Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 MR1 User manual

Category
Development boards
Type
User manual
Altiris Out of Band
Management Component
from Symantec User Guide
Version 7.0 SP3 MR1
Altiris Out of Band Management Component from
Symantec User Guide
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Documentation version 7.0 SP3 MR1
Legal Notice
Copyright © 2010 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, Altiris, and any Altiris or Symantec trademarks used in the
product are trademarks or registered trademarks of Symantec Corporation or its affiliates
in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Supports primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. For example, the Technical Support group works with Product Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantecs support offerings include the following:
A range of support options that give you the flexibility to select the right
amount of service for any size organization
Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
Upgrade assurance that delivers software upgrades
Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
Premium service offerings that include Account Management Services
For information about Symantecs support offerings, you can visit our Web site
at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
Product release level
Hardware information
Available memory, disk space, and NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
Error messages and log files
Troubleshooting that was performed before contacting Symantec
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
Questions regarding product licensing or serialization
Product registration updates, such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade assurance and support contracts
Information about the Symantec Buying Programs
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
[email protected]Asia-Pacific and Japan
[email protected]Europe, Middle-East, and Africa
[email protected]North America and Latin America
Technical Support ............................................................................................... 3
Chapter 1 Introducing Out of Band Management
Component ..................................................................... 11
About Out of Band Management Component ..................................... 11
About out-of-band management ............................................... 12
About supported out-of-band management technologies ............... 12
Altiris products that can manage computers out of band ............... 13
Whats new in Out of Band Management Component .......................... 13
How Out of Band Management Component works .............................. 13
About the Symantec Management Console .................................. 14
About Intel AMT .................................................................... 14
About ASF ............................................................................ 15
About DASH .......................................................................... 15
Comparison of Intel AMT, ASF, and DASH .................................. 16
What you can do with Out of Band Management Component ................ 16
About Intel AMT tasks ............................................................ 17
About ASF tasks ..................................................................... 17
About DASH tasks .................................................................. 18
Where to get more information ....................................................... 18
Chapter 2 About Out of Band Management Component
pages ................................................................................ 21
Auxiliary profiles: 802.1x Profiles page ............................................ 22
802.1x Profiles: Add 802.1x Profile dialog box ............................. 22
Select Certificate Generation Properties dialog box ...................... 24
Add Certificate Generation Properties dialog box ......................... 24
Select Certificate Template dialog box ........................................ 25
Auxiliary profiles: Management Presence Servers page ....................... 25
Management Presence Servers: Add Management Presence Server
dialog box ....................................................................... 25
Auxiliary profiles: Remote Access Policies page ................................. 26
Remote Access Policies: Create Remote Policy dialog box ............... 27
Trusted Root Certificates page ........................................................ 28
Contents
Trusted Root Certificates: Select a Certificate Authority dialog
box ................................................................................ 28
Trusted Root Certificates: Import Trusted Root Certificate dialog
box ................................................................................ 28
Auxiliary Profiles: Wireless Profiles page ......................................... 28
Wireless Profiles: Add Wireless Profile dialog box ........................ 29
Configuration Profiles page ............................................................ 29
Setup and configuration profile: General tab ............................... 29
Setup and configuration profile: Network tab .............................. 31
Setup and configuration profile: TLS tab .................................... 33
Setup and configuration profile: ACL tab .................................... 35
Setup and configuration profile: Wireless Profiles tab ................... 37
Setup and configuration profile: Power Policy tab ........................ 38
Setup and configuration profile: Domains tab .............................. 38
Setup and configuration profile: Remote Access tab ...................... 39
DNS configuration page ................................................................ 40
General page .............................................................................. 40
Select Active Directory Organizational Unit dialog box ................. 43
Maintenance page ........................................................................ 43
Security keys page ........................................................................ 44
