LANDesk Management Suite 8.6

LANDesk Confidential

LANDesk Usergroup Konferenz14. September 2005

Detlef LükeTechnical Consultant

Product Overview

What´s New ?LANDesk Advance AgentLANDesk Management Gateway Enterprise management over Internet

Software Distribution EnhancementsIntel AMT Support Effective and efficient asset management leveraging Active Management

Technology from Intel®.

Local Account ManagementRBA Active Directory integrationNew Reporting / -ModulePlatform Support Expanded Linux Support Expanded Macintosh Support

LANDesk Advance Agent

What is the Advance Agent ?

A robust, bandwidth aware, boot/install agent

Used to install a standard agent

Based on existing LANDesk technologies

It is not a replacement for the Standard Agent

Leveraging Existing Technology

The Existing LANDesk Agent Can Give way to non-LANDesk network traffic Use a percentage of the available bandwidth Get packages from other LANDesk clients Detect connection speed Carry on file copy from last point

Why not use the same approach to deploying the agent? In Management Suite 8.6 this is what the Advance Agent does

Advance Agent - Features

Based on the HTTPCopy Utility Restartable copying Bandwidth control

- A maximum bandwidth can be specified that will not be exceeded during the copy operation.

Additionally it can Run as a service Handle authentication to http location Detect presence of http location to restart file copy Send status messages Use Task completion

Deploying the Advance Agent

Deploy to Unmanaged Device Just like the Standard Agent Relies on RPCs

Group Policy The small size of the agent makes this feasible Configure Group Policy Slow Link Threshold

Logon Scripts

E-Mail or media

LANDesk Management Gateway

Customer “Pain Points”

Need to Manage users outside of the corporation without “Punching Holes” in

firewall

Dial up connections are to slow, but purchasing a

VPN (Virtual Private Network) solution is too expensive

Distributed sites which due to the small size,

temporary nature or limited local communication availability the only connection available is an internet link

Management across the internet without compromising the

security of the end point or my corporate infrastructure

“RFP for the State of South Carolina, one of the key requirements was to distribute software securely to end points over the Internet” *State of South Carolina

“Displace the costs of a VPN project for all 300+ of their restaurants, and give them management capability, this would easily build the case for

using LANDesk versus another tool” *Outback Steakhouse

“Displace the costs of a VPN project for all 300+ of their restaurants, and give them management capability, this would easily build the case for

using LANDesk versus another tool” *Outback Steakhouse

“Asked if there is way to utilize the ISS pro technology with a core server and give end point management to nodes over DSL, and Cable modem connections . A 40,000 node opportunity that has end points that require management through the Internet cloud.”*Sales Opportunity Yellow Region

“Most of their nodes are outside of their network and they have been looking for this solution for a few years, If this functionality was available now I would have a check to give you right now” *David Weekley Homes

“How it works”Example: Outlook Web Access

Perimeter Firewall

Personal Firewall

LANDesk Corporation

LANDesk Laptop

“LANDesk Gateway”

Managed Devices

Personal Firewall

Perimeter Firewall

LANDesk Core Server

• Enables communication through firewalls and proxy servers

• Does not require a VPN infrastructure• Brokers connections and provides

authentication• SSL encrypted

Supported LANDesk Client Features

Inventory gathering Hardware Software

Software License Monitoring

On Demand Remote Control features Remote Keyboard, Video, and

mouse control File Transfer Chat Remote Execute Screen Draw Reboot

Software distribution Policy based (Client pulls down

Security functions Patch Management Spyware Management Security Threats Custom Definitions Blocked Applications LANDesk Updates Connection Control Anti-Virus Enforcement

Benefits

Allows Management of devices without traditional network boundary restrictions

Gives access to remote computers Without investing in expensive point to point WAN infrastructure Access to computers over T-1, DSL/Cable, or Dial-up

Give remote devices access to LANDesk’s most popular features Including Remote Control, Software Distribution, Inventory, Software

License Monitoring

Requires minimal hardware investment

Business Scenario

Request to Core server as xml sent via httpGateway

Core Server

ClientClient

Customer A

Customer B

Gateway MachineRuns on LDLinux LANDesk’s own Linux distribution based on the Linux 2.6 Kernel.

Minimal Operating SystemMinimum Hardware Requirements P4 Processor (dual processors supported) 1 GB RAM IDE disk drive (SCSI, SATA supported. Hardware RAID is not supported) VGA Video High Speed NIC (100 mb or Gigabit) Bootable CDROM Keyboard (mouse not required)

Private IP ranges and unneeded ports blockedRoot account is disabled Admin account is created with strong password requirements

Gateway runs as a web service Custom built LANDesk proprietary web service (not Apache).

Configuration performed through web browser

Gateway

Gateway Client

Uses CBA8 “Unified Pipe” architecture. Ensures that all agents communicate using same processes and

protocols.

Uses an http based Proxy Host.

Agent Component (example: LDISCN32.EXE)

HTTP Proxy Agent

Core Server

Gateway

The agent component is launched.

With the Gateway Client installed, the communication in sent to the Proxy agent.

The proxy agent determines where to send the communication; either to the core or thru the Gateway. The decision process is configurable through the BrokerConfig utility.

Gateway Client: Secure Access

Security is needed since Gateway is built for access over public network.Certificate based security.BrokerConfig.exe used to initiate authentication to core server through gateway.Once authenticated certificate from core is given to client.Certificate can be blocked if needed.

