Beruflich Dokumente
Kultur Dokumente
® Asset
Numara
Management Platform
Note
Numara® Software, Inc. reserves the right to make changes in specifications and other information
contained in this document without prior notice. The reader is advised to consult Numara® Software, Inc.
to determine whether any such changes have taken place.
Under no circumstance and to the minimum extent permitted by law, including none, shall Numara®
Software, Inc. be liable for any damages whatsoever, including but not limited to consequential or
incidental damages due to loss of business, loss of time, loss of information, loss of profit or loss of
opportunities, arising in whole or part out of or related to this manual or the information contained in it,
even if Numara® Software, Inc. has been informed of such danger or should have been informed or is in
possession of knowledge of such danger or implications.
This product and documentation are provided on a RESTRICTED basis. Use, duplication, or disclosure by
the US Government is subject to restrictions set forth in Subparagraphs (c) (1) and (2) of the Commercial
Computer Software Restricted Rights at 48 CFR 52.227-19, as applicable.
This document may not be reproduced in part or whole by any means, for any purpose or transmitted in
any way, except small quotations not exceeding one thousand characters and in such case only with clear
reference to the source and mentioning the Numara® Software, Inc. copyrights, without the express written
permission of Numara® Software, Inc.
Numara, the Numara Software logo, Track-It! and FootPrints are registered trademarks of Numara Software,
Inc. Microsoft is a registered trademark and Windows is a trademark of the Microsoft Corporation. Pentium
is a trademark of the Intel Corporation. All other marks are property of their respective companies.
Introduction
The Numara® Asset Management Platform (NAMP) is a unique solution for managing and securing systems that
provides a global overview of the complete infrastructure by using its automating administration tools as well as
its securisation functionalities. Once installed on all systems the NAMP agents allow the administrator to monitor
all devices from the NAMP administration console.
The Numara Asset Management Platform is composed of a Master server, a unique agent, installed on all devices
and relay agents for an optimised architecture, a database as well as a unique administration console.
Organisation
This manual is designed for the new user of the Numara Asset Management Platform as well as users that
acquired new functionalities and are trying to familiarise themselves with these. It provides you with detailed
examples on specific topics such as step-by-step instructions on how to create your first objects and execute
operations as well as setting up the security in the software.
To be able to execute the examples of the chapters in this manual it is taken as granted that the Numara Asset
Management Platform and its components were installed as explained in the Installation manual with all their
default values.
The manual is divided into the following sections and topics:
Further Documentation
In addition to this little manual you will find detailed information on all possible aspects and topics regarding the
Numara Asset Management Platform in subject oriented manuals, which are located on the Numara Asset
Management Platform Installation DVD under the /docs directory in their respective language directories. There
you will find a reference manual containing detailed information on general topics such as all parameters,
modules, security, as well as more technical information on topics such as the autodiscovery.
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Section I - Basic Objects and Functionalities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Chapter 1 - First Steps in the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.1 Populating in the Device Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2 Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
1.3 Direct Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
1.4 User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Chapter 2 - Inventory Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1 Device Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
2.2 Device Group Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
2.3 Inventory Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Chapter 3 - Queries and Device Groups Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.1 Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
3.2 Device Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
3.3 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Chapter 4 - Configuration Management Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
4.1 Operational Rule Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
4.1 Rule Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Chapter 5 - Directory Server Synchronisation Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . 85
5.1 Synchronising with Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
5.2 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Chapter 6 - Reports Step-by-Step. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
6.1 Report Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
6.2 Report Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Section II - Advanced Management Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Chapter 7 - Operating System Deployment Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . . 127
7.1 Operating System Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
7.2 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Chapter 8 - Software Distribution Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
8.1 Software Distribution Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
8.2 Software Distribution Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
8.3 Software Distribution Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Chapter 9 - Resource Monitoring Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
9.1 Resource Monitoring Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
9.2 Monitoring Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
Chapter 10 - Application Management Step-by-Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
10.1 Managed Application Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
10.2 Application Management Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
10.3 Application Management Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Chapter 11 - Power Management Step-by-Step. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
11.1 Power Management Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
6 - Numara Asset Management Platform
If you do not have the graph, you may see your clients coming online by selecting first the master in the left
window pane, the right window pane should then display the relay under the Members tab. And when you click
on the relay in the left window pane, its Members tab will display all managed devices as they come online. The
icon representing the devices as a node displays which functionality the device has in the network, i.e. if it is a
simple client ( ), a relay ( ) or the master ( ). The status of the device is expressed in the colour of the
screen of the device, however in this situation they should all be green for a status of online with no problems. If
the agent has been able to find the operating system this will also be displayed in the icon: client with Windows
OS ( ), with Linux ( ) or Solaris ( ).
Subnodes
When you select one of the managed devices in the left window pane, for example the master, you can see all the
information it provides in its tables or through its list of subnodes:
12 - Numara Asset Management Platform
• Agent Configuration - this node provides access to all configuration settings of the agent running on the local
client.
• Direct Access - if you need to see or modify specific settings on a client you may do so via this node.
• Remote Control - in this node you may establish a remote control connection with the currently selected
devices.
• Inventory - here you will find all possible information on hardware, software, custom, security, patch, power
management and vulnerability inventory of the client.
• Assigned Objects - this node groups all objects which are assigned to the currently selected device.
• Events - this node provides access to all events concerning the selected device.
Tabs
The tabs in the right window pane of the master also provide some information:
• Members tab - This table lists the devices which are located under the master. For our case this should be the
manually installed relay. When you click the relay and then its Members tab you should see the list of all
devices to which the agent was rolled out.
• Parent Device Groups tab - this tab lists all groups of which the currently selected device is a member. If you
reselect the master in the left window pane, this tab will display already one group, called All Devices, even
though we have not created any. However, we imported the Out-of-the-Box objects that also include this one
group.
• Graph tab - as you have already seen above this tab displays your newly installed device topology in graphical
format.
• General tab - this tab displays all available information on the selected device, such as name, IP address,
topology type, OS, agent version, if it is a patch manager, a package factory or a scanner, etc.
If you are using NAT configurations the devices can not be accessed via Remote Control and Direct
Access.
1 Select one of the devices to which you rolled out the agent in the left window pane under the Device Topology
node, or the relay.
2 Select the Remote Control node of the device.
3 An identification window appears on the screen, in which you must provide a valid login and password for the
remote device.
4 Click the Edit->Connect menu item or the respective icon ( ) in the icon bar.
5 The Connection Status appears on the screen.
6 Once the connection is correctly established, the screen of the target client appears in the right window pane.
Chapter 1 - First Steps in the Console - 13
7 You may now execute any required functions or manipulation on the target machine.
8 If you have the remote device in your view, you will see, that the NAMP icon in the systray, which normally is
blue ( ) and oscillates green when the agent is busy, has turned yellow ( ), to indicate that the client has
been taken over via remote control.
9 Now we will try some operations on the remotely controlled device:
a Start the file Explorer on the remote device and close it.
b Open a text editor and create a new file. Save it under c:\temp as test.txt.
c You may also reboot the remote device by clicking the Reboot Remote Device icon ( ) in the tool bar.
Click Yes in the confirmation window to confirm the reboot.
d After the device is up and running again you can copy some text from your local device to the text file you
just created under step b on the remote device.
1 To do so open Notepad, for example, type some text, select it and then copy it to your local clipboard
using CTRL + C keyboard shortcut.
2 In the Remote Control Console window open the test.txt file on the remote device.
3 Click the Send Clipboard icon ( ) in the tool bar. The contents of the local clipboard are copied to the
clipboard of the remotely controlled client.
4 Now place the cursor at the end of the test.txt file and use the CTRL + V keyboard shortcut to copy the
content to the file. Save it.
e You may do the same operation in the other direction using the Retrieve Clipboard icon ( ).
f You can also retrieve the test.txt file from the remote device and save it on your local device.
1 Select the File Transfer icon ( ) in the tool bar.
2 The File Transfer window opens on the screen. This window allows you to copy files from the local to
the remove device and vice versa.
3 Find the source file, i.e. the test.txt file to be copied in the tree hierarchy of the remote device and select
it.
4 Select the target directory, i.e. c:\temp on your local device.
5 Click the arrow between the two fields to start the transfer. The transfer may be stopped and thus the file
copy being cancelled by clicking the stop transfer button ( ).
14 - Numara Asset Management Platform
6 Select the Close button at the bottom of the window when all required files were transferred.
g Delete the test.txt file on the remote device in the same way as you would do on your local device.
10 To disconnect now select the Disconnect icon ( ) in the tool bar.
11 A confirmation window appears. Click the Yes button to continue.
12 The connection will be interrupted and the image of the remote screen disappears from your right window
pane.
If you are using NAT configurations the devices can not be accessed via Remote Control and Direct
Access.
1 Select one of the devices to which you rolled out the agent in the left window pane under the Device Topology
node.
2 Select the Direct Access node of the device.
3 If you are using the same device as for the Remote Control example, the connection will be established
directly, as you have already provided an identification. If you are using another device the Identification
window will appear and you must provide a valid login and password for the selected device.
4 Once the connection is established, you can see the available parts of the remote system which you can access:
File System
Registry
Services
Chapter 1 - First Steps in the Console - 15
Process Management
Windows Events
File System
1 First select the File System node.
2 The file system of the remote device will be displayed in a way very similar to Windows Explorer. It allows you
not only to view a device’s complete directory structure with its files and folders but also to manipulate them:
a Go down in the hierarchy to C:\temp. Here we will create a new directory:
1 Choose the Edit->Create Directory menu item or click the respective icon ( ) in the icon bar.
2 The Create a new Directory popup dialog box opens.
3 Enter Test as the name for the new directory then click OK to confirm.
b To edit an existing file on the remote device, such as a configuration file proceed as follows. Be aware that
the file must be smaller than 200 KB to be editable for performance reasons.
1 In the table in the right window pane select the text file to be edited, e.g. go down the directory structure
of to the config directory of the NAMP client and select the relay.ini file. We will turn the currently
selected device from a simple client to a relay.
2 Select the Edit->Edit File menu item or the respective icon ( ) in the icon bar.
3 An Edit Text File Window opens on the screen with the contents of the file.
4 For the first entry called IsEnabled modify the value from 0 to 1 and the select the OK button at the
bottom of the window to confirm the modification.
c You may also transfer files between the remote and local device in the file system, it works exactly in the
same way as described above under the Remote Control chapter.
Registry
1 Now select the Registry node in the left window pane.
2 Browse down into the structure of the remote registry to key HKEY_LOCAL_MACHINE/SOFTWARE/Numara
Software/Numara AMP.
3 Now create a new key by choosing the Edit->Create Key menu item or the respective icon ( ) in the icon bar.
4 The Create New Key popup dialog box opens.
5 Enter Test Key as the name for the new key then click OK to confirm.
Be aware, that the NAMP agent may NOT be stopped or restarted from this location.
2 The table in the right window pane displays the list of all services on the remote device.
3 Here you can start or stop services and configure startup options.
4 Select a service which is currently stopped.
5 Then select the Edit->Start menu item or the respective icon ( ) in the icon bar.
6 The service will be started directly.
7 Select the now running service to stop it again by selecting the Edit->Stop menu item or the respective icon
( ) in the icon bar.
8 The service will be stopped immediately.
9 Now select another service and restart it by selecting the Edit->Restart menu item or the respective icon ( )
in the icon bar.
10 You may also modify some values of a service, such as the display name or the startup type.
11 To do so select the Numara Asset Management Platform Agent service and then the Edit->Properties... menu
item or the respective icon ( ) in the icon bar.
12 The Properties dialog box appears on the screen.
13 Change the startup type here from Automatic to Manual.
Chapter 1 - First Steps in the Console - 17
3 To open the User Preferences window again reselect the menu before the last and select the option at the
bottom.
4 In the window click the arrow on the first field to the right to select UK English as the Language again.
5 Click OK to confirm and close the window.
6 The console is back to English as language.
7 Select the User Preferences window again.
8 Then select the Tables tab in the left window bar.
9 The Tables tab is for setting the properties of the tables in
the right window pane of the console. Make the following
changes:
In the Table-Row Settings box modify the colours for the
table lines, by clicking the Modify button. The field to
the left of the button displays the current colour. In the
appearing window select a colour of your choice. Then
repeat the process for the even lines and also for the grid
between the lines.
In the Row Height field enter 15 to increase the height of
the table rows.
In the Automatic Refresh box move the cursor of the
time scale to the left until the value to the right of the
Enable Regular Automatic Refresh field indicates 15
seconds. Now all right window panes that have
automatic refresh will be a refreshed every 15 instead of
the default 30 seconds.
In the Paging Settings box change the value for the table
rows per page to 15.
Chapter 1 - First Steps in the Console - 19
10 Now select the Fonts icon. In this page you may select the
size and type of font to use.
Select a font type from the dropdown field.
The Font Preview box displays a Sample for the
selected font and size.
You may also increase the size of the font as we have
increased the row hight.
11 The Object Assignments page defines the standard
behaviour of the assignments between the NAMP objects.
We will make no modifications here, as we will be using
the predefined default schedule in our examples later.
12 Select the E-mail page. The parameters in this tab define
the basic settings of the mail server in your organisation.
This information is required to be able to execute a number
of the examples we will define in later chapters, amongst
others to send reports as e-mails and the notification option
of the Task Management. The following parameters must be
defined:
Server Name
Enter the name of your mail server to which all mail is set
for routing.
Port
Defines the port number of the mail server, the default
value is 25.
Authentication
This field defines if the mail server requires authentication
for its communication, possible values are Force
Authentification, Authenticate if possible or
Never Authenticate. Select the value your mail server
requires.
User Name
Enter into this field a valid login to the mail server. This
may be any login, not necessarily that of the user defining
his preferences in via these options.
Passwords
The corresponding password.
13 Then click the OK button to confirm all modifications and to close the window.
14 You can now see the main modifications you made to the console appearance.
15 To make the e-mail system work for the later examples two more steps need to be made in the console:
16 Go to the Global Settings->System Variables node and select the Mail tab.
17 Select one of the table rows in the right window pane and then the Edit->Properties... menu item or click the
respective icon ( ) in the icon bar.
18 The Properties dialog box appears on the screen.
19 Enter the required values as above in the E-mail page.
20 Click the OK button to confirm and close the window.
20 - Numara Asset Management Platform
21 Now go to the Global Settings->Administrators node and select the admin entry in the left window pane. We
will configure this administrator here for e-mailing, as we will execute all our examples as this administrator.
22 Select one of the table rows in the right window pane and then the Edit->Properties... menu item or click the
respective icon ( ) in the icon bar.
23 The Properties dialog box appears on the screen.
24 Find the E-Mail field and enter your e-mail address.
25 Then click the OK button to confirm and close the window.
The NAMP agent also creates an inventory of patches missing on the devices, of vulnerabilities present on them, and
collects a number of parameters regarding the device’s security situation. The Custom inventory allows you to collect a
number of specific device parameters you may need in your day to day network tasks. These types of inventory are filled
in either via operational rules or device scanning and are therefore still empty when being selected here for the first time.
You will find more information on how to fill these in under chapters Configuration Management Step-by-Step, Patch
Management Step-by-Step and Vulnerability Management Step-by-Step.
All types of inventory are by default generated and uploaded when the agent is started. However, as the collection may be
extensive, this may take a while before all information is gathered and uploaded to the database. When you access the
Hardware Inventory and Software Inventory for the first time, they may still be empty.
5 If you double-click one of these entries, the Network Adapter entry for example, the right pane will show the
processor details as shown below. The amount of details displayed depends on the hardware object selected.
3 The right window pane will now display all software products which the agent has found on the managed
device with some additional information as shown in the image above.
4 As this list may be very long it is probably paged. You may see this at the bottom of the console window where
the number of pages are indicated and the buttons for moving from one page to another are provided.
The number of lines to be displayed by page as well as a number of additional displaying parameters are
customisable via the User Preferences. For more information on this subject refer to chapter User Preferences
on page 49 in Section I of the console manual.
24 - Numara Asset Management Platform
6 It has a number of properties, Instance Name, Monitor Manufacturer, Width, Height, etc.
7 Select the Name option.
8 The table in the right window pane will now display the list of monitor names found for all devices and the
respective count.
9 Now select the Bar Chart tab. It displays the same information as the Inventory tab in form of a bar chart.
Chapter 2 - Inventory Step-by-Step - 25
10 The labels to the right of the chart provide the names of the different monitors found.
11 Now select the Pie Chart tab. This graphic displays again the same information in form of a pie chart.
Be aware that restarting the NAMP agent via Windows is only done in this case as we are still very early in the
usage of the software. Once you have mastered a few more chapters of this manual restarting the agent will be
done as explained in chapter Configuration Management Step-by-Step and the operational rule called Reboot
Device.
4 Now go to your master device under the Device Topology node and open the Inventory->Hardware Inventory
node again.
5 Select its History tab.
6 You might have to wait a bit, as inventory generation tends to take some time.
7 Once the inventory is generated and uploaded the History tab should display an entry with a name of Logical
Disk, Free Space as its property name and a different old an new value, since the available free disk space on
your device has changed.
3 To move an element to the Hidden Elements tab now select the Edit->Hide Element menu item or select the
respective icon ( ) in the toolbar.
4 The Add Elements to Hide popup window appears on the screen.
5 It displays all elements which exist in the History tab.
6 Select the Logical Disk element to be removed from the general History tab.
7 Click OK to confirm and close the window.
8 The Logical Disk element will now be displayed in the table.
9 If you go back now to the History tab you will see that the table is empty.
If already other elements were present in the table in addition to the Logical Disk element, these will remain in
the list, only the Logical Disk element will disappear.
9 One element which currently is not in the default inventory but still useful to monitor is the USB ports.
Therefore browse down in your list and double-click the USB Controller value.
10 The USB Controller values are now displayed, and you can see it is currently not included in the inventory.
11 Select a table row and then the Edit->Properties menu item or click the respective icon ( ) in the icon bar.
12 The Properties popup window will appear on the screen.
13 Select the ACCEPT value from the Action drop-down list.
14 Click OK to confirm the added inventory object and close the window.
15 Now our new hardware inventory filter is set up and must be saved. To do so select the Edit->Save menu item
or click the respective icon ( ) in the icon bar
16 The filter may now be assigned to the relay. For this select the Assigned Objects->Devices node under the
Relay Hardware Filter node.
17 To assign the filter to the relay select here Edit->Assign Device menu item or click the respective icon ( ) in
the icon bar.
18 A confirmation window appears on the screen. Click Yes to confirm the immediate activation of the
assignment.
Chapter 2 - Inventory Step-by-Step - 29
Be aware that restarting the NAMP agent via Windows is only done in this case as we are still very early in the
usage of the software. Once you have mastered a few more chapters of this manual restarting the agent will be
done as explained in chapter Configuration Management Step-by-Step and the operational rule called Reboot
Device.
25 Now go to your relay device under the Device Topology node and open the Inventory->Hardware Inventory
node again.
26 You might have to wait a bit, as inventory generation tends to take some time.
27 Once the inventory is generated and uploaded the list should include a value called USB Controller.
30 - Numara Asset Management Platform
28 When you double-click the entry the detailed view opens in the console displaying information for all USB
slots of the device.
3
Queries and Device Groups Step-by-Step
The base for many operations executed in your network via the console are queries and device groups. Device
groups are a way of organising all managed devices within your network. The structure defined through the
groups is individual and freely configurable by the administrator. These groups may contain any type of device,
i.e clients, relays or even the master server. Devices may also be present in more than one group, for example, a
Windows NT client may be in a group called NT Servers and at the same time in another group called Accounting
Clients.
Groups may be created, for example, according to the following criteria:
• Geographical location of the devices: in this case the groups would be divided in the continents, countries,
cities, buildings, etc.
• Corporate structure of the managed devices: The organisation through groups could contain in this case the
administration and functional divisions of the company, such as Engineering, Support, Sales, Accounting,
Directors, etc.
• Characteristics of the devices:
this could mean a grouping according to the physical components of the clients such as the size of the RAM
or hard disk, the type of the processor, etc.,
the clients could be organised according to their operating systems, etc., or
they may be organised according to the function they have within the network, such as relay, first level
relay, second level relay, client, etc.
Queries in Numara AMP allow for the dynamic grouping of the clients into exactly these groups as you have
defined above according to the criteria that you have specified.
The out-of-the-box objects contain quite a number of queries and one device group populated by one of these
queries: All Devices, which contains - as the name already implies - all devices which have a NAMP agent
installed, such as the master, the relay and all clients to which the agent was rolled out.
Prerequisites
To execute the examples provided in this chapter we assume that:
• master, console and database are installed in their default directories.
• you have rolled out the NAMP agent to a number of devices as described in the Installation manual.
• a console is open and connected to the master.
• you have installed the out-of-the-box objects during the master installation.
3.1 Queries
Queries can be carried out on all Numara Asset Management Platform object types and objects (e.g. operational
rules, administrators, devices, etc.) and are either based on a single or multiple criteria and their values defined
by the administrator. These are used to group the target type according to certain criteria, such as for example to
find all managed devices in the network that have 1024 MB of RAM and put them into a specific device group.
Also they may be used in reports to define the contents of the report and find the data.
32 - Numara Asset Management Platform
There are two types of queries in Numara Asset Management Platform, predefined criteria-based queries and free
sql queries. The examples in this chapter will include both types of queries, which serve as a base for other step-
by-step examples further on, such as the operational rules, software distribution and patch management.
Therefore we recommend you to stay as close as possible to the object names and their chosen options.
29 In the Preview tab you can see a preview of the query’s results.
34 - Numara Asset Management Platform
18 Then click OK to confirm the new query content and to close the window.
19 All newly created queries are inactive, thus they must be activated before they can manage a group. To activate
select the green coloured option active instead of the currently displayed red option inactive in the Query
Status drop-down field.
20 In the Preview tab you can see a preview of the query’s results.
If the query results are not reversed it will find all devices on which Firefox version 2 is installed, our task here,
however is to find all those on which it is not yet installed.
15 To activate select the green coloured option active instead of the currently displayed red option inactive
in the Query Status drop-down field.
11 The Criterion Description box below now shows additional fields through which you may specify the
contents of the criterion.
12 In the Operator drop-down box select the value Greater than or equal.
13 Select the newly appeared Timeframe radio button.
14 Leave the preentered time value in the field next to it, -1 for one month ago.
15 Then select the corresponding unit from the drop down list to the right, Month.
In this example we need to use a free query as we try to find devices which have both Word and Excel installed.
For this a software inventory table needs to be called twice, and this is not possible via the criteria.
1 To create the query, select the main Queries node in the left window pane.
2 Select the Edit->Create Query menu item or the respective icon ( ) in the icon bar.
3 The Properties dialog box will appear on the screen.
4 Enter the required data into the following two fields and leave all others untouched.
a Enter the name of the new query into this field, use Devices with Word and Excel for this case.
b Check the field Free Query.
The FROM must include the base table linked to the query type: if the type is Device, the query need to include
the Device table.
The query cannot include the following operators: COUNT, SUM, AVERAGE, MAX, MIN, as well as SQL
commands such as UNION, INTERSECT, EXCEPT, MINUS, etc.
10 Once the query is entered verify that the syntax and spelling is all correct.
11 For this select the Edit->Verify SQL menu item or click the respective icon ( ) in the icon bar.
12 The database will verify your syntax and display the result in the Sql Result field below. It will provide
information regarding any errors it found, the detail level of which is based on your database system.
Chapter 3 - Queries and Device Groups Step-by-Step - 39
13 Now that the query is finished and correct save it by selecting the Edit->Save Query menu item or click the
respective icon ( ) in the icon bar.
14 The SQL query will be saved to the database.
15 All newly created queries are inactive, thus they must be activated before they can manage a group. To activate
select the green coloured option active instead of the currently displayed red option inactive in the Query
Status drop-down field.
16 Go to the Preview tab of the query.
17 Here you can see the list of all devices which fulfil the criteria of the free query you just created.
5 The drop-down list below this field allows you to define if you would like to only display the members of the
group under the node in the hierarchy tree in the left window pane, only all possible subnodes providing
additional information on the group or both. Leave this value at All to display everything.
6 Click the OK button at the bottom of the window to confirm the new group.
7 It will now appear in the right window pane in the Members tab.
8 Select the new group and go to its Member tab, which is still empty.
9 You may now manually add the group’s members by selecting the Edit->Add Device menu item or the
respective icon ( ) in the icon bar.
10 The Select a Device dialog box will appear on the screen.
11 Select some devices which are to be added to the device group from the Available Objects box, e.g., the master
and the relay.
12 Click OK to add the devices to the device group and close the window.
13 The table in the right hand side will now display all the newly defined member devices.
Chapter 3 - Queries and Device Groups Step-by-Step - 41
7 You may also see the group if you go to the Device Groups node. There you will see that the group type is
indicated by its icon, i.e. a query based group ( ).
8 If the new group is not yet displayed click the Refresh ( ) icon.
42 - Numara Asset Management Platform
9 Then select the group in the left window pane and go to the group’s Members tab.
10 It will display all those managed devices of your network corresponding to the criteria set up in the query.
5 Click the OK button at the bottom of the window to confirm the new group.
6 Open the group’s Dynamic Population->Queries node.
Chapter 3 - Queries and Device Groups Step-by-Step - 43
7 Select the Edit->Assign Query menu item or the respective icon ( ) in the icon bar.
8 The Assign a Query dialog box will appear on the screen.
9 Click the All button on the left.
10 Select both the Client Devices and Devices without Firefox queries, then click OK.
Be careful not to modify the query operator in this case, it must remain AND. If you modify it to OR the device
group will contain all devices with XP SP2 as their operating system as well as all those on which Firefox is
installed.
12 Go to the group’s Members tab to see which devices the query found.
13 Refresh ( ) if no members are displayed yet.
44 - Numara Asset Management Platform
3.3 Options
The following paragraphs provide a number of options for the query as well as the device group application in the
Numara Asset Management Platform and its functionalities.
14 Now that the query is finished and correct save it by selecting the Edit->Save Query menu item or click the
respective icon ( ) in the icon bar.
15 The SQL query will be saved to the database.
16 All modified created queries are inactive as well and therefore must be reactivated before they can be used. To
activate select the green coloured option active instead of the currently displayed red option inactive in
the Query Status drop-down field.
17 Go to the Preview tab of the query.
18 Here you can see the list of all devices which fulfil both criteria of the free query, i.e. all your devices with the
exception of the master.
19 Select the new query in the left window pane and click the Create Device Group icon ( )to create the
corresponding group.
You may also convert dynamic groups to static groups. In this case the query membership remains at the situation of the
last dynamic update of the query, i.e. it retains all its members it comprised at the moment the query was converted.
1 For this you first need to remove all devices you just added manually.
2 To do so open the node Device Groups->All My Clients and go to the Members tab.
3 Select all members in the right window pane.
4 Then select the Edit->Delete Member menu item or the respective icon ( ) in the icon bar.
5 A confirmation window appears on the screen.
6 Select OK to confirm the removal.
7 Then select the Dynamic Population subnode in the left window pane
8 Choose the Queries node among its children.
9 Select the Edit->Assign Query menu item or the respective icon ( ) in the icon bar.
10 The Assign a Query dialog box will appear on the screen.
11 Click the All button ( ) on the left side bar to display the list of all available queries.
12 Select the query called Client Devices from the list. This query will find all devices in your network which
have the Topology Type Client.
13 Click OK to add the query to the selected device group and close the window.
14 If you now return to the Members tab of the group and refresh it ( ), you will find it populated with all the
devices on which the rollout was successfully installed, but neither the master nor the relay device.
Chapter 3 - Queries and Device Groups Step-by-Step - 47
15 Also you can see that the icon has changed from the static group icon ( ) to the dynamic query group icon
( ).
48 - Numara Asset Management Platform
4
Configuration Management Step-by-Step
Configuration Management in the Numara Asset Management Platform is execute via the concept of operational
rules. Operational rules define how and in which way the NAMP functions are to be performed. These rules are
made up of a series of commands executed by the agent. A single operational rule can perform more than one
operation, called “step” The steps are divided into several categories according to target and function.
As shown in the graphic below, the operational rule process consists of the following individual steps:
1 Create the operational rule (1)
2 Assign the rule to the target and send the assignment (2, 3)
3 The rule arrives on the target and is executed (4, 5)
4 The target sends the execution status to the master (6).
3 Send Assignment 5
Execute
Pull Operational Rule to Target Device 4 Operational Rule
Master
Send Status 6 Target Client
The examples in this chapter will serve as a base for other step-by-step examples further on, such as the software
distribution and patch management, we therefore recommend you to stay as close as possible to the object names
and their chosen options.
Prerequisites
We assume that:
• the master, console and database have been installed.
• the master and console have been installed in their default installation directory.
• a console is open and connected to the master.
• you have rolled out the NAMP agent to a number of devices as described in the Installation manual.
• you have already done the exercises in the preceding Queries/Device Groups Step-by-Step chapter to execute
some of the options in the second part of the chapter.
4 Customised Form Rule: This rule will request the local user to provide some information to be entered into the
custom inventory.
5 Reboot Device Rule: This rule reboots a device, also with user confirmation, for example after a patch
application or software distribution.
All operational rules are also available on the Maintenance pages of the agent for direct local application, see Option
(d).
If you want to create the new rule in a specific folder instead of under the operational rules top node see Option
(c) now.
4 Click OK.
5 The step is now added to the list of Selected Objects.
6 This step will update the patch inventory for all targets.
b Security Inventory Steps:
1 Now, to add the steps for the Security Inventory double-click the Security Inventory folder.
2 As the first step select Installed Antivirus and click the Add ( ) button.
3 Click OK to add it to the list.
Force Upload
Make sure the Update Inventory step is always the last step in any type of inventory collection, as the
steps are executed in the specified order, therefore if you put it somewhere in the middle the data
collected after the upload step will not be uploaded to the master and the database.