Service location page ................................................................... 46
Users page .................................................................................. 47
Delayed Setup and Configuration page ............................................. 48
Intel AMT systems page ................................................................ 49
Profile assignments page ............................................................... 52
Resource Synchronization page ...................................................... 53
Assign profile dialog box ......................................................... 54
Get ASF/DASH Configuration Inventory task .................................... 55
Update ASF Configuration Settings task ........................................... 55
Update DASH Configuration Settings task ........................................ 59
OOB Site Service page ................................................................... 60
Certificate Enrollment task ............................................................ 63
Firewall Configuration task ............................................................ 63
FQDN Synchronization task ........................................................... 64
Install Intel Setup and Configuration Server task ............................... 64
Install OOB Site Service agent task .................................................. 64
Install Out of Band Management Site Service Agent and Intel Setup
and Configuration Server job .................................................... 64
Intel Setup and Configuration Server Upgrade job .............................. 65
Intel Setup and Configuration Server Upgrade Job: internal task ........... 65
OOB Site Server Inventory task ....................................................... 65
Send Intel AMT Hello Message task ................................................. 65
Contents8
Glossary ............................................................................................................... 67
Index .................................................................................................................... 71
9Contents
Contents10
Introducing Out of Band
Management Component
This chapter includes the following topics:
About Out of Band Management Component
Whats new in Out of Band Management Component
How Out of Band Management Component works
What you can do with Out of Band Management Component
Where to get more information
About Out of Band Management Component
Altiris Out of Band Management Component software (formerly known as Altiris
Out of Band Management Solution) lets you discover computers with ASF, DASH,
and Intel AMT in your environment and configure the computers for out-of-band
management.
Out-of-band management is the ability to manage client computers regardless of
the state of their power, operating system, or management agents. You can
remotely change the power state of the computer, collect hardware inventory,
and perform other management tasks that would normally require a visit to a
client computer.
See About out-of-band management on page 12.
1
Chapter
Figure 1-1
Out of Band Management Component features
About out-of-band management
Remote management of client computers often requires the managed computer
to be turned on with an operating system running. When a computer is turned
on with a running operating system, the computer is considered in-band.
Out-of-band is when a client computer is in one of the following out-of-band states:
The computer is plugged in but is not actively running (off, standby,
hibernating).
The operating system is not loaded (software or boot failure).
The software-based management agent is not available.
Out-of-band management is the ability to manage computers in these states.
Computers with Intel AMT, ASF, DASH, or IPMI capabilities can be managed out
of band.
About supported out-of-band management technologies
Out of Band Management Component supports computers with the following
out-of-band management technologies:
Introducing Out of Band Management Component
About Out of Band Management Component
12
Intel® Active Management Technology (Intel® AMT) 2.0 and later (also known
as Intel® vPro and Intel® Centrino® Pro technology)
See About Intel AMT on page 14.
Broadcom ASF 2.0 and Intel ASF 2.0
See About ASF on page 15.
Broadcom DASH
See About DASH on page 15.
Altiris products that can manage computers out of band
You can manage computers out of band using the following Altiris products:
Altiris Real-Time Console Infrastructure
Altiris Real-Time System Manager
These Altiris products let you perform the following out-of-band management
tasks:
Turn on, turn off, or restart computers.
Configure hardware alerts and change the alerts destination address.
Collect the hardware information that is stored in the NVRAM of the Intel
AMT device.
Boot a computer from a remote disk or an image on a server and run the
operating system repair or reinstall.
Start a remote control session from the Symantec Management Console and
access BIOS to view and change settings (Intel AMT only).
Whats new in Out of Band Management Component
In the 7.0 SP3 release of Out of Band Management Component, the following new
features are introduced:
Support for Microsoft Windows 7.
You can install Out of Band Task Agent on the computers that are running
Microsoft Windows 7.
How Out of Band Management Component works
Out of Band Management Component installs Intel SCS on the Notification Server
computer and integrates it into the Symantec Management Console. From the
13Introducing Out of Band Management Component
Whats new in Out of Band Management Component
Symantec Management Console you can configure Intel SCS settings, discover
Intel AMT capable computers, and configure them for out-of-band management.
See About the Symantec Management Console on page 14.
Also, Out of Band Management Component provides you with the tools to discover
ASF and DASH capable computers and configure them for out-of-band
management.
You can manage configured Intel AMT, ASF, and DASH computers with Altiris
solutions that support out-of-band technologies.
See Altiris products that can manage computers out of band on page 13.
