RFC: Ubuntu and Symantec IT Management Suite

Do you use Ubuntu?  Do you use Symantec IT Management Suite?  A recent post on Symantec Connect asked for people who are running Ubuntu to post comments to see if there is interest in adding support for Ubuntu to the product.

For those that do not understand what Symantec IT Management Suite is I will provide a quick overview and then end with a couple of reason as to why I believe this will be a great fit for Ubuntu.

Symantec IT Management Suite (or the product fomarlly known as Altiris) helps with complete management of the endpoints (laptops, desktops and servers) from deployment of the endpoint (imaging), deployment of software and patches, and also tracking the device from an Asset Management point of view.  Some basic portions of IT Management Suite include

  • Bare metal deployment of servers

  • Image deployment of desktops, laptops and servers

  • Software delivery in an unattended way

  • Patch Management (including on the Windows side several 3rd party (non-Microsoft) patches)

  • Full inventory of the device (both hardware and software)

  • Comprehensive reporting on the status device

  • And many other things

My company has been working with Symantec IT Management Suite for almost 10 years and have done a bunch of videos explaining and showing how this product works.

I’ve also written several blog posts about why I believe Ubuntu needs to have more of a focus around the Enterprise and Enterprise tools.  Canonical has developed Landscape, their own product to help with the management of Ubuntu but it is time to leverage an existing management tool to help move further into the enterprise as well.

Here is how ITMS and Ubuntu could work together (in my view)

  • Imaging and deployment of Ubuntu machines across the environment in a standard format

  • Full software and hardware inventory of the device across the entire enterprise

  • Structured deployment of patches across the entire enterprise including reporting on the status of those patches

This would allow for deployment and management across the board in an enterprise and could help

Ubuntu and take your device to work

This week I attended through work a presentation about Endpoint Management with a focus around the whole “bring your device to work” megatrend the experts are talking about.  In case you haven’t heard this discussion is all about allowing an end user to purchase or use their own device instead of a corporate device.  Examples given in this presentation are large New York City based banks encouraging people to use their own devices (usually a Mac) as a recruiting tool to help attract top talent.  The presentation focused on how will IT manage these devices (patch, deliver software, track inventory, etc) on a non-corporate device.  In the past someone in IT decided what version of desktop/laptop (either a Dell or an HP) and then decided on an operating system (Microsoft and still for a lot of shops XP).  Now we are seeing a growth of whatever type of device the end user wants (anyone have this at their work?).

The interesting part about the discussion was the focus on Mac and how companies are managing them.  Macs in the corporate environment are growing and growing (heck I moved to one) and companies have to figure out what to do w/ them.  Thankfully the product I consult around (Altiris Client Management Suite) has perhaps the best Mac management outside of Apple. When asked about where the expers see Linux in the corporate world the expert replied it still exists within the walls of the datacenter (whether on premises or off premises in some form of cloud) and it really doesn’t exist in the corporate desktop (at least in the US).
This is a large frustration I have with Ubuntu is that it could focus on the corporate environment and potentially increase market share but instead chooses to focus on TVs and potentially mobile devices.  Canonical could partner with the various Endpoint Management software vendors (Microsoft, IBM, CA, Symantec, Dell, etc.) to support Ubuntu.
When I show up w/ my own laptop running Ubuntu there are certain things I’m required to have or report on including up to date with patches, has up to date antivirus and definitions and is able to be managed by the corporate management solution.  So Canonical, fire up those partnership agreements or whatever is needed and get your operating system supported by more vendors so the corporate desktop market share can grow

Configuring the Symantec Asset Management Workflows

This document covers the Symantec Asset Management Workflows that ship with Asset Management 7.1. There are three workflows out of the box: Hardware Request, Software Request, and Ownership Validation. This document will cover configuring the workflows and assume the following:

  • Symantec Management Platform 7.1 is installed
  • Asset Management Solution 7.1 is installed
  • CMDB 7.1 Solution Installed
  • Workflow Solution 7.1 installed with access to ProcessManager and the ProcessManager Database
  • Accounts in the CMDB with the following:
    • Manager relationship configured
    • Email address
    • Ownership of a computer

Finding the Workflows

The workflows reside on the Symantec Management Platform that has Asset Management Solution installed. In this example, my workflow server and my SMP are different systems. I will need to publish the workflows on my workflow server.

The workflows are found in the directory that Altiris is installed in, in this case it is d:\program files\Altiris\AssetManagementWorkflows\WorkflowsPacks. These directory looks like the following:

Publishing the Workflows

These steps need to be repeated; in this document we will only cover publishing one of those workflows. To publish a workflow follow these steps:

  1. Double click the workflow to unpackage the workflow, when prompted (as per the following screenshot)

  2. In Symantec Workflow Designer select “Publish Project” and the following screen appears:

  3. Select the SMP server and select Next until the workflow project is published
  4. Repeat these steps for each workflow in the directory

 

Configuring the Workflows

In the 7.0 version of these workflows there was an MSI that installed, published and launched the PostInstall setup wizard to perform the confirgurations needed. We will launch the wizard manually.

