baramundi Management Suite 8.9 | Release Notesdesbrq3.n-con.net/Baramundi/Management Suite/RelNotes_en.pdf · Page 3 / 48 Release 8.9 | Release Notes 1 Overview Dear Reader, baramundi

www.baramundi.com Page 1 / 48

Release 8.9 | Release Notes

Entwurf #3

vom 12.04.2013

intern / vertraulich!

IT management – simply clever

baramundi

Management Suite 8.9 | Release Notes



Release Notes for the baramundi Management Suite 8.9

TABLE OF CONTENTS

1 Overview ......................................................................................................................... 3

2 Release 8.9 ..................................................................................................................... 4

2.1 Mobile Device Management ................................................................................. 4

2.2 Server Side Actions ............................................................................................ 16

2.3 Miscellaneous .................................................................................................... 21

3 Release 8.8 ................................................................................................................... 24

3.1 Mobile Devices ................................................................................................... 24

3.2 License Manager Role ....................................................................................... 24

3.3 Correction for secure wipe of hard discs............................................................. 25

3.4 Job execution on shutdown ................................................................................ 25

3.5 Improvements for Managed Software ................................................................. 26

3.6 Miscellaneous .................................................................................................... 26

3.7 Changes in version 8.8 (8.8.0.0) ........................................................................ 27

3.8 Changes in version 8.8 SP1 (8.8.1.0) ................................................................. 29

3.9 Changes in version 8.8 SP2 (8.8.2.0) ................................................................. 30

4 Release 8.7 ................................................................................................................... 35

4.1 Energy Management .......................................................................................... 35

4.2 Improvements for baramundi Remote Control .................................................... 35

4.3 Automation Studio / baramundi Deploy Script .................................................... 35

4.4 DIPSync ............................................................................................................. 36

4.5 Miscellaneous .................................................................................................... 36

5 Installation ..................................................................................................................... 38

5.1 Supported operating systems ............................................................................. 38

6 Update specialties ......................................................................................................... 40

6.1 Update from version 8.5 ..................................................................................... 40




7 Limitations and known problems ................................................................................... 43

7.1 Operating systems ............................................................................................. 43

7.2 Mobile Devices ................................................................................................... 44

7.3 Miscellaneous .................................................................................................... 44

8 Appendix ....................................................................................................................... 47

8.1 Glossary ............................................................................................................. 47

8.2 Table of figures .................................................................................................. 47



1 Overview

Dear Reader,

baramundi Management Suite extends its support for several mo-

bile platforms and thus follows the trend of the consumerization of

IT, where most notably those operating systems and form factors

enter into business live, that are preferred by consumers. With this

strategy we can ensure, that the administrator can manage all pop-

ular platforms – today and in future - with a single integrated man-

agement suite. Beginning with this release Windows Phone 8 is sup-

ported as well.

New challenges arise especially for mobile devices, when compliance with

internal regulations needs to be monitored and enforced. Compliance

dashboards help the administrator to get his job done and save time by giv-

ing him full transparency with just a mouse click.

Furthermore we introduce an extension, called “server side actions”. It introduces a new job

step type to run management tasks for the client on the management server. This allows the

administrator to implement special requirements and increases the level of automation in his

network, even for non-Windows-clients with or without management agent.

This document describes both the highlights and further enhancements of version 8.9. In ad-

dition to this you will also find details of preceding releases.

Now, please enjoy your reading of the newest highlights of version 8.9. For questions please

don’t hesitate to get in contact with baramundi’s product management by sending your email

to [email protected].

Armin Leinfelder

Product Management

© 2013 baramundi software AG

The content of this document is subject to change without notice.

Statements concerning technical features are not binding and are for information only.

DocID: BMS-080900-RN-130614-EN

mailto:[email protected]



2 Release 8.9

2.1 Mobile Device Management

2.1.1 Compliance Management

Regulatory compliance includes both organizational guidelines and technical rules.

Compliance management describes the methods and means to measure the level of com-

pliance as well as to increase and maintain it.

The following guidelines and compliance violations, can be monitored simply and elegantly as

of version 8.9:

Manipulation of the firmware (Jailbreaks and Rooting)

Missing of required apps

Existence of unwanted apps

Erroneous configuration

2.1.2 Compliance Dashboard

In version 8.9 the administrator can click onto the navigation tree node Mobile Devices

Compliance to get to the Compliance Dashboard to view the compliance of all managed mobile

devices.

Figure 1 – Compliance Dashboard for mobile devices



Using this dashboard, the administrator or IT manager can get a quick overview of the compli-

ance status of the mobile devices and quickly navigate - by means of drill-down - to those

devices that do not comply with the policies of the company.

The diagrams show the following pieces of information:

Distribution of devices by compliance level

Top 5 number of violations by device

Top 5 number of violations by rule

History of devices with rule violations

Distribution of durations for remediation of rule violations within the last three months

Compliance levels are distinguished between “compliant”, “light violation”, “medium violation”,

“severe violation” and “unknown”. The state “unknown” is used for devices that have not re-

ported for a longer while.

Figure 2 – Compliance over all devices

The compliance distribution over all devices

shows IT managers at a glance the distribu-

tion of severity. Hopefully a large amount of

green characterizes all devices that comply

with all rules. The yellow to red colors on the

other hand, indicate light to severe viola-

tions, in which at least one rule for each de-

vice is violated. Furthermore devices with

missing information must be kept in mind.

Another view of the IT environment provides

the listing of five rules with the most viola-

tions. Thus all associated regulations can be

identified that need to be communicated in

more detail within the company. The

knowledge of the number and severity help

the administrator to focus on the key compli-

ance issues and thus optimize the pro-

cessing sequence.

Figure 3 – Number of violations by rule



Figure 4 – Number of violations by device

Alternatively, it might be more efficient to

concentrate on those devices that violate the

highest number of rules. In the device ori-

ented view, the count of violations is shown

in addition to the most severe violation, indi-

cated by the according color. The adminis-

trator then knows to which employee he

needs to talk to first about compliance.

2.1.3 Compliance Rules

With baramundi Mobile Devices different types of rules can be configured and managed in

order to continuously monitor compliance with the individual security policies of an enterprise.

Figure 5 – Compliance Rules



The creation of a new rule is guided by a wizard and requires no programming or scripting.

Using the dialog pages, the rules can be adjusted by parameters to the enterprise’s regula-

tions.

Figure 6 – Definition of Compliance Rules

2.1.4 Compliance Violations

A detailed overview of all compliance violations is provided by an interactive table view.

Figure 7 – Table View of all Compliance Violations

This view enables the administrator to sort violations by different criteria such as severity or

rule type. After that he can react to violations in the most appropriate sequence. Even recently

resolved incidents can be tracked within this view for a preconfigured period of time.



2.1.5 Options to respond

The continuous detection of rule violations is already a significant ease of work for the admin-

istrator. This is a prerequisite for all correcting activities. The baramundi Management Suite

leaves it to the IT manager whether violations shall be handled in an interactive way driven by

the administrator or the system shall take action immediately after an incident is recognized.

Figure 8 – Configuration of a Rule with automated Reaction in case of violation

For instance, the Exchange-profile (e-mail) and therefore access to internal company data can

be withdrawn from the user’s device, if unauthorized apps have been detected. In case of

severe violations, such as jailbreaks, an automated remote wipe could be triggered.