16 All steps for creating an initial Security Inventory have been added now.
c Custom Inventory Steps:
1 To add the steps for the Custom Inventory double-click the Custom Inventory folder.
2 As the first step select Collect Environment Variable Value and click the Add ( ) button.
3 The Properties dialog box appears on the screen. Enter the following data in the respective fields:
Environment Variable: PATH
Custom Inventory Instance Name: Variable
4 Click OK.
5 For the second step select the Collect Ini File Value. Click the Add ( ) button.
6 In the appearing Properties dialog box enter the following values for the requested parameters:
File Path: C:\Program Files\Numara Software\Numara Asset Management
Platform\Client\config\mtxagent.ini
Section Name: Security
Entry Name: SSL
These two values, Section Name and Entry Name, must always be entered exactly as they appear in the
configuration file, otherwise the agent will not be able to find them in the ini file and thus cannot upload
them.
If you would like more information on this registry key, repeat steps 8-10 for the same key and values:
CurrentVersion and CSDVersion, see Option (f).
11 As the next step select Monitor Manufacturer Information. Click the Add ( ) button.
12 In the appearing Properties dialog box leave all preselected values.
Chapter 4 - Configuration Management Step-by-Step - 55
5 Now click the Finish button to confirm the settings of the new operational rule.
6 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
If you want to schedule the rule to execute at a specific date and time and/or at regular intervals, uncheck the
Default Schedule option, and then see Option (a).
To manually modify the execution schedule after an initial execution follow the wizard explanations without
any optional modifications and then see Option (b).
6 Click Finish to confirm the assignment and launch the rule execution with the
default schedule, i.e. once immediately.
7 The last option provided by the wizard is to go directly to the object. For our
example we will directly activate the rule and change to focus to it, therefore
check the Go to Operational Rule box and click Yes, to directly activate the rule.
If the status reads Execution failed, you may have entered a wrong path to for one of the step
parameters.
9 Now select the Patch Inventory node and the Missing Patches node below.
10 The table in the right window pane will display the list of all patches which are applicable to the operating
system of you relay, i.e. Windows XP, but have not yet been installed. For information on how to rectify this
situation see chapter Patch Management Step-by-Step.
11 The node Missing Service Packs displays the list of service packs which are missing for the relay.
If you want to create the new rule in a specific folder instead of under the operational rules top node see Option
(c) now.
10 Click OK. This message box allows to execute or cancel the execution.
11 Now, to add the second step double-click the Process Management folder and select the Execute Program
step. Click the Add ( ) button.
12 The Properties dialog box appears on the screen. Enter the following data in the respective fields:
Executable Path: C:\WINDOWS\system32\calc.exe (for Windows XP devices)
Leave all other fields untouched.
62 - Numara Asset Management Plattform - Operational Rules
13 Then click OK to add the step and then OK again to confirm the list of steps and to close the window.
14 In the list field you can now see both steps.
15 Now click the Finish button to confirm the settings of the new operational rule.
16 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
If you want to schedule the rule to execute at a specific date and time and/or at regular intervals, uncheck the
Default Schedule option, and then see Option (a).
If the status reads Execution failed, you may have entered a wrong path to the calculator.
Rule 3: OR Synchronisation
This rule will synchronise the operational rules at the agent startup between those available on the master for the
agent and those actually present on the agent, to make sure none of them get lost and the agent always has the
most up-to-date set of rules available.
This step-by-step instruction may be adapted and applied for all types of synchronisation available in Numara Asset
Management Platform.
When the client receives a synchronisation request it sends back the list of its own operational rules linked to a
checksum. The master then creates an up-to-date list of the device’s operational rules and checks these with the
list it received. If an operational rule on the list from the device does not exist any more, the master sends an order
to the device to delete it; if a more recent version of an operational rule exists on the master i.e. the checksums on
the master and the client are not identical, an update order will be sent to the device; and if a rule is absent on the
client but present on the master, then an assign order will be sent to the client device. Any rule which is ‘paused’
will not be taken into account.
This rule is created and assigned via the Operational Rule Creation and Operational Rule Distribution wizards
and consists of the following steps:
1 Create Operational Rule
2 Assign the Operational Rule to the Master
3 Verify Result
Chapter 4 - Configuration Management Step-by-Step - 65
If you want to create the new rule in a specific folder instead of under the operational rules top node see Option
(c) now.
9 Now click the Finish button to confirm the settings of the new operational rule.
10 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
If you want to create the new rule in a specific folder instead of under the operational rules top node see Option
(c) now.
7 Then click OK to add the step to the list and close the window.
8 Now select the Inventory Management group.
9 Select step Update Custom Inventory and click the Add ( ) button.
10 In the appearing Properties dialog box also check the options Upload after update and Force Upload.
11 In this case we will leave the Differential Upload option activated, as a custom inventory already exists. Thus
only the changes, i.e. the new entry will be uploaded, which makes the process faster.
15 Now click the Finish button to confirm the settings of the new operational rule.
16 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
If you want to create the new rule in a specific folder instead of under the operational rules top node see Option
(c) now.
Step 2: Steps
Operational rules are made up of steps which tell the agent on the target devices which actions to execute. In this
window you will select the steps to execute.
Chapter 4 - Configuration Management Step-by-Step - 75
8 In the list field you can now see the step with its parameters.
9 Click the Finish button to confirm all parameters for the new rule and terminate it.
10 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click No, as this rule will
not yet be assigned and executed.
11 The new rule is added to the list of available operational rules under the top node.
5 In the Execution Date box define on when to run the inventory collection. In our example we will select the
Next Startup radio button to launch the inventory when the agent is started next.
6 Then go to the Termination box below, click the Run Forever radio button.
7 Now select the Frequency tab.
8 Leave the By Schedule and the Run Every Day radio buttons checked.
9 In the Period drop-down field select the value Once Only.
10 In the field below select the time at which to execute the inventory collection, e.g., 03:00. To modify the
minute value just click in the field with the selected value and change the value, e.g. to 03:30.
Inventory collection might be quite resource consuming, thus it is recommendable to run these rules when the
network load is low, i.e. during the night, if the devices are not shut down.
Chapter 4 - Configuration Management Step-by-Step - 77
11 Click Finish to confirm the assignment and schedule and finish the wizard.
12 The last option provided by the wizard is to go directly to the object. For our
example we will directly activate the rule and change to focus to it, therefore
check the Go to Operational Rule box and click Yes, to directly activate the rule.
(b) Manually Modify the Execution Schedule
Once an operational rule is executed its schedule may still be modified to have the
rule execute according to a specific schedule. For our example we will use the OR Synchronisation rule and have
it execute every Monday morning, to make sure the agents and their operational rules are up to date for the start in
the new week.
Manually modifying a schedule consists of two different actions:
1 Modify the schedule
2 Reassign the rule
If the rule is not reassigned to the targets, the local agent will not be aware of the modifications and thus not be
able to apply them.
Proceed as follows:
1 After the execution of the rule select the OR Synchronisation rule in the left window pane.
2 Go to its Assigned Objects->Devices node.
3 Then select the master entry in the table in the right window pane.
4 The entry should currently display the status Executed.
5 To define the schedule either double-click the table entry or select the Properties icon ( ) in the icon bar.
6 The Scheduler window will open on the screen.
7 First go to the Validity tab. This tab allows you to define the activation of the execution and its termination.
8 In the Execution Date box define on when to run the inventory collection. In our example we will select the
Next Startup radio button to launch the synchronisation when the agent is started next.
9 Then go to the Termination box below, click the Run Forever radio button.
10 Now select the Frequency tab.
11 Leave the By Schedule radio button checked.
12 In the By Schedule panes select the Day of the Week radio button.
13 The box below will become editable, uncheck all boxes apart from Monday.
14 In the Period drop-down field select the value Once Only.
15 In the field below select the time at which to execute the synchronisation, e.g., 07:00.
78 - Numara Asset Management Plattform - Operational Rules
To refresh these pages always use the Refresh button at the bottom of the page, NEVER the browser’s button.
10 The Maintenance page appears in the window. There are two types of rules available on the Maintenance
pages:
a Active Operational Rules
Active rules are all those rules that have been assigned to a device or a device group. Here you should find
the first three rules that were created in this chapter with their respective execution status and schedule.
1 You can execute rules directly from the active rules page of the interface, e.g. the Execute Calculator
rule.
2 To do so select it by checking the respective box under the Select column at the right border.
3 Then click the Activate button at the bottom left of the page.
4 A confirmation window appears on the screen. Click OK to proceed.
5 The status of the rule will change to Updated once the rule has been reassigned and then it will be
executed. You will see this once the confirmation message box to launch the calculator is displayed
again on the screen. If you click Yes, and the calculator is displayed the status will become Executed
80 - Numara Asset Management Plattform - Operational Rules
again, if you click No, the status will be Execution failed, since the rule could not be successfully
completed.
b Additional Operational Rules
Additional rules are all those rules that have been created but are not assigned to any device or group. On
this page you should now see two rules, a distribution rule which is always automatically created
concerning patch management, ConfigFiles.cst, as well as the Reboot rule which we created but didn’t
assign to any device.
1 To assign a rule, e.g. the ConfigFiles.cst distribution rule, from the Additional Operational Rules page to
the local device select it, i.e., check the respective box under the Select column at the right border.
2 Then click the Activate button at the bottom left of the page.
3 Active Operational Rules.
(e) Assign Operational Rule to a Device Group
Instead of distributing an operational rule to an individual or a number of individual devices you may assign it to
a group, preferably dynamic.
Dynamic groups are maintained either via a directory server or a query and their members are updated regular.
For more information refer to chapter Queries and Device Groups Step-by-Step earlier in this manual. You will
also find the guidelines there on how to create the group we will be using for the rule assignment in this example.
Assigning an operational rule such as the inventory collection will ensure that all devices fulfilling specified
requirements will apply this rule, without you having to specifically telling them so.
Proceed as follows to assign the Inventory Management rule (Rule 1) to a group containing All XP SP2 Devices of
your network:
1 At Step 2: open the node Operational Rules->Inventory Management->Assigned Objects->Device Groups.
2 Select the Edit->Assign Device Group menu item or click the respective icon ( ) in the icon bar.
3 In the appearing confirmation window (Would you like to automatically activate...?) click Yes.
4 The Assign to Device Group popup window will appear on the screen.
5 Select the All XP SP2 Devices group from the list in the Available Objects box.
Chapter 4 - Configuration Management Step-by-Step - 81
9 If you now select the Assigned Objects->Devices node you will find the list of all devices that are a member of
the group in the table.
(f) Add More Steps to an Operational Rule
Once an operational rule is created and executed you might find that it is missing some steps or might be made
more efficient using some more or other steps. When modifying the following steps need to be executed:
1 Modify the contents of the Inventory Management rule
2 Reassign the rule to the target
Step 1: Modify the Contents of the Inventory Management Rule
For our example we will modify the Inventory Management rule in the following way:
a Remove the Patch Inventory step
b Add more Security Inventory steps:
Number of Administrator Accounts
Open Ports
Process List
To do so proceed as follows:
1 Open the node Operational Rules->Inventory Management and go to the Steps tab.
2 In the right window pane you can see all the steps which are currently executed for this rule.
82 - Numara Asset Management Plattform - Operational Rules
3 To remove the patch step select the respective step in the first line, Analyse Patch Situation.
4 Now select the Remove Step icon ( ) in the icon bar.
5 A confirmation window appears on the screen. Click Yes.
6 The step will directly disappear from the rule and the list.
7 Now, to add more steps for the Security Inventory click the Add Step icon ( ) in the icon bar.
8 The Select a Step popup windows appears on the screen.
9 Double-click the Security Inventory folder.
10 As the first step select Number of Administrator Accounts and click the Add ( ) button.
11 The Properties dialog box appears on the screen. Enter the value Administrator Account into the field Security
Inventory Instance Name and click OK to add it to the list of Selected Objects.
12 Next select the Open Ports step and click the Add ( ) button.
13 The Properties dialog box appears on the screen. Select the TCP value from the drop-down box, enter TCP
Ports as value into the Security Inventory Instance Name field and click OK to add the step.
14 As the third new step select the Process List step and click the Add ( ) button.
15 The Properties dialog box appears on the screen. Leave both options enabled and click OK to add the step.
16 Click OK now to confirm the new list of steps to add to the existing steps and to close the window.
17 You can see now that all new steps have been added at the bottom of the list. However to be updated at the
next inventory update they must be located before the Update Security Inventory step.
18 Select all three new lines in the table.
19 Then select the Move To icon ( ) in the icon bar.
20 A new Steps window appears on the screen.
21 Enter line 6 into the field and click the OK button.
22 All three selected steps will now be moved up to lines 6-8, i.e. before the Update Security Inventory step, and
push all following steps down.
6 Once the status is displayed as Executed go to the Security Inventory of the master and check that the new
parameters have been added.
84 - Numara Asset Management Plattform - Operational Rules
5
Directory Server Synchronisation Step-by-Step
The LDAP Client (notably Microsoft Windows Active Directory) functionality presents organisations with a
directory service designed for distributed computing environments. It allows organisations to centrally manage
and share information on network resources and users while acting as the central authority for network security.
In addition to providing comprehensive directory services to a Windows environment, the directory server is
designed to be a consolidation point for isolating, migrating, centrally managing, and reducing the number of
directories that companies require.
The Numara Asset Management Platform allows you to synchronise its device database with directory services
already existing in your network. You may thus ’copy’ existing directory services items such as organisational
units (OU), computers, etc., into the Numara Asset Management Platform groups and members to then administer
these via the NAMP console. All three types of groups existing in the Numara Asset Management Platform, i.e.
device groups, administrator groups and user groups, can be synchronised.
Prerequisites
To execute the examples provided in this chapter we assume that:
• the master, console, database, and some client agents have been installed.
• a console is open and connected to the master.
• Active Directory is installed in your network and has its organisation in place.
• you have done the basic exercises in the Queries and Device Groups Step-by-Step chapter or you are at least
familiar with the general concepts of the different groups in the Numara Asset Management Platform.
a Enter the user-friendly name of the directory server, under which it is known into the Name field. This
name may be any combination of characters.
b Enter the known network name of the directory server in the Host Name field. This value may be either the
complete or short network name, such as scotty.bridge.enterprise.com or scotty, or it may be the IP
address of the server in its dotted notation, e.g. 175.175.2.1.
c Enter the number of the port at which the directory server may access the database in the Port Number
field. The usual value for this port is 389.
d Enter the base distinguished name into the Base DN field to uniquely identify the directory server. The base
DN is the start entry in the directory tree. You may enter this value either in the LDAP notation or as UNC.
For example for an Active Directory domain with the name kirk.bridge.enterprise.com this entry
would look like this:
LDAP: dc=kirk, dc=bridge, dc=enterprise, dc=com
UNC: kirk.bridge.enterprise.dc=com
e In the User DN field you must enter the distinguished name of the user. This is the name uniquely
identifying the user. You may enter this value either in the LDAP notation or as UNC. This would be for
example cn=username, cn=usergoup where username is the user you wish to connect as, and usergroup
is the folder that contains username in Active Directory Users and Computers, or \\username\usergoup as
UNC.
5 Enter the following data into the respective fields in the Password tab:
a Enter the password of the directory server through which the above defined user may access it into the New
Password field. Be sure to enter the correct password, other wise the directory server cannot be accessed
from the console. For security reasons the password will be displayed in the form of asterisks (*).
b Confirm the password entered into the Confirm New Password field above by re-entering it into this field.
6 Click the OK button at the bottom of the window to confirm the new directory server and to close the window.
7 Now, to make sure you have entered all the data above correctly you may want to try the connection.
8 To do so double-click the newly entered directory server.
9 Select the Edit->Check Connection menu item or the respective icon ( ) in the icon bar.
10 The console will verify its connection with the directory server and make the results known in a message box
displayed on the screen. The results are either Connection successful! if the connection could be
successfully established, or if it failed the message box displays the server’s answer, such as Login Failed or
Server Down.
If the connection failed this may be due either to a physical problem with the network or some directory server
data incorrectly entered.
Chapter 5 - Directory Server Synchronisation Step-by-Step - 87
If you select Members Only for this value, you will not be able to assign the Directory Server, as the required
subnodes to do so are not displayed.
5 Click the OK button at the bottom of the window to confirm the new group.
5 Now that the directory server is assigned to the group its name will change to the name of the selected unit, i.e.
Computers in the example above.
The name of a device group synchronised with an active directory server will always be modified to the name
of the synchronised group and the name of the server with the format: <entry>.<directory server
name>.
6 The Properties window opens on the screen. Here you may specify if all devices are
to be synchronised or only those with a NAMP agent installed. Leave the preselected
value and then click the OK button to confirm.
7 A confirmation window appears on the screen. Click Yes to immediately
synchronise with the selected directory server.
If you want to schedule the synchronisation at a specific later time or to execute it at regular intervals click No
and see Option (a).
10 If you go back now to the Device Groups top node you will see that the name of your group has changed, in the
example here from AD Group to Computers.support.sophia.
Chapter 5 - Directory Server Synchronisation Step-by-Step - 89
5 Click the OK button at the bottom of the window to confirm the new administrator group.
a Normally, when synchronising an administrator group with a directory server the system authentication
will be used at the connection with the console. The Authentication drop-down list allows you to choose
between the system authentication and a PAM authentication for Linux masters.
b The Login Type drop-down list allows you to choose between the following three types of login for the
synchronisation:
Login: james.c kirk
Domain\Login: Enterprise\james.c kirk
Internet Style Login: jckirk@Enterprise.bridge.starfleet.com
The Internet Login type corresponds to the userPrincipalName attribute on the directory server. If this
attribute is not filled in, the administrator will not be synchronised if the login type Internet is selected.
6 Click OK.
7 Now the connection with the directory server is established.
The name of an administrator group synchronised with an active directory server will always be modified to
the name of the synchronised group and the name of the server with the format: <entry>.<directory
server name>.
8 A confirmation window appears on the screen. Click Yes to immediately synchronise with the selected
directory server.
If you want to schedule the synchronisation at a specific later time or to execute it at regular intervals click No
and see Option (a).
Contrary to device and user groups, administrator groups do NOT contain subgroups. Therefore, even if the
active directory server unit the admin group was synchronised with did have subgroups these will be
completely ignored. Only administrators located directly under the selected unit will be synchronised.
Chapter 5 - Directory Server Synchronisation Step-by-Step - 91
11 If you go back now to the Administrator Groups top node you will see that the name of your group has
changed, in the example here from AD Group to France.Business..... The format of the new name is
<entry>.<directory server name>.
5 Click the OK button at the bottom of the window to confirm the new group.
5 Now that the directory server is assigned to the group its name will change to the name of the selected unit, i.e.
Technical Support in the example above.
The name of a user group synchronised with an active directory server will always be modified to the name of
the synchronised group and the name of the server with the format: <entry>.<directory server
name>.
6 A confirmation window appears on the screen. Click Yes to immediately synchronise with the selected
directory server.
If you want to schedule the synchronisation at a specific later time or to execute it at regular intervals click No
and see Option (a).
9 If you go back now to the User Groups top node you will see that the name of your group has changed, in the
example here from AD Group to FabienC. The format of the new name is <entry>.<directory server
name>. Also the icon of the group has been changed from the static icon ( ) to the directory server managed
group icon ( ).
Chapter 5 - Directory Server Synchronisation Step-by-Step - 93
5.2 Options
The following paragraphs will provide you with a number of options that may be used with active directory
synchronisations. The following options will all be executed for device groups, but they work in the same way for
user and administrator groups as well.
(a) Synchronise a Device Group at a Specific Date and Time and/or Regular
Intervals
You may want to schedule the synchronisation for a later moment or periodically re-synchronise your device
group with the directory server to keep your group up to date. The following example is for devices groups, but
the same principle applies also for user and administrator groups.
To schedule a synchronisation and thus synchronise a group proceed as follows:
1 Open the Device Groups-><GroupToSynchronise>->Dynamic Population->Directory Server-
><AssignedDirectoryServer> node.
2 Mark the directory server in the right window pane and select the Edit->Properties... menu item or click the
respective icon ( ) in the icon bar.
3 The Properties window appears on the screen.
4 This window provides you with the synchronisation scheduling options:
a For execution at a later date and time select the following:
1 Check the Deferred to radio button to schedule a directory server synchronisation for a later date.
2 Enter a date into the field or click the arrow to call the calendar on the screen and select a date.
3 From the At drop-down box select the time of the day at which the synchronisation is to be launched.
94 - Numara Asset Management Platform
These reports may be generated at regular intervals to provide thus an overview of the general development of
your network. See Option (d).
To view the generated report via the Report Results node see Option (a).
The report result which is generated will be put in all the required places according to the reports settings. This
means it will be available under the Report Results node of the report, as well as under that of the device
group it is assigned to.
13 To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
14 Enter again your login in the appearing window.
15 A new browser window or tab opens and displays the report. This report displays now the same type of data as
in the example above, but only for all client devices in your network, i.e. the master and relay are missing from
the list and graphs.
98 - Numara Asset Management Platform
These reports may be generated at regular intervals to provide thus an overview of the general development of
your network. See Option (d).
To view the generated report via the Report Results node see Option (a).
If the report is to always be generated in other formats than only HTML see Option (f) now.
5 Click the OK button at the bottom of the window to confirm the data for the new and to close the window.
6 The report is now created and configured, it remains to generate it once the required data are available.
7 Since we want the query to collect all possible values no criteria must be defined and the query is set up.
8
To generate a report on a specific status value, for example for the status failed this query must be defined to
collect only the requested status value. Refer to Option (h) how to define the query for this case.
9 Select the Preview tab where you can see a preview of the query’s results.
Option (b) explains how to create this report with two subreports, the first in form of a table, the second
displaying the same information in form of a pie chart.
To later on modify the number of subreports (add more subreports) see Option (c).
To make the report available on the Report Portal see Option (g) now.
If another report format is desired, such as a chart, refer to Option (b) or Option (c) now.
5 Now select the Add Column icon ( ) to add your first column to the report.
6 The Select Report Columns dialog box will appear on the screen.
7 The left list window of the dialog box (Available Columns) will display all available attributes for this query.
8 Select the Status value from directly under the Available Columns, and leave all other values as they are.
9 Click the Add button ( ) to move the attribute to the list of Selected Columns.
10 Then click the Operational Rules folder and select the Name attribute, with the None operator and the Sort
Order Ascending, as we want the table sorted by the operational rule names.
11 Click the Add button ( ) to move the attribute to the list of Selected Columns.
12 Now click the Devices folder and select the Name attribute. This will then display the name of the device on
which the rule was executed with the respective status.
13 Click the Add button ( ) again.
14 Now click the Device Groups folder and select again the Name attribute. This column will display the name of
the device group if the rule was assigned via a device group, if not this column will remain empty.
15 Click the Add button ( ) again.
3 Click the Finish button at the bottom of the window to confirm the new report and immediately generate it.
6
These reports may be generated at regular intervals to provide thus an overview of the general development of
your network. See Option (d).
9 Select the Preview tab where you can see a preview of the query’s results.
4 A confirmation window appears now on the screen. To directly move the focus of the console to the newly
created report click Yes.
5 The console will now display the main view of the newly created report.
Step 2: Subreports
This step is concerned with the configuration of the subreports, it provides one tab for each subreport of the
report, i.e. in our case two tabs.
1 Our first subreport will contain the graphic, a pie chart detailing the different operating systems found on the
updated devices.
2 As the title enter Devices by Operating System Name into the field Subreport Title.
3 When creating a report based on a query, the first thing when defining the contents is to select the query which
defines the attributes which may be chosen for the report.
4 Leave the Device value in the Query Type field.
5 Then select the Updated Devices query in the Query Name field.
6 In the Subreport Format field below select the Pie Chart value.
7 Click the Display the options icon next to the field.
8 The Report Format Options window appears on the screen. This window allows you to configure the pie chart
parameters.
9 Make the following modifications to enlarge and enhance the chart:
Check the Value Labels box.
Increase the Chart Width to 800.
Increase the Chart Height to 400.
Check the Percent Labels box.
108 - Numara Asset Management Platform
Step 5: Schedule
Now that the report is set up it remains only to define its generation schedule, on the first of every month. To do
so proceed as follows:
1 Check the Immediately radio button in the Execution Date panel.
2 Check the Run Forever radio button in the Termination panel.
110 - Numara Asset Management Platform
3 Check the Immediately generate the report box at the bottom of the window. This will generate a report right
now for immediate results in addition to the monthly schedule.
4 Now go to the Frequency tab.
5 In the By Schedule panel select the Day of the Month radio button.
6 And select from the list below the value 1st day of the month.
7 Now go to the panel to the right and select the value Once Only in the Period field.
8 In the field below, at , enter the time at which it is to be generated, i.e., at 5 in the morning.
9 Then click the Finish button at the bottom of the window to confirm the new report and immediately generate
it.
10 A confirmation window appears now on the screen. To directly move the focus of the console to the newly
created report click Yes.
11 The console will now display the main view of the newly created report.
12 To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
13 A new browser window or browser tab opens to display the report.
14 Enter admin as your login in the appearing window.
Chapter 6 - Reports Step-by-Step - 111
15
To view the generated report via the Report Results node see Option (a).
1 At Step 2a: Point 1 (page 100), select Style 5 from the Report Style field.
2 The field below Subreport Count will change from 1 to 2.
7 Now select the the Pie Chart option from the Subreport Format box .
Chapter 6 - Reports Step-by-Step - 113
8 You can see that the original Data list field was now split in two, and the selected attributes were divided as
required.
9 To have a preview of the newly created subreport select the Subreport Preview button at the bottom.
10 Enter again your login in the appearing window.
11 A new browser window or tab opens and displays the report. This view displays now a preview of the
subreport.
12 Continue with Step 2c: to finish defining and then generate the report.
(c) Modify the Number of Subreports
If after setting up a report you find you need more information in this report provided by other subreports you
may modify this by changing the report style and adding more subreports. In this example we will extend the
Operational Rule Status report with a two more subreports, one which shows the same data as the initial report in
pie chart format, and a second report which displays data regarding the operational rules themselves.
1 Select the Operational Rule Status report (Report 5:) in the right window pane and then select the Properties
icon ( ) in the icon bar.
2 In the appearing Properties window go to the field Report Style and select from its drop-down list the item
Style 3. Then click OK to close the window.
3 The field below Subreport Count will change from 1 to 3.
114 - Numara Asset Management Platform
4 The node in the left window pane will now display three subnodes.
5 The data defined for Subreport 1 will remain as they were defined in the main example.
6 Now the same data must be defined for the graphical representation of this data.
7 If you have done Option (b) you may continue directly with Point 13 below.
8 For this select the second subreport, Subreport 2, in the left window pane and again repeat the steps of Step
2b: (page 101) of the main report procedure.
9 Then add two more columns:
Select the Status value from directly under the Available Columns, with the Count operator and the Sort
Order None.
Select the Status value again from directly under the Available Columns, with the None operator and the
Sort Order None and the Group By box checked.
10
These two columns are absolutely obligatory for any type of graphical display. If these are not provided
the data may only be displayed in form of a table.
13 The third subreport will show a list in table format displaying more information about the operational rules
themselves, i.e. their type, who created them and when, etc.
14 For this select the third subreport, Subreport 3, in the left window pane and go to its Columns tab.
15 In the Query drop down box at the top of the table and select again the Operational Rule Status query.
16 Then either choose the Edit->Add Column menu item or click the respective icon ( ) in the icon bar to add
your first column to the report.
17 The Select Report Columns dialog box will appear on the screen.
18 The left list window of the dialog box (Available Columns) will display all available attributes for this query.
19 First click the Operational Rules folder and select the Name attribute, with the None operator and the Sort
Order Ascending, as we want the table sorted by the operational rule names.
20 Click the Add button to move the attribute to the list of Selected Columns.
21 Then select the Type attribute, with the None operator and the Sort Order None as well. This attribute will
display if the rule is a general operational rule, a software distribution or a patch rule.
22 Click the Add button again.
23 Then select the Notes attribute. This will display any comments that were added to the rule by its creator.
24 Click the Add button again.
25 The next column will be the Created By attribute.
26 Click the Add button again.
27 And the final column will be the Create Time attribute. These two will display who initially created the rule
and when it was created.
28 Click the Add button again.
29 Click OK to close the window.
116 - Numara Asset Management Platform
30 As the table is the preselected format for the report we do not need to modify it.
31 To have a preview of the newly created report select it again in the left window pane and then the Edit->View
menu item or select the respective icon ( ) in the toolbar.
(d) Regularly Execute a Report
To generate the report regularly and/or at a specific time proceed as explained below. For our example here we will
genreate the report every week on Sunday night. This way we can start examining the data right away on Monday
morning:
1 In window Step 2e: Schedule of the wizard make the following modifications:
2 Check the Immediately radio button in the Execution Date panel.
3 Check the Run Forever radio button in the Termination panel.
4 Check the Immediately generate the report box at the bottom of the window. This will generate a report right
now for immediate results in addition to the monthly schedule.
7 Now uncheck all boxes in the field below apart from the Sunday box.
8 Now go to the panel to the right and select the value Once Only in the Period field.
9 In the field below, at , enter the time at which it is to be generated, i.e., at 5 in the morning.
10 Then click the Finish button at the bottom of the window to confirm the new report and immediately generate
it.
11 Continue as described by Step 3: View Report of the general procedure.
(e) Modify the Generation Schedule Later
To schedule a report to be generated at a specific time and/or date or be generated at regular intervals do the
following:
1 Select the Hardware Summary List report in the left window pane.
2 Select the Assigned Schedule tab in the right window pane. The table displays the schedule for the report
which is currently disabled.
3 To modify the schedule either double-click the table entry or select the Properties icon ( ) in the icon bar.
4 The Scheduler window will open on the screen on the Validity tab.
5 In the Execution Date box define on when to run the report. In our example we will select the Immediately
radio button to see the outcome right away.
118 - Numara Asset Management Platform
6 Then go to the Termination box below, click the Run Forever radio button.
7 Now select the Frequency tab and make the following changes.
8 Check the Day of the Week radio button.
9 The checkboxes for the weekdays become accessible. Uncheck all boxes apart from Friday.
10 In the Period drop-down field select the value Once Only.
11 In the field below select the time at which to execute the inventory collection, e.g., 21:00. To modify the
minute value just click in the field with the selected value and change the value, e.g. to 21:30.