  1. Open up Internet Explorer and browse to the Postinstall Wizard found at: http://servername/AM.InstallationPostInstallWizard/default.aspx and you should see the following page:

  2. Login w/ an account that is an Administrator in ProcessManager.
  3. Start the configuration by providing the address of the Process Manager, Contact information and Symantec Management Platform information which will look like the following:

  4. After hitting continue select Next and fill out the email information

  5. There are several variables that need to be filled out in this step of the workflow. These are used in different parts of the workflow

    1. Process Managers: Any errors generated by the workflow will be sent here
    2. Purchase Managers: Any successful approval will be sent to this email
    3. Asset Managers: When an item that is outside of the Catalog is added this email address will be notified. If something outside of one of the catalogs is created, the Asset Manager needs to add to the catalog before the purchase order can be created
    4. HR Managers: This email address is used when an asset is no longer owned
    5. Security Managers: This email address is used when an asset is no longer owned

 

  1. Once you have filled out those email address and select more information will be filled out:

 

  1. The next step is to provide the different reasons for a new purchase and any additional reasons for change in ownership of an asset which looks like the following:

  2. Upon selecting continue the setup process will create the application properties needed for the workflow to work

Using the workflows

The workflows are created under a new Service Category called Asset Management and look like the following:

Using these workflows will be covered in a video or an additional article

Altiris 3 Day Workshops Thanksgiving Week

The company I work for, ITS Partners, Thanksgiving week is offering three workshops focusing on Altiris.  These workshops are all offered remote and will include hands on with the Altiris or Service Desk system.  These 3 workshops are $2,000 per person and if you are interested give It’s a call at (877) ALTIRIS.  Slots are limited so reserve yours today.  Workshops available:

  • Console Configuration:  This workshop will go over console configurations, security and best practices.  This workshop has been created from feedbck we have received from our customers.  The workshop will be very hands on with you having your own lab environment.  When you are through with the workshop you will be competent in the below areas:
    • Go over console security
    • How to create console security roles
    • How to create organizational views and groups
    • How to create filters
    • How to create custom menus
    • Console management best practices
  • Reporting:  This workshop will go over Notification Server native reporting and IT Analytics.  This workshop has been created from feedback we have received from our customers.  Did you know that IT Analytics is included with upgrade protection?  This workshop will be hands on in your own lab environment.  When you are through with the workshop you will be competent in the following areas:
    • Data structure
    • Where to look for information
    • How to use variables in reports
    • How to create drill down reports
    • How to use security scopes in reports
    • How to create Notification rules
    • How to use IT Analytics
  • Service Desk: This workshop will go over Service Desk and the workshop has been created from feeback we have received.  This workshop will be hands on and you will have your own lab environment.  When you are through with the workshop will be compentent in the following areas:
    • Routing rules
    • Review built-in process
    • Create a simple rule based on priority
    • Discuss custom routing based on classification
    • Reassignment rules
    • Review built-in process
    • Create a simple rule based on priority
    • Discuss copying routing rules to reassignment rules
    • SLA timers
    • Review built-in process
    • Discuss and demonstrate changing timers
    • Changing urgency and impact
    • Review where the values are set
    • Change the friendly values on the Self Service feeder
    • Discuss and demonstrate changing the priority matrix

For more information: http://www.itsdelivers.com/training_details.php?class_index=1251764

A review of ITSM 7.1 Beta: ZOMG it’s a new console

The beta everyone has been waiting for is here, the release where Altiris finally joins the 64-bit age, the release everyone has been waiting for. The screenshots in this guide reference the beta and can and will probably change before release. This is not an exhaustive review of the system, but quick impressions.

The big change is the requirements software/operating system wise that are required:

  • Windows Server 2008 R2
    • This is 64-bit only
  • SQL Server 2005 and SQL Server 2008
  • Microsoft Silverlight
  • Microsoft .NET 3.5 SP1 or higher

The biggest thing to note is finally we are moving to a 64-bit platform and I can stop cringing before I explain that Altiris still runs on Windows 32-bit only. There are some minor gotchas during the install but the Install Readiness Check should take care of all of them for you.

Let’s get on to the cool stuff…

The above screenshot covers the new console shown from the computers point of view. The first thing I noticed was it looks a bit like Outlook, but overall pretty excited about the change.

The computer section is broken down into Saved Searches and All Computer Views. Saved Searches is prepopulated with New Computers and Installed Agent. Other saved searches can be created and saved in this location. The All Computer Views is built from the Organizational View and Groups and utilizes what you have setup there.

