Overview of Client Management Suite 7.1 Hands-On Lab

Description If you are new to Client Management Suite, this lab is an excellent place to start. This introduction lab provides a hands-on overview of the suite going through many steps of IT lifecycle management. It includes the basics on and patch management, deployment, migration, remote assistance, and to start you on your path to effective client management.

At the end of this lab, • Create an inventory policy and run reports to view the you should be able to collected data • Describe the available methods for delivering and metering software within a real-world environment • Describe the process of staging and deploying patches to systems and applications within a network environment • Use Deployment Solution 7.1 to perform an OS Migration

Notes . The lab will be directed and will provide you with step-by- step walkthroughs of key features. . Feel free to follow along with the instructor, or you may optionally perform this lab at your own pace. . Be sure to ask your instructor any questions you may have. . Thank you for coming to our lab session.

Introduction Altiris® Client Management Suite™ reduces the total cost of owning client systems by automating time-consuming and redundant tasks. By minimizing the efforts and costs associated with deploying, managing, securing and troubleshooting client systems, organizations can gain control of their environments. This easy-to-use, integrated suite of solution software for Windows, Mac and is designed to address IT management needs for desktop and notebook computers throughout their entire IT lifecycle.

Client Management Suite tightly integrates industry-leading technologies, including Symantec ™, Wise packaging, Altiris® Software Virtualization Solution™ and pcAnywhere™ to give IT the most value for managing, deploying, securing and troubleshooting client systems through the entire IT lifecycle. It includes:

• Comprehensive system discovery and hardware and software inventory • OS migration, imaging and deployment technology • Intelligent software management and delivery • Complete Comprehensive software packaging and patch management • Real- time troubleshooting including remote control • Application virtualization

New features in the Altiris® Client Management Suite™ include:

• The ushering in of a new generation of client by providing better, end-user focused client management, complete process automation, and intelligent software management. • Complete process automation with better task management and Workflow Solution • More intelligent software delivery and management by providing a centralized software library this gives IT workers better software targeting, delivers conflict-free virtual software, keeps the software up-to-date on client PCs, and ensures the software is available and remains installed for end-users. • Tight integration of industry-leading cast of all stars from Altiris and Symantec to give customers a comprehensive solution for client systems management (Symantec Ghost, pcAnywhere, Wise, Deployment Solution, and Software Virtualization Solution) • Enhancement of day to day operations by providing enterprise calendar views, actionable dashboards and reports, and event consoles to give IT and others a better view into the organization. • Expansion of client management by improving the installation and configuration process, giving more options for expandability including hierarchy and replication, expanding client management with additional Symantec and 3rd party products. • Better support for Windows, Mac and Linux machines

This lab will introduce many of these new features in a virtual lab environment.

2 of 19 Exercise 1: Using Inventory Reports Inventory Solution allows administrators to identify and report hardware, software, operating systems, and network data for computer assets within their environment. Administrators can then use this data for a variety of purposes including tracking hardware changes, identifying installed software, etc. Using Inventory Solution with Altiris Client Management Suite 7.1 allows an administrator to better understand and manage their environment, regardless of size. In this lab we will review the inventory wizard and examine some of the reports that can be used to better understand and managed an environment.

1. If they are not already powered, power-on the virtual machines in the following order.

a. DC b. NS71 c. XP Client d. Win7

2. Switch to the NS71 virtual machine. 3. Launch the Symantec Management Console by double-clicking the “Symantec Management Console 7.1” shortcut located on the desktop.

The Symantec Management Console loads.

4. Maximize the Symantec Management Console so that it fills the screen. 5. Click Home —>Discovery and Inventory —>Inventory.

The Inventory home page is displayed, and the current inventory policies in use within the environment are listed, along with the current status of collected inventory data within the environment.

6. Select the Collect Full Inventory policy listed at the bottom of the screen, and click the edit (pencil) icon.

The Collect Full Inventory policy is displayed.

7. Note that the policy is configured to capture a new inventory if the current inventory is ever detected to be more than 7 days old. 8. Verify that Hardware, Software, and File properties are being collected.

3 of 19 9. Click Cancel. 10. Click Home —>Discovery and Inventory —>Inventory 11. Click the “Run an inventory report” hyperlink.

You are re-directed to the Reports section.

12. Navigate to and expand Reports—>Discovery and Inventory—> Inventory—> Cross-platform—>Operating System. 13. Select the “Count of Computers by Operating” report.

The report details are displayed in the right-hand pane.