12 Click OK to confirm the new schedule and close the window.
13 The new schedule is effective as of now. The report will execute from now on every Friday at 21:00 until the
schedule is modified again.
(f) Reports in HTML, XML and PDF
Template-based reports may be directly generated in different formats at the same time, the available formats
being HTML, the standard selection, as well as XML and PDF. If more than one format is chosen to be generated,
one file per format and report is generated and made available. For example, to generate the Situation by
Vulnerability report not only in HTML but also in XML and PDF proceed as follows:
1 At Point 4 (page 98) also check the boxes Generate in XML and Generate PDF in the Properties window.
Chapter 6 - Reports Step-by-Step - 119
The Report Portal displays the following information about the available reports:
Name
This field displays the automatically generated name of the report name of the available report or the name as
defined in the Report File Name field in the general report definition.
Report Title
This field displays the title of the report.
Create Time
The date and time at which the report was actually generated.
Group Name
The name of the device group if the report is assigned to one. If a report is assigned to more than one group, a
separate table entry can be found for each assigned device group.
120 - Numara Asset Management Platform
To make a report available on the report portal proceed as follows, for example for the Operational Rule Status
report (Report 5:):
1 At Step 2c: Publication and Mail (page 101) also check the box for option Public Report in the Properties
window.
12 Select the Preview tab where you can see a preview of the query’s results.
13 Now that the query is modified you only need to regenerate the report by selecting the Edit->Generate Report
menu item or the respective icon ( ) in the icon bar.
14 A confirmation window appears on the screen, click the OK button to confirm.
15 The report will be created immediately using the current data in the database.
16 To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
Chapter 6 - Reports Step-by-Step - 123
Section II
OSD Manager
The OSD Manager is a device of the NAMP infrastructure located within a subnet. For our example here we will
select the master as the OSD Manager. The following prerequisites apply to this device:
• The device figuring as the OSD Manager must have one of the following operating systems: Windows 2000
(minimum Service Pack 4), Windows 2003, Windows XP, Windows Vista or Windows 2008.
• The WAIK (Windows Automated Installation Kit) for Windows 7 must be installed on the OSD Manager/TFTP
server device.
• The TFTP server will execute the function of OSD Manager, i.e., it will be responsible for the OS deployments.
Each subnet can only have one OSD Manager/TFTP server. The TFTP server must be configured as follows:
1 An InstallTFTP.bat file is available on the Numara Asset Management Platform Installation DVD in
directory support\OSD that contains all configuration settings for the TFTP server.
a Copy the InstallTFTP.bat file to directory c:\InstallTFTPServer. If you copy the files to another
directory make sure to modify the corresponding path in the InstallTFTP.bat file.
b Also copy from a Windows 2003 installation disk the files TFTP.EX_ and TFTPD.EX_ to the same
directory.
c Launch the InstallTFTP.bat file.
d The TFTP server is now configured as required.
2 The TFTP server directory must be shared with read and write permission to everyone.
• The TFTP port must be opened on the firewall (by default this is UDP port 69).
• The directory C:\PXETFTP must be defined as the TFTP root directory and it must be shared with write
access. To add the access proceed as follows:
1 Select the C:\PXETFTP directory in the tree in the left part of the Explorer window.
2 Then right click the mouse and select the Properties option in the pop-up menu.
3 The Properties window appears for the selected directory.
128 - Numara Deployment Manager - Operating System Deployment
DHCP Server
The DHCP server may be located on the same device as the OSD Manager, however it is recommended to use a
different device. It may be either a Windows or a Linux server and must be configured as follows:
• Windows DHCP Server
The DHCP server expected is a Windows 2000 or 2003 server edition component. The DHCP configuration
required to use PXE may be done through the user interface, or the command line.
The detail of the required parameters and an example of the command line to type in are as follow:
Option 060: PXE Client
Some computer have compatibility issues, depending on their PXE version. This parameter is not
mandatory.
Value: PXEClient
Option 066: TFTP boot server host name
Host name or IP address of the TFTP server. This is the IP address of the future TFTP server.
Value: 192.168.0.52
Option 067: Bootfile Name
NBP file name that the computer has to load from the TFTP server.
Value: pxelinux.0
Option 043: Vendor Specific Info
Indicates to the PXE client that the DHCP server is also the TFTP server.
Value: 01 04 00 00 00 00 ff
The tool to edit these options through the command line is named “netsh.exe”, it is present in the regular
installation of Windows XP and 2003, but optional on Windows 2000 Server Edition.
The command lines to set those options are executed locally, on the DHCP server:
netsh dhcp server add optiondef 60 PXEClient String 0 comment=<comment>
netsh dhcp server scope 192.168.0.0 set optionvalue 060 STRING PXEClient
netsh dhcp server scope 192.168.0.0 set optionvalue 066 STRING <TFTP server address>
netsh dhcp server scope 192.168.0.0 set optionvalue 067 STRING pxelinux.0
netsh dhcp server scope 192.168.0.0 set optionvalue 043 BINARY 010400000000ff
It is possible to reserve an IP address, name and description for a particular incoming MAC address:
netsh dhcp server scope 192.168.0.0 add reservedip <IP Address> <MAC Address> <Machine
name> “<Machine description>” {DHCP|BOOTP|BOTH}
Later on, to remove this entry, the command is:
netsh dhcp server scope 192.168.0.0 delete reservedip <IP Address> <MAC Address>
Example:
netsh dhcp server add optiondef 60 PXEClient String 0 comment=PXE support
netsh dhcp server scope 192.168.0.0 set optionvalue 060 STRING PXEClient
netsh dhcp server scope 192.168.0.0 set optionvalue 066 STRING 192.168.0.52
Chapter 7 - Operating System Deployment Step-by-Step - 129
netsh dhcp server scope 192.168.0.0 set optionvalue 067 STRING pxelinux.0
netsh dhcp server scope 192.168.0.0 set optionvalue 043 BINARY 010400000000ff
To reserve a particular IP address for MAC address (will have to be done for each machine):
netsh dhcp server scope 192.168.0.0 add reservedip 192.168.0.112 00504A81F1F1 targetname
“Target description” BOOTP
Delete reservation:
netsh dhcp server scope 192.168.0.0 delete reservedip 192.168.0.112 00504A81F1F1
Important:
On Windows 2000 Server and Advanced Server, setting option 43 via netsh will fail with the following error:
“DHCP Server Scope Set OptionValue failed”, if the hotfix KB884119 is not installed or superseded. (See
http://support.microsoft.com/kb/884119/ for reference.)
• Linux DHCP Server
For a Linux DHCP server (dhcpd) the following lines must be added to the dhcpd.conf file:
allow booting;
allow bootp;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
next-server <IP du Gestionnaire OSD>;
filename "pxelinux.0"; }
Then the DHCP server must be rebooted.
Sysprep Deployment
The Sysprep deployment has a number of limitations as follows:
• a uniprocessor/core image can only be deployed on other uniprocessor/core devices.
• a multiprocessor/core image can only be deployed on other multiprocessor/core devices.
• The operating system language is fixed by the initial capture.
• No static IP address may be used.
• The administrator login/password of the captured system must be the same as the one specified in the
deployment parameters in the unattended information tab. If this is not the case an invalid login and/or
password Windows error is generated.
Storage Device
At least one device with network shares on which the OS setup, image and ghost to be deployed may be stored is
necessary. For this you may use the OSD Manager or the DHCP server, however, it is recommended to use a
dedicated device. In our examples we will deploy the 64 bit version of Windows Vista, therefore these setup and
image files must be copied to a share called \Vista64, a ghost image is to be copied to a directory called
\Ghosts64. This directory must contain the ghost executable file as well as the ghost image. Be aware, that
Windows NT, 2000 and XP have a limit for concurrent SMB connections per share so a linux server with a samba
share or a Windows Server Edition is advised.
If it is located on the OSD Manager, the same user as for the PXETFTP share must be used, otherwise Windows will
not be able to locate the storage share at deployment time.
Target Devices
Three devices (with or without an operating system installed) must be available in the vicinity of your test
environment to which the operating system may be deployed via the different deployment types. These devices
must have PXE boot set as the first boot device in the BIOS.
If your master is installed on a non-Windows operating system you need to first define a device as OSD
Manager. Go to Option (i) to do so.
Name
This field displays the name of the currently selected OSD Manager.
Windows AIK Installation Path
Enter into this field the path to the WAIK. If you do not enter any value the default installation path
(C:\Program Files\Windows AIK) will be used. To directly select the path click the Select button next to the
field. A popup window will appear with the directory structure of the device where you can directly select the
installation directory. Click OK to confirm and close the window.
TFTP Port (UDP)
Modify the port number if you need to use another than the default number 69.
TFTP Local Path
Enter into this field the local path to the shared TFTP server directory. To directly select the path click the
Select button next to the field. A popup window will appear with the directory structure of the device where
you can directly select the path. Click OK to confirm and close the window.
TFTP UNC Path
This field displays the network path to the shared TFTP server directory. Once you select and confirm the
TFTP Local Path this field will be automatically filled in.
TFTP UNC Credentials
Into these fields you must enter the access credentials to the shared TFTP server. Read and Write permissions
are required for this.
1 To add or edit the credentials click the Edit button to the right.
2 The Properties window will appear on the screen.
3 Enter a login name that provides you with read and write access into the Login
field and the corresponding password in the respective fields. The login name
must have one of the following formats:
<domain name>\<user login>
<local host name>\<user login>
When the popup is opened for the first time, the wizard will preenter the device name into the field
according to the <local host name>\<user login> scheme.
4 To view the passwords you may also uncheck the Hide Passwords checkbox. Both password fields will now
be displayed in clear text format.
5 To confirm the credentials click the OK button at the bottom of the window.
6 The account will be added in the wizard window fields.
132 - Numara Deployment Manager - Operating System Deployment
Name
Enter a self explicatory name for the project into this field, for example Vista (64 bit) Setup Deployment.
Architecture
This field indicates the type of architecture for the OS deployment, i.e., the architecture of the WinPE image
launching the setup program. The possible options are 32 Bit for x86 and 64 Bit for amd64 Windows
installations. Select the 64 Bit option for the 64 bit Vista setup deployment.
134 - Numara Deployment Manager - Operating System Deployment
Target Drive
Select from this field the drive letter on which the operating system is to be installed, in our example we will
use the C drive, therefore select C from this field.
2 Click Next to go to the following wizard page.
Step 5: Image
This wizard window allows you to either select an existing or create a new operating system image which is to be
deployed by the setup. Images exist for all types of deployment, but the list displayed in this window is already
filtered and will only show the images created for the respective selected deployment type.
The wizard window is still empty as no images have yet been created. The option to create a new image (Create a
new OS image or setup) is selected by default, therefore click Next to go directly to the following wizard page to
define the parameters of the new image.
Name
Enter a descriptive name for the image in the Name field, for example Vista (64 bit) Setup Image.
Architecture
This field indicates the type of architecture the image is to be applicable to. The possible options are 32 Bit for
x86 and 64 Bit for amd64 Windows installations.
Type
This parameter defines the image type being used for the deployment. This list is already prefiltered and only
provides image types applicable to the selected deployment mode. Possible values here are Windows Vista/
Server 2008/7 Setup and Windows XP/Server 2003 Setup. For our example select the Windows Vista/Server
2008/7 Setup option.
Location
Enter into this field the network path to the image or setup folder, where you copied the image files required
for the installation, e.g. \\192.168.196.13\Vista64. This is the folder which contains the setup.exe file for
the deployment. This directory may be located on any device in your network, as long as it can be accessed by
the OSD Manager.
Connection Parameters
The login and password to be used by the deploying device to access the network location in read and write
mode.
1 To enter the login information click the Edit button next to the non-editable fields.
2 A Properties window appears on the screen in which you must enter the login name and corresponding
password in the respective fields and re-enter the password for confirmation.
The login name must have one of the following formats:
<domain name>\<user login>
<local host name>\<user login>
Be aware that . is not a valid domain in this case.
3 For security reasons the passwords will only be displayed in the form of asterisks.
4 To view the passwords you may also uncheck the Hide Passwords checkbox. Both password fields will now
be displayed in clear text format.
5 To confirm the credentials click the OK button at the bottom of the window.
6 The account will be added in the wizard window fields.
2 Once all parameters are defined they must be checked that they are correct. Until the verification is executed
and returns the Status OK, the wizard cannot continue.
136 - Numara Deployment Manager - Operating System Deployment
3 To verify click the Check Image button to the right of the Status field.
4 AMP will now verify all entries of this page, i.e. the directory as well as the access rights to it.
5 If all values are correct the Status OK is returned, otherwise an error message is displayed in the Status field
indicating where the parameter value is not correct.
6 Once the Status OK is returned click Next to go to the following wizard page.
indicate a path to a removable device, such as a DVD drive, as the driver files will be copied to a specific
directory in the Numara Deployment Manager.
1 To find the file in its directory structure click the Select button next to the field.
2 The Driver File from <Device> window appears on the screen.
3 It provides the directory structure of the currently selected OSD Manager.
4 Browse the directories to find the correct file, select it and then click the OK button to add it.
6 Once all parameters are defined they must be checked that they are correct. Until the verification is executed
and returns the Status OK, the wizard cannot continue.
7 To verify click the Check Driver button to the right of the Status field.
8 AMP will now verify all entries of this page, i.e. the directory as well as the access rights to it and fill in the
remaining fields with the recovered information, such as the list of driver files.
9 If all values are correct the Status OK is returned, otherwise an error message is displayed in the Status field
indicating where the parameter value is not correct.
10 Once the Status OK is returned click OK button to add the new driver to the list and return to the Image
Drivers window.
11 Now the driver appears in the list of available drivers.
12 Repeat steps 2 to 9 to add other drivers. The drivers defined here must be compliant with the image to be
deployed.
13 Then click Next to go to the following wizard page.
A target list can only be assigned to one project at a time. To use it with another project and have it be
available in this list it must first be unassigned from its current project.
138 - Numara Deployment Manager - Operating System Deployment
If the unattended file template field is empty, the OSD Manager will use the default unattended file template
corresponding to the image type.
3 This deployment will only have one target device and we will add it as a new target.
To add target devices via a PXE subnet see Option (c) now.
4 For this select the Create Target icon ( ) on top of the empty list field.
Chapter 7 - Operating System Deployment Step-by-Step - 139
5 The Create a New Target window appears on the screen with its three
tabs, General Information, Parameters and Unattended Information.
6 Enter the following information into the respective fields of the
General Information tab for the new device:
Name
Enter into this field the short name that the new device is to have,
e.g., scotty. Be aware that the name of the new target may only have
a maximum of 15 characters and may only contain the following
characters: A-Z, a-z, 0-9, the underscore (_) and a dash (-).
Target
Leave the radio button selected as we are defining a single target
and enter the information for at least one of the three following
fields. If the device is already up and running the wizard will
recover information regarding the MAC address, based on the
provided IP address or DNS name.
MAC Address
Enter into this field the current MAC address of the target
device. This is the most precise information to identify the
device and should be preferred to the other two following identification options.
IP Address
Enter into this field the current IP address of the target device. This option may be used if the MAC
address is unknown and device is already running. In this case the respective target device will try to
find its MAC address and provide this information.
DNS
Enter into this field the current DNS information of the target device. This option may be used if the
MAC and IP addresses are unknown and device is already running. In this case the respective target
device will try to find its IP address which in turn will then search for the MAC address and provide this
information.
7 Then select the Parameters tab and fill in the fields for the target
operating system information.
Edition
Select from the drop-down box the Windows edition that is being
installed, e.g. Windows Vista Enterprise. The listed editions have
been automatically detected from the installation CD/DVD.
Language
Select from the drop-down box the language. This language setting
will be applicable to the setup, the operating system to be installed,
the keyboard layout and the user locale. The listed languages have
been automatically detected from the installation CD/DVD.
Product Key
This field defines the preformatted input for the OS product key
(e.g.: ABCDE-FGHIJ-KLMNO-PQRST-UVWXY). Replace the
standard key already entered in this field with the key provided by
Microsoft on your installation DVD.
TCP/IP Parameters
Leave the preselected option Dynamic IP in this box, this will automatically assign the target device its new
IP address via DHCP.
To add target devices with static IP addressing see Option (e) now.
8 Then select the Unattended Information tab and fill in the fields for your organisation.
140 - Numara Deployment Manager - Operating System Deployment
Screen Resolution
Select from the drop down list the appropriate screen resolution for
the monitor of the target device.
Colour Depth
Select from the drop down list the appropriate colour depth for the
monitor of the target device.
Refresh Rate
Select from the drop down list the appropriate refresh rate for the
monitor of the target device.
Resolution (DPI)
Select from the drop down list the appropriate DPI value for the
target device.
Organisation
Enter into this field the name of your company, e.g. Numara
Software. This is the value that will appear in the license window of
the operating system.
Workgroup
Enter into this field the name of the workgroup to which the newly installed device is to belong to, e.g.,
WORKGROUP. This field will be ignored if a domain is specified.
Administrator Login
Enter into this field the login name for the administrator that is to be created for the newly installed OS
with full administrator rights accorded for the new device. For Vista and later versions this field is prefixed
by Microsoft and modifications will be ignored.
Administrator Password
Enter into this field the corresponding password.
User Login
Enter into this field the login name with which the user is to log on to his device which provides him with
the required user rights. This field is only applicable to Vista and later.
User Password
Enter into this field the respective password to be used (Vista and later only).
Time Zone
Select from this drop down list the time zone which is to be applied to the new device, i.e. in which it is
located.
Full Name
Enter into this field the complete name of the user that is to use the new device, e.g. Jane Doe.
Domain
Enter into this field the name of the domain the new device should belong to, e.g. TESTLAB. Do not enter
anything into this field if you have provided Workgroup information, as this value will override it.
Domain Administrator Name
Enter into this field the login name of the domain administrator with which he may access the new device.
Domain Administrator Password
Enter into this field the corresponding password.
First Logon Command
This field lists the commands to be executed on the first logon, this may be a path to a batch file to execute,
e.g. E:\Apps.bat or cmd /c REGEDIT /S E:\Apps\patch.reg. This parameter is only applicable to XP.
9 Then click the OK button at the bottom of the window to confirm the data for the new target device and add it
to the target list.
10 Then click Next to go to the following wizard page.
Chapter 7 - Operating System Deployment Step-by-Step - 141
9 If all values are correct the Status OK is returned, otherwise an error message is displayed in the Status field
indicating where the parameter value is not correct.
10 Once the Status OK is returned click OK button to add the new driver to the list and return to the Drivers
window.
11 Now the driver appears in the list of available drivers.
12 Repeat steps 2 to 9 to add a SATA driver if you are using a SATA disk, be aware that also the SATA drivers must
be Vista compliant.
13 Then in the Drivers window mark both check boxes next to the added drivers to indicate that they are to be
used.
14 Then click Next to go to the following wizard page.
Be aware that only one project per OSD Manager at a time can be active. If you have more than one deployment
project you must schedule them in such a way that they are not launched at the same time and that the first
deployment has finished before the next one starts, i.e. that they are not active at the same time. It is however
possible to execute simultaneous deployments via different OSD Managers in different subnets. If you activate a
new project via this wizard any other project in the same subnet will automatically be deactivated.
As we want to activate and execute this first deployment right away leave all values as they are and click Finish to
launch the deployment.
Do not start the target devices before the project is finished and ready to launch the installation. If the target
devices are already running the PXE boot will not find the files for the installation and the deployment and
installation of the new OS on the target devices will not take place.
You can follow the progress of the installation by selecting the Assigned Objects->Target List->Vista Setup
Target List node in the left window pane. The right pane displays the target list members with their status
information.
Name
Enter a self explicatory name for the project into this field, for example Vista (64 bit) Capture.
Architecture
This field indicates the type of architecture for the OS deployment, i.e., the architecture of the WinPE image
launching the setup program. The possible options are 32 Bit for x86 and 64 Bit for amd64 Windows
installations. Select the 64 Bit option for the 64 bit Vista capture.
In case of a Sysprep capture select Shutdown from the Operation after Installation field.
Target Drive
Select from this field the drive letter on which the operating system is installed of which the image is to be
created, in our example we will use the setup deployment we executed in the previous example, therefore the
respective drive is the preselected C drive.
2 Click Next to go to the following wizard page.
Step 5: Image
In this wizard window you must define the base parameters of the WIM image to create. If other images have
already been created they will be shown in this list and you may select such an existing image and modify and
overwrite it with the new image to create.
The wizard window is still empty as no images have yet been created. The option to create a new image (Create a
new OS image or setup) is selected by default, therefore click Next to go directly to the following wizard page to
define the parameters of the new image.
Chapter 7 - Operating System Deployment Step-by-Step - 147
Name
Enter a descriptive name for the image in the Create a new OS image or setup field, for example Vista
Capture.
Type
This parameter defines the image type being used for the deployment. Select Windows Vista/Server
2008/7 Setup for our example.
148 - Numara Deployment Manager - Operating System Deployment
In case of a Sysprep capture select Windows Vista/Server 2008/7 Sysprep WIM Image.
Location
Enter into this field network path including the name to the image folder, where the image to create is to be
stored, e.g. \\192.168.196.13\Build\WinVista.wim. This directory may be located on any device in your
network, as long as it can be accessed by the OSD Manager and the target device of which the image is created.
Connection Parameters
The login and password to be used by the deploying device to access the network location in read and write
mode.
1 To enter the login information click the Edit button next to the non-editable fields.
2 A Properties window appears on the screen in which you must enter the login name and corresponding
password in the respective fields and re-enter the password for confirmation.
The login name must have one of the following formats:
<domain name>\<user login>
<local host name>\<user login>
Be aware that . is not a valid domain in this case.
3 For security reasons the passwords will only be displayed in the form of asterisks.
4 To view the passwords you may also uncheck the Hide Passwords checkbox. Both password fields will now
be displayed in clear text format.
5 To confirm the credentials click the OK button at the bottom of the window.
6 The account will be added in the wizard window fields.
2 Once all parameters are defined they must be checked that they are correct. Until the verification is executed
and returns the Status OK, the wizard cannot continue.
3 To verify click the Check Image button to the right of the Status field.
4 AMP will now verify all entries of this page, i.e. the directory as well as the access rights to it.
5 If all values are correct the Status OK is returned, otherwise an error message is displayed in the Status field
indicating where the parameter value is not correct.
6 Once the Status OK is returned click Next to go to the following wizard page.
To add the target device via a list see Option (a) now.
1 Enter the name Vista Capture Target List into the Create a new target list field on top of the empty list field.
2 Then select the Create Target icon ( ) on top of the empty list field.
150 - Numara Deployment Manager - Operating System Deployment
3 The Create a New Target window appears on the screen with its General
Information tab.
4 Enter the following information into the respective fields for the device:
Name
Enter into this field the short name of the target device exactly as you
entered it for the setup, e.g., scotty.
Target
Leave the radio button selected as we are defining a single target and enter
the information for at least one of the three following fields, preferably the
MAC Address. If the device is already up and running the wizard will
recover information regarding the MAC address, based on the provided IP
address or DNS name.
MAC Address
Enter into this field the MAC address of the target device.
IP Address
Enter into this field the IP address of the target device.
DNS
Enter into this field the DNS information of the target device.
5 Then click the OK button at the bottom of the window to confirm the data for the target and add it to the target
list.
6 Then click Next to go to the following wizard page.
Be careful not to select a disk configuration that will format the drive or partition!
Be aware that only one project per OSD Manager at a time can be active. If you have more than one deployment
project you must schedule them in such a way that they are not launched at the same time and that the first
deployment has finished before the next one starts, i.e. that they are not active at the same time. It is however
possible to execute simultaneous deployments via different OSD Managers in different subnets. If you activate a
new project via this wizard any other project in the same subnet will automatically be deactivated.
As we want to activate and execute this first deployment right away leave all values as they are and click Finish to
launch the deployment.
In case of a Sysprep distribution, the target MUST be running before the project becomes active! Also, you must
manually launch the provided batch file \\<OSD Manager>\PXETFTP\SYSPREP\RUNSYSPREP.BAT, that will
sysprep the target and finally reboot it. The file must be executed as a privileged user (admin). If the file can not be
found in this location the project is not activated or not set as a Sysprep image type.
Name
Enter a self explicatory name for the project into this field, for example Vista (64 bit) WIM Deployment.
Architecture
This field indicates the type of architecture for the OS deployment, i.e., the architecture of the WinPE image
launching the setup program. The possible options are 32 Bit for x86 and 64 Bit for amd64 Windows
installations. Leave the preselected option 64 Bit for the 64 bit Vista WIM deployment.
Chapter 7 - Operating System Deployment Step-by-Step - 155
Target Drive
Select from this field the drive letter on which the operating system is to be installed, in our example we will
use the C drive, therefore select C from this field.
2 Click Next to go to the following wizard page.
Step 5: Image
This wizard window allows you to either select an existing or create a new operating system image which is to be
deployed by the WIM mode. Images exist for all types of deployment, but the list displayed in this window is
already filtered and will only show the images created for the respective selected deployment type, i.e. in this case
any existing WIM images.
The wizard window is still empty as no images have yet been created. The option to create a new image (Create a
new OS image or setup) is selected by default, therefore click Next to go directly to the following wizard page to
define the parameters of the new image.
Name
Enter a descriptive name for the image in the Create a new OS image or setup field, for example Vista WIM
Image.
Location
Enter into this field network path to the folder, where you stored the image file that we created in our previous
example including the name of the image, e.g. \\192.168.196.13\Build\WinVista.wim. This directory may
be located on any device in your network, as long as it can be accessed by the OSD Manager and the target
devices, i.e. it is therefore recommended to put it on a device within the subnet.
Connection Parameters
The login and password to be used by the deploying device to access the network location in read and write
mode.
1 To enter the login information click the Edit button next to the non-editable fields.
2 A Properties window appears on the screen in which you must enter the login name and corresponding
password in the respective fields and re-enter the password for confirmation.
The login name must have one of the following formats:
<domain name>\<user login>
<local host name>\<user login>
Be aware that . is not a valid domain in this case.
3 For security reasons the passwords will only be displayed in the form of asterisks.
4 To view the passwords you may also uncheck the Hide Passwords checkbox. Both password fields will now
be displayed in clear text format.
5 To confirm the credentials click the OK button at the bottom of the window.
6 The account will be added in the wizard window fields.
2 Once all parameters are defined they must be checked that they are correct. Until the verification is executed
and returns the Status OK, the wizard cannot continue.
3 To verify click the Check Image button to the right of the Status field.
4 AMP will now verify all entries of this page, i.e. the directory as well as the access rights to it.
5 If all values are correct the Status OK is returned, otherwise an error message is displayed in the Status field
indicating where the parameter value is not correct.
6 Once the Status OK is returned click Next to go to the following wizard page.
If you are using a WIM-Image with Sysprep support see Option (f) now.
Chapter 7 - Operating System Deployment Step-by-Step - 157
1 Enter the name Vista WIM Image Target List into the field on top of the empty list field.
2 This deployment will only have one target device and we will add it as a new target.
To add target devices via a PXE subnet see Option (d) now.
3 For this select the Create Target icon ( ) on top of the empty list field.
4 The Create a New Target window appears on the screen.
5 Enter the following information into the respective fields of the General
Information tab for the new device:
Name
Enter into this field the short name that the new device is to have, e.g.,
Device1. Be aware that the name of the new target may only have a
maximum of 15 characters and may only contain the following characters:
A-Z, a-z, 0-9, the underscore (_) and a dash (-).
Target
Leave the radio button selected as we are defining a single target and enter
the information for at least one of the three following fields. If the device is
already up and running the wizard will recover all remaining information
directly from the device and add it to the respective fields.
MAC Address
Enter into this field the current MAC address of the target device. This
is the most precise information to identify the device and should be preferred to the other two following
identification options.
IP Address
Enter into this field the current IP address of the target device. This option may be used if the MAC
address is unknown and device is already running. In this case the respective target device will try to
find its MAC address and provide this information.
DNS
Enter into this field the current DNS information of the target device. This option may be used if the
MAC and IP addresses are unknown and device is already running. In this case the respective target
device will try to find its IP address which in turn will then search for the MAC address and provide this
information.
If you are using a WIM-Image with Sysprep support see Option (g) now.
6 Then click the OK button at the bottom of the window to confirm the data for the new target device and add it
to the target list.
7 Then click Next to go to the following wizard page.
Be aware that only one project per OSD Manager at a time can be active. If you have more than one deployment
project you must schedule them in such a way that they are not launched at the same time and that the first
deployment has finished before the next one starts, i.e. that they are not active at the same time. It is however
possible to execute simultaneous deployments via different OSD Managers in different subnets. If you activate a
new project via this wizard any other project in the same subnet will automatically be deactivated.
As we want to activate and execute this first deployment right away leave all values as they are and click Finish to
launch the deployment.
Chapter 7 - Operating System Deployment Step-by-Step - 161
Do not start the target devices before the project is finished and ready to launch the installation. If the target
devices are already running before the PXE boot will not find the files for the installation and the deployment
and installation of the new OS on the target devices will not take place.
162 - Numara Deployment Manager - Operating System Deployment
You can follow the progress of the installation by selecting the Assigned Objects->Target List->Vista Image
Target List node in the left window pane. The right pane displays the target list members with their status
information.
A Sysprep installation is quite long (~1 hour, depending on the hardware) and requires several reboots.
Name
Enter a self explicatory name for the project into this field, for example XP (64 bit) Custom Deployment.
Target Drive
This field is used to configure the MBR file and is there accessible. HOWEVER only modify the preentered
value if required.
2 Click Next to go to the following wizard page.
164 - Numara Deployment Manager - Operating System Deployment
Step 5: Image
This wizard window allows you to either select an existing or create a new operating system image which is to be
deployed by the setup. Images exist for all types of deployment, but the list displayed in this window is already
filtered and will only show the images created for the respective selected deployment type.
The wizard window is still empty as no images have yet been created. The option to create a new image (Create a
new OS image or setup) is selected by default, therefore click Next to go directly to the following wizard page to
define the parameters of the new image.
