Symantec ALTIRIS REAL-TIME SYSTEM MANAGER 7.0 SP2 - V1.0 Manual
Hide thumbs
Also See for ALTIRIS REAL-TIME SYSTEM MANAGER 7.0 SP2 - V1.0:
Table of Contents
Related Manuals for Symantec ALTIRIS REAL-TIME SYSTEM MANAGER 7.0 SP2 - V1.0
Summary of Contents for Symantec ALTIRIS REAL-TIME SYSTEM MANAGER 7.0 SP2 - V1.0
- Page 1 Altiris Real-Time System Manager from Symantec User Guide Version 7.0 SP2 MR1...
- Page 2 Legal Notice Copyright © 2010 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Altiris, and any Altiris or Symantec trademarks used in the product are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
-
Page 3: Technical Support
Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. - Page 4 Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service Customer service information is available at the following URL: www.symantec.com/business/support/...
- Page 5 Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan customercare_apac@symantec.com Europe, Middle-East, and Africa semea@symantec.com North America and Latin America...
-
Page 7: Table Of Contents
About Real-Time System Manager ........... 11 What's new in Real-Time System Manager ........12 How Real-Time System Manager works ..........12 About the Symantec Management Console ........13 About out-of-band management ..........13 About one-to-one and one-to-many management ......13 About Intel AMT .............. - Page 8 Contents Chapter 4 Using Real-Time System Manager ........31 Running real-time one-to-one tasks ..........31 Accessing the Real-Time view ........... 32 Turning off, turning on, or restarting a computer ......33 Starting a remote control session ..........34 Booting a computer from another device ........35 Filtering network traffic ............
- Page 9 Contents Appendix A Troubleshooting ..............61 Troubleshooting connection through the Real-Time view ....61 Configuring the firewall to allow WMI connection ......64 Disabling simple file sharing on Windows XP SP2 ......67 Configuring User Access Control on Windows Vista and Windows 7 ...................
- Page 10 Contents...
-
Page 11: Introducing Real-Time System Manager
About Real-Time System Manager The Altiris Real-Time System Manager software lets you manage a single computer from the Symantec Management Console in real time. Real-Time System Manager can connect to the target computer using the following protocols: WMI - Microsoft Windows Management Instrumentation ASF - Alert Standards Format 2.0... -
Page 12: What's New In Real-Time System Manager
Real-Time view, using the Remote Control page. How Real-Time System Manager works First, you select a computer that you want to manage from the Symantec Management Console. Then Real-Time System Manager checks for the remote management technologies that the target computer supports. The supported technologies are WMI, ASF, DASH, Intel AMT, SNMP, and IPMI. -
Page 13: About The Symantec Management Console
You can start the console remotely by typing the following URL into the Internet Explorer's address bar: http://<Notification_Server_name>/altiris/console For more information on the console, see the Symantec Management Platform Help, which can be accessed through the console's Help menu. About out-of-band management Remote management of client computers often requires the managed computer to be turned on with an operating system running. -
Page 14: About Intel Amt
Introducing Real-Time System Manager How Real-Time System Manager works “About the Real-Time view” on page 16. One-to-many management is when you create a task, assign it to one or more computers, and configure it to run at a later time. About Intel AMT Intel Active Management Technology (Intel AMT) is a part of Intel vPro technology, which provides the following technology capabilities:... -
Page 15: About Dash
Perform one-to-one management tasks on a single computer in real time through the Real-Time view. Agentless computers do not appear in the computer filters—you must type the IP or the hostname of the computer that you want to manage into the Symantec Management Console. -
Page 16: About The Real-Time View
Real-Time view of the Resource Manager. The Resource Manager is a page in the Symantec Management Console that displays information about an individual computer. For more information, see topics about Resource Manager in the Symantec Management Platform Help. “Accessing the Real-Time view”... -
Page 17: What You Can Do With Real-Time System Manager
The information that is available in the Real-Time System Manager section includes only a subset of the WMI data. However, you can customize the data that can be accessed. Contact Symantec Technical Support if you want to create your own views on the WMI data. - Page 18 Introducing Real-Time System Manager What you can do with Real-Time System Manager “Running real-time one-to-one tasks” on page 31. Using Real-Time System Manager with properly configured out-of-band capable computers, you can manage the computers that are turned off or that failed to load an operating system.
