ubuntu will not succeed in the Enterprise.

Take a look at the blog and all the blueprints that have withered without focus in regards to the issue:  (List taken from the blog)

Symantec/Altiris slipping in Redmond Magazine’s User Awards

I’ve been reading Redmond Magazine (formerly MCPMag) ever since I got my first MCP (Microsoft Certified Professional).  Each year, Redmond’s User Awards are voted on by the readers.

This year, Redmond created more categories and had more products to vote on.  However Symantec/Altiris fared worse then last.  Part of me wonders if this was because of how bad Altiris 7 was right out of the gate or because not many have moved to version 7 and version 6 is starting to show it’s age.

Some of the categories that Symantec/Altiris was listed in:

  • Best Software Distribution Product:
    • System Center Configuration Manager won
    • Deployment Solution came in second
  • Best Asset Management/Resource Inventory Product:
    • SCCM won
    • Altiris Service and Asset Management Suite came in 3rd
  • Best Licesnse Managemetn Suite:
    • SCCM won
    • Altiris TMS came in 3rd
  • Best Imaging Product
    • Symantec Ghost won
  • Best Software Packaging Product
    • SCCM won
    • Package Studio came in 3rd
  • Best Remote Troubleshooting Solution:
    • SCCM won
    • Altiris Client Management Suite came in 2nd
  • Best Patch Management Product:
    • Nothing Altiris listed which I found interesting
  • Best Applicaiton Conflict Testing Tool
    • Installshield AdminStudio won
    • Package Studio came in 3rd
  • Best Antispyware Tool:
    • Symantec Antivirus won
  • Best Anti-Spyware Tool
    • No Symantec products even though SEP has an Anti-Spyware portion

More information can be found on Redmondmag.com

Shame on Symantec – No Upgrade path for Recovery Server 7

This past week I have been upgrading a client from Client Management Suite (CMS) 6 and Recovery Solution (RS) 6 to CMS 7 and RS 7. 

According to the documentation found on the Altiris Knowledge Base, there is a method to upgrade from Recovery Solution 7.0 as part of an off-box upgrade.  This article can currently be found here.

After getting my migration plan approved which included the steps outlined in the document, we started the migration.  The CMS 6 to CMS 7 migration went great, migrated 1200 nodes w/o issue and everything was rocking.  Until we got to the RS upgrade.  There were several references in the articel I couldn’t find or figure out, so a quick call to Symantec Tech Support would hopefully resolve it.

The support person I was working with looked up the KB # and told me it was no longer valid and shouldn’t even being visible to clients.  I was then told there was another article to help me out.  But he couldn’t find that other article either.

The recommended upgrade path from the support person?  Uninstall completely and Install from scratch.

So we lost all the backups from version 6 and have to start creating our backups all over again.  Also means that until we have backups done, we can’t recover anything.

This week’s FAIL whale goes to Symantec

When you write a blog a about a security vulnerability address the actual product

Through one of my Google Alerts, I stumbled across an article titled "Isn’t your Symantec Altiris Deployment Solution in Troube?" found here.

The article address some security vulnerabilities that have been found recently in Symantec’s Deployment Solution.  The problem is not he vulnerabilities but the fact the author obviously has no clue what she is talking about.

The article clearly states for those who are not a user of the Deployment Solution is you might not understand it.  The author then explains what it is:

“Alltiris service-oriented management solutions offer a modular and future-proof approach to manage highly diverse and widely distributed IT infrastructures.  They are open solutions that allow lifecycle integration of client, handheld, server, network and other IT assets with audit-ready security and automated operation.  The Symantec Altiirs Deployment Solutoion can run on Windows 2003/XP/Vista.”

I am amazed at how wrong this quote is when addressing Symantec Altiris Deployment Solution.  First off the author is talking more about the Symantec Management Platform, or the Notification System.  Secondly is the author referring to the agents that install on client machines?  Because then it runs on Windows 2003/Vista/XP however the server installs only on a Windows 2003 server.

Then we get to the included screenshot of the application and I almost fell off my chair laughing.  The screenshot in the “article” covers the Symantec Installation Manager, not the application with the vulnerabilities.