Name
Enter a descriptive name for the image in the Create a new OS image or setup field, for example XP Custom
Mode Image.
Location
Enter into this field network path to the folder, where the custom image and the program is located, e.g.
\\192.168.196.13\ghosts64. This is the folder which contains the ghost executable file for the deployment
as well as the ghost image. This directory may be located on any device in your network, as long as it can be
accessed by the OSD Manager and the target devices.
Connection Parameters
The login and password to be used by the deploying device to access the network location in read and write
mode.
1 To enter the login information click the Edit button next to the non-editable fields.
2 A Properties window appears on the screen in which you must enter the login name and corresponding
password in the respective fields and re-enter the password for confirmation.
The login name must have one of the following formats:
<domain name>\<user login>
<local host name>\<user login>
3 For security reasons the passwords will only be displayed in the form of asterisks.
4 To view the passwords you may also uncheck the Hide Passwords checkbox. Both password fields will now
be displayed in clear text format.
5 To confirm the credentials click the OK button at the bottom of the window.
6 The account will be added in the wizard window fields.
Custom Image Command Line
This field contains the command required to deploy the image, e.g., ghost32.exe -
clone,mode=restore,src=W:\XP32.GHO,dst=1:0 -SURE for a ghost image, whereby W: is the mounted share of
the UNC OS location in the WinPE. An example when using imagex would be: imagex /apply
"W:\MyImageFile.wim" 1 C:.
2 Once all parameters are defined they must be checked that they are correct. Until the verification is executed
and returns the Status OK, the wizard cannot continue.
3 To verify click the Check Image button to the right of the Status field.
4 AMP will now verify all entries of this page, i.e. the directory as well as the access rights to it.
5 If all values are correct the Status OK is returned, otherwise an error message is displayed in the Status field
indicating where the parameter value is not correct.
6 Once the Status OK is returned click Next to go to the following wizard page.
1 Enter the name XP Custom Mode Target List into the Name field on top of the empty list field.
2 This deployment will only have one target device and we will add it as a new target.
To add target devices via a PXE subnet see Option (d) now.
3 For this select the Create Target icon ( ) on top of the empty list field.
4 The Create a New Target window appears on the screen.
5 Enter the following information into the respective fields of the General
Information tab for the new device:
Name
Enter into this field the short name that the new device is to have, e.g.,
scotty. Be aware that the name of the new target may only have a maximum
of 15 characters and may only contain the following characters: A-Z, a-z,
0-9, the underscore (_) and a dash (-).
Target
Leave the radio button selected as we are defining a single target and enter
the information for at least one of the three following fields. If the device is
already up and running the wizard will recover information regarding the
MAC address, based on the provided IP address or DNS name.
MAC Address
Enter into this field the current MAC address of the target device. This is the most precise information to
identify the device and should be preferred to the other two following identification options.
IP Address
Enter into this field the current IP address of the target device. This option may be used if the MAC
address is unknown and device is already running. In this case the respective target device will try to
find its MAC address and provide this information.
DNS
Enter into this field the current DNS information of the target device. This option may be used if the
MAC and IP addresses are unknown and device is already running. In this case the respective target
device will try to find its IP address which in turn will then search for the MAC address and provide this
information.
6 Then click the OK button at the bottom of the window to confirm the data for the new target device and add it
to the target list.
7 Then click Next to go to the following wizard page.
Be aware that only one project per OSD Manager at a time can be active. If you have more than one deployment
project you must schedule them in such a way that they are not launched at the same time and that the first
deployment has finished before the next one starts, i.e. that they are not active at the same time. It is however
possible to execute simultaneous deployments via different OSD Managers in different subnets. If you activate a
new project via this wizard any other project in the same subnet will automatically be deactivated.
As we want to activate and execute this first deployment right away leave all values as they are and click Finish to
launch the deployment.
Do not start the target devices before the project is finished and ready to launch the installation. If the target
devices are already running before the PXE boot will not find the files for the installation and the deployment
and installation of the new OS on the target devices will not take place.
You can follow the progress of the installation by selecting the Assigned Objects->Target List->XP Custom Mode
Target List node in the left window pane. The right pane displays the target list members with their status
information.
7.2 Options
This following section will provide you with a number of option available for the different modes of operating
system deployment.
(a) Add Target from Lists
Devices may be added to the target list through a number of different ways. One is through different types of lists.
Be aware that you cannot add the master as a target device. To do so proceed as follows:
1 Select the Add Members from Lists icon ( ).
2 The Select Devices from the List window opens which provides you with the following methods to choose the
scan targets:
Chapter 7 - Operating System Deployment Step-by-Step - 171
AutoDisc Object
AutoDisc Device
Network
CSV List
a AutoDisc Object
The AutoDiscovery module provides a list of all devices of any type found in the network, such as printers
or devices with and without the agent installed. This list is also available for the vulnerability scan
functionality to facilitate the selection of the scan targets. However, the list displayed in this case will only
show all clients of type device and only those with a status of Verified or Learned, which means that all
devices in this list have been verified for existence either by the local client or a neighbour client and exist
on the network. To add a device from the list of all autodiscovered devices known to the database proceed
as follows:
1 Select the AutoDisc Object tab ( ) in the left window bar.
2 The field Available Devices displays the list of all available devices. You will find more information on
the list of autodiscovered devices in chapter Autodiscovered Objects on page 209 in the Console manual.
3 Select the device/devices to be added as targets from the list and then click the Add button ( ) to move
the selected devices to the list of Selected Devices.
4 Click OK to confirm the selections and close the window.
b AutoDisc Device
The tab AutoDisc Device allows you to select
your target devices from a list of
autodiscovered devices by one specific
network device. Proceed as follows:
1 Select the AutoDisc Device tab ( ) in the
left window bar.
2 The Select a Device window opens on the
screen.
3 Select the device of which the
autodiscovered list is to be used from one of
the tabs of the Select a Device dialog box.
4 Click OK to confirm the selection and close
the window.
5 The Select Devices from the List dialog box
now only displays the devices that were
discovered by the selected network device.
6 Select the device/devices to be added as targets from this list and then click the Add button ( ) to move
the selected devices to the list of Selected Devices.
7 Click OK to confirm the selections and close the window.
c Network
You may add a device from the list of your Microsoft network neighbourhood. To do so proceed as follows:
1 Select the Network tab ( ) in the left window bar.
2 The field Available Devices displays now the Microsoft Windows Network Neighbourhood structure
on the screen.
3 Select the device/devices to be added to the list from one of its groups.
4 Click OK to confirm the addition and close the window.
d CSV List
To add a device to the scan from an existing .csv file proceed as follows:
1 Select the CSV List tab ( ) in the left window bar.
2 A window opens, in which you may choose the file containing the device list.
3 Click the Open button at the bottom of the window to open the list.
4 The field Available Devices displays now the list of all devices contained in the selected CSV list.
5 Check the box Header, if your CSV file has a title line which is to be removed.
172 - Numara Deployment Manager - Operating System Deployment
6 Select the device to be added to the scan from the list in the window. You may also select all devices in
the list by using the Select All button.
7 Click OK to add the device and close the window.
3 Continue with the general procedure.
(b) Add Device
You may also add a device or all devices of a target list via the device selection window. This is the easiest way to
add device to the target list if you install only devices that are already known to the NAMP database. Device
without agents are not available in this window. To add devices proceed as follows:
1 Select the Add Device icon ( ).
2 The Select a Device window opens on the screen.
3 Select the device to be added from one of the tabs of the Select a Device dialog box.
4 Click OK to confirm the addition and close the window.
5 Continue with the general procedure.
(c) Create Target via PXE Subnet (Setup Mode)
You may also create new target devices by specifying a subnet in which they will be located. When creating new
targets in this way, it will be added to the OS Deployment database specifically for this deployment. To do so
proceed as follows:
1 Select the Create Target icon ( ).
2 The Create a New Target window opens on the screen with its three tabs, General Information, Parameters
and Unattended Information.
3 Enter the following required information for the target device in the General Information:
Name
Enter into this field the short network name that the new device is to have, e.g., scotty.
Description
This field is a free text field and may contain some descriptive text or necessary information about the
object.
Architecture
This field indicates the for which type of architecture the target list is applicable to. The possible options
are 32 Bit for x86 and 64 Bit for amd64 Windows installations. This field is generally not accessible, as the
architecture is defined by the target list.
Enabled
This parameter defines if the target device is active, i.e. if it will
recuperate the image or setup file to install. By default this option is
set to Yes, enabled or active target. If a target device is disabled, it
must be activated manually via this option and then the project
must be rebuilt for this modification to become effective.
PXE Subnet Filter
This field displays the IP address for the subnet which contains the
target devices. A new field next to the Name field appears in the
window. You may enter into this field the way the device names
within a subnetwork are automatically incremented. The default
value here is 001, i.e. the name with the suffix 001, 002, etc., e.g.
HQ001, HQ002, ... HQ099.
PXE Subnet Filter
Enter into this field the IP address in its dotted notation for the
subnet which is to contain the target devices. The address may
be entered with the wildcard character asterisks (*):
192.168.1.*, 192.168.*.* or 192.*.*.*.
4 Then select the Parameters tab and fill in the fields for the target
operating system information.
Chapter 7 - Operating System Deployment Step-by-Step - 173
Edition
Select from the drop-down box the Windows edition that is being installed, e.g. Windows Vista Enterprise.
The listed editions have been automatically detected from the installation CD/DVD.
Language
Select from the drop-down box the language. This language setting will be applicable to the setup, the
operating system to be installed, the keyboard layout and the user locale. The listed languages have been
automatically detected from the installation CD/DVD.
Product Key
This field defines the preformatted input for the OS product key (e.g.: ABCDE-FGHIJ-KLMNO-PQRST-
UVWXY). Replace the standard key already entered in this field with the key provided by Microsoft on your
installation DVD.
TCP/IP Parameters
The fields in this box allow you to define the parameters for static or dynamic IP address management:
Dynamic IP
Select this radio button to dynamically assign the IP addresses for the devices. This option is only
applicable to Setup projects. This is the default value.
Static IP
Select this radio button if the IP addresses are statically assigned to the devices. The following fields
must be defined for static IP addressing:
IP Address
Enter into this field the IP address which is to be attributed to the target device. This field is
mandatory.
Subnet Mask
Enter into this field the subnet mask for the target device. This field is mandatory.
Gateway
Enter into this field the IP address of the gateway of the target device. This field is mandatory.
Prefered DNS Server
Enter into this field the IP address of the preferred DNS server of the target device. This field is
mandatory.
Alternate DNS Server
Enter into this field the IP address of the alternate DNS server of the target device. This field is
optional.
Click the Default Values button below these fields to preenter the Subnet Mask, Gateway and Prefered DNS
Server fields with the default values.
5 Then select the Unattended Information tab and fill in the fields for your organisation.
Screen Resolution
This parameter defines the resolution in pixels of the target screen. The value in parenthesis behind the
value indicates for which screen size the respective resolution is generally used.
Colour Depth
This parameter defines the colour depth in bits per pixel of the target screen.
Refresh Rate
This parameter defines the refresh rate in Hertz of the target screen (e.g.: 85 for CRT, 60 for LCD).
Resolution (DPI)
This field displays the resolution in dpi that is to be used for the fonts displayed on the screen of the device
to be installed.
Organisation
This field displays the name of your organisation, e.g Numara Software.
174 - Numara Deployment Manager - Operating System Deployment
Workgroup
The network workgroup of the target devices, e.g. WORKGROUP. If you enter a value here and as well into
the Domain field later on, this value will be ignored.
Administrator Login
Enter into this field the login name to which is to be created for the newly installed OS with the full
administrator rights accorded on the new device. For Vista and later versions this field will be greyed out, as
the login name is predefined by Microsoft and may not be modified.
Administrator Password
Enter into this field the corresponding password.
User Login
Enter into this field the login name with which the user is to log on to his device which provides him with
the required user rights. This parameter is only applicable to Vista.
User Password
Enter into this field the respective password to be used. This parameter is only applicable to Vista.
Time Zone
The timezone in which the target device is located.
Full Name
Enter into this field the complete name of the user that is to use the new device, e.g. Jane Doe.
Domain
Enter into this field the name of the domain the new device should belong to, e.g. TESTLAB. If you entered
a name for the workgroup above the domain value will prevail.
Domain Administrator Name
Enter into this field the login name of the domain administrator with which he may access the new device.
Domain Administrator Password
Enter into this field the corresponding password.
First Logon Command
This field lists the commands to be executed on the first logon, this may be a path to a batch file to execute,
e.g. E:\Apps.bat or cmd /c REGEDIT /S E:\Apps\patch.reg. This parameter is only applicable to XP.
6 Click the OK button at the bottom of the window to confirm the data for the new target list or click Cancel to
abandon without modifications and to close the window.
7 Continue with the general procedure.
(d) Create Target via PXE Subnet (Non-Setup Mode)
You may also create new target devices by specifying a subnet in which they will be located. When creating new
targets in this way, it will be added to the OS Deployment database specifically for this deployment. To do so
proceed as follows:
1 Select the Create Target icon ( ).
2 The Create a New Target window opens on the screen with its three tabs, General Information, Parameters
and Unattended Information.
3 Enter the following required information for the target device in the General Information:
Name
Enter into this field the short network name that the new device is to have, e.g., scotty.
Description
This field is a free text field and may contain some descriptive text or necessary information about the
object.
Architecture
This field indicates the for which type of architecture the target list is applicable to. The possible options
are 32 Bit for x86 and 64 Bit for amd64 Windows installations. This field is generally not accessible, as the
architecture is defined by the target list.
Chapter 7 - Operating System Deployment Step-by-Step - 175
Enabled
This parameter defines if the target device is active, i.e. if it will
recuperate the image or setup file to install. By default this option is
set to Yes, enabled or active target. If a target device is disabled, it
must be activated manually via this option and then the project
must be rebuilt for this modification to become effective.
PXE Subnet Filter
This field displays the IP address for the subnet which contains the
target devices. A new field next to the Name field appears in the
window. You may enter into this field the way the device names
within a subnetwork are automatically incremented. The default
value here is 001, i.e. the name with the suffix 001, 002, etc., e.g.
HQ001, HQ002, ... HQ099.
PXE Subnet Filter
Enter into this field the IP address in its dotted notation for the
subnet which is to contain the target devices. The address may
be entered with the wildcard character asterisks (*):
192.168.1.*, 192.168.*.* or 192.*.*.*.
4 Continue with the general procedure.
(e) Create Target in Static IP Mode
Target devices may also be created in static mode. To do so proceed as follows:
1 In the Parameters tab of the Create a New Target window make the following changes:
2 In the TCP/IP Parameters box select the Static IP radio button.
3 Then enter the following parameters:
IP Address
Enter into this field the IP address which is to be attributed to the
target device. This field is mandatory.
Subnet Mask
Enter into this field the subnet mask for the target device. This field
is mandatory.
Gateway
Enter into this field the IP address of the gateway of the target
device. This field is mandatory.
Prefered DNS Server
Enter into this field the IP address of the preferred DNS server of
the target device. This field is mandatory.
Alternate DNS Server
Enter into this field the IP address of the alternate DNS server of the
target device. This field is optional.
Click the Default Values button below these fields to preenter the
Subnet Mask, Gateway and Prefered DNS Server fields with the
default values.
4 Continue with the general procedure.
(f) Sysprep WIM Image Deployment - Additional Drivers
If you are executing a sysprep installation, an extra wizard window will be displayed in which additional drivers
required by the SysPrep installation must be defined.
In this step of the OSD wizard the drivers must be defined which will be used by the Windows Setup for
installation. This is the equivalent for manually inserting the drivers floppy during the installation process. Here
you can define all drivers that may be needed by the deployment operating system to properly run. The drivers
176 - Numara Deployment Manager - Operating System Deployment
must be defined here as well in their usual .inf format. If you are creating an XP setup and your targets use a
SATA disk, do not forget to add the required SATA driver here as well.
Proceed as follows:
1 Before Step 7: of the WIM Image Deployment wizard an Image Drivers window will appear on the screen to
define the additional drivers.
2 By default no drivers are predefined, therefore this list field is empty.
3 For this example we will first add an Ethernet network driver.
8 To verify click the Check Driver button to the right of the Status field.
9 AMP will now verify all entries of this page, i.e. the directory as well as the access rights to it and fill in the
remaining fields with the recovered information, such as the list of driver files.
10 If all values are correct the Status OK is returned, otherwise an error message is displayed in the Status field
indicating where the parameter value is not correct.
11 Once the Status OK is returned click OK button to add the new driver to the list and return to the Image
Drivers window.
12 Now the driver appears in the list of available drivers.
13 Repeat steps 2 to 9 to add other drivers. The drivers defined here must be compliant with the image to be
deployed.
14 Then click Next to go to the following wizard page.
15 Continue with the general procedure.
(g) Sysprep WIM Image Deployment
A sysprep WIM image deployment requires the configuration of the additional parameters. Proceed as follows:
1 At Point 4 (page 158) of Step 8: Target List Configuration of the WIM Image deployment parameters of two
more tabs must be defined:
2 Select the Parameters tab and fill in the fields for the target operating
system information.
Edition
Select from the drop-down box the Windows edition that is being
installed, e.g. Windows Vista Enterprise. The listed editions have
been automatically detected from the installation CD/DVD.
Language
Select from the drop-down box the language. This language setting
will be applicable to the setup, the operating system to be installed,
the keyboard layout and the user locale. The listed languages have
been automatically detected from the installation CD/DVD.
Product Key
This field defines the preformatted input for the OS product key
(e.g.: ABCDE-FGHIJ-KLMNO-PQRST-UVWXY). Replace the
standard key already entered in this field with the key provided by
Microsoft on your installation DVD.
3 Then select the Unattended Information tab and fill in the fields for
your organisation.
Screen Resolution
Select from the drop down list the appropriate screen resolution for the monitor of the target device.
Colour Depth
Select from the drop down list the appropriate colour depth for the monitor of the target device.
Refresh Rate
Select from the drop down list the appropriate refresh rate for the monitor of the target device.
Resolution (DPI)
Select from the drop down list the appropriate DPI value for the target device.
Organisation
Enter into this field the name of your company, e.g. Numara Software. This is the value that will appear in
the license window of the operating system.
178 - Numara Deployment Manager - Operating System Deployment
Workgroup
Enter into this field the name of the workgroup to which the newly
installed device is to belong to, e.g., WORKGROUP. This field will be
ignored if a domain is specified.
Administrator Login
Enter into this field the login name to which is to be created for the
newly installed OS with the full administrator rights accorded on
the new device. For Vista and later versions this field is prefixed by
Microsoft and modifications will be ignored. This login and
corresponding password must be the same as the administrator
login/password of the previously captured system.
Administrator Password
Enter into this field the corresponding password.
User Login
Enter into this field the login name with which the user is to log on
to his device which provides him with the required user rights.
This field is only applicable to Vista and later.
User Password
Enter into this field the respective password to be used (Vista and later only).
Time Zone
Select from this drop down list the time zone which is to be applied to the new device, i.e. in which it is
located.
Full Name
Enter into this field the complete name of the user that is to use the new device, e.g. Jane Doe.
Domain
Enter into this field the name of the domain the new device should belong to, e.g. TESTLAB. Do not enter
anything into this field if you have provided Workgroup information, as this value will override it.
Domain Administrator Name
Enter into this field the login name of the domain administrator with which he may access the new device.
Domain Administrator Password
Enter into this field the corresponding password.
First Logon Command
This field lists the commands to be executed on the first logon, this may be a path to a batch file to execute,
e.g. E:\Apps.bat or cmd /c REGEDIT /S E:\Apps\patch.reg. This parameter is only applicable to XP.
4 Then click the OK button at the bottom of the window to confirm the data for the new target device and add it
to the target list.
5 Then click Next to go to the following wizard page and continue with the general procedure.
(h) Create new Disk Configuration
If none of the predefined disk configurations answer the requirements of your distribution you may create a new
disk configuration. Creating new disk configurations consists of the following two steps:
1 Create new Disk Configuration
2 Create Partitions for the new configuration
Be aware that WinPE has a number of limitation as described on the Microsoft web site (http://technet.microsoft.com/en-
us/library/cc507857.aspx) such as the fact that drive letter assignments are NOT persistent between sessions. This means
that no matter which drive you assigned specific drive letter in the disk configuration of an OS deployment, the drive
letter assignments will be in the default order after WinPE is restarted.
1 At Step 10: Disk Configuration of the wizard select the Create Disk Configuration icon ( ) above the list
window.
2 The Properties dialog box appears on the screen.
3 Enter the desired data into the respective fields.
Name
Enter a name for the new disk configuration, for example FullDisk_3Partitions.
Description
This field is a free text field and may contain some descriptive text or necessary information about the object.
Size
This value displays the total size of the respective hard disk in MB.
Delete Disk Partitions
This parameter defines if any partitions that already exist on the target device are deleted, possible values are
Yes and No.
This option should be used with caution, as any data on the disk will be lost irretrievably if selected, even if
you selected not to format the partition in the partition definition.
Disk Number
The physical disk number on the device, 0 indicating the first disk, 1 the second, etc.
Status
This field displays the current status of the selected disk configuration.
4 Before the disk configuration may be created it must be verified that all entered data is correct.
5 To execute a check on the disk click the Check Disk Status button next to the non-editable field. Be aware that
the disk creation cannot be confirmed until the disk verification succeeded, i.e. the status value OK is
displayed.
6 Click the OK button at the bottom of the window to confirm the data for the new disk configuration and to
close the window.
7 The new configuration will be added to the list field.
This formatting options should be used with caution, as any data on the partition will be lost irretrievably if
one of these options selected.
Type
This parameter defines the type of the partition, i.e. if it is a primary, extended or logical partition.
180 - Numara Deployment Manager - Operating System Deployment
Extend
This parameter is of interest if the defined disk partitions do not completely use up the available disk space.
Possible values are Yes, extend partition, in this case the size fixed for the disk will be ignored and the
remaining disk space will be added to the respective partition. If you select No, do not extend the partition, the
remaining disk space can not be used. Only one partition per disk may be extended. As FAT-32 disks may not
be larger than 32 GB, extending it over this limit will generate an error.
Size
This value displays the total size of the respective disk partition in MB. FAT-32 disks may not be larger than 32
GB. The specified size is adjusted to the cylinder snap and may therefore be somewhat smaller or larger than
the defined value.
Label
The unique name of the partition, e.g. SYSTEM, DATA or BACKUP).
Drive Letter
The logical drive letter from C to Z assigned to the drive, each letter may only be assigned once. You may
assign the partition a specific drive letter, however, WinPE may change this after rebooting if it does not
coincide with its internal sorting logic.
Active Partition
This parameter defines if a partition is active, i.e. if it is potentially bootable. This partition must be used to
install the operating system on, which is to be booted. Only one partition may be active per disk.
Partition Number
The unique physical partition number on the disk the currently selected entry belongs to, 1 is the first
partition, 2 the second, etc.
7 Click the OK button at the bottom of the window to confirm the data for the new partition and to close the
window.
8 Repeat these steps until all partitions for the disk configuration are defined.
9 To change the order of the partitions you may move one up or down in the list.
10 Select the partition in the table in the right window pane.
11 Either choose the Edit->Move Down/Move Up menu item or click the respective icon ( / ) in the icon bar
until the partition is at the desired position.
12 Click the OK button at the bottom of the window to confirm the data for the new disk partition and to close the
window.
13 Continue with Step 10: Disk Configuration of the main wizard procedure.
(i) Add OSD Manager
To define a device as OSD Manager proceed as follows:
1 Choose the Add Device icon ( ).
2 The Add an OSD Manager popup window will appear on the screen displaying the list of all devices, that may
be a OSD Managers due to their operating system.
3 Select the device to be added from one of the list boxes.
4 Click OK to confirm and close the window.
5 The device will be added to the table of OSD Manager and its configuration parameter will be updated
accordingly.
6 Continue with Step 1: OSD Manager of the main procedure.
8
Software Distribution Step-by-Step
Using the Numara Deployment Manager you can control and manage software installations and distributions
across the entire network. The architecture offers a ’pull’ system, whereby the agents will collect (or pull) software
packages from the software depot, the master or a relay on the network and proceed to install and configure the
software on the clients.
As shown in the graphic below, the software distribution process consists of the following individual steps:
1 Download the installation file for the product to distribute from the Internet (1)
2 Create the package to distribute in the Package Factory and publish it to the master/relay (2, 3)
3 Assign the package to the target device and distribute (4, 5)
4 Install the package on the target and sent execution status to the master (6, 7).
Package Factory Internet
1 Installation Files
2
Create package
3
Publish package to Master
Prerequisites
To execute the examples provided in this chapter we assume that:
• in your test environment you have at least one, preferably several devices on which Firefox and Orca are not
yet installed.
• your master has a Internet connection to download the setup files.
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the
NAMP console and its workings.
182 - Numara Deployment Manager - Software Distribution
To create rpm packages your package factory must be a Linux operating system. If you do not have a Linux
master first see Option (i) on how to define another device as Packager which you will need to use.
To see the command line options, open a cmd shell, go to the directory where you have saved the file, and execute
Firefox Setup 3.0.7.exe /help: the /quiet option can be used to install in silent mode, with no user
interaction.
If you want to define another device as the Packager please see Option (i).
2 In the panel Package Type you must define which type of package is to be created via the wizard. Select the
Custom Package option.
Chapter 8 - Software Distribution Step-by-Step - 183
If you want to create the new package in a specific folder instead of under the packages top node see Option (k)
now.
If your antivirus heavily attacks .zip files, choose the .pkg Archive Type.
The Installation panel defines the parameters how the execution of the installation of the package on the target(s)
is effected.
1 In the Destination Path field enter the path in which you want the Firefox Setup 3.0.7.exe to be stored
temporarily, for instance c:/temp.
2 In the Run Command field enter c:/temp/Firefox Setup 3.0.7.exe /S.
In this field you need to enter the destination path to which the executable file is to be copied and under which
it is stored in the package, therefore the path in the Run Command field must be c:/temp/Firefox Setup
3.0.7.exe /S, the /S option is optional and indicates a silent installation.
The Overwrite box defines which files the package may overwrite when installing on the target and which it may
not touch.
1 Check the Overwrite Non-system Files, Overwrite older file versions only and Overwrite read-only files
boxes.
This option allows you to control where the file will be put on the target devices.
Chapter 8 - Software Distribution Step-by-Step - 185
If you want to schedule the distribution at a specific later time, uncheck the Default Schedule option, and
then see Option (a) when the Schedule wizard window appears.
If you want to advertise the distribution to users via the Application Kiosk refer to Option (h) now.
If you want to schedule the distribution with Wake-On-LAN enabled, uncheck the Default Schedule option
and then see Option (b) when the Schedule wizard window appears.
Chapter 8 - Software Distribution Step-by-Step - 187
If you want to schedule the distribution at a specific later time see Option (a) now.
If you want to schedule the distribution with Wake-On-LAN enabled see Option (b) now.
188 - Numara Deployment Manager - Software Distribution
6 Click the Finish button confirm all settings and finish this wizard.
If you want to distribute the software via multicast (limit the network bandwidth used during distribution) click No
here and refer to Option (c) now.
If you want to advertise the distribution to users via the Application Kiosk click No here and refer to Option (i)
now.
If you want to put more conditions in your distribution, for instance to be sure to distribute only to machines with
at least 256 Mb of RAM, click No here and see Option (d) now.
If you want to put more post-processing in your distribution, for instance leave to the user the possibility to reboot
immediately or later, click No here and refer to Option (g) now.
At any moment you can use the Refresh button ( ) in the toolbar.
The bottom right counter tells you the seconds before the status is refreshed automatically.
Prerequisites
In addition to the general prerequisites mentioned at the beginning of the chapter we also assume that:
• the msi file to install orca is stored on the master
• orca is not yet installed on the master
Step 1: Create MSI Package and Make It Available
The first step for the msi distribution is to create the package on the Packager and then make the package available
for the actual distribution:
1 Select the Wizards->Package Creation Wizard ( ) menu item.
2 The Package Creation Wizard appears on the screen and guides you through the individual steps required to
create a new MSI package.
Step 1a: Package Factory
In the first window, Package Factory, you need to select the Package Factory on which the new package is to be
created as well as the type of the package to be created.
1 We only have one packager defined therefore leave it selected.
If you want to define another device as the Packager please see Option (i).
2 In the panel Package Type you must define which type of package is to be created via the wizard. Select the
MSI Package option.
3 Click Next to continue.
If your antivirus heavily attacks .zip files, choose the .pkg Archive
Type.
If you want to create the new package in a specific folder instead of under
the MSI packager top node see Option (k) now.
If you know, that the msi package requires additional files for installation check
the Additional Files box in the Options panel and see Option (j) when the
respective window appears.
If you have checked the Additional Files box in the Options panel to add required files to the msi, the window
appears now on the screen. See Option (j) now for instructions.
If you want to distribute the software via multicast (limit the network bandwidth used during distribution), refer to
Option (c) now.
If you want to schedule the distribution at a specific later time, uncheck the Default Schedule option, and then see
Option (a) when the Schedule wizard window appears.
If you want to advertise the distribution to users via the Application Kiosk click No here and refer to Option (h) now.
If you want to schedule the distribution with Wake-On-LAN enabled, uncheck the Default Schedule option and then see
Option (b) when the Schedule wizard window appears.
If you want to schedule the distribution at a specific later time see Option (a) now.
Chapter 8 - Software Distribution Step-by-Step - 193
If you want to schedule the distribution with Wake-On-LAN enabled see Option (b) now.
If you want to distribute the software via multicast (limit the network bandwidth used during distribution) click No
here and refer to Option (c) now.
If you want to advertise the distribution to users via the Application Kiosk click No here and refer to Option (i)
now.
If you want to put more conditions in your distribution, for instance to be sure to distribute only to machines with
at least 256 Mb of RAM, click No here and see Option (d) now.
If you want to put more post-processing in your distribution, for instance leave to the user the possibility to reboot
immediately or later, click No here and refer to Option (g) now.
