Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0 User manual

Brand: Symantec

Model: ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0

Type: User manual

This manual is also suitable for

REAL-TIME CONSOLE INFRASTRUCTURE 7.0 SP3

Altiris™ Real-Time Console

Infrastructure from

Symantec User Guide

Version 7.0 SP3

Altiris™ Real-Time Console Infrastructure from

Symantec User Guide

The software described in this book is furnished under a license agreement and may be used

only in accordance with the terms of the agreement.

Legal Notice

Symantec, the Symantec Logo, Altiris, and any Altiris or Symantec trademarks used in the

product are trademarks or registered trademarks of Symantec Corporation or its affiliates

in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use,

copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization of

Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,

ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL

OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED

IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software

as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19

"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in

Commercial Computer Software or Commercial Computer Software Documentation", as

applicable, and any successor regulations. Any use, modification, reproduction release,

performance, display or disclosure of the Licensed Software and Documentation by the U.S.

Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

http://www.symantec.com

Technical Support

Symantec Technical Support maintains support centers globally. Technical

Support’s primary role is to respond to specific queries about product features

and functionality. The Technical Support group also creates content for our online

Knowledge Base. The Technical Support group works collaboratively with the

other functional areas within Symantec to answer your questions in a timely

fashion. For example, the Technical Support group works with Product Engineering

and Symantec Security Response to provide alerting services and virus definition

updates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the right

amount of service for any size organization

■ Telephone and/or web-based support that provides rapid response and

up-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7

days a week basis

■ Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our web site

at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement

and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support

information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system

requirements that are listed in your product documentation. Also, you should be

at the computer on which the problem occurred, in case it is necessary to replicate

the problem.

When you contact Technical Support, please have the following information

available:

■ Product release level

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical

support web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the

following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please

contact the support agreement administration team for your region as follows:

[email protected]Asia-Pacific and Japan

[email protected]Europe, Middle-East, and Africa

[email protected]North America and Latin America

Additional enterprise services

Symantec offers a comprehensive set of services that allow you to maximize your

investment in Symantec products and to develop your knowledge, expertise, and

global insight, which enable you to manage your business risks proactively.

Enterprise services that are available include the following:

Managed Services remove the burden of managing and monitoring security

devices and events, ensuring rapid response to real threats.

Managed Services

Symantec Consulting Services provide on-site technical expertise from

Symantec and its trusted partners. Symantec Consulting Services offer a variety

of prepackaged and customizable options that include assessment, design,

implementation, monitoring, and management capabilities. Each is focused on

establishing and maintaining the integrity and availability of your IT resources.

Consulting Services

Education Services provide a full array of technical training, security education,

security certification, and awareness communication programs.

Education Services

To access more information about enterprise services, please visit our web site

at the following URL:

www.symantec.com/business/services/

Select your country or language from the site index.

Technical Support ............................................................................................... 3

Chapter 1 Introducing Real-Time Console Infrastructure ............... 9

About Real-Time Console Infrastructure ............................................ 9

Installing or upgrading the Real-Time Console Infrastructure product

........................................................................................... 10

Prerequisites for using Real-Time Console Infrastructure .................... 10

Where to get more information ....................................................... 11

Chapter 2 Using Real-Time Console Infrastructure ........................ 13

Collecting Intel AMT and DASH inventory ........................................ 13

Updating Intel AMT and DASH alert settings .................................... 14

Updating Intel AMT credentials ...................................................... 16

Updating Intel AMT settings .......................................................... 17

Turning on, off, and restarting computers out of band ........................ 19

Turning off computers in critical state ............................................. 21

Using the Restore State power action .............................................. 22

Configuring the port check settings ................................................. 23

Adding or removing custom views ................................................... 24

Chapter 3 About Real-Time Console Infrastructure pages ............ 25

About the Real-Time Home page ..................................................... 25

About the Select connection profile page .......................................... 25

Glossary ............................................................................................................... 27

Index .................................................................................................................... 29

Contents

Contents8

Introducing Real-Time

Console Infrastructure

This chapter includes the following topics:

■ About Real-Time Console Infrastructure

■ Installing or upgrading the Real-Time Console Infrastructure product

■ Prerequisites for using Real-Time Console Infrastructure

■ Where to get more information

About Real-Time Console Infrastructure

The Real-Time Console Infrastructure software provides the necessary

infrastructure for one-to-one real-time management using the Altiris™ Real-Time

System Manager and other Altiris software.