So let’s start over a bit.  The Deployment Solution is a separate part of Altiris.  Deployment Solution aids with computer imaging and computer migration.  Deployment Solution can integrate within the rest of Altiris. 

Just to correct the record

A response to FAI vs Altiris

I tried to post this on Stephen’s blog but had issues w/ his CAPTCHA, where he talks about using FAI to perform an automated install of Ubuntu 64-bit Server edition vs. a Windows 2003 64-bit install via Altiris Deployment Solution.

As an Altiris consultant I felt bound to respond.  A scripted OS install ran through Altiris Deployment solution is a very slow process as an image w/ an empty partition first needs to be laid down, then a reboot into the scripted OS install. 

An image deployment of Server 2003 64-bit would beat the 1 hour time frame that Stephen mentions. 

So why a scripted OS install?

Also I wish Symantec supported Ubuntu but alas it doesn’t and doubt it will.

Installing the Dell Management Console

Summary:

This article will cover the steps to install and configure the Dell Management Console, including the steps to build a server, requirements for the server and steps for installing the DMC.  

Overview

The Dell Management Console (DMC) is built around the Symantec Management Console and the Symantec Management Platform. DMC allows you to centrally manage your Dell Servers and clients along with managing the OpenManage Server Administration Agent (OMSA). DMC allows you to manage things like BIOS level, Dell specific patches, and allows you to create monitoring policies to monitor the health of your servers. For more information visit http://dell.symantec.com

Requirements for installing the Dell Management Console

The following tables come from the Symantec Planning and Configuration Guide for Altiris Notification Server 7. This document can be found on the Altiris knowledge base, http://kb.altiris.com. The tables are broken up into whether or not you are installing the DMC with SQL on the same box or off box. Also the requirements are for managing under 3000 nodes. Following the requirements for the server, are the requirements for installing the Altiris Agent (the Altiris Agent will then be used for managing, pushing out the OMSA agent, and then creating monitoring policies).

 

Notification Server managing under 3000 Endpoints with SQL on Box

Hardware Recommendation
CPU 8 Cores
CPU Speed 2.4 GHZ
Memory 8 GB
Network Gigabit
Disk 10 GB free
Operating System Windows 2003 Server Enterprise (32-bit)
   
Software Recommendation
.NET Microsoft .NET 3.5
Web Browser IE 7
Web Server IIS 6.0
   

 

Notification Server managing under 3000 Endpoints with SQL off box

Notification Server Hardware Recommendation
CPU 4 cores
CPU Speed 2.4 GHz
Memory 4 GB
Network Gigabit
Disk 10 GB free
Operating System Windows 2003 Server (32 bit)
SQL SQL Server 2005 off box
   
Software Recommendations
Web browser Internet Explorer 7
.NET Microsoft .NET 3.5
IIS IIS 7.0

 

SQL Hardware Recommendation
CPU 4 Cores
CPU Speed 2.4 GHz
Memory 8 GB
Network Gigabit
Disk 10,0000 RPM SCSI or better with RAID 1+0
Operating System Windows 2003 Server Enterprise (64-bit)
SQL SQL Server 2005
  See Microsoft KB for optimal SQL Configuration

 

Altiris Agent Requirements

Item Specification
Operating System Windows 2000 SP4, Windows 2003 (32-bit, 64-bit), Windows XP SP2/SP3, Windows Vista (32-bit, 64-bit), Windows 2008 (32-bit, 64-bit (not core)
Hard Disk Space 60 MB
RAM 64 MB minimum (128 recommended)
Internet Explorer IE 5.0 or later
Access Rights Account used to install agent must have local admin rights
Windows XP Items Turn off simple file sharing, open port 80/445 directed to Notification Server IP

 

Steps for Installing the DMC

Installing the Server

Follow your standard build documents for installing and building a new server. A couple of pieces of software to make sure you need to have. IIS and ASP.net need to be installed and enabled. The easiest way to do this is through the “Configure Your Server” wizard and turn the server into an Application Server. .NET 3.5 needs to be installed, an important note is to NOT install .NET 3.5 Service Pack 1. IE 7 needs to be installed as well.