At any moment you can use the Refresh button ( ) in the toolbar.
The bottom right counter tells you the seconds before the status is refreshed automatically.
194 - Numara Deployment Manager - Software Distribution
By default these events are configured to be uploaded every 24 hours, i.e. at midnight. If the agent is not running
at this time the events will be uploaded at agent startup.
20 The Select a Device Group popup window will appear on the screen.
21 Select the All Devices group from the list.
22 The group will be added to the table in the right pane with a status of Activated.
23 Go to the subnode All Devices and follow the execution of the operational rule for the individual group
members.
196 - Numara Deployment Manager - Software Distribution
29 Now all data are uploaded and ready and the report may be generated.
Almost all these options use the Firefox custom package for their example as well as the hyperlink target, however, you
may use all these examples as well for the msi package simply be replacing any reference to Firefox v3.0.7.cst by
orca.msi.
Be aware that you need the special Multicast license if you want to execute software distributions via multicast. For trial
purposes this license is included in the temporary license.
5 Click the OK button to confirm these settings and to close the window.
6 Select the newly created window, e.g. Standard Multicast, in the left pane and select its Planning tab.
7 The right window pane displays an hour/day of the week grid. Mark the periods for which the bandwidth
restrictions are to apply by selecting the first slot, e.g., Monday 08:00 and move your mouse cursor to the last
slot, e.g. Friday 18:00, to restrict the bandwidth for all working days from 8am to 6pm.
8 Select the Edit->Define Time-slots menu item or click the respective icon ( ) in the icon bar.
9 The Define Transfer Window Time-Slots window appears on the screen.
10 Enter 128 (or any other desired value) and click OK to confirm.
Chapter 8 - Software Distribution Step-by-Step - 201
4 Either choose the Edit->Add Step menu item or click the respective icon ( ) in the icon bar.
5 The Select a Step popup windows will appear on the screen.
6 In the window list expand item Monitoring and select step Check Installed RAM.
7 Click the Add ( ) button.
8 In the appearing Properties window choose the option Stop on failed step for field Stop Condition and enter
256 in the RAM (MB) field.
8 In the appearing Properties window choose the option Stop on failed step for field Stop Condition and enter
firefox.exe in the Process Names field.
1 Add a new step ’restart’ to the distribution rule; for this execute the same operations as explained above under
Option (d): Distribute Only to Device with at Least 256 MB RAM or Option (e):Kill Firefox Before Starting the
Distribution.
2 Add a reboot step to the software distribution rule itself. The Reboot rule was already created under the
exercises in the operational rules chapter, thus we only need to add it here.
a Select the Reboot operational rule in the left window pane under the main Operational Rules node.
b Go its the Dependencies tab.
c Either choose the Edit->Add Dependency menu item or click the respective icon ( ) in the icon bar.
d The Select an Operational Rule dialog box opens on the screen.
e Open the Software Distribution folder and select the Firefox v3.0.7.cst operational rule.
f Click OK to confirm the dependency.
g Open Device Groups->All Client Devices without Firefox node.
h There open the Assigned Objects->Operational Rules node.
i The rule Firefox v3.0.7.cst rule is already assigned.
j Select the Edit->Assign Operational Rule menu item or click the respective icon ( ) in the icon bar.
k In the appearing confirmation window click Yes.
l The Assign an Operational Rule popup window will appear on the screen.
m Select the All button ( ) in the left window bar.
n Select the rule called Reboot and click OK.
o Click OK to confirm and close the window.
p However, as you can see under the Status column the rule Firefox v3.0.7.cst was not activated in the last
step of the distribution wizard, it must be done now. Select the rule in the table.
q Select the Edit->Activate Operational Rule menu item or click the respective icon ( ) in the icon bar.
r The rule will be activated immediately with the default schedule.
The distribution will now be performed, and at the end the device will be rebooted. If you would like to give the
user the choice if and when he wants to reboot follow the instructions of the next option.
(g) Define the Device Reboot after Distribution as User Choice
There are two possibilities to do so:
1 We are going to:
a Create an operational rule for the Firefox distribution. Depending on where in the distribution process you
interrupt, this rule may already be created.
b Create a second operational rule to control the reboot process.
c Create a dependency between these 2 rules.
d Assign and activate the 2 rules.
2 There is also a faster method to do this:
a Create an operational Rule for the Firefox distribution. Depending on where in the distribution process you
interrupt, this rule may already be created.
b Add the steps to control reboot to this rule.
c Assign and activate this rule.
The drawback of this method is that if the user chooses not to reboot, the whole distribution result will be
reported as Failed, while in the first case, the distribution rule will be Executed (Ok) and the Reboot rule
will be Failed (normal as the user decided not to reboot).
Our example will use the first method with the Firefox distribution rule already created and assigned but not
activated. Thus we only need to create the second reboot rule.
1 Select the Operational Rules top node in the left window pane.
2 Select the Edit->Create Operational Rule menu item or the respective icon ( ) in the icon bar.
3 The Properties dialog box appears on the screen.
4 Enter Firefox Reboot with User Confirmation into the Name field and click OK to confirm.
5 Select the newly created rule Firefox Reboot with User Confirmation and go to the Steps tab.
6 Either choose the Edit->Add Step menu item or click the respective icon ( ) in the icon bar.
Chapter 8 - Software Distribution Step-by-Step - 207
Application Kiosk
To actually perform the distribution on a target proceed as follows:
1 Go to the target device (physically go there, you cannot do it from you desk via the console or the Agent
Interface if the target device is not the device you are currently working from).
2 Right-click the blue NAMP agent icon ( ) at the bottom-right of the Windows device. If the package has
already arrived on the target, the icon should be displayed with the package ( ).
3 Left-click on the Agent Interface menu item.
4 A browser window opens displaying the HCHL interface of the local agent.
5 Select the Application Kiosk tab.
6 Identify yourself with a local login in the appearing popup window.
7 You will now see a web page proposing the Firefox v3.0.7 package for installation.
8 To install the package mark the check box Select at the right end of the Firefox v3.0.7 package.
Chapter 8 - Software Distribution Step-by-Step - 209
5 Then click the Next button to continue with the Publication wizard window on page 191.
(k) Creating a Package in a Specific Folder
When creating a new package it may be directly created in a folder instead of under the package type‘s top node,
which is the default location. To do so proceed as follows:
1 To add it to another folder click the icon to the right of the Folder field (...).
2 The Select Folder window appears on the screen displaying the folder hierarchy. If the desired target folder
does not yet exist you can also create a new folder.
a To do so first select the parent folder of the new one and then select click the New Folder icon ( ) below
the hierarchy.
b The Properties dialog box appears on the screen.
c Enter the desired data into the respective fields and then click the OK button at the bottom of the window
to confirm the new package folder.
3 Select the target folder and click the OK button to confirm and to close the window and return to the original
window.
9
Resource Monitoring Step-by-Step
The Resource Monitoring allows the administrator to monitor a number of system resources and their usage and
access on the managed remote devices. Resource monitoring can be very time and resource intensive on the
devices as well as on the network traffic. It is therefore recommended to limit the monitoring to some few clients
and to monitor only sensitive areas.
Be aware, that the resource monitoring module is only applicable to Windows operating systems NT4 and later.
Prerequisites
To execute the examples provided in this chapter we assume that:
• at least one of the test devices is connected either locally or remotely to a printer.
• at least one of the test devices has Internet access and MS Internet Explorer installed.
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the
NAMP console and its workings.
9.1.1 Printer
Printer monitoring provides the administrator with information regarding the usage of the printer by all clients
and is effected via querying of the printer queues. Some documents, such as very small ones that may remain only
a very short time in the printer queue, may not appear in the list, especially if the defined query values are high.
Remote print monitoring should only be done by very few clients in the network, as this will generate heavy
traffic and may cause the printer to slow down considerably, as it is occupied most of its time answering to remote
print monitoring queries instead of printing.
1 Configure Printer Monitoring
2 Locally Monitoring the Printer Activity
3 Printer Monitoring Results
4 Generate a Print Monitor Report
Step 1: Configure Printer Monitoring
The first step before the printing activities of a device may be monitored is to activate and configure the module
which, by default, is deactivated. Proceed as follows to do so:
212 - Numara Asset Management Platform - Monitoring
By default these events are configured to be uploaded every 24 hours, i.e. at midnight. If the agent is not running
at this time the events will be uploaded at agent startup.
If you want to schedule the rule to execute at regular intervals, click No, and then see Option (a).
22 The master will be added to the table in the right pane with a status of Assignment Waiting.
23 Follow the execution of the operational rule.
Chapter 9 - Resource Monitoring Step-by-Step - 215
30 Now all data are uploaded and ready and the report may be generated.
10 Don‘t forget to return the Printer discovery delay value to 60 seconds after the exercise or switch the printer
monitor off again if you are not starting to monitor right away.
Specified directories that do not exist on a device will be signalled in the log file. Note that it is not possible
to monitor root directories such as c:\ or directories on mounted network drives. Also it is not
recommended to select directories where many file changes take place, such as c:\Program Files. The
paths are not case sensitive.
Check the Include sub-directories box to also monitor the subdirectories of the above listed directories.
Check the Enable USB Drive Monitoring (Windows 2000 and later) box to also monitor the USB ports of
the master.
7 Then click OK to confirm and close the window.
8 Printer monitoring is now activated on the master.
1 Go to the Operational Rules->Upload Resource Management Events node in the left window pane.
2 Go to the Steps tab which already displays the step uploading the printer events.
3 Click the Add Step icon ( ) in the icon bar to add the first step.
4 The Select a Step popup windows will appear on the screen.
5 It displays the list of available steps in its Available Steps box.
6 Double-click the Event Log Manager folder.
7 Select the step Upload Events again and click the Add ( ) button.
8 The Properties dialog box appears on the screen.
9 From the Model Name dropdown list select the File System Monitor value, which should be preselected
and leave all other fields as they are.
10 Then click OK to confirm the parameters and OK again to confirm the step modification.
11 The operational rule now contains twice the same step with a different parameter value.
12 As the operational rule was modified it must therefore be reassigned to the target, i.e. the master for its
modifications to become effective.
13 Go to the Assigned Objects->Devices node in the left window pane under the operational rule.
14 Select the Edit->Reassign Operational Rule menu item or the respective icon ( ) in the icon bar.
15 The reassignment process of the operational rule will be launched immediately and it will be executed
directly.
16 Once its status is Executed all data are uploaded.
Chapter 9 - Resource Monitoring Step-by-Step - 219
22 Now all data are uploaded and ready and the report may be generated.
1 Go to the Operational Rules->Upload Resource Management Events node in the left window pane.
2 Go to the Steps tab which already displays the step uploading the printer events.
3 Click the Add Step icon ( ) in the icon bar to add the first step.
4 The Select a Step popup windows will appear on the screen.
5 It displays the list of available steps in its Available Steps box.
6 Double-click the Event Log Manager folder.
7 Select the step Upload Events again and click the Add ( ) button.
8 The Properties dialog box appears on the screen.
9 From the Model Name dropdown list select the Web History Monitor value and leave all other fields as they
are.
10 Then click OK to confirm the parameters and OK again to confirm the step modification.
11 As the operational rule was modified it must therefore be reassigned again to the target, i.e. the master for its
modifications to become effective.
12 Go to the Assigned Objects->Devices node in the left window pane under the operational rule.
13 Select the Edit->Reassign Operational Rule menu item or the respective icon ( ) in the icon bar.
14 The reassignment process of the operational rule will be launched immediately.
15 Once its status is Executed all data are uploaded.
16 To verify this go to the Events->Event Logs node of the master.
17 This node displays the list of all events registered by the event log models for the selected device or device
group.
18 To display the web history events instead of the default software distribution events select Web History
Monitor from the Model Name dropdown list.
19 Then click the Find button.
20 The table below will now display all events that were uploaded and are continued to be uploaded.
21 Now all data are uploaded and ready and the report may be generated.
Chapter 9 - Resource Monitoring Step-by-Step - 223
10 The second graphic displays the list of web pages accessed in form of a bar chart with labels. Depending on the
length of the individual links the chart may be „moved“ to the left, and thus be displayed incomplete. To
rectify this you may modify the settings of this chart:
224 - Numara Asset Management Platform - Monitoring
11 Select the report in left window pane and the go to its Subreports->Subreport 2 node.
12 There select the tab Format.
13 Select the line Chart Width and then the Edit->Properties menu item or the respective icon ( ) in the icon
bar.
14 The Properties window appears on the screen with the value for Chart Width preselected.
15 Enter a larger value, the default value is 400, try with double the size as is the case for the example image
above.
16 Then regenerate the report and display it again. Keep modifying this value until it is satisfactory.
15 In the field below select the time at which to execute the inventory collection, e.g., 07:00.
16 Click OK to confirm the new schedule and close the window.
17 The status will still display Update Paused, which means you need to activate the modified schedule.
18 Reselect the master in the table and then activate it by selecting the Activate Operational Rule icon ( ) in
the icon bar.
19 The status will change to Update Waiting and then all other status values until it arrives at Updated, to
indicate that the rule was updated on the device an is ready for execution again.
(b) AMP Database Cleaning
By default the data for persistent events is stored 1 year (365 days) in the master database. You may configure your
database to store the data for a different period of time or even to delete all currently existing entries. To do so
proceed as follows:
1 Open the Global Settings->System Variables node in the console.
2 Select the Event Management tab.
3 This tab defines the default settings for the event logging functions of you system.
Step 2: Steps
Operational rules are made up of steps which tell the agent on the target devices which actions to execute. In this
window we will select three times the same step. Each of these steps will delete all event entries in the local
database for its specified event log model:
1 Select the Add Step icon ( ) on top of the list field.
2 The Select a Step popup windows will appear on the screen.
3 Expand the item Event Log Manager and select the step Delete Events.
Chapter 9 - Resource Monitoring Step-by-Step - 227
17 Now the event deletion is specified for all three resource monitoring models.
18 Click the Finish button to confirm the settings of the new operational rule.
19 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
Step 5: Schedule
The schedule of operational rules is defined via the Scheduler window which has three tabs with different
scheduling options. We will execute the rule with the default schedule therefore leave all preselections as they are
and click theFinish button.
1 Once the assignment is done the status will change to Ready to run, to indicate that now the scheduling of
the actual operational rule step is being executed.
2 The synchronisation between the master list and the list on the client is finished when the value in the Status
field has changed to Executed.
The last option provided by the wizard is to go directly to one of the objects,
i.e. the operational rule or the task, if one was created. for our example we
will directly activate the rule and change to focus to it, therefore check the
Go to Operational Rule box and click Yes, to directly activate the rule.
10
Application Management Step-by-Step
Application managing provides administrators with visibility on installed applications and link them to the
business cycle. It allows for the correlation of software inventory data between purchased software to installed
software and used software.
The main objects of Application Management are:
• Application Catalogue
The Application Catalogue is a container for all applications which are to be managed on the devices of your
infrastructure, that is to say they are to be either monitored for performance, restricted in their execution and/
or defined for selfhealing.
• Schedule Templates
A schedule template is a planning that defines the times via hourly time-slots at which the application usage
may be denied or allowed or monitored. As its name indicates this is a template and may be assigned to and
used by more than one application list.
• Application Lists
Application Lists are containers in which applications are collected that are managed in a specific way in your
network, e.g. applications of which the usage is monitored for licensing reasons, applications that may not be
executed on specific or all devices, et. The following different types of application lists are available:
monitoring applications, i.e. monitor when, where and for how long applications are executing,
prohibiting applications, i.e. prohibit them from launching on specific devices and
protecting applications, i.e. to provide applications with the possibility to heal themselves if they get
corrupted in any way.
This chapter is divided into the following sections:
• Managed Application Examples
• Application Management Reporting
• Application Management Options
Prerequisites
To execute the examples provided in this chapter we assume that:
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the
NAMP console and its workings to execute some of the options in the second part of the chapter.
For information on how to add a software from the Direct Access to the Application Catalogue see Option (a).
For information on how to add a software as a user defined application to the Application Catalogue node see
Option (c).
For information on how to add a software directly from a device or device group to the Application Catalogue
node see Option (d).
Only applications which contain all required information to be managed can be added. If an application listed in
the software inventory does not provide all necessary information, this option will not be available.
1 Go to the Device Topology node and find the device which contains all the software applications you want to
declare as defined applications, for example the master server.
2 Select the device’s Inventory->Software Inventory->Applications node.
3 Find in the table in the right window pane the software application to be managed, for example Adobe Reader,
and select it. Make sure not to select an application of type Add/Remove Program or MSI, these types may be
added to the application catalogue but they may not be managed as vital information is missing.
4 Then either select the Edit->Add as Managed Application menu item or the respective icon ( ) in the icon
bar.
5 A confirmation window appears on the screen.
6 In this window you may define the folder into which the application is to be added. By default it will be added
directly under the main Application Catalogue node as we will do now.
To add the application to another folder that may or may not yet exist see Option (f) now.
8 An Information window will now appear in which you may also directly add the selected application to an
existing application list. Click No to only add the application to the Application Catalogue as we do not yet
have created an application list.
9 The selected application will directly be added to the list under the Application Management->Application
Catalogue node.
10 Go now to the Application Catalogue node and you will find an entry for Adobe Reader in the list. If this is not
the case yet refresh ( ) the view.
11 Repeat steps 3 and 4 for some more applications for the examples to follow, e.g. add Chilli Interpreter, and the
Pinball game to the list.
1 Define an Application for Application Management (as explained under chapter Step 1: above)
2 Create a Monitored Application List with Adobe Reader as a Member
3 Assign Adobe Reader to the Target Device
4 Monitor Adobe Reader Execution
To add the application from the software inventory see Option (b) now.
To add the application as a user defined application see Option (c) now.
To add the application directly from a device or device group see Option (d) now.
13 Select the Edit->Add an Application from the Catalogue menu item or the respective icon ( ) in the icon
bar.
14 The Add an Application from the Catalogue dialog box appears on the screen providing the list of
applications.
3 A pop-up window appears on the screen in which you can define if the device assignment will be
automatically activated with the default schedule. If you select No here, the object must be specifically
activated afterwards, therefore click Yes.
If you select No here to not automatically activate the new application list, see Option (g) on how to activate
it later manually.
6 The master will be added to the table in the right pane with a status of Assignment Waiting and change to
Assigned as soon as the local agent has received the assignment order.
7 From now on, every time Adobe Reader is used on the local device an event will be logged after the
application was closed or has been running for more than 24 hours.
To create and assign a monitoring schedule to the monitored application list see Option (h) now.
To view the monitored application events under this node or in a report see paragraph Upload Application
Management Events to Master Database in the reporting section of this chapter.
To see how the monitoring works, open and close the Adobe Reader application a number of times before you
execute the following procedure. Leave the reader open at the end.
1 Open the Device Topology->master->Agent Configuration->Module Configuration->Managed Applications
node.
234 - Numara Asset Management Platform - Monitoring
2 Select the List tab. It displays all applications that have been selected for managing on the local client,
monitored as well as prohibited applications. For the moment you will only see the Adobe Reader entry.
1 Define an Application for Application Management (as explained under chapter Step 1: above)
2 Application Management Wizard
3 Monitor Pinball Execution
To create the new application list in a specific folder see Option (f) now.
3 Click the Next button at the bottom of the window to continue with the next step.
To add the application from the software inventory see Option (b) now.
To add the application as a user defined application see Option (c) now.
To add the application directly from a device or device group see Option (d) now.
236 - Numara Asset Management Platform - Monitoring
1 Select the Edit->Add an Application from the Catalogue menu item or the respective icon ( ) in the icon
bar.
2 The Add an Application from the Catalogue dialog box appears on the screen providing the list of
applications.
5 Pinball is now defined as an application which will be prohibited from execution and displayed as such in the
list field.
6 Click the Next button at the bottom of the window to continue with the next step.
To create the new schedule template in a specific folder see Option (f) now.
2 The current planning displayed in the field below prohibits the execution at all times, indicated by red crosses
( ) in all fields.
3 To allow the execution for non-working hours mark the fields Mon-Fri 5:00-7:59 by clicking the first field
(Mon 5:00) and dragging the mouse key to the last field (Fri 7:00).
4 Then choose the Allow Time-slot icon ( ) to allow the application to execute in this time range.
5 The red x icon ( ) will change to the green check ( ) to indicate allow.
6 Repeat points 3 and 4 for the timeslots Mon-Fri 12:00-13:59 and Mon-Fri 18:00-20:59.
7 Click the Next button at the bottom of the window to continue.
238 - Numara Asset Management Platform - Monitoring
To activate the prohibited application list later on, if you select No here see Option (g) now.
The new prohibited application list is now added to the list of applications.
• under the Event Logs subnode of the All Events node of the device, for our example the master.
To view the prohibited application events under this node or in a report see paragraph Upload Application
Management Events to Master Database in the reporting section of this chapter.
3 Launch Pinball.
4 An Information window will appear on the screen telling you that Pinball was prohibited from execution.
Click Ok to close the message box.
If Pinball is started instead of displaying the message you may be in one of the timeframes in which
the execution is allowed, e.g. it might be lunch time.
8 Such an entry or event will be generated each time Pinball is tried to start. In this entry you can see amongst
others when the event regarding the prohibited application was logged (Event Date) and when the application
was launched (Detection Time), as well as the name of the user who was connected at the time and his
domain.
Chapter 10 - Application Management Step-by-Step - 241
Make sure to deactivate the selfhealing option for any protected application before updating or upgrading it, as these
modifications will also be seen as ’destructive’. After you have made any necessary modifications to the software you can
reactivate the selfhealing process for the respective software again.
This part of the chapter guides you step-by-step through the procedure of defining an application, the Chilli
programming language, as a protected application via the wizard and how to interpret the results.
Protecting Chilli Interpreter consists of the following steps:
1 Define an Application for Application Management (as explained under chapter Step 1: above)
2 Create a Protected Application List and Assign it to the Target via the Application Management Wizard
3 Monitor Chilli Interpreter Selfhealing
Step 2: Create a Protected Application List and Assign it to the Target via the
Application Management Wizard
To create an application list and add Chilli Interpreter as a member to be protected, i.e. defined as selfhealing in
case of file corruption, proceed as follows:
1 Select the Application Lists node in the left window pane.
2 Select the Wizards->Application Management menu item or the respective icon ( ) in the icon bar.
3 The Application Management Wizard window appears on the screen with its first window, Application List.
4 In this window you can see all steps of this wizard in the left window pane, the currently selected step is
highlighted in bold, all steps which are not applicable to the selections will be greyed out. For our example this
concerns the schedule steps, as no schedule can be assigned to protected applications, they are protected at all
times.
3 Click the Next button at the bottom of the window to continue to the next window.
To add the application from the software inventory see Option (b) now.
To add the application as a user defined application see Option (c) now.
To add the application directly from a device or device group see Option (d) now.
1 Select the Add an Application from the Catalogue icon ( ) above the list field.
2 The Add an Application from the Catalogue dialog box appears on the screen providing the list of
applications.
3 Select Chilli Interpreter.
4 Click the OK button at the bottom of the window to confirm the new protected application.
5 The application is now added to the list and appears in the list window.
You can see here that a number of attributes may be defined for protected applications. To do so see now refer to
Option (i) now.
Chapter 10 - Application Management Step-by-Step - 243
4 All options of the protected application list are now defined, so click the Finish button to confirm.
5 The last option provided by the wizard is to directly activate the newly
created application list and to go directly to it. Click Yes, to immediately
activate the application list without changing the focus.
Refer to Option (g) to only create and then manually activate the created
application list later.
244 - Numara Asset Management Platform - Monitoring
To view the selfhealing events under this node or in a report see paragraph Upload Application
Management Events to Master Database in the reporting section of this chapter.
Once the selfhealing process is activated you may do the following to verify how it works:
Be aware that for most cases this only protects the directory in which the executable file of the software is found, in
most cases the \bin directory.
5 Such an entry or event will be generated each time Chilli Interpreter is repaired. In this entry you can see
amongst others when the event regarding the protected application was logged (Event Date), the date and time
at which the application was fixed (Fixing Time), which file was fixed (Fixed File), as well as the name of the
user who was connected at the time and his domain.
By default these events are configured to be uploaded every 24 hours, i.e. at midnight. If the agent is not running
at this time the events will be uploaded at agent startup.
31 The master will be added to the table in the right pane with a status of Assignment Waiting.
32 Once its status is Executed all data are uploaded.
33 To verify this go to the All Events->Event Logs node of the master.
34 This node displays the list of all events registered by the event log models for the selected device.
35 Select the Monitored Applications value from the dropdown list of the Model Name field.
36 Click the Find button.
37 The table below will now display all application management events of type monitoring that were uploaded.
This report has two subreports each displaying a bar chart, the first for the number of times an application was
started and the second for the average amount of time the application was running on the devices.
To restrict the data processed for this report to a certain time range see Option (k) now.
10 Select the Edit->Generate Report menu item or the respective icon ( ) in the icon bar.
11 A confirmation window appears on the screen, click the OK button to confirm.
12 The report will be created immediately using the current data of the database.
13 To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
14 A login window appears on the screen. Enter admin and no password.
15 A new browser window or tab opens and displays the report.
3 Select the Edit->Add User Defined Application menu item or the respective icon ( ) in the icon bar.
4 The Add User Defined Application dialog box appears on the screen.
5 It provides all the data it can find on the selected executable.
5 Click OK at the bottom of the window to directly add the selected software.
(c) Add User Defined Application
To add a user defined application to the list of managed applications from directly under the Application
Management node proceed as follows:
1 Open the Application Management->Application Catalogue node in the left window pane.
2 Select the Edit->Add User Defined Application menu item or the respective icon ( ) in the icon bar.
3 The Add User Defined Application dialog box appears on the screen.
4 Enter the following data into the respective fields:
Name: Adobe Reader 8
Version: 8.1.0.2007051100
File Name: AcroRd32.exe
Make very sure that you enter the name and version number exactly as it was found
under the Software Inventory, otherwise the application will be added to the list of
managed applications, but neither monitoring, prohibiting nor protecting it will
work.
5 Click the OK button at the bottom of the window to confirm the data for the new
managed application.
252 - Numara Asset Management Platform - Monitoring
Devices/Device Groups
1 Application list->Assigned Objects->Devices/Device Groups node in the left window pane.
2 Select the entry which is to be activated in the table in the right window pane.
The following steps of the procedure are applicable to both locations:
3 Select the Edit->Activate Application List menu item or the respective icon ( ) in the icon bar.
4 The application list will be immediately activated.
5 You can follow the activation process via the Status column of the table in the right window pane.
(h) Schedule Templates
Schedule templates are specific schedules which are defined to regulate the use of monitored and prohibited
applications. As the name template indicates this a planning which may be used for a number of applications
which have certain criteria of use in common, such as personal software, which, for example may be forbidden to
be used during regular working hours, but allowed before and after and during lunch time.
The Planning tab of these templates allows to define time-slots for prohibited applications. The hourly slots are
represented in the visual form of a spreadsheet and display each if at this time the assigned prohibited
applications are allowed to be used or denied.
These templates may also be created and assigned manually instead of via the assistant as shown in the main
example. For this proceed as follows:
Step 1: Create a Schedule Template
To add a new schedule template to restrict the monitoring of the application list to the working hours proceed as
follows:
1 Select the Schedule Templates node in the left window pane of the prohibited application.
2 Select the Edit->Create Schedule Template menu item or the respective icon ( ) in the icon bar.
3 The Properties dialog box appears on the screen.
4 Enter Working Hours into the Name field.
5 Click the OK button.
6 Now select the new schedule in the left window pane and go to its Planning tab.
7 Drag you mouse button from the Mon 7:00 field to the Fri 18:00 field.
8 The click the Edit->Allow Time-slot menu item or icon ( ) to allow the application to execute in the selected
time range.
Chapter 10 - Application Management Step-by-Step - 255
If you do not make local copies for a protected application for all devices, make sure that at least one device in
the neighbourhood of the backupless devices has such a backup copy, i.e. a neighbour device which can be
found in the backupless device’s autodiscovery list.
Protect Sub-directories
This value defines if the protection scheme includes the sub-directories of the application directory. This may
be applicable for larger applications having sub-directories with do not only contain user created but
application data, such as libraries or filters.
Include File Types
By default all files in the main directory as well as the sub-directories if specified are included. If you do not
want to include all files enter into this field the list of file extension which are to be included in the selfhealing
package. The files are a comma separated list with wildcard characters, such as *.exe,*.dll,*.bat, etc. If
you are limiting the files to be protected they should not include any type of file that is user created, such as
*.doc,*.txt, etc., as newer files may be erased by older ones in case of a selfhealing operation. You may also
exclude these via the next parameter.
Exclude File Types
By default all file types are included for protection and selfhealing. In this field you may specify a list of file
types which are not to be protected and thus included in the selfhealing package. The files are a comma
separated list with wildcard characters, such as *.txt,*.doc,*.tmp, etc. In this field you may limit for
example any type of file that is user created, such as Word documents, Excel spreadsheet, etc., as newer files
may be erased by older ones in case of a selfhealing operation.
4 Click the OK button at the bottom of the window to confirm and to close the window.
5 Then continue with the wizard.
(j) Defining the Integrity Check Interval
You may define at which interval the agent checks the integrity of the protected applications. This is done via a
parameter of the selfhealing module and the value will be applicable for all defined protected applications. The
default value for the integrity check is defined at 30 seconds. To now increase this value for example to 5 minutes
you have the following possibilities:
Modify the Parameter for a Single Device:
1 In the console
a Open the node Device Topology->Device->Agent Configuration->Module Configuration->Selfhealing.
b Select the entry in the table.
c Select the Properties icon( ) in the displayed tab.
d The Properties window appears on the screen. Modify the parameter to 300 seconds.
e Then click the OK button to confirm the modification. The new parameter value will directly be taken into
account.
2 Via the Agent Interface
a Double-click the SysTray symbol to open the agent interface in a browser window.
b The select the button Identification in the top right corner of the browser window and log on to the
interface with a local login with administrator permissions.
c The browser will now display the extended version of the agent interface.
d Select the tab Advanced and from its list in the left column the option Selfhealing.
e The browser window now displays the Selfhealing Module Parameters page.
f Click the Modify... button.
Chapter 10 - Application Management Step-by-Step - 257
g The browser now displays a page in which the value of the parameter may be modified. Enter 300 instead
of the existing 30 seconds.
h Then click the Update button.The new parameter value will directly be taken into account.
3 In the Configuration file
a Go to directory <InstallationDirectory>/Client/config.
b Open the file SelfHealing.ini in a text editor.
c Modify the value of parameter CheckInterval from 30 to 300 seconds. The new parameter value will
directly be taken into account.
Modify the Parameter for Several Devices:
To modify the parameter value for several devices, we will first create an operational rule with the new value, and
then assign it to the target devices, either directly to the individual devices or via a device group, such as for
example group All Devices, to be executed. To do so proceed as follows:
1 Create an operational rule with step Selfhealing Module Setup. You define the value for this step to 300
seconds.
2 Assign the rule to device group All Devices and directly activate it.
3 Open the following console node on one of the target devices Device Topology->Device->Assigned Objects-
>Assigned Operational Rules.
4 Once the status Executed is displayed for the assigned operational rule, the modification was done.
5 To verify this open node Agent Configuration->Module Configuration->Protected Applications of the device.
There you will now find the new value.
(k) Reporting on Specific Time Range
To only use the data of a specific time range for the report to be generated, proceed as follows:
1 At Report 2: Point 2 (page 248) of the general procedure select the Options tab of the report.
2 Since no options have yet been specified for this report the table in this view is still empty.
3 To add a time frame select the Edit->Properties ( ) menu item or icon.
4 The Properties window appears on the screen.
5 Check both boxes to activate the calendar fields.
6 Then open the calendar for each of the fields and select a start and an end date.
7 Click OK to confirm and close the window.
8 The time option is now active for the report.
9 Continue with the general procedure with Point 3 (page 248).
258 - Numara Asset Management Platform - Monitoring
11
Power Management Step-by-Step
The new functionalities of the Numara Power Manager allow you to follow the overall energy usage of your
devices of specific periods of time, to calculate you energy costs and CO2 emissions as well as to measure the
progress regarding the application of energy consumption policies.
The Power Management functionality is NOT applicable to Linux, Mac OS and Solaris; it is only applicable to Windows,
version 2000 and later.
Prerequisites
To execute the examples provided in this chapter we assume that:
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the
NAMP console and its workings.
This step configures the event generation for the module, as we have just done, as well as the default inventory
update and upload. By default it is generated and uploaded to the master database every 24 hours. If you want
to define a different schedule see Option (a).
7 Then click OK to add the step to the list and close the window.
8 Click OK again to confirm the list of steps for the operational rule and close the window.
Chapter 11 - Power Management Step-by-Step - 261
9 Now click the Finish button to confirm the settings of the new operational rule.
10 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
Step 1c: Operational Rule
In the first window of the Operational Rule Distribution Wizard you define which rule to distribute as well as
some distribution options:
1 The Name field is inaccessible as the operational rule to distribute is already preselected, i.e. the one we just
created.
2 Leave all other options as they are.
6 Click Finish to confirm all choices and launch the assignment and configuration
process.
7 The last option provided by the wizard is to go directly to one of the objects, i.e.
the operational rule or the task, if one was created. for our example we will
directly activate the rule and change to focus to it, therefore check the Go to
Operational Rule box and click Yes, to directly activate the rule.
10 Click the Add button ( ) to add the step to the list of Selected Objects.
11 The Properties dialog box will appear on the screen displaying the parameters to be defined.
12 Check the remaining options: Upload after update, Force Upload, Bypass Transfer Window.
To schedule the inventory generation at regular intervals, click No and see Option (b) once the device group is
assigned.
4 The Assign to Device Group popup window will appear on the screen.
264 - Numara Power Manager
At any moment you can use the Refresh button ( ) in the toolbar.
The bottom right counter tells you the seconds before the status is refreshed automatically.
To learn how to change the active power scheme see Option (e).
To learn how to create new power schemes or modify existing power schemes see Option (d).
By default these events are configured to be uploaded every 24 hours, i.e. at midnight. If the agent is not running
at this time the events will be uploaded at agent startup.
By default the events, if activated, will be uploaded to the master database once a day at midnight. If you need
a more frequent upload click No, and then see Option (c) once this step is finished.
19 The Assign to Device Group popup window will appear on the screen.
20 Select the group All Devices from the list.
268 - Numara Power Manager
21 The group will be added to the table in the right pane with a status of Activated.
22 Select the subnode All Devices and follow the execution of the operational rule for the group members.
23 Once its status is Executed all data are uploaded.
24 To verify this go to the Events->Event Logs node of the All Devices group.
25 This node displays the list of all events registered by the event log models for the selected device group.
26 To display the power management events instead of the default software distribution events select Power
Management from the Model Name dropdown list.
27 Then click the Find button.
28 The table below will now display all events that were uploaded and are continued to be uploaded.
29 Now all data are uploaded and ready and reports may be generated.
• The report details may be grouped by Status, Weekly Hours, Day, Month, Week or Year
• The units according to which the data may be displayed are Percentage, Hours, Energy, Price and CO2
Emission.
• The reports may be generated for a specific period of time.
• As usual all these reports may be generated and displayed in HTML, PDF and XML format.
The following section will provides some examples of these possibilities, mostly as a summary. You will find
detailed information on each of the possible contents in the Power Management Report Templates on page 47 of
the Power Management manual.
For our examples here we will only create one report which we will modify each time to see the different
possibilities. However, you may also create a new report for each example, but this will not be explained
specifically.
Report 1: Power Management Reporting - Summary
We will generate this report via the wizard, which is available from everywhere in the console.
1 Select the Wizards->Report Creation menu item or the respective icon ( ) in the icon bar.
2 The Report Creation Wizard appears on the screen.
3 The left pane of the wizard window displays all available steps of this wizard. Depending on the selections
made in the right window panes, some of these steps will become available/unavailable.
Step 1: Report
The first window of the wizard, Report, appears on the screen. It defines the base information of the report:
1 Enter Summary as the name into the Name field.
2 Enter Power Management Summary as the name into the Report Title field.
3 In the Report Type field select Template-based from the dropdown list.
4 In the Report Template field select Power Management Status from the dropdown list.
5 Power management only provides one report which however provides you with several options.
6 Leave all other values as they are.
Step 2: Options
In the Options window the criteria for the report are defined, e.g. if it is to be a summary, if it is generated for a
specific period of time, for a specific group, etc. For our example we will first generate the basic report, a status
summary. Therefore leave all values as they are and click Next to continue.
270 - Numara Power Manager
For more information regarding public reports on the Report Portal see Option (g) in the Reporting chapter.
3 Go down to the second panel and select the Add e-mail icon ( ).
4 The Define Mail dialog box appears on the screen. To specify the recipients as direct recipients, copy
recipients and blind copy recipients, you proceed in the same way.
To enter recipients click the To.../CC.../BCC... button and the Select an Address dialog box appears on the
screen.
To select an administrator or administrator group from the list click the Select from List radio button and
then select the recipient(s) below. You may specify an administrator group as the recipient, in this case the
mail will be sent to all members of this group that have a valid e-mail address entered into their general
data tab.
Or you may click the Select Manually radio button and enter any valid e-mail address into the field below.
You may also enter more than one address by separating these with a semi-colon, for example,
scotty@enterprise.com;kirk@enterprise.com.
5 Then enter Power Management Summary Report as the Subject of the mail.
6 Click OK to confirm the mail and add it to the list.
Chapter 11 - Power Management Step-by-Step - 271
Step 5: Schedule
The last step in the wizard is the definition of its generation schedule. Our first report we will generate
immediately to be able to examine it right away:
1 Check the Immediately radio button in the Execution Date panel.
2 Then check the Immediately generate the report box at the bottom of the window.
3 Then click the Finish button to confirm the new report and generate it.
4 As usual a confirmation window appears which allows you to move the focus of the
console to the newly created report.
5 Click the Yes button to do so.
The first part of this summary, the introduction provides you with the following information, which will be the
same for all different types of reports we will generate:
• A general description of the contents of this report
274 - Numara Power Manager
• Time Range displays the timeframe for which the report was generated. If you have not selected a timeframe
as we did, the dates indicated are the date of the first uploaded event as the start date and the date of the last
uploaded event as the end date.
• Group by indicates the distribution of the charts, All in this case meaning that all devices are cumulated in
one single graph.
• Unit indicates in this case that the values provided in the graph are in percent.
• Number of devices displays the total number of members of the group that is assigned to the report.
• Number of devices used for reporting displays the number of devices that uploaded events usable for this
type of report. For the above shown example this indicates that only 2 out of the 8 group members show power
management actions.
The second part of this report is the summary of all data displayed in form of a pie chart with the colour
explanations below.
• The differently coloured pie parts represent the different types of events generated.
• The percentage indicates the representation in percent of the respective event (= power state of the device).
• The displayed graph shows that one those two devices were only 2/3 of the time someone was working, for
almost 1/3 of the time the screen saver was running, at they were shut down for only 5% of the time.
• It also shows that at all times someone was logged on to both devices.
• In this graph it is not possible to know the active/inactive time distribution between the two devices, for this a
report needs to be generated that distinguishes between the devices.
Report 2: Power Management Reporting - Usage per Device
To display the same report with details on each of the devices of the device group in addition to the group
summary modify the report as follows:
1 Select the report in the left window pane.
To know more about the general options and possibilities of reports refer to the general report chapter of this
manual or the Console manual.
9 Now select the Edit->Generate Report menu item or the respective icon ( ) in the icon bar.
10 The Select Generation Formats window appears on the screen, click the OK button to confirm the preselected
choice.
11 The report is now generated.
12 Now go to the Report Results->All Devices node below the report.
13 In this view all generated reports are listed in their respective format with their generation status.
14 Once the status Available is displayed the report is ready for display.
15 Select the report entry in the table and click the Edit->View menu option or the respective icon ( ) in the
icon bar.
16 A new tab or window of the browser is opened displaying this new report.
This report now shows a graph for each device providing data for the report, in this case two. The two graphics
above display now - compared to the general summary generated before - the activity/inactivity and usage of the
two devices.
Report 3: Power Management Reporting - Distribution by Weekly Hours
The created report may be modified to display more detailed aspects of the defined power management. Proceed
as follows:
1 Select the report in the left window pane.
276 - Numara Power Manager
To know more about the general options and possibilities of reports refer to the general report chapter of this
manual or the Console manual.
If you leave the option checked the report will provide the same information but per device, i.e., all charts will
exists for each device.
If you generated the report by device, the above explained parts will be repeated for each of the devices delivering
data, i.e. having uploaded events to the master database.
To know more about the general options and possibilities of reports refer to the general report chapter of this
manual or the Console manual.
If you leave the option checked the report will provide the same information but per device, i.e., all charts will
exists for each device.
3 The third part, displayed below, shows a bar chart for each day of the week and each hour of these days and
the energy costs for these hours.
To know more about the general options and possibilities of reports refer to the general report chapter of this
manual or the Console manual.
If you leave the option checked the report will provide the same information but per device, i.e., all charts will
exists for each device.
11.3 Options
The following paragraphs will provide you with a number of options that may be used with the power
management.
(a) Power Management Inventory Upload Schedule
To define the upload schedule of the Power Management Inventory you have two possibilities:
• Modify the default inventory parameters of the Power Management module
• Define a different schedule via an operational rule and assign it to the targets.
The following paragraph explains the first option, as creating a specific schedule has already been detailed in the
preceding chapters, e.g. in the options of the Configuration Management Step-by-Step chapter. We will change the
basic schedule for all devices not only for one, therefore we will do this via the power management configuration
rule that we created before:
1 Open the Operational Rules top node in the left window pane.
2 Select the Power Management Configuration rule among its children.
3 Select the Steps tab in the right window pane.
4 Select the entry in the table to the right and double-click it.
5 The Properties window appears on the screen.
6 It displays the following parameters which are available for the inventory management:
Upload on Startup
This checkbox defines if the inventory is uploaded to the master after being updated the first time on agent
startup. It is recommended to activate this option to ensure that the inventory is updated at least at every
startup of the agent.
Differential Upload
This checkbox specifies if the inventory is to be completely replaced which each upload when differences are
detected or only with the delta, i.e., the modifications of the inventory. By default this value is checked to only
upload the delta.
282 - Numara Power Manager
Upload Interval
This value defines the upload period for the inventory in seconds. If it is set to 0, no uploads are configured by
the module, but they can still be managed through operational rules. The setting only configures the upload of
existing data, it does not include an update of the inventory. The default value is 86400 seconds or 24 hours.
Minimum Gap Between Two Uploads
This parameter defines the minimum time interval between inventory uploads in seconds. If the value is set to
0 this option is deactivated and there is no minimum interval.
7 Make the desired modifications, then click OK to confirm the modifications and again OK to confirm the step.
8 If modifications have been made to an operational rule it must be reassigned to its targets to notify the local
agents of these.
9 Therefore open the Assigned Objects->Device Groups node of the rule.
10 Select the entry in the table to the right.
11 Select the Edit->Reassign Operational Rule menu item or the respective icon ( ) in the icon bar.
12 The reassignment process of the operational rule will be launched.
13 You can follow its execution under the Devices node below.
14 Once the status Updated is displayed for all devices, the local agents are aware of the modifications and will
from now on manage the inventory upload according to this schedule.
(b) Regularly Generate (Update) the Inventory
When using the automatic activation a default schedule is assigned to the operational rule: immediate execution,
once. In our case we will define a schedule first and then the assignment must be activated.
For our example it may be useful to run the inventory rule at regular intervals, such as once a week to make sure
all devices are still on their assigned power schemes and the users have not modified these. To do so proceed as
follows:
1 After the device group has been assigned go to the Power Management Inventory->Assigned Objects-
>Device Groups node.
2 Select the All Devices entry in the table in the right window pane.
3 To define the schedule either double-click the table entry or select the Properties... icon ( ) in the icon bar.
4 The Properties window will open on the screen.
5 First go to the Validity tab. This tab allows you to define the activation of the execution and its termination.
6 In the Execution Date box define on when to run the inventory collection. In our example we will select the
Next Startup radio button to launch the inventory when the agent is started next.
7 Then go to the Termination box below, click the Run Forever radio button.
11 Uncheck all boxes apart from Sunday to make sure the devices start their work week with the right scheme.
12 In the Period drop-down field to the right select the value Once Only.
13 In the field below select the time at which to execute the inventory collection, e.g., 22:00. To modify the
minute value just click in the field with the selected value and change the value, e.g. to 22:30.
14 Click OK to confirm the new schedule and close the window.
15 The status currently displays Assignment Paused, which means you need to activate the new schedule.
If the rule was already executed before and the schedule modified afterwards the status will display Update
Paused.
16 Reselect the All Devices entry in the table and then activate it by selecting the Activate Operational Rule
icon ( ) in the icon bar.
If the rule was already executed it must now be reassigned instead of activated, therefore select the Reassign
Operational Rule icon ( ).
3 Go to the Termination box below, click the Run Forever radio button.
4 Now select the Frequency tab.
5 Leave the By Schedule and the Run Every Day radio buttons checked.
6 In the Period drop-down field select the value Once Only.
7 In the field below select the time at which to execute the upload, e.g., 07:00. To modify the minute value just
click in the field with the selected value and change the value, e.g. to 07:30.
8 Click the Finish to confirm the schedule and terminate the wizard.
9 Continue with the general procedure.
(d) Create/Modify Power Scheme
Creating new power schemes or modifying existing ones is done via operational rules and its step. The step is the
same for both operations:
1 Select the Wizards->Operational Rule Creation menu item or the respective icon ( ) in the icon bar.
2 The Operational Rule Creation Wizard appears on the screen.
3 The left pane of the wizard window displays all available steps of this wizard.
Chapter 11 - Power Management Step-by-Step - 285
Step 1: Definition
In this first step the operational rule to be created must be defined via its parameters.
1 Enter Change Power Scheme (or any other desired name) into the Name field.
2 Leave all other parameters as they are, as neither packages will be distributed nor dependencies are required
for this rule.
3 Click the Next button to continue.
Step 2: Steps
Only one step is required for this operation:
1 Select the Add Step icon ( ) on top of the list field.
2 The Select a Step popup windows will appear on the screen.
3 Expand the item Power Management and select the step Create/Modify Power Scheme.
4 Click the Add ( ) button to confirm.
5 The Properties dialog box appears on the screen.
6 Enter a name for the new power scheme in the respective field.
If you are modifying an existing scheme make sure you enter the name of the scheme to be modified exactly as
it is saved in Windows. Otherwise a new one will be generated.
7 Check the box Active Power Scheme to make the new scheme the active scheme right away.
8 Enter the following values for testing purposes in the fields labelled with (AC). This signifies that the
parameter applies to devices with a constant source of alimentation, such as a desktop or a laptop connected to
an electrical plug:
Monitor Off: 1 Minute.
Hard Disc Drive Off: 2 Minutes
System Suspend: 3 Minutes
Hibernate System: 5 Minutes
9 Leave all other values as they are.
Step 2: Steps
In this window we need to specify the scheme modification operation:
1 Select the Add Step icon ( ) on top of the list field.
2 The Select a Step popup windows will appear on the screen.
3 Open the Power Management folder and select the Define Power Scheme step.
4 Click the Add ( ) button to confirm.
5 The Properties window appears on the screen.
Chapter 11 - Power Management Step-by-Step - 287
Enter the name of the scheme to make the active scheme into the Replacement Power Scheme field.
Make sure you enter it exactly as it is defined in Windows. You may find the exact name either in the console in
the previous inventory, or in the inventory‘s tab, or in the Power Scheme window of Windows.
6 Then click OK to confirm the parameters and OK again to confirm the new step.
7 Click OK again to confirm the list of steps for the operational rule and close the window.
8 Now click the Finish button to confirm the settings of the new operational rule.
9 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
The Windows Device Management functionality is, as its name indicates, only applicable to Windows, version 2000 and
later.
It is strongly recommended to only create one single rule per peripheral device class. Multiple rules may contradict
themselves and thus result in not applying the desired rules in the network. It is however possible to have different rules
for the different peripheral classes, e.g. one rule for all USB storage devices, one rule for all CD/DVD burners, another one
for all modems, etc.
Prerequisites
To execute the examples provided in this chapter we assume that:
• you have different USB storage devices available.
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the
NAMP console and its workings.
2 Select the Edit->Create Operational Rule menu item or the respective icon ( ) in the icon bar.
3 The Properties dialog box appears on the screen.
If you want to create the new rule in a specific folder instead of under the operational rules top node see Option
(a) now.
4 Enter Device Management Configuration (or any other desired name) into the Name field and click OK to
confirm.
5 Select the newly created rule and go to the Steps tab.
6 Either choose the Edit->Add Step menu item or click the respective icon ( ) in the icon bar.
7 The Select a Step popup window will appear on the screen.
8 Expand the item Agent Configuration and select step Load/Unload Module.
9 Click the Add ( ) button.
10 The Properties dialog box appears on the screen.
11 From the dropdown list of the Module Names field select the Windows Device Management option.
12 Leave all other options as they are.
13 Click the OK button to confirm.
14 Now select the step Windows Device Management Module Setup.
15 Click the Add ( ) button.
16 The Properties dialog box appears on the screen.
17 Check the Log Events box.
18 Click the OK button to confirm.
19 Now click the OK button again to confirm the list of defined steps for the operational rule and to close the
window.
If you want to create the new rule in a specific folder instead of under the operational rules top node see Option
(a) now.
2 Leave all other parameters as they are, as neither packages will be distributed nor dependencies are required
for this rule.
A rule defining the management of a specify device class should always use the Reset Device Management Rule
as its first step. This is to make sure there are no other rules that are already assigned or used and that may
interfere with this new rule.
6 Click the OK button to confirm and add this step to the list of Selected Objects.
7 Then select step Create Device Management Rule.
8 Click the Add ( ) button.
9 The Properties dialog box appears on the screen.
10 The USB Storage Devices option is already preselected.
11 Check the box Authorise. This will allow the usage of the USB storage defined below.
12 In the Filter Type field select the option Exact Match.
13 Into the field Device Description Filter enter the exact name of the USB storage to allow. If the name is not
correct, the storage will not be recognised when it is connected.
If you are not sure about the exact name see Option (c) now to find out.
To allow all USB keys of a specific manufacturer or type see Option (b) now.
14 Click the OK button to confirm and add this step to the list of Selected Objects.
When creating a list of conditions always start with the most restrictive condition and work your way down to the
most general. A step prohibiting or allowing „the rest“ or „all others“ should always be the last in the rule.
23 Click OK again to confirm the list of steps for the operational rule and close the window.
24 Now click the Finish button to confirm the settings of the new operational rule.
25 A confirmation window appears on the screen which allows you to directly
continue with the Operational Rule Distribution Wizard. Click Yes to continue
directly with the distribution of the new rule.
1 The Name field is inaccessible as the operational rule to distribute is already preselected, i.e. the one we just
created.
2 Leave all other options as they are.
6 Click Finish to confirm all choices and launch the assignment and configuration
process.
7 The last option provided by the wizard is to go directly to one of the objects, i.e.
the operational rule or the task, if one was created. for our example we will
directly activate the rule and change to focus to it, therefore check the Go to
Operational Rule box and click Yes, to directly activate the rule.
8 The device group will be added to the table in the right pane with a status
Activated.
9 To follow the assignment process select the All Devices subnode below and follow the status in the right
window pane for the group members.
Depending on the operating systems of the master, an error message might appear in the SysTray that an error
occurred with the newly found device.
8 In addition an event is logged by the NAMP agent and displayed in the tab.
By default these events are configured to be uploaded every 24 hours, i.e. at midnight to the master database. If
the agent is not running at this time the events will be uploaded at agent startup. If this schedule does not
correspond to your requirements you may assign it a different schedule. Information on how to you will find in the
Configuration Management chapter earlier in this manual.
20 The Select a Device Group popup window will appear on the screen.
21 Select the group All Devices from the list.
27 To display the device management events instead of the default software distribution events select Windows
Devices from the Model Name dropdown list.
28 Then click the Find button.
29 The table below will now display all events that were uploaded and are continued to be uploaded.
30 Now all data are uploaded and ready and reports may be generated.
31 For more information on how to create and generate reports see chapter Reports Step-by-Step.
12.2 Options
The following paragraphs will provide you with a number of options that may be used to modify the operational
rule application.
(a) Creating a Rule in a Specific Folder
When creating a new operational rule it may be directly created in a folder instead of under the Operational Rules
top node, which is the default location. To do so proceed as follows:
1 To add it to another folder click the icon to the right of the Folder field (...).
2 The Select Folder window appears on the screen displaying the folder hierarchy. If the desired target folder
does not yet exist you can also create a new folder.
a To do so first select the parent folder of the new one and then select click the New Folder icon ( ) below
the hierarchy.
b The Properties dialog box appears on the screen.
c Enter the desired data into the respective fields and then click the OK button at the bottom of the window
to confirm the new application list folder.
3 Select the target folder and click the OK button to confirm and to close the window and return to the original
window.
(b) Allow all Devices of a Specific Manufacturer
Instead of limiting the usage to one specific USB key you may also limit the usage to all keys of a specific
manufacturer, for example to those that your company provided to all those employees needing to exchange data.
For this proceed as follows:
1 In the Properties dialog box enter the following values:
2 In the Filter Type field select the option Pattern.
3 Into the field Device Description Filter enter the part name of the USB key that is common to all keys of the
manufacturer preceded if necessary and/or followed by the asterisks (*) wildcard character, e.g. *Cruzer*.
This will allow all USB storages who‘s name includes Cruzer to be used on the managed devices.
4 Proceed with Point 14 (page 292) of the general procedure.
298 - Numara Asset Management Platform
Master Internet
1 ConfigFiles
4 Patches
1 5
ConfigFiles.cst 1
Patch Situation 2b
3 Patch Inventory
By default the devices in the network are configured in such a way that the master will automatically update its
patch description file every two days and the client agents will verify with the master at each startup if they are
up-to-date. In case they are not, the master will then directly provide them with the newest patch description file.
If these settings are not adapted to your needs, you will find the detailed procedure on how to modify these values
at the end of this chapter. Our example procedure in this chapter is based on the assumption that both master and
clients are up-to-date.
This chapter is divided into the following sections:
• Patching Your System
• Patch Reporting
• Patch Management Options
300 - Numara Patch Manager
Prerequisites
To execute the examples provided in this chapter we assume that:
• the Microsoft XML parser MSXML 3.0 must be installed on all devices to be patched, i.e. on the master and
any other target devices. For Windows XP and later it is already preinstalled.
• the master has access to the Internet
• the master is the Patch Manager
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the AMP
console and its workings.
If the master device is installed on a Windows operating system it is by default also the Patch Manager, if the master is
installed on any other operating system no Patch Manager is defined by default. In this case you need to define a Patch
Manager as explained in Option (d) before starting on the procedure described below.
If you want to define another device as the Patch Manager please see Option (d).
To differently configure the Patch Manager update process see Option (h).
If you do not have an Internet connection on the master and need to manually update the Patch Manager see Option
(i) now.
6 You can follow these steps via the Status column which will indicate the currently executing step.
7 Click the Refresh button ( ) repeatedly to see the status values changing, as this page does not refresh
automatically.
8 The update process is finished when the Status column displays the status Database Up To Date.
9 Once the package has arrived on the master it will be sent to all devices according to the settings in the
module.
10 If you have switched off this option you must manually create an operational rule and send the package to all
the targets for which the patch inventory is to be established.
Before the patch situation is evaluated on a client it is recommended to always make sure that the client has
the latest version of the ConfigFiles package is installed. This group of files are the base on which the patch
inventory is established. If you establish an inventory with an obsolete ConfigFiles you might miss newly
released important patches.
8 The Select a Package dialog box opens on the screen. It displays the list of available packages in its display
window.
9 Select the ConfigFiles.cst package and click OK to add it to the operational rule and close the window.
302 - Numara Patch Manager
10 Go back to the Steps tab. You will see that two steps were automatically added to the rule.
When a package is added to an operational rule the necessary steps are automatically added to the rule as
well, i.e. a step to verify if the target has the right operating system on which the package is to be installed and
the step to install the package itself.
19 Click the Add button ( ) to add the step to the list of Selected Objects.
20 The Properties dialog box will appear on the screen displaying the parameters to be defined.
21 Check the remaining options: Force Upload, Bypass Transfer Window.
26 A confirmation window appears on the screen. Click Yes, to activate the operational rule directly.
If you want to schedule the execution of this rule at regular intervals, click No and see Option (b).
27 The Assign to Device Group popup window will appear on the screen.
28 Select the All Devices group from the list.
For more locations where you can monitor the patch distribution and location refer to Option (e).
At any moment you can use the Refresh button ( ) in the toolbar.
The bottom right counter tells you the seconds before the status is refreshed automatically.
304 - Numara Patch Manager
Patch Management is generally done via the concept of patch group, for more information on this please refer to
the Numara Patch Manager manual.
Patch management offers a wizard via which the patch situation of a device may be directly remedied. In our
example here we will use the Patch - Service Pack Distribution directly from the Patch Inventory/Missing Patches
node of our Master.
Chapter 13 - Patch Management Step-by-Step - 305
The patch wizard is directly accessible from the main menu and other locations in the console as well: from the
patch inventory of a device and a device group and as well from individual bulletins in the Patch Management
node. Depending on the location from which you launch the wizard its window content and the window order
might be different than the one explained below.
1 Select a missing bulletin for the master in the table of the node Device Topology->Master->Inventory->Patch
Inventory->Missing Patches.
Please do not choose an MS Office patch for this first patch process! These patches require quite some
additional information and configuring. You will find an example for an MS Office patch installation in the
options.
You can verify what type of patch it is by checking the respective entry in the Affected Product column.
To create the new patch group in a specific folder refer to Option (g) now.
In the Reboot Type box select the value Reboot after deployment. Be aware that if you do not reboot after
installation when a reboot is expected by one of the patches installed, this patch will still be seen as
missing even if you force a scan after install by the option below.
A reboot may not be necessary, but to be sure it is always recommendable to do so anyway. If the reboot is
required by the patch and you have not selected this option, the patch will not be completely installed until
the device is rebooted. Also if no reboot is done, the patch inventory is not updated.
Check the Force patch inventory scan after install and Force patch inventory upload after install boxes.
This will automatically reschedule the patch inventory generation, so you can verify if the patch was
properly installed.
Under the Office Installation Parameters select No Office Patch Installation from the Office Install
Type drop-down list.
If you are applying and installing an MS Office patch please see Option (a) now.
If you want to schedule the patching process at a specific later time see Option (c) now.
Chapter 13 - Patch Management Step-by-Step - 311
To receive more information on the different locations for monitoring the patch application refer to Option (e).
We are currently on the Relay Patches patch group under the Patch Management node from where we may
follow the execution of the actual patch installation with its different stages.
1 Go to the Downloading Patches tab.
2 As long as the patch is listed in this window it is not yet assigned to the patch group. Once it has finished
downloading it disappears here and is listed in the Patches tab.
3 Now go to the Assigned Objects->Devices node.
4 In the table to the right you will find the entry for the relay and you may follow the patching process in the
view’s schedule Status column. The initial status is Affected and the final stage should be as shown in the
graphic below Patch group successfully installed.
5 Once this status appears we may go to the History tab of the Patch Inventory node of the master (Device
Topology->Master->Inventory->Patch Inventory). This tab displays a sort of a log of everything that
happened to the inventory entries. For the patch inventory this means, that once a patch has been fixed it will
move from the Missing Patches node to this tab.
6 If this view is still empty, this means that the patch inventoring process is not yet finished. Keep refreshing
( ) the view.
7 Once the inventory is finished this view will display the entry we selected to be patched from the initial
inventory.
312 - Numara Patch Manager
11 The report will be created immediately using the current data in the database concerning the assigned device
group.