Also, Real-Time Console Infrastructure lets you perform one-to-many out-of-band

management tasks on a collection of computers that support ASF, DASH, or Intel®

vPro technology (Intel® AMT). You can perform the following out-of-band tasks:

■ Collect hardware inventory from client computers that support Intel AMT or

DASH.

You can collect inventory even if the computers are not turned on or if the

operating system is not running.

See “Collecting Intel AMT and DASH inventory” on page 13.

■ Configure the default Intel AMT connection, security, and remote power control

settings on the client computers.

See “Updating Intel AMT settings” on page 17.

■ Configure Intel AMT and DASH computers to send alerts.

Chapter

Alters can help you respond proactively to memory faults, temperature issues,

hard drive warnings, chassis intrusion, and so forth. Alerts help you fix issues

before they become destructive.

See “Updating Intel AMT and DASH alert settings ” on page 14.

■ Perform power management functions (all technologies).

For example, you can turn on a computer before you deliver a software package

or before you perform a remote BIOS management task.

See “Turning on, off, and restarting computers out of band ” on page 19.

Real-Time Console Infrastructure provides you with the following incident

resolution tools:

■ Port Check

See “Configuring the port check settings” on page 23.

■ Trace Route

You can access the tools from the Resource Manager or from any computer filter.

Installing or upgrading the Real-Time Console

Infrastructure product

Use Symantec Installation Manager to install or upgrade Real-Time Console

Infrastructure.

For more information on installing or upgrading products, see the Symantec

Management Platform Installation Guide.

Prerequisites for using Real-Time Console

Infrastructure

Real-Time Console Infrastructure lets you perform out-of-band management

tasks on the client computers with ASF, DASH, and Intel AMT. Before running

these tasks, you must configure your ASF, DASH, or Intel AMT-capable computers.

Use Altiris™ Out of Band Management Component to discover and configure client

computers with ASF, DASH, and Intel AMT for out-of-band management.

For more information, see the Out of Band Management Component Implementation

Guide.

See “Where to get more information” on page 11.

Introducing Real-Time Console Infrastructure

Installing or upgrading the Real-Time Console Infrastructure product

Where to get more information

Use the following documentation resources to learn and use this product.

Table 1-1

Documentation resources

LocationDescriptionDocument

http://kb.altiris.com/

You can search for the product name under

Release Notes.

Information about new features and

important issues.

This information is available as an article in

the knowledge base.

Release Notes

■ The Documentation Library, which is

available in the Symantec Management

Console on the Help menu.

■ The Product Support page, which is

available at the following URL:

http://www.symantec.com/business

/support/all_products.jsp

When you open your product’s support

page, look for the Documentation link

on the right side of the page.

Information about how to use this product,

including detailed technical information and

instructions for performing common tasks.

This information is available in PDF format.

User Guide

The Documentation Library, which is

available in the Symantec Management

Console on the Help menu.

Context-sensitive help is available for most

screens in the Symantec Management

Console.

You can open context-sensitive help in the

following ways:

■ The F1 key

■ The Context command, which is available

in the Symantec Management Console

on the Help menu.

Information about how to use this product,

including detailed technical information and

instructions for performing common tasks.

Help is available at the solution level and at

the suite level.

This information is available in HTML help

format.

Help

In addition to the product documentation, you can use the following resources to

learn about Altiris products.

11Introducing Real-Time Console Infrastructure

Where to get more information

Table 1-2

Altiris information resources

LocationDescriptionResource

http://kb.altiris.com/Articles, incidents, and issues about Altiris

products.

Knowledge base

http://www.symantec.com/connect

/endpoint-management-virtualization

An online magazine that contains best

practices, tips, tricks, forums, and articles

for users of this product.