About the Symantec Management Console
The Symantec Management Console is the Web browser based administration
console for working with Symantec Management Platform and solutions, including
Out of Band Management Component. The console lets you perform tasks, schedule
events, run reports, perform configuration, configure security, and more. You can
run the console from the Notification Server computer (locally) or from a remote
computer with a network connection to Notification Server. This means that you
can perform administration tasks from wherever you are.
The console lets you set security that is specific to each console user. You specify
which areas of the console a user has access to and the rights that a user has to
perform specific actions. For example, one user can run reports while another
user can only view reports that have already been run.
You can start the console remotely by typing the following URL into the Internet
Explorer's address bar: http://<Notification_Server_name>/altiris/console
For more information on the console, see the Symantec Management Platform
Help, which can be accessed through the console's Help menu.
About Intel AMT
Intel Active Management Technology (Intel AMT) is a part of Intel vPro technology,
which provides the following technology capabilities:
Lets you remotely inventory, diagnose, and repair computerseven
those that are turned off reducing costly desk-side visits and
increasing user uptime.
Remote manageability
Lets third-party security software identify more threats before
they reach the operating system. You can isolate infected systems
more quickly and update computers regardless of their power
state.
Security
Introducing Out of Band Management Component
How Out of Band Management Component works
14
Intel AMT is a solution that is based in hardware and firmware and is connected
to the system's auxiliary power plane. Despite the power state or the operating
system state of the client computer, Intel AMT provides IT administrators with
access to alerts, hardware inventory, power management, network filtering, and
agent presence functionality. Intel AMT functionality requires the computer to
be plugged into the power source and connected to the network. Intel AMT
functionality does not require a software agent to be installed on the client
computer.
Altiris Out of Band Management Component, Altiris Real-Time Console
Infrastructure, and Altiris Real-Time System Manager software support Intel
AMT 2.0 and later.
See About Intel AMT tasks on page 17.
About ASF
ASF (Alert Standard Format) is an industry standards-based technology that lets
IT administrators manage computers regardless of the operating system state.
ASF performs completely out of band and only relies on the operating system to
configure the solution.
ASF provides alerting and power management functionality as long as the
computer is plugged in with Ethernet connection. ASF functionality is
accomplished through hardware on the network card or system board, a software
agent on the client computer, and management software on the server.
Altiris Out of Band Management Component, Altiris Real-Time Console
Infrastructure, and Altiris Real-Time System Manager software support ASF 2.0.
See About ASF tasks on page 17.
About DASH
DASH (Desktop and Mobile Architecture for System Hardware) is a Web
services-based management technology that enables IT professionals to remotely
manage desktop and mobile computers from anywhere in the world. The
technology lets administrators securely turn the power on/off, query system
inventory, and push firmware updates among other things, regardless of the state
of the remote computer.
Altiris Out of Band Management Component, Altiris Real-Time Console
Infrastructure, and Altiris Real-Time System Manager software support Broadcom
and Intel implementations of DASH.
See About DASH tasks on page 18.
15Introducing Out of Band Management Component
How Out of Band Management Component works
Comparison of Intel AMT, ASF, and DASH
Out of Band Management Component supports Intel AMT, ASF, and DASH
out-of-band management technologies.
See About Intel AMT on page 14.
See About ASF on page 15.
See About DASH on page 15.
Table 1-1
Intel AMT, ASF, and DASH comparison
DASHASFIntel AMTFeature
Supports the networks
that include subnets.
Does not support
subnets.
Supports the networks
that include subnets.
Network
support
Supports the user name
and password
authentication,
encrypted
communications using
certificates.
Supports the Operator
and Administrator
Authentication Keys
authentication for
performing remote
power management
commands.
Supports the user name
and password
authentication, an
access control list, and
TLS encryption
(Enterprise mode only)
of communications.
Security
Based on an open
standard that is
developed through
DMTF.
Based on an open
standard that is
developed through
DMTF.
Non-standards based.Standards
Small to large
environments with
multiple options for
security.
Small to medium size
environments.
Small to large
environments with
multiple options for
security.
Intended
use
What you can do with Out of Band Management
Component
Out of Band Management Component helps you configure Intel AMT, ASF, or
DASH devices on the computers that support these technologies, so these
computers can be managed out of band.