Core to Gateway Communication

Uses a reverse proxy agent on Core Translates requests and processes them As though they were locally connected.

Keeps a minimum of six connections opened To receive communication from the Gateway.

Validates communication by examining client certificate.

Request to Core server sent via http

Gateway

Core Server

LANDesk Software Distribution

Private and Public Ownership

Packages and Delivery Methods are now organized with ownership similar to Queries.

Both can be made publicly available or added to users by the Administrator.

Private packages can use dependencies. Dependency must be a public

package

Multiple Queries Added to Target

Simple as dragging and dropping of queries.

Queries are not processed till task is executed. Task properties will show queries in the Target Devices window.

Code has been changed to ensure tasks run efficiently

Even though queries have been added as targets, the list of targets is zero. This is because the queries have not been run. Queries on run when the task is executed.

Linux Distribution Packages Added

Supports only RPM packages

Uses a RPM command line format to install the packages.

RPM files must be downloaded through a web share (MS/Samba shares are not supported).

Database Macro Parameters

Allows you to retrieve values from the device’s database entries and pass them as command line parameters.

Useful for Distribution Packages based on Batch files or Executables.

Reporting

What's New in Reporting

Redesigned from the ground up

Integrated report design tool(“Create your own reports using the LANDesk Report Designer”)

Reports can be filtered by user scope and e-mailed

Ad-hoc reporting added

Types of Report

Ad-Hoc Reports “View as Report” Option

Standard Reports Cover all aspects of Management Suite

User Defined Based on Inventory Query Report Designer Tool

What are Ad-Hoc Reports ?

Ad-Hoc reports provide a snapshot

Report contains same information as screen

Column Sets may be applied

No need to define a query

Useful for producing system documentation

Not always available i.e. Unmanaged Device

Discovery

Generating Ad-Hoc Reports

Select a Component: Network View Users Software and Patch Manager etc.

Right Click “View as Report”

View the Report

Export if desired Select a format such as PDF,

HTML or RTF

Print if desired

What are Standard Reports?

Predefined Reports Built-in Arranged by Component May not be Customised

Support Different Output Formats such as PDF HTML RTF

Working with Standard Reports

Tools | Reporting / Monitoring | Reports

Browse and select a report

Right click and select from: Run – Generates a report now Publish – Options for location and format Schedule Publish – Creates a scheduled task Group Membership – Displays other groups containing report Copy – Copy a Report to Paste into another Group

Platform Support

Linux Support

Linux Version support Redhat 3, SuSe 9, Mandrake 10.1

Hardware Platforms X86

LANDesk Products supporting Linux LANDesk Server Manager (Redhat, SuSe) LANDesk Management Suite (Redhat, SuSe, Mandrake) LANDesk Security Suite (Redhat, SuSe)

Features Common Base Agent

- Remote Execute- File Transfer- Power Off & Reboot

Inventory- Hardware & Software

Automated Agent Deployment Software Distribution

- RPM Distribution Patch Management

- Vulnerability scanning- Redhat & SuSe

Mac OS Support

Mac OS Version support Mac OS 9.22 Mac OS X 10.2.x, 10.3.x, 10.4

Hardware Platforms G3, G4, G5

LANDesk Products supporting Mac OS X LANDesk Management Suite LANDesk Patch Manager

New Features Mac OS X 10.4 support (Tiger) Safari browser supported for Web console (Tiger only) OS Deployment

- Profile migration

- Bare-metal provisioning

Role-based Administration(Active Directory Integration)

leverages your existing IT investment in Active Directory for assignment of roles (rights) in the Management Suite console

No longer required to build/replicate your existing Active Directory structure in the management console users tool

View Active Directory structures within the Management Suite console

Assignment of LANDesk rights to Active Directory groups or organization units

Supports rights inheritance

Local Account Management from LDMS Console

Account & group management for customers without Active Directory

Ability to reset local passwords real-time

Manage local users and groups with real-time access

Add, rename, remove, and edit local users and groups

Reset passwords

Local account management information is associated with system inventory for queries & reporting

Keyboard Mapping in RC RC machines with different Locale Setting

Fragen ?

Applaus !

LANDesk Management Suite 8.6

landesk management suite

existing landesk agent

landesk clients

management of devices

management capability

standard agent

end point management

advance agent features

Technology

LANDesk Security Suite 9

LANDesk Management Suite 9 - Tufts University...INTRODUCTION...

LANDesk® Management Suite 8, V8.6.1 Security - Common...

SESSION 2017 - Ministère de l'Intérieur · La plupart des...

LANDesk Management Gateway - Abbott...

LANDesk Servicxe Desk Suite Administrator Guide

LANDesk Software Confidential 2012 Secure Your Data More...

Dell Hardware Instrumentation Package v2.2 LANDesk Server

LANDesk User Guide

Symantec Altiris – Landesk – Novell...

LANDESK ITAM Review Tools Day Presentation 2015

LANDesk Endpoint Security Audit 2.5 Danny Huang LANDesk Jan....

April WebEx Intel ® Active Management Technology (AMT)...

Landesk and Albert: Empowering Enterprise Customers

LANDesk Management Suite 8.6 Understanding Batch File

Integration and Automation Possibilities of LANDesk...