Symantec Connect

(formerly Altiris Juice)

Introducing Real-Time Console Infrastructure

Where to get more information

Using Real-Time Console

Infrastructure

This chapter includes the following topics:

■ Collecting Intel AMT and DASH inventory

■ Updating Intel AMT and DASH alert settings

■ Updating Intel AMT credentials

■ Updating Intel AMT settings

■ Turning on, off, and restarting computers out of band

■ Turning off computers in critical state

■ Using the Restore State power action

■ Configuring the port check settings

■ Adding or removing custom views

Collecting Intel AMT and DASH inventory

You can collect the hardware and the configuration inventory even if the

computers are turned off. The inventory is stored in the NVRAM of properly

configured Intel AMT and DASH computers.

See “Prerequisites for using Real-Time Console Infrastructure” on page 10.

Chapter

To collect Intel AMT or DASH inventory from a client computer

In the Symantec Management Console, on the Manage menu, click Jobs and

Tasks.

In the left pane, click System Jobs and Tasks > Real-Time Console

Infrastructure > Get Out-of-Band Inventory.

Run the task one time or on a schedule.

For more information, view topics about running and scheduling tasks in the

Symantec Management Platform Help.

Choose a connection profile that is configured with correct Intel AMT or

DASH credentials.

For more information, view topics about connection profiles in the Symantec

Management Platform Help

To view the Intel AMT or DASH inventory for a client computer

Open the Resource Manager for a computer by double-clicking on a specific

resource that is found in a filter.

For more information, view topics about the Resource Manager in the

Symantec Management Platform Help.

On the View menu, click Inventory.

In the tree view pane, expand the Real-Time Console Infrastructure folder

and select an inventory data class.

Updating Intel AMT and DASH alert settings

Intel AMT and DASH alerts can help you be more proactive in responding to

memory faults, temperature issues, hard drive warnings, chassis intrusion, and

so forth. These alerts help you fix issues before they become destructive.

The Update Out-of-Band Alert Settings task lets you remotely update the Intel

AMT and DASH alert settings on properly configured client computers with Intel

AMT or DASH.

You can configure the following alert settings:

■ Where to send the alerts.

■ Which alerts to send.

■ Which alerts to log.

You can run this task even on the computers that are turned off.

Using Real-Time Console Infrastructure

Updating Intel AMT and DASH alert settings

This task also lets you configure the SNMP traps destination address for computers

with ASF. However, this functionality is performed in-band, through the WMI

connection. The ASF-capable computer must be turned on with a Microsoft

Windows operating system running.

See “Prerequisites for using Real-Time Console Infrastructure” on page 10.

To update Intel AMT and DASH alert settings

In the Symantec Management Console, on the Manage menu, click Jobs and

Tasks.

In the left pane, click System Jobs and Tasks > Real-Time Console

Infrastructure > Update Out-of-Band Alert Settings.

Under Subscription settings, enter the SNMP server’s IP address. This value

is applied to computers with Intel AMT and ASF.

By default, the task is configured with the Notification Server computer’s IP

address. In this case, Event Console (a component of Notification Server),

accepts and displays the SNMP events that the client computers send.

For more information, view topics about alert management in the Symantec

Management Platform Help.

Enter the SNMP community string.

Example: public

Enter the destination URI for DASH alerts.

By default, the value is set to the Notification Server’s Web service event

listener, which is part of the Pluggable Protocol Architecture component:

http://<Notification Server IP>/Altiris/WSEL/wsel.aspx

Currently, DASH does not support sending alerts through an HTTPS

connection. If your Notification Server is installed on a secure Web site,

configure the wsel.aspx file so that it can be accessed through HTTP.

Select the DASH alerts delivery mode.

Choose from the following options:

The DASH client computer does not verify if the event

listener accepted the alert.

Push

The DASH client computer verifies if the event listener

accepted the alert. If no reply is received from the event

listener, the client computer can unsubscribe this particular

event filter (vendor dependent).