The report result which is generated will be put in all the required places according to the reports settings. This
means it will be available under the Report Results node of the report, as well as under that of the device
group it is assigned to.
12 To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
13 The generation of this type of report may take a little while, reselect therefore the icon until the report appears.
14 Enter again your login in the appearing window.
15 A new browser window or tab opens and displays the report.
This report displays an overview of the patch deployment situation per device of a device group including the
following information:
This report provides an overview over different aspects of a specific patch group in form of a number of charts on
the following different topics:
• Patch Severity Status
• Top 10 Vulnerable Devices
• Top 10 Missing Bulletins
• Top 10 Affected Product Families
• Top 10 Affected Products
Patch Severity Status
This first pie chart displays the classification according to their severity of the distributed patches.
1 At Step 6: Point Step 6f: (page 308) select Full File Installation from the Office Install Type drop down
box.
2 The fields below the drop down list become available now.
3 Enter the following values:
Path
Enter into this field the location of the MS Office Installation CD. This may be a local path, e.g.
C:\patchex\MS\office\office2000 or it may be a network share, such as
192.155.1.24\CDSERVER\MSOFFICE2000.
User Name
If the CD location is on a device\share that requires identification you must enter here a user name with
which it may be accessed. Otherwise you can leave the field empty.
Password
If identification is required enter here the password for the login specified above.
Product Name
This field needs to contain the exact name of the product to patch. To find the correct name check the
respective entry in the Affected Product column of the patch inventory. Then click the Find button to the right
and the Product List window opens on the screen. In this window choose the product name as mentioned in
the Affected Product column. Click OK.
Not automatically activating an assignment is of interest if a schedule other than the default schedule is to be
used, or if the operational rule is to be advertised rather than assigned to a specific device or user. Advertising in
this case means, that the operational rule will be available on the browser agent interface locally for further use.
For our example of the Inventory Management rule it may be useful to run this rule at regular intervals, such as
every day at start up, to have a most accurate view of the device’s situation. To do so proceed as follows:
1 At Step 3: Point 26 (page 303) answer No.
2 After Step 3: Point 29 (page 303) proceed as follows:
3 Select the master in the table in the right window pane.
4 To define the schedule either double-click the table entry or select the Properties icon ( ) in the icon bar.
5 The Properties window will open on the screen.
6 First go to the Validity tab. This tab allows you to define the activation of the execution and its termination.
Chapter 13 - Patch Management Step-by-Step - 317
7 In the Execution Date box define on when to run the inventory collection. In our example we will select the
Next Startup radio button to launch the inventory when the agent is started next.
8 Then go to the Termination box below, click the Run Forever radio button.
9 Now select the Frequency tab.
10 In the Period drop down field leave the value Once Only.
11 In the field appearing below select the time at which to execute the inventory collection, e.g., 03:00. To
modify the minute value just click in the field with the selected value and change the value, e.g. to 03:30.
Inventory collection might be quite resource consuming, thus it is recommendable to run these rules when the
network load is low, i.e. during the night, if the devices are not shut down.
Assigning a patch group signifies that the patch packages will be sent to all targets. If the patch group
contains several packages and maybe even large ones, it may be advisable to assign the group at a low
network time, such as lunch time, during the night or even weekends.
In the Select Assignment Date box check the Deferred to radio button and select Today from the drop-
down field and then select 12:00 from the drop-down list in the at field.
Leave the Immediately radio button selected in the Select Execution Date box.
b To assign the patch group during the night from Friday to Saturday and launch the installation at the next
agent start up make the following selections:
In the Select Assignment Date box check the Deferred to radio button and select the date of the next
Saturday from the calendar, that appears when you click the little down arrow of the field. Then select
03:00 from the drop-down list in the at field.
In the Select Execution Date box select the Next Startup radio button.
2 Then click the Finish button and continue with the next point of Step 6: of the main procedure.
(d) Define a Different Patch Manager
To be able to manage patches a device must be a Patch Manager. Any device may be a Patch Manager, it only must
be defined as such. This may either be done in the properties of the device or in the Patch Management node. To
add a device to the Patch Management as a Patch Manager proceed as follows:
1 Select the Patch Management->Patch Manager node in the left window pane.
2 Then either choose the Edit->Add Device menu item or click the respective icon ( ) in the icon bar.
3 The Add a new Patch Manager popup window will appear on the screen.
4 Select the All button ( ) in the left window bar and select the new device which is to be a Patch Manager
from the list.
Chapter 13 - Patch Management Step-by-Step - 319
• The All Bulletins and Applied Bulletins tab of the respective bulletins
• The Affected Devices tab of the respective bulletins
• The Bulletins by Year and Bulletins by Product node
320 - Numara Patch Manager
Under these tabs and node you may see the number of affected devices regarding the product family/patch
bulletin decrease as the patch installs on the targets and is thus no longer needed.
7 Select the criterion Patch Manager and then check the Value box in the Criterion Description box.
8 Then click the Add ( ) button, to add the criterion to the list.
9 Now select the criterion Topology Type from the list and click the Search button in Criterion Description box.
10 The Search Criteria window appears on the screen. It displays all existing topology types.
11 Select the option Master and click OK.
12 The selected option will now be displayed in the Value field of the Criterion Description box.
13 Click the Add ( ) button, to add the criterion to the query.
14 Then click OK, to confirm the content of the new query and to close the window.
15 In the table in the right window pane you can now see all the defined criteria.
16 Activate the query.
17 Reselect the new query in the tree hierarchy in the left window pane.
18 Then either select the Edit->Create Device Group or select the respective icon ( ) in the toolbar.
19 If you go now to the Device Groups node you will find the new group called Patch Targets directly under it
with the population defined by the query.
20 Now the operational rule must be created. To do so go to the Operational Rules node in the left window pane.
21 Click on the Create Operational Rule icon ( ) in the icon bar. The Properties dialog box appears on the
screen.
22 Enter a descriptive name in the Name field, for example, ConfigFiles Update.
23 Go to the new rule’s Steps tab.
24 Click the Add Step icon ( ) in the icon bar. The Select a Step popup windows will appear on the screen.
Chapter 13 - Patch Management Step-by-Step - 323
25 Select the Agent Configuration folder and select below the step called Patch Management Module Setup and
click the to-the-right button ( ).
26 The Properties window appears on the screen displaying all available parameters.
27 Modify the following values to your requirements:
Update Configuration Files at Startup
This parameter defines if the local agent will verify with the master if its ConfigFiles are up-to-date at agent
startup and if not receive them. By default this option is set to Yes, verify and update.
Interval Before Patch Inventory Update
This value defines the delay in seconds to wait for a possible update to arrive before any operations, such as
a patch inventory or a patch installation, are executed. The default value is 300 seconds or 5 minutes.
28 Click the OK button to confirm the modifications.
29 Then assign the operational rule to the group Patch Targets via the Device Groups under the Assigned Objects
node.
30 Once the operational rule is executed on all devices the new settings will become valid.
(i) Manual ConfigFiles Update
The ConfigFiles patch description file is a group of files that contains all information against which the patch
situation of the local targets is compared. If this file is not up-to-date you may miss important new patches
required by your devices. Updating the file includes downloading it, parsing the file, and creating a new custom
package, ConfigFiles.cst, directly under the main Packages node. This package is required by the target clients
to know which security updates they need to install.
If your Patch Manager does not have a permanent Internet connection it cannot use the automatic update
procedure detailed in the previous paragraph, instead it must be updated manually periodically. To be able to
update at least one device within your network must have at least a temporary Internet connection to download
the newest ConfigFiles update file with which to bring your Patch Manager and all clients up-to-date. To manually
update proceed as follows:
Step 1: Patch Manager Configuration
The first step is to configure the Patch Manager that it allows for the manual update procedure. To do so proceed
as follows:
1 Go to the Patch Management -><Patch Manager> ->Configuration ->Update node.
2 Select the Edit->Properties menu item or the respective icon ( ) in the icon bar.
3 The Properties window appears on the screen.
4 Select the Local Update radio button in the Update Type box.
5 Click OK to confirm the modification and to close the window.
324 - Numara Patch Manager
4 You can follow these steps via the Status column which will indicate the currently executing step.
5 Click the Refresh button ( ) repeatedly to see the status values changing, as this page does not refresh
automatically.
6 The update process is finished when the Status column displays the status Database Up To Date.
7 Once the package has arrived on the master it will be sent to all devices according to the settings in the
module.
8 If you have switched off this option you must manually create an operational rule and send the package to all
the targets for which the patch inventory is to be established as explained in the option above.
14
Vulnerability Management Step-by-Step
Faced with the exponential growth in the number of security vulnerabilities, and the increasing complexity of
information systems, an automatic analytical solution is essential for effective operational risk management. The
Numara Vulnerability Manager is a non-intrusive vulnerability scanner that is able to scan all devices with an IP
address. It then uploads all collected information to the database and makes it available via the NAMP console.
As shown in the graphic below, the vulnerability process consists of the following individual steps:
1 Update the master and scanner with the latest vulnerability version via the VM Updater
2 Create and launch scan on target and upload the collected information to the database and display in the
inventory and vulnerability groups
3 Create the vulnerability groups
4 Fix vulnerabilities via existing patches or other fixes:
a Download available patches
b Apply patches to the targets
1 Update
Master
3 Vulnerability Group
VM Updater
4b Patches
1
4a Update
2b
Patches Scan Inventory
Target Client
Internet
2a Device Scan
Scanner
Vulnerability scans may be executed on any device, it is not necessary that the scanned device has the NAMP
agent installed.
To be able to remedy the vulnerability situation via the installing of patches, as explained in the second part of this
chapter you also need the Numara Patch Management license. For trial purposes this license is included in the temporary
license.
Prerequisites
To execute the examples provided in this chapter we assume that:
326 - Numara Vulnerability Manager
• that you have the Patch Management License as well as the Vulnerability Management license. The PM license
is required for resolving vulnerabilities of which the fix is provided by a Microsoft bulletin,
• the operating system of the scanner device is
Windows 2000 (minimum Service Pack 4), Windows XP, Windows 2003, Windows Vista, Windows 2008 or
Linux RHEL 3, 4 and 5, SUSE 10, CentOS 4.3, Debian 4.0 or later versions
• the master/scanner has an internet connection,
• the master/scanner is connected via Ethernet, it MUST NOT use a wireless connection,
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the
NAMP console and its workings.
• You have also already familiarised yourself with the Numara Patch Management in the preceding chapter as
this is an integral part of vulnerability remediation.
The master is by default defined as a scanner. Refer to Option (h) to define another device as the scanner.
This step may be automated via the configuration options. For information on how to do so proceed to Option (k).
4 Select an entry and then chose the Edit->Check for Update menu item or the respective icon ( ) in the icon
bar.
5 The field Update Status will now indicate if the vulnerability base files need updating (status Out of Date)
and the field Available Version displays the number of the currently latest version of the respective file.
6 Now select the Edit->Update Now menu item or the respective icon ( ) in the icon bar.
7 A link with the Update Server will be established to download the newest available version.
8 All necessary information has been recovered by the master and is then downloaded to all defined scanners
when the status displays Up to Date and the overall status displays a green flag.
Numara Vulnerability Manager has several wizards which are available from a number of locations, such as the
Vulnerability Detection is accessible everywhere from the Wizard menu, but also from the Assigned Scans node
under the scanner.
1 From anywhere in the console select the Wizards->Vulnerability Detection ( ) menu item.
2 The wizard appears on the screen with its first window.
Step 1: Vulnerability Detection Wizard
In the first window the scanner must be selected. In our case we have only one scanner defined which is
preselected in this window. Therefore just click Next.
Step 2: Scan
In the second wizard window you can give a unique descriptive name to the scan. To do so enter Test Scan into
the Name field in the Scan box.
To create the new scan in a specific folder refer to Option (j) now.
Chapter 14 - Vulnerability Management Step-by-Step - 329
Click Next.
To create the new scan configuration in a specific folder refer to Option (j) now.
2 Click Next.
To scan a device or devices on which no NAMP agent is installed yet, refer to Option (b) now.
To create the new target list in a specific folder refer to Option (j) now.
1 Therefore select the Add Existing Device menu item or the respective icon ( ).
2 The Select a Device window opens which provides you with the different methods to choose the target device.
3 Select the All button ( ) in the left window bar.
4 The box displays now the list of all devices which are currently part of your Numara network. Select the
device to be scanned, e.g., the relay, and click OK to add them to the target list.
5 Click Next to go to the next step.
Step 9: Schedule
The next step is concerned with the scheduling of the scan. Leave the window as it and click Finish to confirm all
scan definitions.
334 - Numara Vulnerability Manager
5 Once the scan status is Execution Scheduled you may also double-click the scan entry and then select its
Sessions tab, in which you may see a few more information regarding the scan details.
Chapter 14 - Vulnerability Management Step-by-Step - 335
In this view you can see the following information regarding the executing scan:
Target
The fields of this column display the names of the device targets. There will be an entry for each target of each
currently executing scan, no matter its status.
Status
These fields display the status of the respective target. For more information on the possible states refer to
chapter Status Reference of the Numara® Asset Management Platform Reference.
Stage
This field indicates which phase of the scan tests the session is currently executing. Depending on this value
other values of this table are filled in.
Information
The number of information items the scan has retrieved. This number starts increasing as soon as the phase
Initialisation has finished.
Pending Actions
This is the number of actions which are waiting to execute. An action may be pending because it has not yet
received information it requires, such as for example the host name which is delivered by the preceding
action, or because the maximum number of simultaneously executing actions is currently reached.
Executing Actions
This is the number of currently running scanning actions.
Vulnerabilities
This number displays the number of vulnerabilities the scan finds. It will only start increasing once the
execution stage arrived at Vulnerability Detection.
Start Time
The date and time at which the scanning session was started on the target client.
End Time
The date and time at which the session finished.
Duration
The the total time the session needed to execute in the regular time format hh:mm:ss.
The Vulnerability situation may also be investigated via the vulnerability inventory of a device group, the
Vulnerability Groups node of the Numara Vulnerability Manager and the Last Results node under the Assigned
Scans. See Option (d) for more details.
2 Under this node all vulnerabilities that were found for the device are listed.
3 For more information on the presented information refer to the Numara Vulnerability Manager manual.
Available Microsoft Patches are listed in the Vendor ID column and have the format MS<Year>-
<BulletinNumber>.
Do NOT use a patch applicable to MS Office, these require specific parameters which are explained under Option
(a) of the Patch Step-by-Step chapter. You can see if a patch is applicable to MS Office in the Title of the
vulnerability.
To fix a vulnerability without an available Bulletin or Vendor ID refer to Option (c) now.
Vulnerabilities may also be fixed via the Vulnerability Groups node of the Numara Vulnerability Manager. See
Option (e) for more details.
1 In the table of the Vulnerabilities node select a vulnerability for which a Microsoft bulletin is available in the
table in the right window pane.
Chapter 14 - Vulnerability Management Step-by-Step - 337
2 Select the Edit->Fix Vulnerability menu item or the respective icon ( ) in the icon bar.
3 The Fix Vulnerability Wizard opens on the screen.
Step 1: Fix Selection
In the first window of the wizard you define how you want to fix the selected vulnerabilities. Check the
Download and Apply Patches option.
Contrary to the Vulnerability Detection wizard this wizard does not have the vulnerability-red side bar. This is
due to the fact that the actual vulnerability remediation is executed by the patching process therefore also by
the patch wizard which is PM-blue.
For more information on the Download Patches wizard refer to chapter Patch Management step-by-step where
the wizard is explained in detail.
338 - Numara Vulnerability Manager
If you have selected a patch that has been replaced with a more recent patch than the selected one the
Superseded Patches window appears on the screen. It lists all patches in the inventory which have more recent
versions. You have the choice here to either just continue, then the initial patch as well as the superseding patch
will be installed or you can cancel and restart the fixing process by selecting the more recent patch version.
To create the new patch group in a specific folder refer to Option (j) now.
Step 9: Schedule
The final window of the wizard concerns the scheduling of the assignment and execution of the patch
application. Leave all values as they are and click the Finish button to confirm all choices.
344 - Numara Vulnerability Manager
3 Once this status appears we may go to the History tab of the Patch Inventory node of the device. This tab
displays a sort of a log of everything that happened to the inventory entries. For the patch inventory this
means, that once a patch has been fixed it will move from the Patch Management node to this tab.
4 If this view is still empty, this means that the patch inventoring process is not yet finished. Keep refreshing
( ) the view.
If the remedied bulletin does not appear in this tab, it may be due to the fact that the patch inventory process
has not found this patch missing contrary to the vulnerability scan. Therefore it was not included in the patch
inventory and cannot be displayed as being removed now, because not missing any longer.
5 Once the inventory is finished this view will display the entry we selected to be patched from the initial
inventory.
Chapter 14 - Vulnerability Management Step-by-Step - 345
The remedied situation is also visible under the Vulnerability Inventory node of the device.
1 To display the remedied situation you first need to rerun the scan, as this is - contrary to the patch
management - not automatically re-launched by option.
2 To do so go to the Vulnerability Management->Scanners-><Scanner>->Assigned Scans node.
3 Select the Test Scan entry in the table to the right.
4 Select the Edit->Reassign Scan menu item or the respective icon ( ) in the icon bar.
5 The status of the scan will turn to Reassignment Waiting to indicate that the scan is now being reassigned
and it will execute according to the defined schedule.
6 Continue with Step 3 to monitor the scanning process again.
7 Once the scan is finished and has uploaded its information go to Vulnerability Inventory->Vulnerabilities
node of the device.
8 There check the inventory listed. You will NOT find the installed patch in this list anymore.
The report result which is generated will be put in all the required places according to the reports settings. This
means it will be available under the Report Results node of the report, as well as under that of the
vulnerability group it is assigned to.
12To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
13The generation of this type of report may take a little while, reselect therefore the icon until the report appears.
14Enter again your login in the appearing window.
15A new browser window or tab opens and displays the report. This report displays the situation of a part of
your network by vulnerability. The target group for the vulnerability analysis was defined via the target list,
which also defines the members of the vulnerability group.
This report displays all vulnerabilities by vulnerability group. It is divided into the following parts:
Group Details
This first section displays the settings and parameter values defined for the vulnerability group.
Device List
This section is represented in form of a table which lists all devices that are part of the respective vulnerability
group.
Vulnerability List
This section displays the list of vulnerabilities found on at least one target of the respective vulnerability group
with some additional information on the vulnerability.
Chapter 14 - Vulnerability Management Step-by-Step - 347
16
These reports may be generated at regular intervals to provide thus an overview of the general development of
your network. See Option (d) of the Reports chapter.
This report shows a technical summary by device and allows you to quickly see all information of all devices that
are member of our test scan vulnerability group.
Device List
This section is represented in form of a table which lists all devices that are part of the respective vulnerability
group.
Device Details
This second part provides more detailed information on the devices via the following different tables per device:
• Device Details - this table shows all the general information on the device on the device itself, regarding its
vulnerability situation and group membership.
• Open Ports - this table lists all the ports which were found open on the device with some additional
information on the ports.
• List of Identified Vulnerabilities -this third table displays the list of vulnerabilities that were found on the
device with some additional information on these.
• List of all Possible Vulnerabilities - this last table provides the list of vulnerabilities which were found on the
device but may actually not be vulnerabilities.
Vulnerability Groups
Vulnerability groups are the objects in the Numara Vulnerability Manager via which the security situation on the
target devices is resolved. From here you have an overview over the general security situation of a specific part of
your environment, you may follow how its security status evolves via graphics in the console and via reports
specifically generated for them. And you may launch the fixing process for the group’s vulnerabilities. Here we
will create a group for the devices we have scanned:
1 Open the Vulnerability Management->Vulnerability Groups node.
2 To create the new group select the Edit->Create Vulnerability Group or select the respective icon ( ) in the
toolbar.
3 The Properties popup window will appear on the screen.
4 Enter Test Scan as its name into the name field.
5 Click OK to confirm and close the window.
6 The new group will automatically be created and be displayed in the right window pane.
7 Select it. You can see that this node offers quite a number of different nodes and tabs, however in this example
we will only use its Options tab and All Vulnerabilities node. For more information on all other available
information refer to the Vulnerability Manual.
8 Go to the Options tab.
354 - Numara Vulnerability Manager
9 In the Options tab you configure which part of your network you want to access and visualise via this group.
10 In the CVSS box check all boxes.
1 In the Target Lists box select the Add Target List icon ( ).
2 The Assign a Target List window opens on the screen.
3 From the Available Objects list displayed in the window select the Test Scan Targets list.
4 Then click the OK button at the bottom of the window to confirm and close the window.
5 Then click the Save icon ( ) to save these group settings.
6 Now go to the All Vulnerabilities node.
7 It displays the list of all vulnerabilities found on all devices of the target list.
Chapter 14 - Vulnerability Management Step-by-Step - 355
9 In the Options tab you configure which part of your network you want to access and visualise via this group.
10 In the CVSS box check all boxes.
1 In the Target Lists box select the Add Target List icon ( ).
2 The Assign a Target List window opens on the screen.
3 From the Available Objects list displayed in the window select the Test Scan Targets list.
4 Then click the OK button at the bottom of the window to confirm and close the window.
5 Then click the Save icon ( ) to save these group settings.
6 Now go to the All Vulnerabilities node.
356 - Numara Vulnerability Manager
7 It displays the list of all vulnerabilities found on all devices of the target list.
1 Select the All Vulnerabilities node under the newly created Test Scan vulnerability group.
2 From here you may proceed to fix a vulnerability that has a Microsoft bulletin as described in the general
procedure from Point 14.1.5 (page 336) onwards.
3 To fix a vulnerability without Vendor ID follow the instructions of Option (c).
4 To remedy the situation on a device without a NAMP agent see Option (f).
(f) Remedy Vulnerabilities on Device without NAMP Agent
As we have already seen, the vulnerability inventory for devices without a NAMP agent is included in the
vulnerability group the respective device is a member of. To fix a vulnerability for such a device you have the
following choices:
1 Send an e-mail to the member(s) of your team responsible for the devices without agent to inform them of the
vulnerability that needs fixing. The operations necessary for this are the same as explained under Option (c).
2 Create a task for the vulnerability in the console. The operations necessary for this are the same as explained
under Option (c).
3 Install the agent on the device and re-execute the general procedure for this device.
(g) Schedule the Scan at Regular Intervals
For our example of the scan it may be useful to run it at regular intervals, such as every day to have a most
accurate view of the device’s situation and how the vulnerability resolving process advances. To do so proceed as
follows:
1 At Point 14.1.2 (page 327) Step 9: (page 333) make the following selections in the Execution Mode wizard
window:
In the Termination box select the Run Forever radio button.
2 Click Next.
3 In the Schedule wizard window make the following selections:
Select the Run Every Day radio button. More options will become accessible in the window.
In the Period field select the value Once Only from the drop-down box.
In the field at define the time of the day when to run the scan, for example during lunch time at 12:30.
The months to run are already all pre-checked so leave them unchanged.
4 Click Finish and continue with Point 14.1.2 (page 327) Step 9: (page 333) of the general procedure
Chapter 14 - Vulnerability Management Step-by-Step - 357
Scanning might be quite resource consuming, thus it is recommendable to run scan when the network load is
low, i.e. during the night, if the devices are not shut down or at lunch time.
If you only have an evaluation license, only one scanner can be defined. To define another device as a scanner
for this example you must therefore first remove the existing scanner before you can define another device as
the scanner.
Make sure that the parameter UpgradeWinPcap, located in the Numara Vulnerability Manager configuration file
VulnerabilityManager.ini, is activated (set to true). If this is not the case the manual vulnerability update can
not be completely executed. By default this parameter is activated.
1 Open the Vulnerability Management->Configuration->Update node in the left window pane and go to tab
Options.
2 Select one of the lines and then select the Edit->Properties menu item or the icon ( ) in the icon bar.
3 The Properties window appears on the screen. You have the following options you may define regarding the
automatic update.
Automatic Verification
This value defines if VM will automatically check for available updates. By default this option is deactivated.
Check the box to activate the auto-update. The master will then check with the VM Update service if an update
is available.
Verification Frequency
The value in this field defines the interval in seconds at which the automatic verification process, if selected,
is executed. The default value is 3600 seconds or every hour. You may modify this value to your own
requirements. However it is not recommended to go below one hour to not overload the network.
Automatic Installation
This option must be activated if the update process it to be completely automatic. If it is not selected, the
scanner will receive all updated files and store them, but it will not install the respective files, i.e. it will not be
up-to-date.
Chapter 14 - Vulnerability Management Step-by-Step - 359
Internet Update
This option defines if the master is to check via Internet with the VM Updater of the Numara site if updated
files are available. This option is activated by default.
Local Update
If this option is activated the master checks locally, i.e. on its disk if it can find an update to install. This option
is activated by default. This option is applicable if the master server does not have a permanent Internet
connection. In this case you must check via another device with an Internet connection with the VM Updater
if a new update is available, download the update and store it locally on the master.
User
The user login to access the VM update service. The default login VMUPDATE is already filled in.
Password
The password corresponding to the above displayed user name. For security reasons the password is displayed
in the form or asterisks (*). This field is filled in by default with the corresponding password.
Make sure that the parameter UpgradeWinPcap, located in the Numara Vulnerability Manager configuration file
VulnerabilityManager.ini, is activated (set to true). If this is not the case the manual vulnerability update can
not be completely executed. By default this parameter is activated.
1 Open a browser window on a device with an Internet connection and enter the following link:
https://vmupdater.numarasoftware.com/vmupdate/v3/
2 Click the local option of the provided directories.
360 - Numara Vulnerability Manager
3 Enter the login name and password to access the requested page. This information was sent to you in an e-mail
from the Numara Support.
4 A new page opens with only one link, the vmupdate_<update date>.upd file.
9 Select a line in the table in the right window pane and then the Edit->Properties menu option or the
corresponding icon ( ) in the icon bar.
10 The Properties popup window will appear on the screen.
11 Check the option Local Update.
12 If the scanners are to be updated automatically after the master update also check the option Automatic
Installation. If this option is not checked, the scanners will receive the update information and file, but they
will not update and install, this must be executed manually.
13 Click OK to confirm the modifications and close the window.
14 Then select the Status tab.
Chapter 14 - Vulnerability Management Step-by-Step - 361
15 This window shows the current status of the vulnerability module, i.e. if all required components are up-to-
date or if they require updating.
16 To update the master click the Edit->Update Now menu option or the corresponding icon ( ) in the icon bar.
17 A confirmation window appears on the screen.
18 Click OK to continue.
19 You can now follow the update progress in this window via the Status column which is updated every 30
seconds and will displays the different stages of the update process of all vulnerability components.
20 Once the master is updated the scanners will also be updated if you activated the Automatic Installation
option.
21 You can follow the update process of the scanner in the bottom box of the same view where the information
will also be displayed in the respective Status column.
22 Once the value Up to Date is displayed in all Status fields for the components as well as all defined
scanners the update process is completed.
362 - Numara Vulnerability Manager
15
Device Compliance Step-by-Step
Device compliance in the Numara Asset Management Platform is executed via the concept of compliance rules of
the Numara Compliance Manager. Compliance rules are made up of a series of criteria that correspond to the
conditions of your compliance policies. Compliance rules may contain only one very specific criterion or a
number of different criteria collected in groups that are put into a certain relation to each other.
However, before any device can be verified for its compliance the base data for compliance verification, i.e. the
inventories collecting this information, must be available.
This chapter is divided into the following sections:
• Compliance Rule Examples
• Compliance Reporting
• Rule Options
Prerequisites
We assume that:
• a browser is installed on your master.
• you have done the exercises in the chapters of Section I and are familiar with the general concepts of the
NAMP console and its workings.
• you have already done the exercises in the preceding chapters on Patch Management and Vulnerability
Management. As mentioned above the device compliance is based on the data available in the database, which
must have been collected by the respective inventories, before any evaluation may take place.
5 NAMP Client Installation Directory Rule: This rule checks that the Numara Asset Management Platform
software is actually installed in its default directory.
Rule 1: Firewall
This compliance rule will verify if the target device has a firewall installed that is active.
A compliance rule defines the criteria to which the target population has to correspond to be considered
compliant. These criteria are collected in groups, the criteria groups, which may contain any number of criteria.
This rule will only have one criteria group containing only one criterion.
Step 1: Create Compliance Rule
To create this compliance rule proceed as follows:
1 Select the Compliance Management top node in the left window pane.
2 Click on the Create Compliance Rule icon ( ) in the icon bar.
3 The Properties dialog box appears on the screen.
4 Enter Firewall into the Name field and then click the OK button.
5 The new compliance rule is added to the list of members in the right pane. Double-click it.
6 In the now displayed General tab you can review the basic information of the compliance rule.
7 To add the compliance criteria select the Criteria tab to the right.
8 Currently the table is still empty.
9 To define the criteria choose the Edit->Add Criteria Group menu item or click the respective icon ( ) in the
icon bar.
10 The Criteria Group popup window will appear on the screen.
11 It provides access to the list of available criteria in the Criteria Group Definition box. The first line of this box
indicates the index number of the criteria group which is about to be defined, i.e. Criteria Group 1 in our case,
as we are only creating the first for this rule.
12 Enter Firewall into the Name field.
13 From the Class drop-down list select the Security Inventory option.
If the Security Inventory entry is not available you have not executed the respective example in the operational
rules chapter. To complete this example go to Rule 1: Inventory Management (page 50) and then complete this
example.
14 Then select the table from which the criteria is to be chosen from the Table field, i.e. in
our case this is the value Installed Firewalls.
15 The Available Criteria box below now displays all criteria available for the selected
class and table. Select the criterion Enabled.
16 Leave the preselected operator Equal to in the Operator drop-down box.
17 Click the Find button ( ) next to the Value field.
18 The Search Criteria window opens.
19 Click the Find button ( ) next to the Value field again.
20 The Results field now displays the possible values, TRUE and FALSE. Select the TRUE
value and click the OK button to close the window.
21 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
Chapter 15 - Device Compliance Step-by-Step - 365
22 Then click the OK button to add the criteria group to the compliance rule.
23 Above the table you can also see, that the Status field still displays the value inactive. All compliance rules
are inactive when they are created.