Note: This report lists a count of all operating systems in use within the environment.

14. Review the report data that is made available. 15. Right-click “ R2 Enterprise” system in the report results, and select “View OS Details” from the resulting menu.

The systems associated to the selected are listed.

16. Right-click the “DC” system within the results of the report, and view the available options.

Note: These functions can be customized to match the specific needs of a given environment.

4 of 19 Exercise 2: User Assistance with Real-Time System Manager Real-Time System Manager provides remote management of systems with or without an Altiris Agent installed. Real-Time System Manager can allow an administrator to view detailed real-time information about a managed computer and remotely perform various administrative tasks such as powering on and off computers, redirecting reboots, running a port scan, or a variety of other real-time processes. For Intel AMT-capable computers, an administrator can remotely power on a system, establish a remote console session, change BIOS settings, and perform other AMT-specific operations. In this exercise we will use Real-Time management to remotely perform the following tasks on a managed client system: • Verify that the managed system can be pinged successfully across the network • Review the status of all ports on the remote system • Verify that the Symantec Management Agent is currently running on the remote system • Send a reboot command to the remote system

1. If they are not already powered, power-on the virtual machines in the following order.

o DC o NS71 o XP Client o Win7

2. Switch to the NS71 virtual machine. 3. Launch the Symantec Management Console by double-clicking the “Symantec Management Console 7.1” shortcut located on the desktop.

The Symantec Management Console loads.

4. Maximize the Symantec Management Console so that it fills the screen. 5. Click Actions—>Remote Management—>Real-Time Management.

The Resource Manager interface is displayed.

6. Type WinXP in the Computer field, and click Connect.

After a short delay, the Resource Manager window will appear for the remote system.

5 of 19

7. Maximize the Resource Manager window so that it fills the screen. 8. Wait for the remote system information to be displayed (this may take a couple minutes to complete). 9. Within the left pane click More Actions—>Connector Samples—>Ping Computer.

A Launch Command window appears, and the ping results are displayed.

10. Verify that the ping was successful and close the Launch Command window. 11. Within the left pane click More Actions—>Remote Management—>Port Check

A Port Check window appears, and after a short delay, displays the current status of the ports on the remote system.

12. Review the Port Check results, and then close the Port Check window.

Note: Checking the status of the ports of a remote system is a good way to troubleshoot a managed system in order to verify that required ports are open (for either Altiris or third party applications).

13. Within the central pane of the Resource Manager, expand the following:

Real-Time Consoles—>Real-Time System Manager—>Management Operations

14. Locate and select Manage Services within the Management Operations folder in the central pane.

The services for the remote system are displayed in the right pane.

15. Within in the right pane, expand the Name, Status, and Startup Type fields (these are the first three fields) so that the data within these fields can be read. 16. Locate the Symantec Management Agent service; note that it is currently started and the Startup Type is set to Auto.

Note: Checking the status of the remote Symantec Management Agent is a good way to troubleshoot a non-responding managed system. Service status can also be modified directly from this interface.

6 of 19

17. Within the central pane click Manage Power State and Redirection.

A Manage Power State window appears, and the available options are displayed.

18. Verify that the Reboot radio button is selected. 19. Click Run. 20. Switch to WintXP virtual machine, and verify that the system reboots as directed.

Note: Rebooting a remote system is often required as a trouble-shooting step when dealing with services or running applications.

21. Switch to the Notification Server virtual machine. 22. If open, close the Manage Power State window. 23. Close the Resource Manager window.

7 of 19 Exercise 3: Using the Software Catalog for Managed Software Delivery, and Application Usage Metering Altiris Client Management Suite uses a customizable software catalog to enable administrators to deliver software packages throughout a managed environment using secure, bandwidth-sensitive technology. Software relationships can be identified using Altiris Software Management for ongoing MSI package management. Altiris Software Management can also ensure that required software gets installed, remains installed, and operates correctly through the use of software Managed Delivery policies. In this exercise we will examine the software catalog, create a managed software product for a newly discovered software component, and create a delivery policy to deliver the managed software product to a remote system.

1. If they are not already powered, power-on the virtual machines in the following order.

o DC o NS71 o Win7

2. Switch to the NS71 virtual machine. 3. Launch the Symantec Management Console by double-clicking the “Symantec Management Console 7.1” shortcut located on the desktop.

The Symantec Management Console loads.

4. Maximize the Symantec Management Console so that it fills the screen. 5. Click Manage—>Software.

The Software Management interface appears.