Push with acknowledge

15Using Real-Time Console Infrastructure

Updating Intel AMT and DASH alert settings

Under Select and configure event filters, click Add, select the alerts that you

want to configure with the task, and then click OK.

Under Select and configure event filters, select one or more alerts, and, on

the Actions menu, select what you want to do with this alert.

Choose from the following options:

Activate the alert. When alert triggers, a message is sent to the

destination address that you configured in the Subscription

settings section.

Deactivate the alert, but do not remove it from the memory.Unsubscribe

Remove the alert from the client computer’s memory and

reclaim space.

Remove from client

Sometimes the client computer does not have enough free space to fit all of

the alerts that you configured. To allow partial alert subscription, check Allow

partial alert application.

To remove all previous alert subscriptions from the client computer and

reclaim space before applying new subscriptions, check Remove 3rd party

filters and alert subscriptions.

Click Save Changes.

Run the task one time or on a schedule.

For more information, view topics about running and scheduling tasks in the

Symantec Management Platform Help.

Choose a connection profile that is configured with correct Intel AMT, DASH,

or WMI credentials.

For more information, view topics about connection profiles in the Symantec

Management Platform Help

Updating Intel AMT credentials

You can update Intel AMT administrative credentials on properly configured

client computers with Intel AMT. The credentials you update with this task are

used for Intel AMT remote access. This task does not update the MEBx credentials,

which are used to access the Intel AMT device locally.

For more information on Intel AMT credentials, see the Out of Band Management

Component Implementation Guide.

See “Prerequisites for using Real-Time Console Infrastructure” on page 10.

Using Real-Time Console Infrastructure

Updating Intel AMT credentials

Warning: After you change administrative credentials on the client computer, it

is possible that you cannot connect to the computer using the runtime credentials

any more. This happens because the task does not update the Intel AMT runtime

credentials that are stored in the Intel AMT database.

You can create Intel AMT credentials manually and use them to connect.

For more information, view topics about credential manager in the Symantec

Management Platform Help.

To update Intel AMT credentials

In the Symantec Management Console, on the Manage menu, click Jobs and

Tasks.

In the left pane, click System Jobs and Tasks > Real-Time Console

Infrastructure > Update Intel AMT Credentials.

Under IntelAMTCredentials, enter new Intel AMT administrative credentials.

Click Save changes.

Run the task one time or on a schedule.

For more information, view topics about running and scheduling tasks in the

Symantec Management Platform Help.

Choose a connection profile that is configured with correct Intel AMT

credentials.

For more information, view topics about connection profiles in the Symantec

Management Platform Help

Updating Intel AMT settings

You can update the configuration and the network settings of the Intel AMT device

on properly configured client computers with Intel AMT. Also, you can unconfigure

the Intel AMT device.

For more information on Intel AMT configuration, see the Out of Band Management

Component Implementation Guide.

See “Prerequisites for using Real-Time Console Infrastructure” on page 10.

To update Intel AMT settings

In the Symantec Management Console, on the Manage menu, click Jobs and

Tasks.

In the left pane, click System Jobs and Tasks > Real-Time Console

Infrastructure > Update Intel AMT Settings.

17Using Real-Time Console Infrastructure

Updating Intel AMT settings

Select which Intel AMT features you want to allow.

You can use this web-based interface for direct remote

management and maintenance of Intel AMT devices.

When enabled, you can access the Intel AMT

management console using the following URL:

http://<Intel_AMT_computer_name>:16992 (or port

16993 for Intel AMT computers configured in secure

mode).

Web user interface

This feature is also known as Serial-over-LAN. It is

used to manage an Intel AMT computer remotely by

encapsulating keystrokes and character display data

in a TCP/IP stream.

Task progress window and

remote control

This feature is also known as IDE-Redirection. It

remotely enables, disables, formats, or configures

individual floppy or IDE CD drives. It also reloads

operating systems and software from remote locations.

Redirect to optical/floppy

drive or image on a server

Define the network settings.

Check if you want the Intel AMT device to respond to a ping.Respond to ping

If a VLAN is used, set the VLAN ID, which is used to distinguish

between different VLANs.