By clicking on the computer (in this case Beta7) it provides a basic resource manager view on the device (same view as the Resource Summary page in Resource Manager). All other functionality is similar in this section including right click options.

New to the computer view is the fly-out on the right side of the console that include options such as the Resource Manager, Installed Software Reports, and other right click options (see the following screenshot).

The Jobs and Tasks and Policies sections are similar to navigating to Manage -> Jobs and Tasks or Manage -> Policies. See the following screenshot.

The other that has gone through a lot of change is the “Software” portion of the console (see the next screenshot) and is broken into three sections: Installed Software, Metered Software, and Deliverable Software.

All of the software listed here is either from the software catalog or from software inventory. Since I have Asset Management installed, I have the ability to add or manage my license for the particular piece of software. Metered Software allows me to leverage Usage Tracking and create new Application Metering policies. Deliverable Software is where I work w/ the Software Catalog and have the ability to create software delivery policies.

When I select a piece of software and click on “Manage this software” a new window opens:

From here I can define the inventory information, whether or not I am metering the software, configure the software delivery information, and then if you are using Asset what software licenses.

Adding a new software resource is done through managing the software catalog.

One of the cool things I haven’t figured out is the changes to Workflow in ITSM 7.1. The following screenshot shows some of the changes.

The Workflow Enterprise Management provides health of your different workflow servers. But I don’t know much more about it and looking forward to learning more.

 

I hope this brief overview of some of the changes to ITSM 7.1

Asset Management Ownership Validation Workflow

In Asset 7 there are three pre-built workflows that ship from Symantec:

  • Hardware Request
  • Software Request
  • Ownership Validation

I’ve previously talked about setting up the workflows on the server, this post is going to cover the Ownership Validation workflow.

The workflow is exposed via a right-click menu in the Management Console.  To run the validation workflow against a computer, right click on a computer in the management console and select Ownership Validation as shown in the following screenshot:


After clicking on the workflow the process is launched as per the following screenshot:


In this case, I am listed as the owner on the device. An email will be sent to the address listed, this information is coming from the Users listed in the management console, which is synced from Active Directory.

If I switch over to my email, I will an email asking me to get started with the Ownership Validation:


The text for this email can be customized through the workflow designer to better meet the needs of your organization.

After clicking on the link (View Ownership Validation) a webform is opened.

In the above screenshot all of the machines that I am listed as being an owner in the Symantec Asset Management system are displayed. I have two options, either Have or Not Owned. Once I have selected a status, the computer will show up in the correct location.

NOTE: No changes will be actually be made in the management platform through this workflow. If you would like that to happen the workflow would have to be modified in the workflow designer.

 

After selecting the correct status, click on the Next button and proceed to the next portion of the webform.

In this case there are two machines that I am not the owner of. I will need to provide a reason why the machines are no longer owned by me. These reasons are setup in the installation of the workflows (see the earlier article on installing the workflows). The default options are Lost and Retired.

By changing the status, I will generate an email to asset administrator (as setup in the installation of the software).

The above screenshot is the notification to change the status of the devices and is the end of the ownership validation. As mentioned, this workflow does not change the status in the console, it just notifies the asset administrator of the changes that need to be done.

Drop me a note if you have further questions

Setting up the Altiris Asset Management Workflows

This blog post will cover configuring and setting up the pre-built Asset Management Workflows that ship with Altiris Asset Management 7. It took me several times to figure out how these are setup and working, so I am trying to pass these hints and trips on to you. While KB Article 51165 talks about installing the workflows, there are still some issues that need to be addressed, specifically on a fresh install.

The first step is extracting these workflows which can be found under the NSCAP share (\\servername\nscap\) in a zip.

Once those files are extracted you will need to run setup.exe to launch the installation.

Setup will launch and the pre-requisite check starts

A couple of things to point out here:

  1. You must have workflow installed and setup first
  2. Workflow portal must be installed

If none of these items are installed or configured the installation will fail. NOTE: The first time I ran the install, I did not have the process manager installed and ran into a problem when I exited the installation, installed Process Manager and retried the workflow installation

.

This is where the install gets a bit tricky and is not documented in the knowledge base article. On the next screen there is a link to launch the configuration wizard of the Asset Workflows. One of the problems I have run into is the default admin account (admin@logicbase.com) is not a part of the administrators group in process manager. The configuration wizard requires the account you are using to be a member of the administrator group. The following screen shots will walk you through configuring and adding a user to the Administrators group. To access the process manager, open your browser to http://servername/processmanager and login.

When you login as the administrator you have access to multiple tabs, the portion we will be working under the Admin tab and then Users.

After selecting the admin group on the right we need to select “Manage Groups” and add the Administrator group.