-
Page 19: Where To Get More Information
Introducing Real-Time System Manager Where to get more information One-to-many tasks that are available in Real-Time System Manager Table 1-3 Task Description Boot Redirection task (Intel Lets you boot a group of computers from either a PXE, AMT, ASF, DASH) a floppy/HDD/CD device, or an image that is located on a hard drive. - Page 20 User Guide Information about how to use this product, The Documentation Library, which is including detailed technical information and available in the Symantec Management instructions for performing common tasks. Console on the Help menu. The Product Support page, which is This information is available in PDF format.
-
Page 21: Installing Real-Time System Manager
About Real-Time System Manager installation requirements Real-Time System Manager requires Symantec Management Platform 7.0 SP4. Symantec Management Platform is installed or upgraded automatically when you use Symantec Installation Manager to install or upgrade this product. For more information on the Symantec Management Platform prerequisites and... -
Page 22: About Client Computer Software Requirements
IPMI versions 1.5 and 2.0 are supported. Installing or upgrading the Real-Time System Manager product Use Symantec Installation Manager to install or upgrade Real-Time System Manager. For more information on installing or upgrading products, see the Symantec Management Platform Installation Guide. -
Page 23: Uninstalling Real-Time System Manager
Installing Real-Time System Manager Uninstalling Real-Time System Manager Uninstalling Real-Time System Manager Use Symantec Installation Manager to uninstall Real-Time System Manager. For more information on uninstalling products, see the Symantec Management Platform Installation Guide. - Page 24 Installing Real-Time System Manager Uninstalling Real-Time System Manager...
-
Page 25: Preparing Target Computers For Management
Chapter Preparing target computers for management This chapter includes the following topics: Preparing target computers for management Installing and configuring the SNMP component Preparing target computers for management Before you can use Real-Time System Manager, you must prepare the computers that you want to manage. -
Page 26: Discovering Computers
Preparing target computers for management Preparing target computers for management Process for preparing target computers for management (continued) Table 3-1 Step Action Description Step 2 Install the Altiris Agent to target The Altiris Agent lets Notification computers. Server get information from and interact with the client computers. -
Page 27: Installing The Altiris Agent
On the Altiris Agent Installation page, install the Altiris Agent to computers in your environment. For more information on how to install the Altiris Agent, see the Symantec Management Platform Help (Press F1 or click Help > Context in the Symantec Management Console). -
Page 28: Installing And Configuring The Snmp Component
Preparing target computers for management Installing and configuring the SNMP component To configure Intel AMT and ASF computers for out-of-band management, you can install and use the Altiris Out of Band Management Component software. For more information, see the Out of Band Management Component Implementation Guide. - Page 29 Preparing target computers for management Installing and configuring the SNMP component In the Windows Features dialog box, check SNMP Feature on Windows Vista. On Windows 7, check Simple Network Management Protocol (SNMP) > WMI SNMP Provider. Click OK. To configure the SNMP service On the client computer, open the Control Panel.
- Page 30 Preparing target computers for management Installing and configuring the SNMP component...
-
Page 31: Using Real-Time System Manager
Chapter Using Real-Time System Manager This chapter includes the following topics: Running real-time one-to-one tasks Running real-time one-to-many tasks Running real-time one-to-one tasks One-to-one computer management is performed from the Resource Manager's Real-Time view, in the Real-Time System Manager section. “About the Real-Time view”... -
Page 32: Accessing The Real-Time View
33. To open the Real-Time view from computer filters or reports In the Symantec Management Console, select the computer that you want to manage from the list of discovered resources, any computer filter, or a report. For example, you can do one of the following: In the Symantec Management Console, on the Manage menu, click Filters. -
Page 33: Turning Off, Turning On, Or Restarting A Computer
Running real-time one-to-one tasks To open the Real-Time view from the Real-Time System Manager resolution tools In the Symantec Management Console, on the Actions menu, click Remote Management > Real-Time Management. On the Manage page, type the host name or the IP of the computer you want to connect to, and then click Connect. -
Page 34: Starting A Remote Control Session
The Intel AMT feature Serial-over-LAN (SOL) redirects the remote computer's screen text output to a virtual serial port that Real-Time System Manager can read and display in the Symantec Management Console. For example, this feature lets you access the remote computer's BIOS using the remote terminal window and change BIOS settings, or you can watch the boot process. -
Page 35: Booting A Computer From Another Device
Using Real-Time System Manager Running real-time one-to-one tasks To start a SOL session Open the Real-Time view for the computer you want to manage. “Accessing the Real-Time view” on page 32. Click Real-Time System Manager > Management Operations > Manage Power State and Redirection. - Page 36 Using Real-Time System Manager Running real-time one-to-one tasks To use this feature with the Intel AMT client computers that are configured in secure mode, their Fully Qualified Domain Name (FQDN) must be resolved correctly on the Notification Server computer. Also, you must configure the connection profile to use the right certificates for authentication.