2.1.6 Self Service with baramundi Mobile Agent

Besides the well-known enrollment functionality baramundi Mobile Agents now offer self-ser-

vice functionality to the end user on all three supported mobile platforms. This includes a kiosk

and compliance check.

Figure 9 – baramundi Mobile Agent

Self-service capabilities ena-

ble the end user at any time –

even beyond regular office

hours – to resolve simple

tasks by himself. Another pos-

itive side-effect is time saving

for the administrator and

helpdesk staff by reducing the

number of calls and the pro-

cessing of routine tasks.

2.1.7 My Compliance Check

It is not only the administrator who is interested in the com-

pliance level of all managed devices. The end user should

also be enabled to get an instant overview of compliance

issues of his own device.

With help of the compliance check functionality – available

in all baramundi Mobile Agents – this is easily possible at

any time. Appling the identical rules from within the man-

agement suite, finally provide a consistent view of the cur-

rent status for both the administrator and the end user.

The agent for example lists critical firmware manipulations

(jailbreaks) and unwanted apps (on the blacklist). Being

aware of these compliance violations helps the end user to

correct these issues by himself immediately and thus

restore full compliance.

Figure 10 – Compliance Check



2.1.8 Welcome to the Kiosk

Kiosk functionality is now available in baramundi Mobile Agents for all supported platforms.

This enables the end user, to help himself quick and easily by using predefined management

jobs from the administrator.

Figure 11 – Kiosk on iPad, iPhone, Windows Phone and Android

The kiosk is suitable for example to provide a selection of apps from the public App Store as

well as corporate apps from the company for installation to the end user. This supports the

idea of app whitelisting in an elegant way: The organization instructs the employees to only

install those Apps that are included on the kiosk’s list and thus comply with corporate regula-

tions.



2.1.9 Support for Windows Phone 8

Beginning with version 8.9 the baramundi Mobile Device

module supports Windows Phone 8 smartphones.

The set of management functionality leverages Microsoft’s

MDM features for that platform and adds even more useful

functions within the baramundi Mobile Agent for Windows

Phone 8. This offers more capabilities for the administrator

and also for the end user by providing an easy to use and

modern interface to access self-service functions.

baramundi Mobile Devices thus enables the administrator

to manage even consumer-oriented platforms such as the

Windows Phone 8 in a professional manner. A detailed list

of available features in shown in section 2.1.10.

Especially the seamless integration with the Windows App

Store accelerates the selection and deployment of apps for

both the IT staff by (optional) automatic assignment during

enrollment and for end users by advertising apps in the

kiosk.

Figure 12 – baramundi Mobile Agent for Windows Phone 8

Figure 13 – Windows Apps Store Integration



2.1.10 Technical Infrastructure for each Platform

No matter which platform – Apple iOS, Google Android or Microsoft Windows – the baramundi

Mobile Devices solution (bMD) unifies the management in an integrated Client and Mobile

Device Management Suite by leveraging the different means of communication, that each of

the platform vendors provides.

Apple and Google offer Notification Services in der Cloud that assist the bMD service to notify

the mobile devices (1) – (2). After that, the device contacts its assigned management server

(3).

Windows Phones (and optionally also Android devices) can stay connected with the bMD

server by using a direct polling mechanism.

Figure 14 – Communication technologies by platform

Even though on platforms like Apple the „Notification Services“ of the provider need to be used

to trigger the mobile device, it is always ensured that all subsequent user data is sent directly

from the management server (and its gateway) to the end user device and vice versa. This

means that it is not redirected over any services in the cloud.



2.1.11 Overview: Management Features by Platform

The following table gives an overview of all management capabilities for mobile devices by

platform.

2.1.11.1 Enrollment

During enrollment the mobile devices

get registered on the baramundi

Management Server for future admin-

istration. This is done via network con-

nection, either WIFI or mobile data

connection.

For security reasons baramundi

Mobile Devices uses HTTPS protocol

for enrollment over network and one

time passwords or authentication via

Active Directory.

Figure 15 – Enrollment by QR-Code

Enrollment Apple iOS Android Win Phone 8

Enrollment either via intranet or internet x / x x / x x / x

Enrollment with application p x x

Security through one time password /

Active Directory Authentifizierung

x / p x / p x2 / x1

x: available p: planned for later release na: not applicable

1 Native Windows Enrollment

2 Enrollment by baramundi Mobile Agent



2.1.11.2 Security

As of this release monitoring the device’s security status is now capable to detect manipula-

tions of the firmware. For iOS devices a jailbreak detection is available, for Android devices

the system checks if they have been rooted.

Security Apple iOS Android Win Phone 8

Remote Lock / Unlock / Wipe / SD Wipe x / x / x / na x / - / x / x x / x / x / -

Setting of PIN code and –complexity x x x

Jailbreak or root detection [new] x1 x na

Activation of device encryption (iOS)2 x3 x


1 Jailbreak detection requires the installation of the baramundi Mobile Agent on the device

2 On iOS device encryption is a feature of the operating system

3 Android optionally provides encryption as of version 4.0

2.1.11.3 Inventory

Basic functionality of inventory for both hardware and software is provided on all of the three

platforms. More advanced features depend on the according MDM capabilities of each oper-

ating system.

Inventory Apple iOS Android Win Phone 8

Hardware information x x x

Installed apps x x x

Configured restrictions x1 na na

Installed profiles or configuration x x na

Installed certificates x na -

SIM information x x na

Roaming status x p na

Security settings x x na

Last contact / last position x / p x / p x / na


1 Restrictions according to the possibilities of Apple’s iPhone Configuration Utility



2.1.11.4 Software Deployment and Configuration

The baramundi Mobile Agent offers kiosk functionality that enables the end user to launch

predefined jobs from the administrator by himself. This provides self-services such as installing

store apps or enterprise apps.

Software Deployment and Configuration Apple iOS Android Win Phone 8

Installation with or w/o user confirmation x / na x / p4 x / x6

Uninstallation with or w/o user confirmation - / x1 x / p4 na / na

Installation from App Store x na x

Support for Apple Volume Purchase Program x na na

Installation / uninst. with inactive App Store x2 / x na / na na / na

Installation of corporate Enterprise-Apps x x x

Update of operating system na na na

Kiosk (eg. installation jobs) [new] x x x

Configuration of Exchange Server x x5 | p3,4 x

Configuration of WiFi x x na

Configuration of VPN x p3,4,5 na

Installation / uninstallation of certificates x / x p4,5 / p4,5 x / x

Configuration of advanced properties x x -

Parameterization of settings with baramundi

variables

x x x

Installation of hyperlinks (iOS: Web Clip) x na x

Deactivation of the camera x x (4.0) na


1 Only those apps can be uninstalled, which have been previously installed by bMD 2 By baramundi Web Server with Apple ID

3 Mail- und VPN- Client only by 3rd Party App

4 Native for Samsung Galaxy Smartphones

5 Native for HTC Smartphones

6 Only for Enterprise Apps



2.2 Server Side Actions

2.2.1 Extensions in baramundi Management Suite

Beginning with version 8.9 bMS has a fundamental extension to run jobs on side of the

Managent Server.

To run jobs, especially this with scripts (bDS), it was necessary in the past to have a Windows

computer with a baramundi Management Agent (bMA) installed on the client side. The bMS

thereby controls and monitors the job execution which runs on the bMA.