All of these changes can be done while you have the installation process up and running. After that select the “Open Setup Wizard” to configure the workflows.

 

The next screen requires certain information to be filled out before the configuration will move on. Besides filling out the location of the Symantec Management Platform and location of process manager, you must provide an Error Contact Name and an Error Contact Info. The screen looks like the following:

 

 

The next screen deals with email configuration. This screen tripped me up several times as my test lab did not have email configured, connection to a SMTP server and reply-to-address is required.. The screen looks like the following:

In the next screen we will configure 5 different accounts, Process Manager Group, Purchase Managers Group, Assets Managers Group, HR Managers Groups, and Security Managers Group. These emails must be configured and valid for the configuration to complete successfully. Below is the screen shot:

The next to the last step is assigning users to the different roles: Process Managers, Purchase Managers, and Asset Managers. These users are found within your Process Manager, and the following screenshot shows what it looks like:

The last step in configuration is to setup the business justifications and reasons for loss of ownership. The business justification is used in the Software/Hardware Request workflow and the loss of ownership is used in the Ownership Verification Workflow. If you are going to use additional values you can add them in at this time.

Congratulations these workflow are now configured and can be accessed through the process manager. Also the Ownership Validation Workflow can be accessed through a right click option in the Symantec Management Platform.

What is missing from Ubuntu?: Manageability

A recent blog post on planet.ubuntu.com, argues the one thing that is missing is manageability of the Ubuntu system.  I couldn’t agree more with this post.  In the post the author argues the problem with Ubuntu adoption in business is not how shinny things look, or how well the software works in the cloud, the problem is management of systems.

A little background here:  For the last 4 years or so I have been an endpoint management consultant (laptops/desktops/severs).  I have clients that manage anywhere between 50 desktops and 150,000 desktops.  For Windows desktops there are numerous companies that allow you to manage those machines and reduce full time equivalencies (FTE’s).  Some examples are:  Altiris, Landesk, Kace, etc.  Canonical has created its own solution Landscape instead of working with the existing companies to get their product (Ubuntu) supported.

What really stands out from this entry is this section:

And so, Microsoft continues to win on the desktop. Not because an individual PC running Windows is easier for most people to use, but because its easier to set up Active Directory to work with Outlook and Exchange than it is to roll your own directory service with the tools available out of the box on Ubuntu. Bug #1 will never be solved until directory services and authentication are integrated into every aspect of Ubuntu.

And he couldn’t be more correct.  Until there is a true competitor to Active Directory, Exchange, Outlook, and the MANAGEMENT of the machines Ubuntu will not succeed in the Enterprise.

Take a look at the blog and all the blueprints that have withered without focus in regards to the issue:  (List taken from the blog)

Getting caught up on links

Have a lot of links in my browser tonight but haven’t had a chance to digest and really understand all of them.

So this post is a dump of a bunch of them, to come back later with more thoughts on

1.  25 Scenes from Symantec Vision:  Missed Vision this year but didn’t hear much about it.  Find it interesting how they comment on things us old Altiris people take for granted, such as Steve Morton’s Keynote style, Usergroup challenge, etc.

2.  DLP: Million Problems – One Solution:  Haven’t read this one yet, but looking forward to it

3.  DLP – Protecting What Matters Most:  Seems to be an overview of DLP, will have to read this one through

4. States’ Rights Come to Security Forefront

5.  DLP Primer

6.  Data Loss Prevention comes of Age

ITS is hiring

I know all of you follow and check into our website every day, but we are announcing we are looking for a new Altiris Consultant to join our company.  ITS is one of the National Partners that Symantec has and we are looking for a new consultant.

From our website:

ITS is currently looking for experienced Altiris Consultant / Engineers to be responsible for providing on-site, enterprise systems/process design and implementation services for our clients and partners. This individual will be responsible for implementing lifecycle management solutions and services.

Non-Technical Requirements

  • Prior on-site consulting experience is preferred.
  • Effective presentation and communication of technical product details and best practices.
  • Assisting customers with product implementations.
  • Creating design, implementation, detailed process and post engagement documentation.
  • Travel required.
  • Knowledgeable in the assessment, planning, design and implementation of systems and/or availability management tools.
  • Familiarity with ITIL best practices and processes.
  • Assume leadership on engagements and work without direct supervision, interfacing with the customer IT and business-function leaders.
  • Active role in the Altiris Sales Process which includes proposal creation, Altiris presentations, sales calls, research, and project scoping.

Technical Requirements

Working knowledge of system management software is preferred.

  • Altiris
    • Asset Management Suite
    • Client Management Suite
    • Deployment Server
    • WISE Studio
    • Helpdesk / Service Desk 7
    • Symantec Workflow Solution
  • LAN Desk
  • Microsoft SMS

For more information see our website: www.itsdelivers.com/about.php