-
Page 37: Filtering Network Traffic
Using Real-Time System Manager Running real-time one-to-one tasks To view details of active IDE-R session On the Manage Power State and Redirection page, click Details to open the Redirection Details dialog box. (Optional) To disconnect a boot device, click Stop redirection. Click Close. -
Page 38: Configuring Alerts
Using Real-Time System Manager Running real-time one-to-one tasks To protect the target computer from network flooding Open the Real-Time view for the computer you want to manage. “Accessing the Real-Time view” on page 32. Click Real-Time System Manager > Networking > Intel AMT Network Filtering. - Page 39 Using Real-Time System Manager Running real-time one-to-one tasks Type the destination URI for DASH alerts. By default, the value is set to the Notification Server's Web service event listener: http://<Notification Server IP>/Altiris/WSEL/wsel.aspx Currently, DASH does not support sending alerts through HTTPS. If your Notification Server is installed on a secure Web site, configure the wsel.aspx file so that it can be accessed through HTTP.
-
Page 40: Configuring The Intel Amt Device Settings
Using Real-Time System Manager Running real-time one-to-one tasks Configuring the Intel AMT device settings (Intel AMT only) You can enable or disable starting SOL and IDE-R sessions and change Intel AMT power-saving settings. To allow SOL and IDE-R sessions Open the Real-Time view for the computer you want to manage. “Accessing the Real-Time view”... -
Page 41: Running Real-Time One-To-Many Tasks
“Booting a computer from another device ” on page 35. To start the computers from a remote location In the Symantec Management Console, on the Manage menu, click Jobs and Tasks. In the left pane, click System Jobs and Tasks > Real-Time System Manager. -
Page 42: Filtering Network Traffic On Multiple Computers
Click Save changes. Run the task one time or on a schedule. For information on how to run tasks, see the Symantec Management Platform Help. Warning: If there is already an active IDE-R session, it is terminated when the task runs. -
Page 43: Resetting A Local User Password On Multiple Computers
Using Real-Time System Manager Running real-time one-to-many tasks To apply the network filtering settings In the Symantec Management Console, on the Manage menu, click Jobs and Tasks. In the left pane, click System Jobs and Tasks > Real-Time System Manager. -
Page 44: Running Or Stopping A Process On Multiple Computers
Click Save changes. Run the task one time or on a schedule. For information on how to run tasks, see the Symantec Management Platform Help. Running or stopping a process on multiple computers You can run or end a process on the target computers. -
Page 45: Running Or Stopping A Service On Multiple Computers
“Running real-time one-to-one tasks” on page 31. To manage a service In the Symantec Management Console, on the Manage menu, click Jobs and Tasks. In the left pane, click System Jobs and Tasks > Real-Time System Manager. Click Service Management. - Page 46 Using Real-Time System Manager Running real-time one-to-many tasks...
-
Page 47: About Real-Time System Manager
Chapter About Real-Time System Manager pages This chapter includes the following topics: Configuration node: Intel AMT Configuration mode page Configuration node: Intel AMT Settings page Configuration node: Intel Remote Access Policy page Controllers and Ports node Event Logs node Input and Output Devices node Management Operations node: Manage Alerts page Management Operations node: Manage Local Users and Groups page Management Operations node: Manage Power State and Redirection page... -
Page 48: Configuration Node: Intel Amt Configuration Mode Page
About Real-Time System Manager pages Configuration node: Intel AMT Configuration mode page Operating System node Physical System node Altiris Agent node Manage Virtual Layers page Summary page Network Filters page Configuration node: Intel AMT Configuration mode page (Intel AMT only) This page is available only if Real-Time System Manager detects that the target computer is configured to use Intel AMT. -
Page 49: Configuration Node: Intel Remote Access Policy Page
About Real-Time System Manager pages Configuration node: Intel Remote Access Policy page “Configuring the Intel AMT device settings ” on page 40. Configuration node: Intel Remote Access Policy page (Intel AMT 4.0 and later only) This page is available only if Real-Time System Manager detects that the target computer is configured to use Intel AMT. -
Page 50: Event Logs Node
About Real-Time System Manager pages Event Logs node Event Logs node This node lets you view event logs. Pages under the Event Logs node Table 5-4 Page Description Application Log Displays the application event log. Security Log Displays the security event log. System Log Displays the system event log. -
Page 51: Management Operations Node: Manage Alerts Page
About Real-Time System Manager pages Management Operations node: Manage Alerts page Pages under the Input and Output Devices node Table 5-8 Page Description Keyboard Displays keyboard information. Modem Displays modem information. Monitor Displays monitor information. Pointing Device Displays pointing device information. Printer Displays local printer information. -
Page 52: Management Operations Node: Manage Power State And Redirection Page
About Real-Time System Manager pages Management Operations node: Manage Power State and Redirection page Management Operations node: Manage Power State and Redirection page “Turning off, turning on, or restarting a computer” on page 33. “Starting a remote control session ” on page 34. -
Page 53: Management Operations Node: Manage Services Page
About Real-Time System Manager pages Management Operations node: Manage Services page Options on the Management Operations node: Manage Processes Table 5-11 page (continued) Option Description Terminate Lets you terminate the process that you selected. Management Operations node: Manage Services page This page lets you run or stop a service on the target computer. -
Page 54: Mass Storage Node
If you want to use an image, type the path that the Notification Server computer can access. For example, if you opened Symantec Management Console on a remote computer, type an UNC path to the image. If you want to connect a remote disk drive to the managed... -
Page 55: Networking Node
About Real-Time System Manager pages Networking node Pages under the Memory node Table 5-15 Page Description Cache Memory Displays cache memory information. Logical Memory Configuration Displays logical memory configuration information. Physical Memory Displays physical memory information. Networking node This node contains networking items. Pages under the Networking node Table 5-16 Page... -
Page 56: Operating System Node
About Real-Time System Manager pages Operating System node Pages under the Networking node (continued) Table 5-16 Page Description Network Adapter Displays network adapter information. Network Adapter Displays network adapter configuration information. Configuration Network Connection Displays network connection information. Note: To view network connection information, the target computer must have Microsoft .NET server installed or be running Microsoft Windows XP. -
Page 57: Physical System Node
About Real-Time System Manager pages Physical System node Pages under the Operating System node (continued) Table 5-17 Page Description Registry Displays registry information, such as size, install date, location, and status. You can update the proposed size for the registry. Share Displays the share information on the target computer. -
Page 58: Altiris Agent Node
To disable maintenance tasks for a period of time, check Disallow maintenance task, choose the period of time, and then click Apply. For more information on maintenance windows, see the Symantec Management Platform Help. Manage Virtual Layers page On this page, you can manage the Software Virtualization Solution's virtual layers... -
Page 59: Summary Page
About Real-Time System Manager pages Summary page This page appears only for the computers with Software Virtualization Agent installed. For more information, see Software Virtualization Solution documentation. Options on the Manage Virtual Layers page Table 5-20 Option Description Details Shows the details of the virtual layer. Activate Activates the virtual layer. - Page 60 About Real-Time System Manager pages Network Filters page “Filtering network traffic on multiple computers ” on page 42. “Modifying the list of open network filtering ports” on page 73. Warning: We recommend that you back up the default list of filters before making any changes.
-
Page 61: Troubleshooting
Appendix Troubleshooting This appendix includes the following topics: Troubleshooting connection through the Real-Time view Troubleshooting connection through the Real-Time view Some of the reasons why Real-Time System Manager cannot establish a real-time connection with the target computer are listed in the following table. - Page 62 Troubleshooting Troubleshooting connection through the Real-Time view Possible reasons of real-time connection errors Table A-1 Technology Possible reasons The connection credentials are incorrect. The computer is turned off . The operating system is not loaded. The computer is not connected to the network. The firewall does not allow incoming WMI connections.
- Page 63 The Intel AMT device is in secure mode, but the connection profile is not configured to use the correct certificates, and vice versa. For more information on configuring connection profiles, see the Symantec Management Platform Help. Intel AMT is turned off in the BIOS.
-
Page 64: Configuring The Firewall To Allow Wmi Connection
Troubleshooting Troubleshooting connection through the Real-Time view Configuring the firewall to allow WMI connection WMI connection through the Real-Time view can fail when you try to connect to a computer with Microsoft Windows XP Service Pack 2, Windows Vista, or Windows 7 operating system. - Page 65 Troubleshooting Troubleshooting connection through the Real-Time view To configure the firewall on Windows Vista Log on to the target computer as the administrator. From the Control Panel, open the Windows Firewall Settings dialog box. On the Exceptions tab, check WindowsManagementInstrumentation(WMI). To configure the firewall on Windows 7 Log on to the target computer as the administrator.