6. Select the Newly Discovered Software menu entry from within the left-hand pane.

Software discovered within the environment is displayed within the central pane.

7. Type OpenProj within the available search field.

OpenProj 1.4.0 English is displayed.

Note: This represents a software component that has been discovered within the environment. In order to properly manage this software within the environment, the software component must be converted to a Managed Software product.

8 of 19

8. Select “Manage this software” from the upper-right pane.

The “Add Software Product” interface is displayed.

9. Modify the Product name to match the following:

OpenProj 1.x

10. Modify the Version field to match the following:

1.x

11. Within the “Identify inventory” tab, modify the fields as follows:

Software name: Open Proj Company: Serena Software Inc. Version: 1.

Note: These fields are used to determine which software components should be assigned to the newly created Software Product. These rules are dynamic and will apply to all current and newly discovered components. The current rule will assign all 1.x version of OpenProj to this software product. Be aware that and (+), not (-), and or (|) logic can be used within the fields.

Select the “Meter / track usage” tab.

Note: Notice that an executable has already been associated to the software component. The executable association was accomplished through the dynamic metering functionality. Dynamic application metering feature enables ITMS to automatically detect an executable that is assigned, within the operating system, to an .msi application and automatically add it to the metering tab within a Software Product. If new versions of software are detected as part of Software Product inventory filter, the applicable executable is automatically added to the metering tab, and included in tracking usage and license consumption. This feature removes the requirement of the administrator to constantly monitor managed Software Products and ensure that all applicable components of that product are assigned appropriate executables for metering.

12. Mark the “Turn on metering” checkbox is marked.

Note: The associated file(s) will be monitored to determine application usage. Note the field at the bottom of the tab which indicates in which time frame a product must be used in order to be determined as “used”. The default time period is 90 days.

9 of 19 13. Select the Delivery tab. 14. Click Import

The Import Software interface is displayed.

Note: In order to define a deliverable component within the software, we must import the software installation file, and designate the appropriate installation commands, relationships, etc.

15. Click Add from within the “Package contents” field.

A file browse windows is displayed.

16. Browse to and select the following file:

C:\SoftwareResources\OpenProject\Install File\openproj-1.4.msi

17. Click Open.

The file browse window is closed.

18. Verify that the openproj-1.4.msi file is listed within the “Package contents” field. 19. Click Next. 20. Verify that the “Update an existing software resource” radio button is selected.

Note: This is selected becase the imported .msi was able to identify the discovered OpenProj software component within the database. Selecting this radio button will update this entry, as opposed to creating a new software entry from the .msi.

21. Click OK.

The .msi package is imported into the Software Library and the package is now listed within the Delivery tab, and marked as the default package for delivery.

22. Verify that the OpenProj 1.4.0 entry is selected.

Note: This indicates which component within managed product is assigned as the authorized deliverable. When a product is delivered to a managed system, this is the product which will be installed.

10 of 19 23. Select the Licenses tab.

Note: This tab is used to associate licensing to a managed product, and is only made available if Asset Management Solution is installed.

24. Click OK.

The Add Software Product interace is closed.

25. Select Installed Products from within the top-left pane of the Symantec Management Console. 26. Type OpenProj in the search field.

The OpenProj managed product is displayed.

27. Left-clik and hold the OpenProj managed software product.

The Managed Computer list is than displayed.

28. Drag the OpenProj managed product to the Win7 system, and release.

The “Deliver software” dialog is displayed.

29. Mark the “Ensure the software stays installed using a policy” checkbox, and click Deliver Software.

The “Deliver software” dialog is closed, and a managed software policy for OpenProj 1.4.0 is created and displayed.

30. Select and edit the policy name from the current name of:

New Managed Software Delivery

to:

OpenProj 1.4.0 Delivery Policy

31. Scroll-down and expand the Schedule tab. 32. Within the Compliance field within the Schedule tab, click the first “Add schedule” drop-down menu, and select Schedule Window.

A Schedule Window is added to the policy.

33. Within the “During window, check every:” field, specify 10 minutes.

11 of 19 34. Click the “No repeat” hyperlink and select daily from the resulting menu.

Note: This specifies how frequently the assigned system should run a check to determine if the managed software is required.

35. Verify that the Remediation field specified that remediation should occur immediately if needed.

Note: This specifies that if the compliance check fails (indicating that the managed software is not installed on the managed system) that the software should be installed immediately.

36. Scroll to the top of the policy, and click the Off button, and select On from the resulting menu.

The policy is set to On, and the color changes to green.