Figure 16 – Client side job execution

Thanks to the new feature “server side action” it is now possible to run job steps for clients on

the server. The current implementation this extension allows to run the proven bDS scripts.

Figure 17 – server side job execution

Thereby some of the limitations on client side are eliminated: The client does not have to be a

Windows client. The client may also be powered off. And – what sounds strange at a first

glance – the client even doesn’t have to exist. The latter is the case if it’s about to create a new

virtual machine (VM) which we show later as an example.

2.2.2 Usage and Suite Integration

Server side actions are integrated seamless in the bMS integriert. Jobs for this can be created

using the wizard by selecting the new menu item „Execute server side action”.



Figure 18 – New job step type “server side action”

The steps can be combined arbitrarily with ordinary client side steps and will be displayed at

the familiar place in the barramundi Management Center together with their state. Therefore a

maximum transparency about the execution state is provided.

Figure 19 – Logging of server and client side job steps

Jobs with server side actions come with all known configuration possibilities and wil of course

be planned and controlled by the scheduler of the bMS so you can flexibly define the time of

execution, dynamic assignment to clients and many more.

2.2.3 Use cases

With server side actions it is possible to solve many new kinds of tasks via scripting. The

following list does not demand completeness but should inspire to identify problems in your

own environment which may be solved by this extension.

Manage Linux-Clients with the bMS and execute administrative tasks, as for example

inventory, software deployment, patch updates, etc.

Access to hypervisor-systems, as for example creating a virtual machine (VM) and run-

ning an Windows OS installation in the VM afterwards



Remote BIOS/vPro access

Manage SNMP components

Telnet Firmware update

Access to the Active Directory to create new entries by the server

2.2.4 Example: Linux inventory

Figure 20 – Inventory of Linux clients

Server side actions now allow to inventory Linux systems as well. For this individual SSH

scripts will be executed on the Management Server and the intentory data determined from

the client will afterwards be displayed in the familiar surface of the Management Center.

Analog to the hardware inventory of a Linux computer the implementation of other tasks on

such a systems is solvable as well

2.2.5 Example: Creating a virtual machine and OS installation

This example illustrates another application which combines server side and client side actions

in a single job to provide an elegant solution.



Figure 21 – VM creation with OS installation

After creating a new instance of a virtual machine using a server side script the following steps

will carry out a PXE boot in the client just created and afterwards an operating systems instal-

lation (both on client side).

From the view of the Management Center the job monitoring is clear and transparent in the

familiar way: all job steps and their successful execution will be listed among each other in the

context of the job.

Note:

To support the creation and exchange of new solutions based on server side actions a new board has been created in the baramundi Forum:

http://forum.baramundi.de/forumdisplay.php?108

There you can find script examples.

http://forum.baramundi.de/forumdisplay.php?108



2.2.6 Example: Secure Wake-On-LAN on Intel vPro computers

Using the example of the Intel vPro Active Management Technology (AMT)1 many new appli-

cation opportunities are noticeable. Exemplarily a scenario for target-oriented and secure

Wake-On-LAN is presented.

Figure 22 – Techniques for Wake-On-LAN

The left side of the figure above shows the way how a client is booted with a magic packet

using Wake-On-LAN (WoL) by sending a broadcast over the network. The assignment is done

by comparing the MAC address. Thereby no password protection is possible which means

everybody can boot a foreign client when knowing the address.

The vPro/AMT-model allows to do the WoL call targeted to an IP address and secure by using

a password. This scenario is shown on the right side of the figure. By using a targeted WoL

unicast the secure boot of a computer in another network segment is possible without the need

for a relay.

1 Description of Intel AMT: http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/DOCS/Implementation and Reference Guide/default.htm

http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/DOCS/Implementation%20and%20Reference%20Guide/default.htm

http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/DOCS/Implementation%20and%20Reference%20Guide/default.htm



2.3 Miscellaneous

2.3.1 Notes

If you change the “PatchBaseFolder” so it contains the variable {DIP}, bBT cannot be

used for patch jobs. In the baramundi user forum there is a description of a way to use

bBT properly anyway. http://forum.baramundi.de/showthread.php?4014

When using an Oracle database we recommend the Oracle patch 11.2.0.3. This caused

a great performance gain for several customer installations.

For Windows Phone 8 the gateway mode "Microsoft Thread Management Gateway" is

not supported yet.

The Mobile Device agents are being distributed using the respective platform app store.

This may take a couple of days after the release of V8.9. Until then you can continue to

use iOS without a local agent and on Android devices you can still use the old agent.

Even though it is recommended to update the agent as soon as possible.

2.3.2 Setup

The access rights of the share BMS$ will now be set explicit by the setup.

A .NET patch has been added, which is necessary for the correct operation of V8.9.

SQL Server Express 2012 has been added and can be installed optional as usual.

2.3.3 Management Server (bMS)

The database access is now done using the .NET platform. Therefore a current and com-

plete .NET environment is now mandatory.

MAC addresses which are not properly blacklisted are now visible in the jobtarget-status

and do not cause multiple job executions any longer.

Registry entries which are too long don’t cause an abort of the software inventory any

longer.

The download of patches and MSW files now works properly with active UAC and

unmodified access rights for %windir%\Temp.

The speed of the automatic component detection has been greatly improved. Therefore

the setting “activate automatic detection for Windows” works properly again.

The handling of special characters in the Active Directory synchronization has been

improved.

http://forum.baramundi.de/showthread.php?4014



In Active Directory user synchronizations error codes can now be handled more sophisti-

cated analog to the machine synchronizations.

The possibility to configure the number of database connections has been removed since

baramundi controls this internally now.

The import of empty WMI inventory data does not cuase a database error in Oracle any

longer.

A new service "bServiceGuard" monitors the baraNET service. Additionally baraNET will

be restated automatically by the ServiceGard every night. The ServiceGuard can be

configured with the file "baramundi.config".

2.3.4 Protocol server

The BUCO protocol server can now only be used to manage bMS logs.

The Management Object Connector (MOC) now uses a new log format.

Configuration modifications are done in the file “baramundi.config”.

2.3.5 Management Agent (bMA)

The keyboard and mouse lock now blocks all input which is not generated by bDS within

the scope of the current job execution. This also includes the use of a touch screen or

several remote control solutions and the Legacy Robot.

On W2008/2008R2/W2012 terminal servers the change to the installation mode and back

is now done properly.

The automatic installation of the baramundi Management Agent has been improved for

complex multi domain environments. The given administration use for the respective

client domain is now always being used consequently.

The bfcrx service logs the IP address for bMA installation requests.

2.3.6 Management Center (bMC)

The number of logical and physical CPU cores is now being displayed at the client.

In OS install the jobs which use the respective OS are now being displayed.

Loading the hardware components has been greatly accelerated.

The action “Client shutdown” now requires the “AssignJob” right for the client.

The installed software on the client is now being displayed also when the bMC user does

not have any rights for the MSW node.

The filter “MSW version details” at installed software lists the applications properly now.



If opened dialogs where not closed for a longer time period a “browser deferral” warning

was displayed from time to time. To avoid this the setting “MaxScriptStatements” of the

Internet Explorer will be modified for the current user.

The SQL editor now displays Managed Software on English systems as well.

Jobs with bundle or uninstall steps don’t cause a display error any longer if rights are

missing.

When deleting an application which is used in a dynamic group you can now move to the

affected group.

The bMC now also works properly in the time zone UTC+0. This affects the MSW and

some detail displays in the inventory.

The Excel export of assets within an organizational unit now also include all assets of the

group structure and not only the directly assigned ones.

The SQL designer now adjusts the width of combo boxes according to the content.

The size of a DIP server is now being displayed at the DIP server as well.

2.3.7 Energy Management

Energy data are now being displayed as well when using SQL-Server 2005.

2.3.8 Automation Studio

The logging of bDS exections can now be disabled in the properties oft he script

When saving a bDS as exe file it is now made sure that all changes in the script have

been saved and included in the exe.

Two new variables {BMSVersion} and {BMAVersion} have been implemented.

2.3.9 Mobile Devices (bMD)

In “management – baramundi licenses” the total number of licensed mobile devices is

now being displayed as well.

Depending on the configured gateway mode iOS devices are enrolled with or without the

https port 443. When enrolling a device again the server URL has to be exactly identical,

otherwise the device refuses the action. In the configuration page for Mobile Devices

there is a new setting “Always use server port in management profile” to control this.

Android agent with a new design. It is available in the Google Play Store.

The Mobile Devices configuration dialog has been improved. Additionally the access

rights can now be set properly.



A new job option allows to assign a job to a device automatically at the enrollment.

An error in sending mail during the enrollment has been fixed.

The database access using a named instance including a port works properly now.

The Excel export produces better results now.

For supported HTC devices with Android it is now possible to automatically distribute the

Microsoft Exchange configuration.

For any iOS application the icons will be loaded automatically from the AppStore.

The error messages when trying to distribute defective Android profiles have been

improved.

At the job targets it is now apparent who assigned the job and the number of passes so

far.

3 Release 8.8

3.1 Mobile Devices

baramundi Mobile Devices extends the management capabilities of the baramundi

Management Suite to mobile endpoints running iOS or Android.

The provided functionality covers all phases from registration (enrollment) to inventory,

configuration, app deployment and remote wipe.

More details are found within the baramundi Mobile Devices manual.

3.1.1 New in version 8.8.2

Support of Apple VPP (Volume Purchase Program), the platform for companies to

purchase licensed apps.

Also new is the possibility to use Microsoft TMG instead our gateway.

Many improvements in detail as a simplification in the enrollment, a live App search in the

Apple Store when importing applications, job repetitions and performance optimizations

complete the version.

3.2 License Manager Role

In version 8.8.2 the role based security system of the baramundi Management Suite was

extended. It is possible now to define a role “License Manager” which is only allowed to



edit the licenses of a software, and the role “Package Manager” which is allowed to edit

software but not the license data.

Therefore a new permission was introduced for applications, Managed Software and

operating systems. This permission controls who is allowed to edit licenses and license

actions. Activating the license management for a software is still only possible with the

modify permission. Additionally there is a new node “License Management” in the bMC,

where all software packages can be displayed which have an activated license manage-

ment.

3.3 Correction for secure wipe of hard discs

The function “wipe hard disc” does not delete the content reliable before version 8.8.2. The

hard discs seems to be wiped but an expert could still read the hard disc sector based using a

disc editor. The background is that WipeDisk contains a technical error when running in

Windows PE so that only the first four gigabytes hard discs will be wiped. The DOS version is

not affected by this.

3.4 Job execution on shutdown

Up to now the possibility to execute jobs on

shutdown was provided by a command line tool

(ShutdownJobExecutor), which had to be bound

to a domain group policy. In version 8.8 of the

baramundi Management Suite this option is fully

integrated. The baramundi Agent controls all

parts of the job execution. Manual modification

of a group policy is not necessary any more.

The administrator has two choices:

1. He configures the job to run during shut-

down generally.

2. He allows users to delay the execution till

next shutdown.

On assignment of such a job (or when the user

delays the execution) it is set to run on shutdown. The job status changes accordingly to

“shutdown” while waiting. Therefore the administrator retains the overview of his environment.

On shutdown the agent verifies pending jobs and requests them from his baramundi

Management Server. Before the execution the user has the option to cancel this process and

shut his system down, immediately.



Please note, not every job is suited to run on shutdown. In this system state a logon is not

possible anymore. Due to this, job steps requiring a desktop will return an error. Also, any

attempt to work with the installation user will fail on system utilizing UAC. The bMA will check

jobs and cancel their execution if conflicts are to be expected. Thus preventing systems to

hang up on errors. Administrative personal will receive an appropriate message in

Management Center.

Note: We suggest running installations using the LocalSystem account. Common problems

resulting from inadequate permissions while accessing files on network locations are pre-

vented by rerouting DIP access via the installation user.

3.5 Improvements for Managed Software

3.5.1 License Management

Managed Software products now support license management. The Managed Software Team

will start to add products that are liable to license fees to the portfolio. Though, customers are

still responsible to supply sufficient numbers of software licenses.

Licenses are managed on product level only. In case of diverging licenses for single product

lines filters can be applied to match entries to certain lines.

A clearly arranged HTML view shows which licenses are used and which are available.

3.5.2 Blocked Updates

As known from the function “Block Bulletin” in the Patch Management, you’re now able to block

updates of certain products on a Managed Software update on given clients. Such as prevent-

ing update of Java Runtime on development systems. Even though, a direct deployment via a

“Deploy Software” job step is still possible. Also omitted updates will still be shown as missing

and security vulnerabilities.

3.5.3 Installation with reboot

Up to now Managed software was unable to run reboots. In some cases the concluding

Managed Software inventory was unable to detect a previously installed version. This behav-

iour was fixed. Reboots are configured by the Managed Software Team, usually – if needed –

the option Deferrable Reboot is used.

3.6 Miscellaneous

Other changes and improvements:

While executing a job three new variables are available: {Job.Name}, {Job.Initiator} and

{Job.Creator}



The number of managed MAC and IP addresses was increased from 4/8 to 12/12.

The new bDS action “Set value in INI file” allows you to comfortably create and/or modify

INI files.

baramundi Deploy scripts can be compiled to exe files from Automation Studio. Since

these files also contain the bDS runtime environment they have a size of at least about 5

MB.

Prior to registering a new client the Bootclient detects and suggests the best suitable

hardware profile.

Windows Server 2012 RC is supported for use as server as well as client.

The baramundi Management Agent requires now at least Windows XP SP2 or Windows

Server SP1. Windows 2000 is not supported anymore. Still, such clients can be managed

using a bMA version 8.7. The automatic Agent deployment will ignore unsupported oper-

ating systems. Furthermore Windows 2000 can be deployed using OS-Install. Certain

adjustments are necessary for this to work, please contact our support for detailed infor-

mation.

On Windows 2008 (and newer) the baramundi log files were moved to

%programdata%\baramundi\logs. On XP/W2003 %AllUsersProfile%, or

%programfiles%\bSAG\ is used.

3.7 Changes in version 8.8 (8.8.0.0)

3.7.1 Automation Studio/baramundi Deploy Script

The Close button now works correctly.

The action “Set value in INI file” support special characters.

baramundi Deploy Scripts can be saved as exe file.

3.7.2 ShutdownJobController

Two new job types where added, namely “At shutdown” (server contacts clients)” and “At

shutdown (only on online clients)”.

A new optional job setting allows users to delay a job till shutdown.

New job status Shutdown for job that will run on next system power down.

3.7.3 Managed Software

License management is now available for MSW products.



Reboots are now available for MSW packages.

Updates for specific products may now be blocked for certain clients.

An update job will not downgrade a product if the installed version is released for test, in

case the update job is set for another release level.

The mechanism setting a default release was improved.

Automatic releases to not release versions requiring a newer version of bMS.

3.7.4 Miscellaneous

Database update: The column “agent_version” was removed from the table “machine”.

The agent version is now stored in column “clientagent_version”.

Copying a job the copying user is set as job creator.

Starting/stopping the server by bMC icons now correctly verify user permissions.

User logoff prior to a job run was sporadically forced.

Aborting a job now cancels a reboot, also (if possible).

bRemote calls are logged to revision log correctly.

The general view of an application may now be exported to an excel sheet.

Removing the bMA from a client the version entry in the database is deleted, also.

The checkbox “Allow operating system installation” was not unchecked after an OS

installation.

The bandwidth settings for unknown networks were applied to known networks as well.

Clients with an IP x.x.x.255 were matched to incorrect networks.

The bMA sporadically tried to execute jobs while shutting down.

The Last contact information at a client is now still available after uninstall of the agent.

Jobs using bBT with limited numbers of targets now start immediately after the download

is finished.

The statistics tab now shows targets with status “Reboot pending” as separate slice.

Microsoft patches were not correctly uninstalled on clients running operating systems

from Vista up.

If the job option “Log off before job starts” was set, the first logon at Windows 7/Server

2008 R2 failed sporadically.

DIP configuration supports FQDN with less than three parts (e. g. server.domain).



In BMSWUA.XML you may now add an “osversion” for the agent.

The number of stored MAC and IP addresses was increased to 12.

When manually registering a client via Windows PE the hardware profile is automatically

detected.

The bMA now requires at least Windows XP SP2 or Server 2003 SP1.

It is from now on possible to supply an operating system installation job with custom fold-

ers for Client and OEM files.

Partitioning clients with more than two hard disks was improved.

Degressive reminder interval now works as intended.

Unlocking a client via bRemote now works with users or password containing umlauts or

while caps lock is active.

New variables: {Job.Name}, {Job.Creator}, {Job.Initiator}.

3.8 Changes in version 8.8 SP1 (8.8.1.0)

3.8.1 Mobile Devices (bMD)

In the configuration page of Mobile Devices there is now a new option “Windows 2003

mode”. This function has to be activated to create Windows 2003 compatible certificates.

Android 4.x: If an app will be minimized during installation the Android agent will not try to

install it again after a successful installation.

The import of Apple profiles was improved again.

Single device information can now be copied using the context menu.

There is now no error message any longer, if the bMD node is selected automatically

after starting the bMC but the bMD service is not running.

The column alignment in the GUI was optimized to avoid truncated text.

3.8.2 baramundi Management Agent (bMA)

The runtime libraries are now installed locally in the program directory to avoid conflicts when

un-/installing other software.

3.8.3 baramundi Management Server / baramundi Management Console

(bMS / bMC)

The client registration in DOS does now create the hardware components properly again.



3.8.4 DIP Sync

The DIPSync module does not hang sporadically any longer, if many (more than about

300) DIPs are being managed.

If the option “automatic syncronisation” is changed to “automatic synchronisation (exact

copy)” on a DIP an existing sync job is properly changed.

Directories with the attributes “read only” or “hidden” will be deleted properly in an exact

copy.

The memory consumption of baraDIP was optimized.

The baraDIP now starts reliable on “slower” systems as well

3.9 Changes in version 8.8 SP2 (8.8.2.0)

3.9.1 Setup

When installing the components of the baramundi management Suite in Windows 8 or

Windows Server 2012 the feature “ASP.NET 4.5” will be activated automatically.

The start menu shortcut to open the log path in the tools folder does now work in 32 bit

systems beginning with Windows Vista.

In the installation folder of the bMS there will now be a symbolic link “Logs” created,

which links to the new log folder in %ProgramData%. The old “Logs” folder will be

renamed to “Logs.old”.

The manuals of baramundi mobile Devices will now be installed locally by the setup.

The database manager will now also restart the baramundi Management Server .NET

together with the MOC if needed.

3.9.2 Management Server (bMS)

The bMS service now has a dependency to the LanmanServer service to be able to

restart all bMS modules properly after a reboot of the system.

Potential performance problems fixed in large environments when using the MAC

address as primary client identification.

In Patch oder MSW jobs reported error states by the Agent are now always being

handled properly after the analysis of the scan result.



3.9.3 baramundi Management Agent (bMA)

With the new option “show notifications” the Client will show a Windows tray popup for

every started job. Therefore the tray icon will be visible for every job.

The bMA will check the size of its log file when the service starts. If the size exceeds 100

MB the file will be backup up and a new file will be created. Only one log file will be kept,

older ones will be deleted automatically.

The bMA now recognizes a manual login by the user, even if is parallel to the installation

user, and will not log off the user any longer.

If the option “desktop required” is set in an application and Windows 8 currently displays

a modern UI application (“Metro”) the classic desktop is activated automatically.

The bMA tray info messages will now also be displayed in Windows 8 with active modern

UI (“Metro”) applications or if the start screen is active.

The installation of a software with set option “visible, if a user is logged in” will now also

work during shutdown in systems beginning with Windows Vista. Also Managed Software

applications can be installed or updated during shutdown.

Sporadic messages in the login screen concerning a missing DLL will not appear any

longer.

If a client was in suspended mode and was woken up by a job with WakeOnLAN it could

happen that the client was shut down after executing the job.

Sending the WakeOnLAN signal will now be repeated every 120 minutes if a client could

not be waked up

The start time of the system will be determined properly by the bMA and therefore be

displayed correctly in the HTML view at „boot time“, if the system was in suspended

mode since its start.

3.9.4 Management Center (bMC)

Assets which were moved to the asset repository the last assignement is now being

displayed. Therefore it is easier to identify the in the repository.

The license management can now be activated for a software without entering licenses

immediately.

The bMC security management now also supports hierarchical Windows user groups and

handles primary groups properly.

Authentification of users with different form in UPN and NTLM or alternative UPN suffixes

was improved.



Login of users in the baramundi Management Center with single quotes in the name is

possible now.

The category of applications, managed software, operating systems and drivers can now

be changed for multiple objects at the same time using the context menu and in the views

for software inventory or installed software at the client.

The view for the software inventory now allows to hide software which is not installed any

longer.

The view for application usage was extended by the columns for the manufacturer and

the version of the software and now also supports the export to Excel.

Opening the SQL editor (for example for dynamic groups) could take long time in environ-

ments with many energy assets. This was optimized and the folder structure of the asset

management is now displayed in the SQL editor.

Creating a new system with hardware profile using the context menu was designed more

clearly.

Names of IP networks and comments of security profiles now can contain single quotes.

The export of the revision log by a database maintenance task now properly exports all

log messages for assigning and starting jobs.

3.9.5 OS-Install

For Windows 8 or Server 2012 evaluation version special unattended XML templates are

provided and will be suggested automatically by the OS wizard.

The SingleSource Unattended.xml for Server 2012 (WindowsServer2012-

x64_SingleSource.xml) is not needed any longer and has been removed.

In an OS install job step it is now possible to configure the final reboot by the baramundi

Management Agent. The option is recommended and the default for new OS install job

steps. However existing OS jobs will remain unchanged.

The operating system will now be stored in the client immediatly after finishing an OS

install job step, so this information can be used properly in following job steps.

The manual client registration in Windows PE could cause an error in the server when

used in environments with many organizational units and many hardware profiles.

3.9.6 Remote Control

The visual effects of the display can now be deactivated to allow a more fluid behaviour

for low bandwidths.



The language of the baramundi Remote Viewer does not need to be selected but will be

chosen depending on the language of the operating system as in other baramundi prod-

ucts.

Logging in, unlocking and remote support is now also possible for users with different

UPN and NTLM names or alternative UPN suffixes.

3.9.7 Disaster Recovery

With the new option “check if image file exists” it will now be checked if the image file

exists before partitioning will start.

For operating systems prior to Windows 7 or Server 2008 R2 the volume to be backed up

can now be entered in the alternative “hard disc” form as well.

In operating systems beginning with Windows Vista it could happen that restored system

volumes on new partitions were not bootable.

3.9.8 Energy Management

Assets which were created by the Energy Management will now be deleted as well when

deleting a client and not moved to the repository any longer.

The calculation of the energy consumption for the current week could be wrong if, for

example, the system time of a client was changed to a time far in the future.

Energy data will now also be displayed properly when using an Oracle database.

The Excel export of energy data of one client is now properly formatted and now displays

a date instead of a number due to automatic formatting.

3.9.9 Managed Software

The server functionality was extended so it is now also possible to deploy software with

licenses using Managed Software.


The bDS action “Wait” can now be paused or stopped in debug mode.

When editing the bDS action to run an embedded script line numbers will be displayed

In conditions of bDS actions which compared numbers the possible value range was

extended from 10 to 19 decimal digits.



When inserting copies of jump labels or sub routines it is now being checked if there is

already an existing label or sub routine with the given name and the copy will be renamed

to “Copy of …” if necessary.

The bDS actions „user input“ and „set permissions“ now resolve variables properly when

being executed multiple times.

3.9.11 DIPSync

Timeouts in queries to the DIPs will now be handled properly.

In the past DIPs which could not be reached could cause high server load and many log

entries.

Errors in communication with the DIPs will now be analyzed and displayed more detailed.

It is now possible to distinguish between “DIP is busy” and “DIP service is not installed”.

Also starting and executing the index creation is more transparent now.

When installing the baraDIP in Windows 8 and Server 2012 the feature “ASP.NET 4.5”

will be activated automatically.

If actions for DIPs will be triggered in the HTML view the view will be updated.

3.9.12 Shut down job execution

Jobs which should be executed during shut down will not be displayed any longer in the

filtered view for successful finished systems.

The bMA dialog which is being displayed during shut down (ShutdownJobController) will

now stay in foreground and can be handled properly with the mouse.

3.9.13 Mobile Devices

Performance and handling of the administrative user interface was improved and the

behavior was homogenized.

Editing of variables for devices was improved and changes are now visible immediately in

the details.

If the automatic refresh in the bMC was deactivated by the user (by clicking the lamp

symbol) it will also not be activated any longer when changing the selection in lists.

When the connection from the bMC to the bMD service is lost, for example by a restart of

the service, a reconnection attempt is done automatically.

Remote wipe of Android devices now erases the internal and external memory.



4 Release 8.7

4.1 Energy Management

The new module “barramundi Energy Management” supports the user in collecting data about

energy consumption and can further help to reduce the energy cost.

baramundi Energy Management inventories the energy behaviour of all computers and

displays in the network. In clear presentations you find out how long a device is in use, standby

or turned off. Particular types of hardware get assigned to energy consumption values and so

the energy consumption is determined. You get an overview about the consumption of single

computer systems, different departments or of the whole company.

With baramundi Energy Management you also get intelligent energy profiles, which react flex-

ible to the user behaviour. If they recognize, for example, that a user locks his workstation, the

computer will be changed to a energy profile with less power consumption automatically and

the computer will change to standby mode earlier. You distribute energy profiles with jobs as

usual at defined times on any number of clients. Even the simple optimization of the uptime of

your computers by using an energy profile can relieve your IT budget significantly.

4.2 Improvements for baramundi Remote Control

Windows PE: bRemote is now able to connect to the PE Bootclient. For this to work you have

to rebuild the PE bootimages with the option “Activate baramundi Remote Control”.

VNC support: It is now possible to establish connections using VNC. Using the button “connect

with PE client” it is possible to connect to VNC systems like Linux, Apple OS X and also Intel

AMT. On newer computers AMT allows remote access to the boot screen as well as to the

BIOS.

4.3 Automation Studio / baramundi Deploy Script

New bDS action: “Delete Shortcuts”.

New bDS action: “Write/create value in INI file”.

Temporary bDS files will now be deleted after execution.

Processes with spaces in name can now be started as well.

Activating the x64 mode as the last step in a bDS does not cause an error any longer.

Problems with adding a user to a local user group were fixed. Additionally you can now

also use SIDs.

When copying actions between scripts sometimes the level got lost.



4.4 DIPSync

Memory-Leaks in DIPSyncModul where fixed.

Errors during downloading the index file of the parent will be handled now.

Fixed problems during start/stop of baraDIP.

DIP-Paths in the root directory are now supported as well.

Sync jobs will now be delayed properly, if the parent is still synchronizing.

The “worklist” will not be stored any longer in the “_DIPSync” directory of the DIP.

Files will not be copied completely any longer if only their attributes changed.

The error state of a DIP will be reset by a new indexing.

Files in in the root directoy were always included automatically.

Directories which contain write protected files can now be deleted recursively.

The internal time conversion of the execution time for a sync job does not have an over-

flow at midnight any longer.

In the mode “automatic syncjob with exact copy” existing additional entries caused the

status “synchronous” to be displayed in the MMC and HTML view.

Bandwidths: Denial of a transfer is now also possible if no profile is given.

Calculation of the files to be deleted is correct now.

4.5 Miscellaneous

Performance: The server is no longer blocked when deleting old logs (database mainte-

nance job).

The patch definitions (files wsusscan.cab and bpmdata.xml) where removed from the

setup. Therefore an import of patch data only occurs after the download of these files.

The driver selection page was removed from the OS selection window.

New variables: {Client:DisplayName}, {Client:GUID}, {Client:IP}, {Client:MAC}.

Operating systems have an “installed on” tab in the HTML view.

The primary MAC address does not get lost any longer when deleting the inventory data.

When creating an application with the baramundi Application Wizard the DIP resolve and

MSI parameters where missing.

Monitoring icon appears again in HTML view.



bMA is integrated in the PE image and does not need to be downloaded from the server

any longer.

Fixed problems with the automatic Agent logon if the desktop was recognized as locked

even if this was not the case.

httpMOC extended by two functions: SetJobVariable, SetGroupVariable.

The first entry of the IP blacklist was not used.

Improvements in the connection establishment of bRemote.

For the operating systems Server 2008 and Server 2008 R2 you can now select the

variant directly in the dialog. Previously this had to be done in the unattended.xml

template.



5 Installation

5.1 Supported operating systems

5.1.1 baramundi Management Server

The following operating systems are supported for the installation of a baramundi Management

Server:

Windows Server 2003 (min. Service Pack 1)

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

If not stated otherwise, all Service Packs are supported.

IMPORTANT: Windows 2000 Server is no longer a supported operating system for

baramundi Management Server!

Even though baramundi Management Server is executable on Microsoft workstation operating

systems, it is not a supported constellation.

Supported architectures are x86 and x64. Valid language versions are English and German.

The recommended platform is currently Windows Server 2008 R2 or Windows Server 2012,

especially if you want to use baramundi mobile Devices.

5.1.2 Datenbank

The following database systems are supported:

Microsoft SQL Server 2005, 2008 und 2008 R2 and the corresponding Express

versions

ORACLE Version 9 or later

5.1.3 baramundi Management Center

baramundi Management Center may be used on clients running at least Windows 2000 SP4.

To obtain full functionality, Windows XP SP 1 or later are recommended.

5.1.3.1 Specific issues in Windows 2000

As Windows 2000 does not allow installation of Windows AIK, the creation of boot images is

not possible on such clients. For this task Windows XP or later is required.



5.1.4 baramundi Management Agent

The baramundi Management Agent supports the following operating systems:

Windows 2000 (min. Service Pack 4)

Windows XP

Windows Server 2003

Windows Vista

Windows Server 2008

Windows 7

Windows Server 2008 R2

If not stated otherwise, all service packs are supported.

Windows NT 4.0 is not supported anymore.

Application Usage Tracking requires the service “Windows Management Instrumentation” run-

ning on a client.

5.1.4.1 Special issues for Windows 2000, XP SP0 and Server 2003 SP0

Since version 8.8 the baramundi Management Agent requires at least Windows XP SP2

beginning or Windows Server 2003 SP1. On older operating systems it is possible to use the

agent in version 8.7. To learn how to use the old agent refer to chapter 0.

5.1.5 DIP and baraDIP service

As any Windows share can act as a DIP, all Windows operating systems are supported.

Servers running Samba may be used as well, if authentication for the installation user is pos-

sible.

The prerequisites for the installation of the baraDIP service are the same as for the

Management Center (at least .NET 4.0).



6 Update specialties

If you are updating from a bMS version prior 7.6 SP2, please also consider the release notes

of version 7.6 SP2.

If you are updating from a bMS version prior 8.3, please also consider the release notes of

version 8.3.

All documents can be found the user forums.

6.1 Update from version 8.5

Existing “standard” or “extended” DIPSync jobs cannot be executed any longer. An automatic

conversion to new DIPSync jobs is not possible. Therefore all existing jobs will be deleted

during database update. A log file will be created in the process to make sure users will be

able to recreate all jobs if desired. Existing bandwidth settings will also be deleted and saved

to the same log file.

We strongly suggest that you to take your time to move to the new DIPSync logic.

Requirements: The new DIPSync requires an installation of baraDIP at source and target des-

tinations.

Limitations: The Sync is limited to files residing in the DIP directory tree. Therefore DIPSync

jobs cannot be used to synchronize any non-DIP content.

Advice: To synchronize your TFTP-root directory you can also use a regular bMS job.

Ports: By utilizing baraDIP for synchronization such tasks now use port 10083, as known from

baramundi Background Transfer. The formerly used port for DIPSync, 10090, is no longer

used. Please consider this change for firewall configurations.

Operating system objects with default target partition configuration (0,1) are converted to the

new setting “InstallToAvailablePartition”.

Every user with “Job Assign” permission will also be granted the “Remote Control” permission

after the update.


The operating system variant of Windows Vista and later can be configured in the objects

properties in baramundi Management Center. On the installation tab you will find a field la-

belled “Variant”. If this is set to “<determined by key>” the provided license key has to be

variant specific. If a key is valid for multiple variants and the default setting was kept, the

automated installation stops and waits for the manual selection.



Windows 2008 and Windows 2008 R2 are special cases in this regard. The value “<determined

by key does<” not result in any modification of the Unattend.xml. Therefore any existing con-

figuration from the template file applies. As for the default templates, those are the variants

Longhorn SERVERSTANDARD and Windows Server 2008 R2 SERVERSTANDARD. To use a

variant specific license key you´ll have to remove the following part from our templates:

<MetaData wcm:action="add">

<Key>/IMAGE/NAME</Key>

<Value>Windows Server 2008 R2 SERVERSTANDARD</Value>

</MetaData>


The operating system requirements for the baramundi Management Agent changed with

version 8.8. From here on at least Windows XP SP2 and Server 2003 SP1 are necessary for

installation. You may still manage older operating systems using an agent version 8.7.

As the old agent will not be deployed by the agent deploy module you will have to use other

means to deploy it to new clients if necessary. For example the agent could be installed by

group policy.

To deploy the agent in version 8.7 with an operation system installation, for example with

Windows 2000, please follow this procedure:

1. Backup the following original 8.7 directories:

\\server\bms$\client\setup

\\server\bms$\OEMFiles

2. Create two directories on DIP and place the backed up files there:

\\server\dip$\LegacyOS\Client-8.7

\\server\dip$\LegacyOS\OEMFiles-8.7

3. Define two job variables in the category “OSInstall” and configure them at the OS object

as follows:

“PathClient”: Absolute path to the client setup, you can use {DIP} as a placeholder for

the DIP.

“PathOEMFiles”: Absolut path to the OEMFiles folder, you can use {DIP} as a place-

holder for the DIP.

If these variables are not set the OS install behaves as in version 8.7.

Caution: When using this variable there will be no verification of the given folders. Incorrect or

wrong information will lead to errors during operation system setup. Also dynamically created

OEMFiles folder are no longer supported!




baramundi Mobile Devices now uses agents on all platforms. These will be provided in the

respective App Store and can be installed from there.

Android:

The agent for Android is also provided on the DVD (“baramundi\BMA_Android”). On devices

which are already being managed you can install the new agent using a deploy job. Since the

old agent has to be terminated during the job execution the job will never be finished and has

to be canceled manually in the bMC, otherwise following jobs will be blocked.

iOS:

iOS devices which are already being managed can be managed with version 8.9 as usual.

Even though for new function “Kiosk” and an exact “Compliance Check” a new agent is re-

quired. The agent will be installed from the App Store, either manually or with a deploy job. To

ensure a secure communication to the baramundi Mobile Device server, the server needs cor-

rect security information. The agent will get this information during the enrollment process

(“Enroll device”), which has to be done via the agent from now on.

If the agent should be enroll on devices which are already being managed with version 8.8.2

you have to enroll the whole system again. A re-enrollment is possible without loss of data as

long as the URL (including port) of the barramundi Server does not change. To do this open

the bMC and click “disable device” at the device. If the device does not accept the new URL,

the port number may be a problem. The port number can be controlled on the mobile device

configuration at “Always use server port in management profile”.

Notes about the Gateway:

The baramundi Gateway must match the version of the baramundi servers. It is necessary t

create a new configuration file for the gateway of version 8.9 to work correct – you will find this

at “Manage – Mobile Devices”.



7 Limitations and known problems

7.1 Operating systems

7.1.1 Windows Vista and later

When running an installation the security contexts interactively logged on user and any logged

on user are not usable. If one of said contexts is chosen, a UAC prompt may interrupt the

installation process.

Completely silent installations are possible only with the execution context LocalSystem. Using

any other security context results in the necessity of an interactive user session. This may be

the users or one created by the baramundi Management Agent. For that matter Patch scans

are concerned also.