If you are going to be using SSL (HTTPS), please install and configure IIS to use SSL before installing DMC. If you try to make this change after the install, there will be problems within the system.

If you are running SQL Server on the same box, please install this and configure it correctly before proceeding to the next steps.

The Symantec Management Console is installed under the Default Web site which will cause problems if you have other web servers running on the DMC system.

Installing SIM

The Symantec Management Console utilizes the Symantec Installation Manager (SIM) to install all parts of the Management Console. SIM can be downloaded from the Symantec Website (http://www.symantec.com/business/products/trialware.jsp?pcid=pcat_infrastruct_op&pvid=cm_suite_1). Once this is downloaded launch the executable and you will be greeted with this screen:

Select Next and you will be presented with the directory to install SMC into. A quick word of warning, the directory you select here is the directory all of the Console will be installed to.

Once the installation is finished, the Symantec Installation Manager will start allowing you to install other portions of the console.

Installing the Symantec Management Console

When the Symantec Installation Manager is launched it will be default open up to Install New Solutions. While you can install both the DLP component and also the Management Console at the same time, I recommend installing just the Console and then the component.

From the Installation Manager scroll down until you find the Symantec Management Console

After selecting “Review selected products” and then Next, aceept the license agreement and continue. Fill out the required information. This information is required to verify export controls.

After the information is filled out, select Next for the systems requirement check

The Symantec Management Console requires ASP.net, IIS, IE 7.0, at least 2.0 gigs of RAM, and Windows 2003 Server along with MS SQL 2005. As you can see in the screenshot I do not meet the requirements. If you do not, close the Installation Manager and resolve any problems.

If you meet the requirements select Next to begin installation of the Symantec Management Console. While it is not necessary to restart after the installation is complete, I have had the best luck rebooting before moving on to other installations.

Installing DMC

After the Symantec Management Console has been installed, reboot the system. While this is not a requirement, after much testing this provides the best option.

Launch the Symantec Installation Manager from Start – All Programs -> Altiris -> Symantec Installation Manager and launch the Symantec Installation Manager.

Select Install new products and once you find the Dell Management Console from the list

After selecting the DMC, all of the dependencies will be installed as well

Click on Ok to proceed and move on. Once the install is complete we begin installing the Altiris Agent and the OMSA Agent.

Deploying the Altiris and OMSA Agent

 

Discovering Dell Servers
There are 3 ways to discover computers within the DMC, import from Active Directory, domain discover and network discovery.

An Active Directory import is the most reliable discover of all of the methods. An important item to remember is this is just an import, nothing is modified in Active Directory, no schema modification, nothing. To perform the Active Directory Import, within the DMC, navigate to Actions -> Discover -> Import Active Directory. The console will look like the following:

Fill out the correct information and run the import. More information on running the AD import can be found in the DMC Manual.

 

The second way to discover computers is through a domain membership or domain browse. This type of discovery will query the Master Browse list for computers. To perform this discovery, navigate in the DMC to Actions -> Discover -> Import Domain Membership/WINS. The screen will look like the following:

Fill out the correct information and run the discover. More information can be found in the DMC Manual.

The third way of discovery computers is through a network discovery. This can take the longest depending on how large of a discovery you are running. To perform a network discover navigate in the DMC to Actions -> Discover -> Network Devices. The console will look like the following:

Fill out the correct information and run the discover. More information can be found in the DMC Manual.

Pushing out Agents

Once we have discovered Dell Servers we can roll out our agents. The first agent we need to push is the Altiris Agent, and then the OMSA Agent.

To deliver the Altiris Agent, navigate in the DMC to Actions -> Agents/Plug-ins -> Push Altiris Agent

Select the server from the list of computers and select Install Altiris Agent. For more help on the pushing the Altiris Agent, see the DMC Manual.

 

To install the OpenManage Administrator Agent, navigate to the DMC Home Portal and select Deploy OpenManage Administrator.

From this part of the console, select Launch Dell OpenManage Server Administrator Deployment Wizard. Select the computers from the drop down and then hit next. By default the installation of the OMSA agent is scheduled for now. There will be a task at the bottom of the Dell OpenManage Server Portal page that will turn green when the installation is complete.