37. Click Save Changes at the bottom of the policy.

The policy is saved, and applied to the applicable systems.

38. Close the policy window. 39. Switch to the Win7 virtual machine. 40. Right-click the Symantec Management Agent and select Symantec Management Agent Settings from the resulting menu.

The Symantec Management Agent Settings are displayed.

41. Click Update to force the agent to check for new policies or udpates from the Notification Server. 42. Verify that the Changed date upgrades in order to verify that the agent configuration is updated with the new policies.

Note: The agent is set to update frequently, so the agent may have already updated itself. To check this, simply check the current Changed date and time field.

Note: The Configuration Update would have occurred automatically at the next scheduled time, and thus this step is not required. Manually updating the configuration, however, will allow us to more quickly apply the newly created policy.

43. Close the Symantec Management Agent Settings window.

12 of 19 44. Right-click the Symantec Management agent, and select Symantec Management Agent from the resulting menu. The Symantec Management Agent interface is displayed.

45. Maximize the Software Management Agent window. 46. Select the Software Delivery tab.

All currently assigned software delivery policies are displayed.

47. Verify that the OpenProj policy is displayed. 48. Note the steps that are included within the policy. 49. Click the hyperlink within the Application Tasks menu, located within the left-hand pane.

The policy is immediately executed.

50. Note that the OpenProj software is not detected, and that the software is downloaded and installed. 51. Close the Symantec Management Agent window. 52. Verify that the OpenProj software icon is displayed on the desktop.

13 of 19 Exercise 4: Creating a Software Update Policy to Distribute Relevant Patches and Updates to Systems within a Managed Environment Altiris Patch Management solution provides the ability to automate the delivery of operating system and software updates to a managed environment. Through reports, an administrator can detect when security updates and patches are relevant to their environment, and then create policies to distribute these patches from a central library immediately or based upon a predefined schedule. In this demonstration the Software Update Policy Wizard will be used to create a policy to distribute applicable bulletins to the systems within the managed environment to which they apply.

1. If they are not already powered, power-on the virtual machines in the following order.

o DC o NS71 o XP Client o Win7

2. Switch to the NS71 virtual machine. 3. Launch the Symantec Management Console by double-clicking the “Symantec Management Console 7.1” shortcut located on the desktop.

The Symantec Management Console loads.

4. Maximize the Symantec Management Console so that it fills the screen. Click Reports—>All Reports.

The Reports interface is displayed.

5. Click Home —>Discovery and Inventory —>Inventory.

The Patch Management home page is displayed. 6. Verify that the Windows tab is selected in the left-hand pane.

14 of 19 7. Click the Compliance by Bulletin hyperlink.

The Microsoft Compliance by Bulletin report is displayed in the right-hand pane, and after a short delay, is populated with data.

Note: In addition to Windows, patching is available for Mac and Linux operating systems, as well as for Adobe applications.

8. Click the Compliance column header to sort that column by compliance percentage.

Note: While this report shows the overall compliance with specific bulletins, and the number of applicable systems, it does not display the specific details for the applicable systems. To determine which specific systems in an environment are applicable for these updates, you would need to run a Microsoft Compliance by Computer report.

9. To identify the specific applicable systems, navigate to and select Reports—> Software—>Software—> Patch Management—> Compliance—>Microsoft Compliance by Computer.

The Microsoft Compliance by Computer report is displayed in the right-hand pane, and after a short delay, is populated with data.

Note: Using this information, an administrator can determine which patches and updates should be downloaded for distribution. If a bulletin has no applicable systems within an environment, for example, it may be decided to not download or stage that update within the environment.

10. Navigate to and select Reports—>Software—> Patch Management—> Compliance—>Windows Compliance by Bulletin.

The Microsoft Compliance by Bulletin report is displayed in the right-hand pane, and after a short delay, is populated with data.

11. Click the Compliance column header to sort that column by compliance percentage. 12. Select the bulletins that you wish to distribute. 13. Right click the selected bulletins and review the resulting menu.

Note: Downloading Packages will stage a bulletin prior to distribution. This option is not required, howerver, since Distribute Packages will download the bulletins as part of the process.

15 of 19 14. Select Distribute Packages from the available menu.

The Distribute Software Updates wizard interface is displayed.

15. Review the information listed within the Software Update Policy Option and Software Bulletins and Updates sections.

Note: Remember that a single bulletin will often include multiple updates.