24 To activate the compliance rule select the green coloured option active instead of the currently displayed red
option inactive in the Status drop-down field.
To assign the compliance rule to a device group see Option (a) (page 384).
1 Click the Assigned Objects, then Devices node in the left window pane under your newly created compliance
rule. The right window pane is empty since no devices have been assigned yet.
2 To do so select the Assign Device icon ( ) in the icon bar.
3 The Assign to Device popup window will appear on the screen.
4 Go to the All tab and select the master from the list.
366 - Numara Asset Management Platform
5 The master will be added to the table in the right pane with the immediately calculated compliance result.
6 Click the Refresh icon ( ), if the grey question mark icon remains in the table to update the display.
For results regarding an assigned device group see Option (d) (page 387).
compliant even if the overall compliance is negative or vice versa if the relation equation has the NOT
operator as the final operator.
Name
The fields of this column display the custom defined names of the criteria groups specified for this
compliance rule.
Table
The fields of this column display the names of the database table from which the criteria were chosen for
the criteria group.
8 The field Group Relation below displays the group relation as it was defined when the evaluation took place
for which the result is displayed in this window.
9 The Description box shows the details on the criteria defined for the selected criteria group in the table above.
10 Click OK to close the window.
9 Then select the Inventory Update table from the Table field.
10 The Available Criteria box below now displays all criteria available for this table. Select
the criterion Inventory Type.
11 Leave the preselected operator Equal to in the Operator drop-down box.
12 Click the Find button ( ) next to the Value field.
13 The Search Criteria window opens.
14 It displays the possible values, i.e. the list of all inventory types. Select the Patch
Inventory option and then click the OK button to close the window.
If the Patch Inventory entry is not available you have not executed the respective
example in the operational rules chapter. To complete this example go to Rule 1:
Inventory Management (page 50) and then complete this example.
15 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
Be aware, that within a criteria group only criteria of the same class and table may be created. To add criteria of
another class and/or table you must create another criteria group, put the desired criteria in and create the
necessary relation via the Group Relation box.
16 As a second criterion we will add a date criterion: The last inventory update must have taken place no more
than two weeks ago.
17 For this select the Update Date attribute in the Available Criteria box.
18 Leave the operator Greater than or equal in the Operator drop-down box.
19 To enter the dynamic time value of two weeks select the newly appeared Timeframe radio button.
20 Enter then the desired time value into the field next to it, i.e. -2 and select the corresponding unit from the
drop down list to the right, week.
You could also enter the same information with the following criteria values: Select the Less than or
equal Operator together with the time value of 2.
21 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
22 The criteria group now has two criteria. i.e. to fulfil the requirements of this group, a device must have a patch
inventory executed and its last update date may not be older than the specified value.
All criteria within a criteria group are connected via the AND operator. To connect criteria with another
operator they must be put into different criteria groups and then be related via the group relation
equation.
Chapter 15 - Device Compliance Step-by-Step - 369
23 Then click the OK button to add the criteria group to the compliance rule.
24 To now add the second criteria group for the vulnerability inventory select again the Edit->Add Criteria
Group menu item or the respective icon ( ).
25 Enter Vulnerability Inventory into the Name field.
26 From the Class drop-down list select the Basic option.
27 Then select the value Inventory Update from the Table field.
28 Select the criterion Inventory Type from the Available Criteria box.
29 Leave the preselected operator Equal to in the Operator drop-down box.
30 Click the Find button ( ) next to the Value field.
31 The Search Criteria window opens.
32 It displays all inventories. Select the Vulnerability Inventory and click the OK button and close the window.
If the Vulnerability Inventory entry is not available you have not executed the respective example in the
vulnerability management chapter. To complete this example go to the respective chapter and Create a
Vulnerability Scan (page 327) and then complete this example.
33 Then click the Add button ( ) to add the criterion to the Selected Criteria box.
34 Then, same as above, select the Update Date attribute in the Available Criteria box.
35 Select the operator Greater than or equal in the Operator drop-down box.
36 To enter the dynamic time value of two weeks select the newly appeared Timeframe radio button.
37 Enter then the desired time value into the field next to it, i.e. -2 and select the corresponding unit from the
drop down list to the right, week.
38 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
39 Then click the OK button.
40 The second criteria group is now also added to the compliance rule.
41 In the Group Relation box below you will now find the two groups - listed by their respective index values -
automatically related via the AND operator. This is due to the fact, that we have left the default operator above
the list field for the criteria groups with its standard value. We will leave the pre-entered syntax as it is, as our
devices are to comply to all criteria at the same time.
To create a less strict compliance rule in which the targets must only comply to one or the other of the
defined criteria groups, see Option (f) (page 388).
42 Next to this field above you can also see, that the Status field still displays the value inactive. All compliance
rules are inactive when they are created.
43 To be able to activate a compliance rule with more than one criteria group the syntax of its group relation
equation must be verified to make sure that it is syntactically correct. To do so select the Edit->Verify Relation
menu item or click the respective icon ( ) in the icon bar.
44 The syntax entered into the Group Relation field will be verified immediately.
45 If it contains an error, a message box is displayed with an indication as to the error, if the syntax is correct, the
status bar at the bottom of the console window will display Done. which is our case.
46 Now to activate the compliance rule select the green coloured option active instead of the currently
displayed red option inactive in the Status drop-down field.
370 - Numara Asset Management Platform
To assign the compliance rule to a device group see Option (a) (page 384).
1 Click the Assigned Objects, then Devices node in the left window pane under your newly created compliance
rule. The right window pane is empty since no devices have been assigned yet.
2 To do so select the Assign Device icon ( ) in the icon bar.
3 The Assign to Device popup window will appear on the screen.
4 Go to the All tab and select the master from the list.
5 The master will be added to the table in the right pane with the immediately calculated compliance result.
6 Click the Refresh icon ( ), if the grey question mark icon remains in the table to update the display.
For results regarding an assigned device group see Option (d) (page 387).
Chapter 15 - Device Compliance Step-by-Step - 371
12 From the Class drop-down list select the Software Inventory option.
13 This class only has one table, Installed Software, that is already preselected.
14 Select the criterion Name from the Available Criteria box below.
15 Leave the preselected Equal to operator in the Operator drop-down box.
16 Click the Find button ( ) next to the Value field.
17 The Search Criteria window opens.
18 Select the Contains operator from the drop-down field. If you know the exact name as it
is stored in the software inventory, you can leave the Equal to operator.
19 Enter part of the name into the Value field, i.e. Norton, otherwise you will get the
complete list of installed software applications in your network.
20 Click the Find button ( ) next to the Value field again.
21 The Results field now displays the list of software applications found in the database
that correspond to your value entry. Select the Norton entry and click the OK button to
close the window.
22 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
23 Click to add the criteria group to the compliance rule.
24 To now add the second and third criteria group for the McAfee and Trendmicro Antivirus
software programs repeat steps 9 to 23 by entering the respective values.
To add more criteria to the specified criteria groups see Option (c) (page 386).
25 In the Group Relation box below you will now find the three groups - listed by their respective index values -
automatically related via the OR operator, as this was chosen for the default operator. We will leave the pre-
entered syntax as it is, as our devices must only comply to one of the three listed criteria. However, the device
will also be compliant if more than one of the required antivirus applications are installed.
See Option (g) (page 389) to create a group relation on which a device is compliant if only ONE of the
listed antivirus applications is installed, but one obligatorily.
26 Now verify the group relation by selecting the Edit->Verify Relation menu item or the respective icon ( ) in
the icon bar.
27 The syntax entered into the Group Relation field will be verified immediately and the status bar at the bottom
of the console window should display Done.
28 Activate the compliance rule by selecting the green coloured option active instead of the currently displayed
red option inactive in the Status drop-down field.
Chapter 15 - Device Compliance Step-by-Step - 373
To assign the compliance rule to a device group see Option (a) (page 384).
1 Click the Assigned Objects, then Devices node in the left window pane under your newly created compliance
rule. The right window pane is empty since no devices have been assigned yet.
2 To do so select the Assign Device icon ( ) in the icon bar.
3 The Assign to Device popup window will appear on the screen.
4 Go to the All tab and select the master from the list.
5 The master will be added to the table in the right pane with the immediately calculated compliance result.
6 Click the Refresh icon ( ), if the grey question mark icon remains in the table to update the display.
374 - Numara Asset Management Platform
For results regarding an assigned device group see Option (d) (page
387).
If the Patch Inventory entry is not available you have not executed the respective example in the operational
rules chapter. To complete this example go to Rule 1: Inventory Management (page 50) and then complete
this example.
Chapter 15 - Device Compliance Step-by-Step - 375
This criterion will check the patches for all available applications and operating
systems. To limit this to the Windows operating systems see Option (h) (page 389).
To limit this to Microsoft patches including those which are important see Option (h)
(page 389).
18 In the Group Relation box below 1 is entered, the index value for the specified group. To
check now that all critical patches are installed, we must make sure that the inventory of missing patches does
NOT contain any patches with this severity, therefore the following relation equation must be entered:
NOT 1
19 Now verify the group relation by selecting the Edit->Verify Relation menu item or the respective icon ( ) in
the icon bar.
20 The syntax entered into the Group Relation field will be verified immediately and the status bar at the bottom
of the console window should display Done.
21 Activate the compliance rule by selecting the green coloured option active instead of the currently displayed
red option inactive in the Status drop-down field.
To assign the compliance rule to a device group see Option (a) (page 384).
1 Click the Assigned Objects, then Devices node in the left window pane under your newly created compliance
rule. The right window pane is empty since no devices have been assigned yet.
2 To do so select the Assign Device icon ( ) in the icon bar.
3 The Assign to Device popup window will appear on the screen.
376 - Numara Asset Management Platform
4 Go to the All tab and select the master from the list.
5 The master will be added to the table in the right pane with the immediately calculated compliance result.
6 Click the Refresh icon ( ), if the grey question mark icon remains in the table to update the display.
For results regarding an assigned device group see Option (d) (page
387).
14 Then select the table from which the criteria is to be chosen from the
Table field, i.e. in our case this is the value Installed Software.
15 The Available Criteria box below now displays all criteria available for
the selected class and table. Select the criterion Installation Directory.
16 Leave the preselected operator Equal to in the Operator drop-down
box.
17 Click the Constant button ( ) next to the Value field.
18 The Constants window opens displaying all defined constants.
19 Select the PATH NAMP Client value and click the OK button to close
the window.
20 Then click the Add button ( ) to add the defined criterion to the
Selected Criteria box.
21 Now select the criterion Name from the list of Available Criteria.
22 Click the Find button ( ) next to the Value field.
23 The Search Criteria window opens.
24 Select the value Starts with from the Operator dropdown list and enter n into the Value field.
25 Click the Find button ( ) next to the Value field.
26 The Results field now displays the possible values, i.e. the list of all installed software applications that start
with the letter „n“. Select the Numara Asset Management Platform Agent option and then click the OK
button to close the window.
27 The selected option now appears in the Value field to the left.
28 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
29 Click OK to add the criteria group to the rule.
30 Then click the OK button to add the criteria group to the compliance rule.
31 To add a second criteria group that will find all devices on which the NAMP Client is installed click the Edit-
>Add Criteria Group menu item or icon ( ) again.
32 The Criteria Group popup window will appear on the screen.
33 Enter Client Installed into the Name field. This group will find all devices on which the client is installed in
the specified directory.
34 From the Class drop-down list select the Software Inventory option.
35 Then select the table from which the criteria is to be chosen from the Table field, i.e. in our case this is the
value Installed Software.
36 The Available Criteria box below now displays all criteria available for the selected class and table.
37 Select the criterion Name from the list of Available Criteria.
38 Click the Find button ( ) next to the Value field.
39 The Search Criteria window opens.
Chapter 15 - Device Compliance Step-by-Step - 379
40 Select the value Starts with from the Operator dropdown list and enter n into the Value field.
41 Click the Find button ( ) next to the Value field.
42 The Results field displays the same list again, select the Numara Asset Management Platform Agent option
again and then click the OK button to close the window.
43 The selected option now appears in the Value field to the left.
44 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
45 Click OK to add the criteria group to the rule.
46 The table to the right now displays both criteria groups.
47 To activate the compliance rule select the green coloured option active instead of the currently displayed red
option inactive in the Status drop-down field.
5 The Clients and Relays group will be added to the table in the right pane with the immediately calculated
compliance result.
380 - Numara Asset Management Platform
3 Either choose the Edit->Assign Compliance Rule menu item or click the respective icon ( ) in the icon bar.
4 The Assign a Compliance Rule popup windows will appear on the screen.
5 Select the Patch and Vulnerability Inventory rule from the window.
This window allows you to select the format in which the report will be generated. By default this is HTML.
Here you may define to also/or generate the report in PDF and/or XML by checking the respective boxes.
11 The report will be created immediately using the current data in the database concerning the assigned
compliance rule.
The report result which is generated will be put in all the required places according to the reports settings. This
means it will be available under the Report Results node of the report, as well as under that of the compliance
rule it is assigned to.
12 To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
13 The generation of this type of report may take a little while, reselect therefore the icon until the report appears.
14 Enter again your login in the appearing window.
15 A new browser window or tab opens and displays the report.
This report displays the compliance rule executive summary.
• Overall Information
• Compliance Rule Summary
Overall Information
The table regarding the overall information displays the contents of the compliance rule by criteria group, i.e. it
list the criteria groups and their relation as well as their criteria and all their connected data and the number of
devices that are assigned to the rule.
382 - Numara Asset Management Platform
7 The compliance rule will be added to the table of assigned compliance rules.
8 The go back to the Compliance by Device report in the left window pane.
9 Select the Edit->Generate Report menu item or the respective icon ( ) in the icon bar.
10 A confirmation window appears on the screen, click the OK button to confirm.
11 The report will be created immediately using the current data in the database concerning the assigned
compliance rule.
12 To view the report select the Edit->View Last Result menu item or the respective icon ( ) in the icon bar.
13 The generation of this type of report may take a little while, reselect therefore the icon until the report appears.
14 Enter again your login in the appearing window.
15 A new browser window or tab opens and displays the report.
This report displays the criteria compliance for each device.
• Overall Information
• Devices
Overall Information
The table regarding the overall information displays the contents of the compliance rule by criteria group, i.e. it
list the criteria groups and their relation as well as their criteria and all their connected data.
Devices
This part shows the compliance situation per device via a table providing more information on the individual
device.
384 - Numara Asset Management Platform
Dynamic groups are maintained either via a directory server or a query and their members are updated regular.
For more information refer to chapter Queries and Device Groups Step-by-Step earlier in this manual. You will
also find the guidelines there on how to create the group we will be using for the rule assignment in this example.
Assigning an operational rule such as the inventory collection will ensure that all devices fulfilling specified
requirements will apply this rule, without you having to specifically telling them so.
Proceed as follows to assign the Critical Patches rule (Rule 4) to a group containing All Devices of your network:
1 At Step 2: open the node Compliance Rules->Critical Patches->Assigned Objects->Device Groups.
2 Select the Edit->Assign Device Group menu item or click the respective icon ( ) in the icon bar.
3 The Assign to Device Group popup window appears on the screen.
4 Select the All Devices group from the list in the Available Objects box.
Chapter 15 - Device Compliance Step-by-Step - 385
7 If you double-click the group entry it will open in the left window pane and display the list of all devices
which are a member of the selected group and their compliance status.
Once such a group is created its members are updated each time the compliance rule is evaluated. All the possible
groups listed above are created in the same way as described below in the example for a device group with
compliant devices:
1 Go to the Compliance Management top node in the console.
2 Select the compliance rule for which you want to create a new device group in the right window pane.
3 Either select the Edit->Create Device Group - Compliant or select the respective icon ( ) in the toolbar.
4 The new group will be automatically created directly under the main Device Groups node with the same name
as that of the compliance rule followed by the suffix (Compliant) to be able to distinguish it, if a non
compliant and/or not evaluated group is created as well. The non compliant group will have the suffix (Not
Compliant) and the group for which the evaluation was impossible (Evaluation Impossible).
5 Now go to the main Device Groups node.
6 You will find the newly created group directly under the main node.
7 If the compliance rule is renamed, the device group will automatically also be renamed.
8 You may rename the device group if necessary and as long as you do not unassign the group from the
compliance rule the group membership will still be updated with each rule evaluation. However, if the
compliance rule is rename, the new custom defined device group name remains.
(c) Add More Criteria to a Compliance Rule
Once a compliance rule is created and the devices were evaluated you might find that it is missing some criteria
or might be made more efficient using some more or others. When modifying a rule the following steps need to be
executed:
1 Modify the contents of the Antivirus Software rule (Rule 3:)
2 Re-evaluate the rule for the assigned target.
Step 1: Modify the Contents of the Antivirus Software Rule
For our example we will modify the Antivirus Software rule by adding a specific version number to each of the
antivirus applications:
To do so proceed as follows:
1 Open the node Compliance Rules->Antivirus Software and go to the Criteria tab.
2 In the right window pane you can see all the criteria groups which are currently defined for this rule.
3 Select the first criteria group in the table, i.e. the Norton Antivirus group.
4 Now select the Edit->Properties icon ( ).
Chapter 15 - Device Compliance Step-by-Step - 387
Number of devices
This field displays the total number of devices assigned to the rule.
Compliant
The percentage value of all assigned devices which are compliant.
Not Compliant
The percentage value of all assigned devices which are not compliant.
Evaluation Impossible
The percentage value of all assigned devices which could not be evaluated, as the required data are not yet
available in the database. This applies only to inventories which are not yet generated. Inventories that are
empty, such as patch or vulnerability, because the device has not patches missing and no existing
vulnerabilities, will be evaluated compliant or not compliant.
Not Evaluated
This value displays the number of devices as a percentage value that were not yet evaluated on their
compliance.
Last Evaluation Date
This field displays the date and time of the last evaluation of the compliance rule.
This same view is also available if only an individual device is evaluated, however, the graphic in this case is not
really interesting.
(e) Evaluate
It is possible at any time to launch a manual reevaluation of the complete population assigned to a compliance
rule. To do so proceed as follows:
1 Either choose the Edit->Evaluate menu item or click the respective icon ( ) in the icon bar.
2 The scores will now be reevaluation for all assigned devices and the display will be updated.
(f) OR Operator
To define a group relation that defines that a device is compliant if it is fulfils one out of the two criteria groups
enter the following equation in the Group Relation field:
1 OR 2
In this example this indicates that a device on which the inventory of missing patches was executed no longer
than two weeks ago is compliant even if no vulnerability scan was ever executed on it or vice versa.
Chapter 15 - Device Compliance Step-by-Step - 389
(g) Exclusive OR
To define a group relation that defines that a device is compliant if it has one, but ONLY one of the listed software
applications installed enter the following equation in the Group Relation field:
(1 OR 2 OR 3) AND ((1 AND NOT 2 AND NOT 3) OR (2 AND NOT 1 AND NOT 3) OR (3 AND NOT 1 AND NOT 2))
If this group relation equation is used for the example then any device on which none of the listed 3 antivirus
applications is installed is not compliant, even if it has another antivirus installed, such as AVG. Neither are
devices compliant, which have more than one antivirus of the 3 listed applications installed, e.g. a device on
which McAfee and Trendmicro are installed is not compliant, however a device on which Trendmicro and AVG
are installed is compliant, as AVG is not part of the requirements.
(h) Critical Patches for Windows
To limit the verification of Rule 4: to all Windows operating systems another criterion must be added to the rule
and its existing criteria group.
1 Before Point 17 (page 375) the following second criterion must be added to the group:
2 In the Available Criteria box select the criterion Product Family.
3 Select the operator Contains in the Operator drop-down box.
4 Enter the value Windows into the Value field. Thus the rule will verify only those patches that concern any
type of Windows operating system.
5 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
6 Continue with step 17.
(i) Critical and Important Patches for IE
To limit the verification of Rule 4: to the Microsoft Internet Explorer and also add the important patches as a
requirement some more criteria groups must be added to the rule.
1 After Point 17 (page 375) the following criteria groups must be added to the rule:
2 Another group of the same type must be created for the severity Important.
3 Select the Edit->Add Criteria Group menu item or click the respective icon ( ) in the icon bar.
4 The Criteria Group popup window will appear again on the screen.
5 Enter Important Patches into the Name field.
6 In the Class drop-down list select Patch Inventory option.
7 Select the criterion Severity.
8 Leave the preselected operator Equal to in the Operator drop-down box.
9 Click the Find button ( ) next to the Value field.
10 The Search Criteria window opens.
11 The Results field now displays the possible values, i.e. the list of all grades of severity. Select the Important
option and then click the OK button to close the window.
12 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
13 Click OK to add the criteria group to the rule.
14 To add the criterion for the Internet Explorer select the Edit->Add Criteria Group menu item or click the
respective icon ( ) in the icon bar.
15 The Criteria Group popup window will appear again on the screen.
16 Enter Internet Explorer into the Name field.
17 In the Class drop-down list select Patch Inventory option.
18 Then in the Available Criteria box select the criterion Product Family.
19 Click the Find button ( ) next to the Value field.
20 The Search Criteria window opens.
21 Click the Find button ( ) next to the Value field again.
22 The Results field now displays the possible product families. Select the Internet Explorer option and then
click the OK button to close the window.
23 Then click the Add button ( ) to add the defined criterion to the Selected Criteria box.
24 Click OK to add the criteria group to the rule.
390 - Numara Asset Management Platform
Which top nodes does the administrator need access to, is it easier to provide access via a group and then
populate it accordingly?
For which objects types is it necessary to create queries to make sure any newly created objects of the type
will be accessible by administrators through the dynamic objects?
To which other object types do you need at least read access, e.g.,
for reports you need at least read access to some queries, devices and device groups,
for operational rules and packages you need read access to some device groups and devices.
No general security is specified for the following main nodes: Administrators, Administrator Groups and
Directory Servers, the security is specified via its members. All these nodes are located under the Global
Settings.
Read and Write Allow on the group HQ Devices as well as Read and Write Allow on the group Servers.
Read Allow on the device.
Synchronise with a Directory Server
All groups, including the administrator groups may be synchronised with a directory server in NAMP. For this
administrator needs the following capabilities and access rights:
• View, manage and populate capabilities on device/user groups (parent), or view and manage capabilities on
administrators (parent),
• View capability on devices/users,
• View and manage capability on directory servers (child)
• Read and Write access on the device/user group (parent), or Read and Assign access on the administrator group
(parent)
• Read access on the administrators/devices/users and
• Read and Write access on the directory server (child), if it populates a device or user group or Read and Assign
access, if it populates an administrator group.
Example 1:
For the following example we synchronise our new device group called MyNewGroup, with an existing directory
server, for example called AllLabClients.
Capabilities
View Device Groups
Manage Device Groups
Populate Device Groups
View Devices
View Directory Servers
Manage Directory Servers
Access Rights
Read Allow, Write Deny, on the Device Groups top node,
Read and Write Allow on the device group, MyNewGroup,
Read and Write Allow on the directory server AllLabClients,
Read Allow on (some) clients of the directory server.
The Manage capability and Write access to the group are necessary, as the group name changes to the name of the
directory server group as soon as it is synchronised with the server. The Manage capability for the devices is not
required, as it is the system which will create the new objects that are added to the group. Therefore you will also
not be able to see these new group members, if you do not have at least Read access to the children of the
synchronised group.
Example 2:
For the following example we synchronise an administrator group called MyNewAdmins, with an existing
directory server, for example called AllLabAdmins.
Capabilities
View Administrators
Manage Administrators
View Directory Servers
Manage Directory Servers
Access Rights
Read and Write Allow on the administrator group, MyNewAdmins,
Read and Write Allow on the directory server AllLabAdmins,
Read Allow on (some) administrators of the directory server.
The Manage capability and Write access to the group are necessary, as the group name changes to the name of the
directory server group as soon as it is synchronised with the server.
396 - Numara Asset Management Platform
* The assignment of a compliance rule to a device group here actually populates the device group with the
result of its compliance check, i.e. the group will contain all compliant devices, all non-compliant devices or
those which could not be evaluated.
16.5 Scenarios
This paragraph will provide you with a number of examples for security scenarios describing the environment in
which it is setup, what exactly happens when trying to access and what needs to be defined to ensure the
respective scenario works according to definition.
We propose, that you create these profiles not for individual administrators but for administrator groups, thus it is
easier to add new admins with the same profile and to make sure there always is at least one administrator of the
specific profile. The administrator in these cases will be created with no capabilities and no access rights, all
these will be given to him via the groups he is a member of.
Chapter 16 - Setting Up Security - 401
Also we assume that the Out-of-the-box objects have been imported, as they contain a number of very useful
settings which we refer to in the following scenarios.
• New Administrator with System Logon
• User Administrator
• Read-Only Administrator
• Installer
• Reporting
• Scan Administrator
• Vulnerability Manager
• Compliance Analyst
• Compliance Manager
As the user is not registered in the database, he can only use his local system logon to log on to the Numara Asset
Management Platform Console. The following happens:
1 The user logs on with his system logon and password.
2 Basic authentication is executed via the HttpProtocolHandler:
a The HTTP protocol handler verifies with the Host Access module if the requesting client is authorised to
connect to the master server. If no modifications have been made in the Host Access module since startup
the requesting client is authorised.
b Then the HTTP protocol handler verifies with the User Access module if the supplied login and password
are authorised. When checking the table of configured users the handler will find an equivalent as system
and authorise the login.
c Then the vision64database module will verify with the database if an administrator user exists for this
login/password pair, which is not the case. As the login was authorised beforehand, the database module
402 - Numara Asset Management Platform
will create a new user with the provided login and password in the access list. However, no capabilities and
access rights are assigned at creation time.
d Now the console window will appear on the screen with a connection to the requested master server, but
the displayed contents are very limited:
He will only be able to see the following top nodes: Search, Global Settings, Device Topology and
Events. However, he will not be able to view any devices in the Device Topology nor will he be able to
execute operations on Global Settings subnodes.
As he has no capabilities assigned either, he will not be able to execute any operations on the visible
nodes and objects in the console.
This scenario will only work if the default system administrator creation is activated which is not the case by
default. To activate it proceed as follows:
1 Log on to the console with the predefined admin login.
2 Then go to the Global Settings and the System Variables node.
3 Select the Security tab.
4 Mark the value in the right window pane.
1 Then either select the Edit->Properties menu item or click the respective icon ( ) in the icon bar.
2 The Properties popup window will appear on the screen.
3 Check the Create Default System Administrator box.
4 Then click OK to confirm and close the window.
16.5.4 Installer
This scenario describes the security settings to be defined for an administrator who only executes agent rollouts
across the network.
1 Log on to the console with a superadministrator login.
2 Then go to the Global Settings and the Administrator Groups node.
3 Create a new group called Installer.
4 Select the Security Profile node below and in the Capabilities tab.
1 Then either select the Edit->Properties menu item or click the respective icon ( ) in the icon bar.
2 The Properties popup window will appear on the screen.
3 In the Modify Capabilities tab select the following capabilities:
All Rollout capabilities
All Device capabilities
View and Manage Device Group capabilities - no Populate capability
4 Then click OK to confirm and close the window.
5 Then go to the Static Objects tab and via the Properties popup window add the following static objects:
Device Groups top node with Read and Assign Access: Allow and Write Access: Deny
Rollouts top node with Read, Write and Assign Access: Allow
6 In the Dynamic Objects tab add the following dynamic objects via the Properties popup window:
The following queries to be found in the Numara Asset Management Platform Database folder:
All Devices and All Device Groups queries with Read Access: Allow and Write and Assign Access: Deny
All Rollout Folders and All Rollouts queries with Read, Write and Assign Access: Allow.
16.5.5 Reporting
This type of administrator profile is created for users who only create reports, but reports regarding any object in
the database.
1 Log on to the console with a superadministrator login.
2 Then go to the Global Settings and the Administrator Groups node.
3 Create a new group called Reporting.
4 Select the Security Profile node below and in the Capabilities tab.
404 - Numara Asset Management Platform
1 Then either select the Edit->Properties menu item or click the respective icon ( ) in the icon bar.
2 The Properties popup window will appear on the screen.
3 In the Modify Capabilities tab select ALL View capabilities apart from the following:
View System Variables
View Security Profile
View Agent Configuration
View Direct Access
View Remote Control
4 Then in addition check the following capabilities:
Manage Query
Manage and Assign Report
5 Then click OK to confirm and close the window.
6 Then go to the Static Objects tab and add the following top nodes with the following access rights via the
Properties popup window:
Device Groups top node with Read and Assign Access: Allow and Write Access: Deny
Queries and Reports top nodes with Read, Write and Assign Access: Allow
7 In the Dynamic Objects tab add via the Properties popup window all queries of the Numara Asset
Management Platform Database folder with access rights Read Access: Allow and Write and Assign Access:
Deny apart from the following which will also be added but with different access types:
All Devices, All Device Groups and All Vulnerability Groups queries with Read and Assign Access: Allow
and Write Access: Deny
All Query Folders and All Queries, as well as All Report Folders and All Reports queries with Read, Write and
Assign Access: Allow.
A few points regarding this configuration:
• If you have different report creation profiles you may restrict the view to the necessary objects the profiles
create reports for. However, make sure you provides them with the same access as above to queries and device
groups, as reports are based on either one of these object types. If you do not provide access to the device
groups, no reports may be generated being assigned to a device group instead of being based on a query.
10 If the administrators are to be able to not only create their own new scans with all connected other objects but
also use those that are created by other administrators you may add the access to these via the Dynamic
Objects tab via the Properties popup window:
add all queries concerning scans, scan configurations, as well as port and target lists with access rights
Read and Assign Access: Allow and Write Access: Deny.
Regional Headquarters
2025 Loncoln Highway
Edison, NJ 080018, USA
p:732.287.2100 f: 732.287.4929
European Headquarters
Davidson House
Forbury Square
Reading, RG1 3EU, UK
NumaraSoftware.com
©2009 Numara Software, Inc. All rights reserved. Numara and the Numara Software logo are
registered trademakrs of Numara Software, Inc.