Warning: Be careful when configuring the VLAN value. If the

value is incorrect, the Intel AMT device is not accessible.

Use tagged VLAN

Click Save changes.

Run the task one time or on a schedule.

For more information, view topics about running and scheduling tasks in the

Symantec Management Platform Help.

Choose a connection profile that is configured with correct Intel AMT

credentials.

For more information, view topics about connection profiles in the Symantec

Management Platform Help

Using Real-Time Console Infrastructure

Updating Intel AMT settings

To unconfigure Intel AMT devices

In the Symantec Management Console, on the Manage menu, click Jobs and

Tasks.

In the left pane, click System Jobs and Tasks > Real-Time Console

Infrastructure > Update Intel AMT Settings.

Check Unconfigure Intel AMT and select the unconfiguration method and

the Intel AMT mode to set after unconfiguration.

Choose from the following options:

Removes all Intel AMT settings except for administrative user credentials

and PID-PPS pairs. After partial unconfiguration is complete, the Intel AMT

client computer starts sending configuration requests to the setup and

configuration server (Intel SCS). The computer is not available for

management through the Intel AMT interface until it is configured again

by Intel SCS.

Partial

Removes all settings from the Intel AMT device. You must initialize, set up,

and configure the device again.

If you click this option, you can also select a Small Business or Enterprise

configuration model to set after unconfiguration is complete.

Full

For more information on the Intel AMT initialization, setup, and configuration,

see the Out of Band Management Component Implementation Guide.

Click Save changes.

Run the task one time or on a schedule.

For more information, view topics about running and scheduling tasks in the

Symantec Management Platform Help.

Choose a connection profile that is configured with correct Intel AMT

credentials.

For more information, view topics about connection profiles in the Symantec

Management Platform Help

Turning on, off, and restarting computers out of band

You can manage the power state of client computers remotely using WMI, Intel

AMT, ASF, and DASH technologies.

For example, you can turn on computers before delivering a software package.

Or you can turn off the computers that have sent critical SNMP alerts to

Notification Server.

19Using Real-Time Console Infrastructure

Turning on, off, and restarting computers out of band

See “Turning off computers in critical state” on page 21.

Real-Time Console Infrastructure always tries to do a graceful Reboot/Reset and

Power Off through the WMI first. If the WMI operation fails, the Power Off,

Reboot/Reset, and Restore State actions perform a hard shutdown (losing all

unsaved data) through ASF, DASH, or Intel AMT. To perform a hard shutdown,

the target computers must support and be properly configured to use these

technologies.

See “Prerequisites for using Real-Time Console Infrastructure” on page 10.

To manage the power state on the client computers

In the Symantec Management Console, on the Manage menu, click Jobs and

Tasks.

In the left pane, click System Jobs and Tasks > Real-Time Console

Infrastructure > Power Management.

Under Power action, select the power action to execute.

Choose from the following actions:

Turns on the target computers using the out-of-band

management technology (ASF, DASH, or Intel AMT)

that the target computer is configured to use.

Power On

Attempts to turn off the target computer through WMI.

If WMI fails, a hard shutdown is performed using one

of the out-of-band management technologies.

Power Off

Attempts to restart the target computer through WMI.

If WMI fails, a hard reset is performed using one of the

out-of-band management technologies.

Reboot/Reset

You can use this power action when you include the

power management task in a job. This power action

lets you restore the power state that you changed by

running another power management task earlier in

the job.

For example, you can run the Power On action, and

later in the job, you can run the Restore State action.

The latter turns off the computers that were turned

off, but the computers that were turned on stay turned

on.

You cannot use this power action in a standalone task.

See “Using the Restore State power action ” on page 22.

Restore State

Using Real-Time Console Infrastructure

Turning on, off, and restarting computers out of band

Page is loading ...

Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0 User manual

Brand: Symantec

Model: ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0

Type: User manual

This manual is also suitable for

REAL-TIME CONSOLE INFRASTRUCTURE 7.0 SP3

Download PDF

report

Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0 User manual

This manual is also suitable for

Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0 User manual

Related papers

Other documents