- Page 66 Troubleshooting Troubleshooting connection through the Real-Time view Expand your domain, right-click the organizational unit in which you want to create the group policy, and then click Properties. On the Group Policy tab, click New. Type a name for the group policy object, and then press Enter. Click Close.
-
Page 67: Disabling Simple File Sharing On Windows Xp Sp2
Troubleshooting Troubleshooting connection through the Real-Time view Click Enabled, and then specify the administrative scope in the Allow unsolicited incoming messages from dialog box. For example, to permit remote administration from a particular IP address, type that IP address in the Allow unsolicited incoming messages from dialog box. - Page 68 Troubleshooting Troubleshooting connection through the Real-Time view To configure User Access Control on Windows Vista On the client computer with the Microsoft Windows Vista operating system, open the Control Panel. Double-click User Accounts. In the User Accounts dialog box, click Turn User Account Control on or off. Uncheck Use User Account Control (UAC) to help protect your computer, and then click OK.
-
Page 69: Technical Reference
About the ports used by Real-Time System Manager The following table lists the ports that are used for communication by Real-Time System Manager, Symantec Management Platform, and the Symantec Management Console. You can use the table to configure the firewall between your console, server, and managed computers as needed. - Page 70 Ports used by Real-Time System Manager (continued) Table B-1 Protocol Port Description Direction Binding TCP/UDP (optional) SSL both Symantec Management (HTTPS) Console — Symantec Management Platform TCP/UDP Echo (ICMP) both Symantec Management Platform — managed computer TCP/UDP DCE endpoint both Symantec Management resolution Platform —...
-
Page 71: About Authentication
When you use Real-Time System Manager, the following authentication points apply: When you try to access the Symantec Management Console or the Resource Manager page, Notification Server verifies that the user has the rights to access Real-Time System Manager. You can access the console either as a user who is interactively logged on to the Notification Server computer or as a user who is connected to the Notification Server computer remotely through a browser. -
Page 72: About Changes In Default System Security
Technical Reference About changes in default system security Once successfully authenticated, Real-Time System Manager administrative-user credentials are used as “administrative” credentials for all WMI commands until the Resource Manager page is closed. The Notification Server computer and the target computer can be on different domains. -
Page 73: Modifying The List Of Open Network Filtering Ports
“Filtering network traffic on multiple computers ” on page 42. To modify the list of open network filtering ports In the Symantec Management Console, on the Settings menu, click All Settings. In the left pane, click Remote Management > Real-Time System Manager >... -
Page 74: About Power Management And Redirection
Technical Reference About power management and redirection About power management and redirection The following table displays the power management and redirection capabilities for the Intel AMT or ASF-capable computers in different power states. Intel AMT power management capabilities Table B-3 Power state AMT reboot AMT power... - Page 75 Technical Reference About power management and redirection Intel AMT power management capabilities (continued) Table B-3 Power state AMT reboot AMT power AMT power Boot redirect Legacy OFF, for example, non-ACPI OS off state Unknown Performed through the power on command. Redirection can be enabled only for the reboot command.
- Page 76 Technical Reference About power management and redirection ASF power management capabilities (continued) Table B-4 Power state ASF reboot ASF power ASF power Boot redirect G1 sleeping (S1-S4 cannot be determined) S5 entered by override, for example, 4-second power button override Legacy ON, for example, non-ACPI OS working state...
-
Page 77: Glossary
Intel AMT functionality does not require a software agent to be installed on the client computer. The Symantec Management Platform service that communicates with the Altiris Notification Server Agent and the CMDB to provide management, security, and administrative... - Page 78 Glossary computers, and coordinates the work of the other Symantec Management Platform services. A type of remote computer management. It lets IT administrators connect to a out-of-band computer's management controller when the computer is turned off, in sleep or management hibernate modes, or otherwise unresponsive through the operating system.
-
Page 79: Index
Index alerts firewall using 38 configuring 64 Altiris Agent discovering computers 26 installing 27 help AMT. See Intel AMT context-sensitive 19 ASF 22, 61 about 14 IDE-R enabling 40 BIOS using 35, 41 configuring remotely 34 viewing active sessions 37 Boot Redirection task 41 in-band management 13 booting... - Page 80 Service Management task 45 SIM 22–23 SNMP 11, 61 SNMP alerts. See alerts enabling 40 using 34 viewing active sessions 35 Symantec Installation Manager. See SIM Symantec Management Console about 13 opening 13 Task Server 41 tasks one-to-many 18 one-to-one 17...