Legacy Robot functionality is limited. Some commands may not work as expected. Please

ensure compatibility of your scripts by testing them. baramundi Automate is not restricted in

any way.

7.1.2 Windows 2008 / Server 20012

Windows only allows tray notifications by programs which are installed in the standard program

directory. For displaying the baramundi Tray Notifier and changing to the classic desktop it is

necessary to install the bMA in the standard program directory.

When a user logs in for the first time the introduction video can be suppressed by changing to

the classic desktop by the bMA.

Windows 8 RT (ARM platform) and Windows 8 Phone are not supported at this time.

Modern UI („Metro“) applications cannot be started, installed or managed in any other way and

they cannot be controlled by the Automation Studio, as well as the start screen.

7.1.3 64 bit operating systems

Personal Backup access to the registry is restricted to the virtualized node WOW6432. Access

to the native 64 bit section is not supported.

To be able to add the baramundi Management Center snap-in to another MMC, it has to be

started with the parameter /32. Otherwise it will not show in the list.



7.2 Mobile Devices

7.2.1 App Store

The Mobile Device agents will be provided in the respective App Store. This may take a couple

of days after the release of version 8.9. Until the iOS can be used without a local agent, on

Android devices the old agent can be used as well. Afterwards an update oft he agent is recom-

mended.

7.2.2 TMG Support

For using the Microsoft Threat Management Gateway (TMG) the TMG Service Pack 2 (or later)

has to be installed.

A migration from the baramundi Gateway to TMG is not possible. All devices have to be en-

rolled again.

7.2.3 Android devices

The wipe function now also deletes all data on SD cards. Due to limitations of the operating

system only files will be deleted but the content will not be overwritten. Therefore it is techni-

cally possible to restore the content.

7.3 Miscellaneous

7.3.1 AUT

For the application usage tracking the service “Windows Management Instrumentation” has to

be active on the client.

7.3.2 Software inventory

A file based software inventory scan will skip directory paths longer than 255 characters.


An outdated baramungi Management Agent can run scripts which were created with a newer

version of the Automation Studio only if the script schema did not change. The schema usually

changes with every release of the baramundi Management Suite since new commands are

invented.

In comparisons using the method “standard” the operators <, >, <=, >= cannot be used for

strings but only for numbers.



7.3.4 Disaster Recovery

To use the Disaster Recovery module a client has to run Windows XP SP3 or later.

7.3.5 Remote Control

If visual effects will be changed during a remote session using the control panel the previous

settings will be restored automatically when disconnecting from the remote session.

7.3.6 Personal Backup

Files larger than 4GB cannot be backed up.

7.3.7 WipeDisk

The Bundesamt für Sicherheit in der Informationstechnik (BSI) published findings for the topic

“secure erase of magnetic media”. We analyzed the security recommendations of the BSI and

therefore recommend the following:

baramundi WipeDisk is affected by the same limitations as the VS-Clean tool by the BSI. For

example it is not possible to erase Solid State Disks (SSDs) at this time. (See also baramundi

user forum: http://forum.baramundi.de/showthread.php?3844 )

baramundi WipeDisk is not approved for secure erasing confidential data! If you have hard

discs which fall into this classification it is not recommended to give these hard discs away –

even after using WipeDisk. The physical destruction is the only reliable protection so far

7.3.8 UNICODE characters in Active Directory

If an Active Directory synchronization job encounters UNICODE characters within synchroni-

zation data, the job is aborted.

7.3.9 SetupComplete.cmd

baramundi OS-Install uses SetupComplete.cmd found in the $oem$ directory, to install the

bMA on the target system. If you wish to use the same file for your own purposes rename

yours to SetupComplete2.cmd. It will be executed at the appropriate time.

7.3.10 Installation of SQL Server 2012 Express

The SQL Server 2012 Express cannot be installed under Windows 2003.




7.3.11 Samba Domains

Within a Samba Domain no user related software deployment may be done, because the

synchronization of the necessary user and group objects fails. This is due to the missing

attribute objectId within these objects.

7.3.12 Patch Management

If you change the „PatchBaseFolder“ so it contains the variable {DIP} it cannot be used for

bBT-Patchjobs any longer. In the baramundi user forum there is a workaround how to use bBT

properly anyway. http://forum.baramundi.de/showthread.php?4014

7.3.13 ORACLE databases

For ORACLE databases we recommend the Patch 11.2.0.3. This provided a significant

performance improvement in several customer setups.

7.3.14 Miscellaneous

The names of security profiles must not contain single quotes.

The baramundi start menu shortcut to the log folder and the correspondent junction in the

bMS folder will only work if at least once a log entry was written since the folder will not

be created before.

The size limit of the bMA log will only be checked when starting the bMA and not during

operation.

The Unified Extensible Firmware Interface (UEFI) can be used for the PXE boot only in

BIOS compatibility mode.




8 Appendix

8.1 Glossary

AMT Active Management Technologie (Intel vPro)

APNS Apple Push Notification Service

bDS baramundi Deployment Script

bMA baramundi Management Agent

bMC baramundi Management Center

bMD baramundi Mobile Devices

bMS baramundi Management Suite

GCM Google Cloud Messaging (Android)

TMG Threat Management Gateway (Microsoft)

VM Virtual Machine

VPN Virtual Private Network

VPP Volume Purchase Program (Apple)

WoL Wake-On-LAN

8.2 Table of figures

Figure 1 – Compliance Dashboard for mobile devices ........................................................... 4

Figure 2 – Compliance over all devices ................................................................................. 5

Figure 3 – Number of violations by rule ................................................................................. 5

Figure 4 – Number of violations by device ............................................................................. 6

Figure 5 – Compliance Rules ................................................................................................ 6

Figure 6 – Definition of Compliance Rules ............................................................................. 7

Figure 7 – Table View of all Compliance Violations ............................................................... 7

Figure 8 – Configuration of a Rule with automated Reaction in case of violation ................... 8

Figure 9 – baramundi Mobile Agent ....................................................................................... 9

Figure 10 – Compliance Check ............................................................................................. 9

Figure 11 – Kiosk on iPad, iPhone, Windows Phone and Android ........................................10

Figure 12 – baramundi Mobile Agent for Windows Phone 8 .................................................11

Figure 13 – Windows Apps Store Integration ........................................................................11

Figure 14 – Communication technologies by platform ..........................................................12

Figure 15 – Enrollment by QR-Code.....................................................................................13

Figure 16 – Client side job execution ....................................................................................16

Figure 17 – server side job execution ...................................................................................16

Figure 18 – New job step type “server side action” ...............................................................17

Figure 19 – Logging of server and client side job steps ........................................................17

Figure 20 – Inventory of Linux clients ...................................................................................18

Figure 21 – VM creation with OS installation ........................................................................19

Figure 22 – Techniques for Wake-On-LAN ...........................................................................20



baramundi software AG

Beim Glaspalast 1

86153 Augsburg

Tel: +49 (821) 5 67 08 – 500

Fax: +49 (821) 5 67 08 – 19

Email: [email protected]

www.baramundi.com

IT management – simply clever

baramundi Management Suite 8.9 | Release Notesdesbrq3.n-con.net/Baramundi/Management Suite/RelNotes_en.pdf · Page 3 / 48 Release 8.9 | Release Notes 1 Overview Dear Reader, baramundi

Documents