16. Expand the Package Options section. 17. Verify that the “Use multicast when the Altiris Agent’s multicast option is enabled” checkbox is selected. 18. Check the “Run (other than the agent default)” check box, and verify that the “As soon as possible” radio button is selected.

Note: This will push out the patch immediately without waiting until the next scheduled software update cycle.

19. Verify that “Windows Computers with the Software Update Agent Installed Target” is listed in the “Apply to Computers” name field. 20. Click Next. 21. Verify that all of the patches within the bulletins are selected, and click the Off button (located in the upper-right of the window) and select On (the header should change from red to green). 22. Click “Distribute software updates” to activate the Software Update Policy. 23. The Software Update Policy Wizard interface is closed.

16 of 19 Exercise 6: Performing an OS Migration Altiris Client Management Suite 7 introduces an integration of Notification Server and Deployment Solution functionality. From the Symantec Management Platform, you can and restore disk images, migrate user personality settings, set domain, naming and network values for managed client computers, and deploy client computers using various imaging engines, including Symantec Ghost and Altiris RapiDeploy. In this exercise, we will use the Deployment Solution functionality to perform an OS Migration.

Note: To save time, a corporate image has already been created within the demonstration environment. The following steps will explain how this image was created, and show where it exists within the Notification Server.

1. If they are not already powered, power-on the virtual machines in the following order.

o DC o NS71 o XP Client o Win7

2. Switch to the NS71 virtual machine. 3. Launch the Symantec Management Console by double-clicking the “Symantec Management Console 7.1” shortcut located on the desktop.

The Symantec Management Console loads.

4. Switch to the Notification Server virtual machine. 5. Click Manage—>Jobs and Tasks.

The Jobs / Tasks interface is displayed.

6. Within the Jobs and Tasks pane, Navigate to and select Jobs and Tasks—> _TFE Demo—>Capture.

The jobs and tasks within the Capture folder are displayed to the right.

7. Select the “Capture Master Image” job.

The job details are displayed in the right-hand pane.

17 of 19

Note: A Client Job is a combination of tasks that perform a single function. A job, for example, could restore an image of a system, and then immediately deploy a piece of software using the Quick Delivery task, and then immediately perform an inventory of the system. The ability to combine individual tasks into a single job enables an administrator to create, deploy, and manage powerful solutions within a managed environment.

Note: This job prepares the system for imaging using Sysprep, reboots the system to the automation environment, uses Ghost to create a master image file, and reboots the system to production.

The image created using this job is stored in the database as a package resource. The follow steps will show the location within the Console where the image can be displayed.

8. Click Manage—>All Resources.

The Resources interface is displayed.

9. Navigate to and select Organizational Views—>Default—>All Resources—> Software Component—> Image Resource.

Note: The image resources are displayed in the right-hand pane, and include an image resource named Win7Pro_x86.gho which was created earlier.

10. Click Manage—>Jobs and Tasks.

The Jobs / Tasks interface is displayed.

11. Within the Jobs and Tasks pane, Navigate to and select Jobs and Tasks—> _TFE Demo—>Deploy.

The jobs and tasks within the Deploy folder are displayed to the right.

12. Select the Migrate System to job.

The job details are displayed in the right-hand pane.

18 of 19 Note: A Client Job is a combination of tasks that perform a single function. A job, for example, could restore an image of a system, and then immediately deploy a piece of software using the Quick Delivery task, and then immediately perform an inventory of the system. The ability to combine individual tasks into a single job enables an administrator to create, deploy, and manage powerful solutions within a managed environment.

13. Verify that the current job includes the following tasks:

Capture Personality Reboot to Automation Deploy Image Reboot to Production Update Client Configuration Distribute Personality

Note: Additional tasks may exist, but only the above tasks are required. Note: This task will capture the Desktop, Network, and Application personality settings (DNA) and then reboot the system to an automation environment (WinPE). Once in the Automation Environment, Symantec Ghost will be used to deploy the hardware independent MasterWin7 image to the local system. Once the restoration of the image is complete, the system will be rebooted to production (and Sysprep will re-configure the system according the stored inventory information). Once the system is reconfigured, the Altiris agent will reinitialize and the previously captured personality will be restored to the system.

14. In the Task Status pane, click Quick Run—> and type WinXP in the available field. 15. Click Run.

16. The job is scheduled, and the task process is displayed in the Task Status section.

17. Switch to the Windows XP Professional (WinXP) virtual machine. 18. Monitor the progress of the OS Migration.

19 of 19