See About Intel AMT tasks on page 17.
See About ASF tasks on page 17.
See About DASH tasks on page 18.
Introducing Out of Band Management Component
What you can do with Out of Band Management Component
16
About Intel AMT tasks
Out of Band Management Component lets you perform the following Intel AMT
tasks:
Discover Intel AMT capable computers.
Set up and configure computers with Intel AMT so that they can be managed
out-of-band by other Altiris solutions.
Define service configuration parameters for Intel SCS.
Create the profiles that define the setup and the configuration parameters for
Intel AMT, including wireless parameters.
Manage the list of valid PID-PPS keys that match what is to be installed on the
Intel AMT computers that await initialization.
Remotely set the host name, either detected automatically or entered manually,
for an Intel AMT network interface.
View and manage the entries that identify each Intel AMT computer that is
configured or not configured.
Remotely reset or re-configure Intel AMT computers, synchronize clocks,
change power-saving policies, and so on.
Control the list of users that have access to the Intel SCS console and to the
Intel AMT devices and the permissions they have.
For more information, see the Out of Band Management Component Implementation
Guide.
About ASF tasks
Out of Band Management Component lets you perform the following ASF tasks:
Discover ASF-capable computers.
Install the ASF management agent on the computers.
Collect ASF configuration inventory.
Configure the default connection, security, and remote power control settings
on client computers with ASF.
Configure the ASF alerts that can help you be more proactive in responding
to memory faults, temperature issues, hard drive warnings, chassis intrusion,
and so forth. These alerts help you fix issues before they become destructive.
For more information, see the Out of Band Management Component Implementation
Guide.
17Introducing Out of Band Management Component
What you can do with Out of Band Management Component
About DASH tasks
Out of Band Management Component lets you perform the following DASH tasks:
Discover DASH-capable computers.
Install the DASH management agent on the computers.
Collect DASH configuration inventory.
Configure connection and security settings on client computers with DASH.
For more information, see the Out of Band Management Component Implementation
Guide.
Where to get more information
Use the following documentation resources to learn and use this product.
Table 1-2
Documentation resources
LocationDescriptionDocument
http://kb.altiris.com/
You can search for the product name under
Release Notes.
Information about new features and
important issues.
This information is available as an article in
the knowledge base.
Release Notes
The Product Support page, which is
available at the following URL:
http://www.symantec.com/business
/support/all_products.jsp
When you open your products support page,
look for the Documentation link on the right
side of the page.
Information about how to install, configure,
and implement this product.
This information is available in PDF format.
Implementation Guide
The Documentation Library, which is
available in the Symantec Management
Console on the Help menu.
The Product Support page, which is
available at the following URL:
http://www.symantec.com/business
/support/all_products.jsp
When you open your products support
page, look for the Documentation link
on the right side of the page.
Information about how to use this product,
including detailed technical information and
instructions for performing common tasks.
This information is available in PDF format.
User Guide
Introducing Out of Band Management Component
Where to get more information
18
Table 1-2
Documentation resources (continued)
LocationDescriptionDocument
The Documentation Library, which is
available in the Symantec Management
Console on the Help menu.
Context-sensitive help is available for most
screens in the Symantec Management
Console.
You can open context-sensitive help in the
following ways:
The F1 key
The Context command, which is available
in the Symantec Management Console
on the Help menu.
Information about how to use this product,
including detailed technical information and
instructions for performing common tasks.
Help is available at the solution level and at
the suite level.
This information is available in HTML help
format.
Help
In addition to the product documentation, you can use the following resources to
learn about Altiris products.
Table 1-3
Altiris information resources
LocationDescriptionResource
http://kb.altiris.com/Articles, incidents, and issues about Altiris
products.
Knowledge base
http://www.symantec.com/connect
/endpoint-management-virtualization
An online magazine that contains best
practices, tips, tricks, forums, and articles
for users of this product.
Symantec Connect
(formerly Altiris Juice)
19Introducing Out of Band Management Component
Where to get more information
Introducing Out of Band Management Component
Where to get more information
20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71

Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 MR1 User manual

Category
Development boards
Type
User manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI