Installation and Deployment Guide - LANDeskÂ® Software ...

LANDesk®Management Suite 8

This document contains information, which is the proprietary property of LANDesk Software, Ltd.and its affiliates. This document is received in confidence and its contents cannot be disclosed orcopied without the prior written consent of LANDesk Software Ltd., and its affiliated companies("LANDesk").Nothing in this document constitutes a guaranty, warranty, or license, express or implied.LANDesk disclaims all liability for all such guaranties, warranties, and licenses, including but notlimited to: Fitness for a particular purpose; merchantability; non infringement of intellectualproperty or other rights of any third party or of LANDesk; indemnity; and all others. LANDeskproducts are not intended for use in medical, life saving, or life sustaining applications. Thereader is advised that third parties can have intellectual property rights that can be relevant to thisdocument and the technologies discussed herein, and is advised to seek the advice of competentlegal counsel, without obligation of LANDesk.LANDesk retains the right to make changes to this document or related product specificationsand descriptions at any time, without notice. LANDesk makes no warranty for the use of thisdocument and assume no responsibility for any errors that can appear in the document nor doesit make a commitment to update the information contained herein.Copyright © 2003, LANDesk Software Ltd., or its affiliated companies. All rights reserved.LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or itscontrolled subsidiaries in the United States and/or other countries.*Other brands and names are the property of their respective owners.

ContentsLANDesk® Management Suite overview ........................................................................................ 5What's new in this release........................................................................................................... 5Management Suite basics........................................................................................................... 6Installation and deployment strategies........................................................................................ 7Overview of installation and deployment..................................................................................... 8Rapid deployment strategy............................................................................................................ 11Overview of rapid deployment................................................................................................... 11Step 1: Design your domain......................................................................................................12Step 2: Prepare your database ................................................................................................. 14Step 3: Install the core server and console............................................................................... 15Step 4: Deploy Management Suite ........................................................................................... 17Congratulations! ........................................................................................................................ 20Phase 1: Designing your management domain ............................................................................ 21Gathering network information .................................................................................................. 21Planning your security and organization model ........................................................................ 27System requirements ................................................................................................................ 30Upgrading to LANDesk Management Suite 8 ........................................................................... 35Phase 2: Preparing your databases .............................................................................................. 47Before you begin ....................................................................................................................... 47Microsoft SQL Server 2000 configuration ................................................................................. 48Oracle database configuration .................................................................................................. 50LANDesk Software support and DBMS issues ......................................................................... 52Phase 3: Installing the core, console, and core rollup................................................................... 53Selecting components to install.................................................................................................53Installing the core server and console....................................................................................... 54Installing additional consoles .................................................................................................... 55Managing databases after installation....................................................................................... 573

CONTENTSPhase 4: Deploying the primary agents to clients ......................................................................... 61The phased deployment strategy.............................................................................................. 61Checklist for configuring clients................................................................................................. 62Deploying to Windows NT/2000/2003/XP clients...................................................................... 63Using a service center to deploy Remote Control, Inventory, and CBA to clients.................... 65Deploying clients from the command line ................................................................................. 71Deploying to clients using Enhanced Software Distribution packages ..................................... 72Understanding the client configuration architecture.................................................................. 73Reversing the client configuration process ............................................................................... 76Phase 5: Deploying other agents to clients ................................................................................... 77Phase 6: Installing the Web console .............................................................................................85Extending network management to the Web ............................................................................ 85Installation requirements ........................................................................................................... 86Installing the Web console ........................................................................................................ 87Accessing multiple databases................................................................................................... 89Setting up Web console security............................................................................................... 91Chapter 7: Installing OS Deployment and Profile Migration.......................................................... 95Installing OS deployment and profile migration ........................................................................ 96Configuring your OS deployment and profile migration environment ....................................... 97OS deployment phases........................................................................................................... 101Chapter 8: Deploying to Macintosh, Linux, and UNIX clients...................................................... 103Deploying to Macintosh clients................................................................................................ 103Deploying the Mac OS X agents ............................................................................................. 104Deploying the Mac OS 9.2.2 agents ....................................................................................... 105Deploying to Linux and UNIX clients....................................................................................... 109Chapter 9: Uninstalling LANDesk Management Suite................................................................. 113Uninstalling Management Suite .............................................................................................. 113Appendix A: Troubleshooting ...................................................................................................... 1174

LANDesk ® Management Suite overviewThis guide walks you through the process of installing and deploying one of the mostcomprehensive network management tools available—LANDesk® Management Suite 8.Here's what you'll learn about in this overview:• What's new in this release• Management Suite basics (includes Management Suite terms)• Installation and deployment strategies• Overview of installation and deploymentWhat's new in this releaseThese are the primary new and improved features in this release of Management Suite:• Improved database: New single database schema with improved data integrity andscalability.• Role-based administration: Add Management Suite users and configure their access toManagement Suite tools and network devices based on their administrative role in yournetwork. With role-based administration, you assign scope to determine the devices auser can view and manage, and rights to determine the tasks they can perform.• Enhanced Software Distribution improvements: Enhancements include byte-levelcheckpoint restart for interrupted downloads, peer download, dynamic bandwidththrottling that limits distribution bandwidth when clients need network bandwidth, andmulti-file MSI multicast package support.• New Unmanaged Device Discovery feature: Discover unknown and unmanageddevices on your network though a directory service, domain discovery, or layer 3 pingsweep. Alerts notify you of newly discovered devices. Schedule device discovery so youcan constantly be aware of new devices.• Enhanced client security: Certificate-based model allows clients to only communicatewith authorized core servers and consoles.• New on-demand remote control: Optional and highly secure on-demand remote controlmodel only loads the remote control agent on clients for the duration of an authorizedremote control.• New reports: Over 50 new predefined Management Suite service reports for planningand strategic analysis.• New console interface: New console with dockable windows, network view, customlayouts, and more.• Additional Macintosh computer feature support: Targeted Multicast, ApplicationPolicy Management, and Software License Monitoring for Mac OS 10.2 clients.5

INSTALLATION AND DEPLOYMENT GUIDEManagement Suite basicsManagement Suite supports NetWare* servers and Windows* 2000/2003 servers, and it providesa common interface for managing the clients of these network operating systems. On the clientside, Management Suite supports to varying degrees Windows NT/2000/2003/XP, Windows95/98, Macintosh*, UNIX*, and Linux* clients.How does Management Suite fit into my network?Management Suite uses the infrastructure of your existing network to establish connections withthe devices it manages. With Management Suite, the job of managing your existing network isgreatly simplified, whether you manage a small network or a large enterprise environment.Important conceptsThe most important concept that you need to understand before installing and deploying thesoftware is the Management Suite management domain. Each management domain consists of acore server and the clients that core server manages. Depending on the server speed, each coreserver can manage up to 10,000 clients. You can have multiple core servers on your network.You can view the data from multiple core servers by using the Management Suite Web console toview a rollup core server, which gathers data from individual core servers you configure.Management Suite terms• Core server: The center of a management domain. All the key files and services forManagement Suite are on the core server. A management domain has only one coreserver.• Console: The main LANDesk Management Suite interface.• Web console: The browser-based Management Suite console that offers a subset of thefeatures available in the main console.• Core database: Management Suite requires one database for each core server, and ifyou have multiple core servers, you can use a core rollup database that summarizes datafrom the core servers.• Core rollup database: A database that is optimized for querying. Core rollup databasessummarize data from multiple the core servers. Only the Web console can access thecore rollup database.• Clients: Desktop computers, servers, laptops, or handheld devices, in your network thathave LANDesk agents installed. A core server can manage as many as 10,000 clients.Larger environments require multiple core servers.6

LANDESK® MANAGEMENT SUITE OVERVIEWInstallation and deployment strategiesInstalling and deploying a system-wide application like Management Suite to a heterogeneousnetwork requires a deliberate methodology and significant planning before you run the setupprogram.This guide includes two strategies for setting up Management Suite:• Rapid deployment• Phased deploymentBefore choosing a deployment strategy, you need to briefly characterize your managementneeds.Rapid versus phased deploymentDeployment is the process of expanding your management capabilities to clients that you want toinclude in the domain. Deployment is simplified when you load agents and services on clients andservers so that you can manage them from a central location.The rapid deployment strategy assumes that the default settings and database used during installare sufficient for your management needs.The phased deployment strategy offers you a more structured approach to enabling managementon servers and clients. This approach is based on two simple principles:• First, deploy those Management Suite components that have the least impact on yourexisting network and progress to those components that have the most impact.• Second, deploy Management Suite in well-planned stages, rather than deploying allservices at once, which may complicate any required troubleshooting.Rapid deploymentUses the default settings and database.Installs on networks with 1,000 clients orfewer.Installs to a test lab so that you can evaluatethe product before a wide-scale deploymentto your production network.Phased deploymentUses custom settings.Installs on networks with any number of clients.Installs to a complex network that has multiplelocations with WAN connections.If you meet any of the rapid deployment criteria, refer to the next chapter, Rapid deploymentstrategy.If you meet any of the phased deployment criteria, refer to Phase 1: Designing your managementdomain later in this guide. You should then continue sequentially through each phase.7

INSTALLATION AND DEPLOYMENT GUIDEOverview of installation and deploymentThis guide groups installation and deployment tasks into the following phases. Each phase has acorresponding section in this guide that walks you through that part of the installation.If you're using the rapid deployment strategy, you'll complete these tasks in the same order, butyou won't need to plan or prepare as thoroughly as you would if you were following the phaseddeployment strategy.Phase 1 summaryDuring phase 1 of the installation, you design your management domain by completing thesetasks:• Gather network information• Confirm that your network meets system requirementsFor details, refer to Phase 1: Designing your management domain later in this guide.Phase 2 summaryDuring phase 2 of the installation, you prepare your databases by completing these tasks:• Install and configure your databases• Conduct basic database maintenanceFor details, refer to Phase 2: Preparing your databases later in this guide.Phase 3 summaryDuring phase 3, you install Management Suite by completing these tasks:• Install the core server• Install additional management consoles• Configure a rollup core server (optional)• Maintain the databaseFor details, refer to Phase 3: Installing the core, console, and rollup core later in this guide.Phase 4 summaryDuring phase 4 of the installation, you deploy the basic Management Suite agents by completingthese tasks:• Deploy Remote Control and Inventory to servers• Deploy Remote Control, Inventory, and CBA to clients• Deploy clients from the command lineFor details, refer to Phase 4: Deploying the primary agents to clients later in this guide.8

LANDESK® MANAGEMENT SUITE OVERVIEWPhase 5 summaryDuring phase 5 of the installation, you complete the task of deploying the remaining ManagementSuite agents:• Application Healing• Application Policy Management• Bandwidth Detection• Common Base Agent• Custom Data Forms• Enable Migration Tasks• Enhanced Software Distribution• Inventory Scanner• Local Scheduler• Remote Control• Software Monitoring• Targeted Multicasting• Task CompletionFor details, refer to Phase 5: Deploying other agents to clients later in this guide.Phase 6 summaryDuring phase 6 of the installation, you can optionally set up the Web console by completing thesetasks:• Install the Web console• Configure the Web consoleFor details, refer to Phase 6: Installing the Management Suite Web Console later in this guide.9

Rapid deployment strategyRapid deployment is the fastest method for setting up LANDesk Management Suite. It assumesthat the domain you're setting up consists of 1,000 clients or fewer, or that you're setting up a testnetwork to evaluate Management Suite before launching a full-scale rollout.If you need to manage more than 1,000 clients or you don't want to first set up a test network, godirectly to "Phase 1: Designing your management domain" later in this guide.Overview of rapid deploymentThe rapid deployment strategy follows the same sequence prescribed in the phased approach.The difference is that you'll accept Management Suite's default settings rather than createcustomized databases and configurations.There are four major steps in rapid deployment:• Step 1: Design your management domain• Step 2: Prepare your database• Step 3: Install the core server and console• Step 4: Deploy Management SuiteUse the step-by-step instructions on the following pages to complete the rapid installation anddeployment of Management Suite.11

INSTALLATION AND DEPLOYMENT GUIDEStep 1: Design your domainThere are four tasks necessary to design your domain in preparation for rapid deployment:• Estimate the number of clients• Select the core server• Select the console computer• Plan the placement of program filesEstimate the number of clientsA client is any computer that has LANDesk agents installed on it. Though this includes all serverswith agents installed, the majority of clients in a domain are typically desktop computers, laptops,and handheld devices.By choosing rapid deployment, you've already indicated that you'll support 1,000 nodes or fewer.Select the core serverThe core server is the center of a management domain. All of the key Management Suite filesand services are contained on the core server. A management domain can have only one coreserver.Core server system requirementsAs you consider which server you'll set up as your core server, review these system requirementsand confirm that your server matches them:• Windows 2000 Server or Advanced Server with SP 4, or Windows Server 2003 Standardor Enterprise edition• 500 MB of free disk space• Intel Pentium III* processor minimum; Pentium 4 processor recommended• 256 MB of RAM minimum• An account with administrator rights• Microsoft Internet Explorer 6 or higher• SCSI disk(s) recommendedA dedicated core server is strongly recommendedBecause of the traffic that must pass through the core server to manage your domain, we stronglyrecommend that each core server, database server, or service center is dedicated to hostingManagement Suite.If you install other products on the same server, you may experience short- and long-termresource issues.Don't install the core server components on a primary domain controller, backup domaincontroller, or active directory controller.12

RAPID DEPLOYMENT STRATEGYSelect the console computerThe console computer runs the main UI where you conduct management activities such as takingremote control of a client, monitoring the core database, or scheduling a software packagedistribution.The default settings install a console to the core server. You can install the console to a separatecomputer if you don't want to manage your domain from the core server.Management Suite 6.6 and later have replaced the old Access* default database with theMicrosoft SQL* Server Data Engine 2000 (MSDE) database. The new MSDE database canhandle more clients and doesn't have many of the performance limitations the Access databasehad.You'll likely see performance issues with MSDE when the database has more than fiveconcurrent things to do. You should limit the number of consoles that will use the databasesimultaneously when using MSDE.Console system requirementsIf you plan to install a Management Suite console on a separate computer, review these systemrequirements and confirm that it meets these criteria:• Windows 2000 Professional or Advanced Server with SP 4, or Windows XP with SP 1• Pentium III processor minimum; Pentium 4 processor recommended• 256 MB of RAM• 180 MB of free disk space• Microsoft Internet Explorer 6 or higherPlan the placement of program filesDuring installation, you can specify where you want to install the Management Suite programfiles. You should accept the default destination directory unless you have a compelling reason(such as insufficient disk space) to change them. The default directory is:C:\Program Files\LANDesk\ManagementSuite13

INSTALLATION AND DEPLOYMENT GUIDEStep 2: Prepare your databaseManagement Suite requires a database to store general management information. You need adatabase management system (DBMS) to interact with this database.For rapid deployment, use the default DBMS, Microsoft MSDE. MSDE is set up and configuredfor you if you accept the default data source during Desktop Manager installation.The only preparation necessary is to confirm that your core server meets the systemrequirements necessary to run the databases.14

RAPID DEPLOYMENT STRATEGYStep 3: Install the core server and consoleThis step focuses on installing the core components of Management Suite.The core server is the center of a management domain. It contains all the key files and, in thecase of a rapid deployment, the databases required for Management Suite. If you've reviewed thepre-installation considerations, you're ready to install the core server.To install the core server and consoleAt the computer you've selected to be your core server and console:1. Insert the LANDesk Management Suite CD into the CD-ROM drive or runAUTORUN.EXE from your installation image. The Autorun feature will display a Welcomescreen.2. Click Verify Core System Requirements to run the system requirements checker. Makesure all requirements pass.3. Click Install LANDesk Management Suite to run the Setup program.4. Select the language you want Setup to install.5. A Welcome screen for LANDesk Management Suite Setup appears. Click Next.6. On the License Agreement screen, click Yes to accept and continue.7. Accept the default destination folder by clicking Next.8. Select the components you want and click Next. You can select all of the componentsexcept Rollup Core.9. Select Create New Database to install the default MSDE database. Click Next.10. On the Management Database: MSDE settings page, enter an MSDE databasepassword. Remember this password or write it down. You'll need it later. Click Next.11. Enter an Organization and Certificate name to describe the certificate Setup will create.12. Review the summary page and click Next.13. The InstallShield Wizard Complete dialog appears when the database Setup iscomplete. Click Yes I want to restart my computer now. Click Finish to completeSetup.14. Restart the computer to finish Setup and load the services. You'll notice after you rebootand log in that Setup will run for a few more minutes while it finishes the installation.Setup won't prompt you for any more information during the first reboot.15

INSTALLATION AND DEPLOYMENT GUIDEVerifying a successful installationWith the installation of the core server and console complete, you can now use the consolecomponent of Management Suite.To verify successful installation1. Click Start | Settings | Administrative Tools | Services, then confirm that theseservices have started on the core server:• Intel Alert Handler• Intel Alert Originator• Intel PDS• Intel QIP Server• Intel Scheduler• LANDesk Device Monitor• LANDesk Inventory Server• LANDesk Management Agent2. Start the console by clicking Start | Programs | LANDesk | LANDesk ManagementSuite 8.3. You'll be prompted to log in to the console. Log in with the Windows user credentials youused when installing the core server.4. Once the console starts, you're asked to supply license information. If you're evaluatingLANDesk Management Suite 8, you can use a 45-day evaluation license for 100 clientsand one server. Otherwise, click Add to add your license information.5. In the network view, click Devices > All Devices, select the core server, and from itsshortcut menu click Inventory. Confirm that the core server has been scanned into thecore database.16

RAPID DEPLOYMENT STRATEGYStep 4: Deploy Management SuiteWith the core server and console installations complete, you're ready to deploy ManagementSuite to your management domain. To do so, you'll need to complete these tasks:• Deploy to servers• Deploy to clientsDeploying to serversThere are three parts to a rapid server deployment:• Creating a default remote control and inventory client setup configuration• Installing Remote Control and Inventory on servers• Deploying to clientsCreating a remote control and inventory client setup configuration for serversThe default client setup configuration Management Suite installs with includes all componentsexcept for Application Healing. You should create a separate client configuration for servers thatincludes only the components you want, particularly the Common Base Agent (CBA), remotecontrol, and inventory. Servers generally don't need all of the Management Suite components.To create a remote control and inventory client setup configuration for servers1. Click Tools | Client Setup.2. Double-click the Add client Configuration icon.3. Enter a Configuration name.4. Under Components to install, click Common Base Agent, Inventory Scanner, andRemote Control.5. Proceed through the wizard, making any changes you want. When you get to the scopepage, enter the scope you decided on earlier. Click Help if you need more information onScope and the wizard pages.6. Finish the wizard, and make the configuration default.Installing Remote Control and Inventory on serversInstalling Remote Control and Inventory on a server lets you manage that server the same wayyou manage a client workstation. You can install Remote Control and Inventory on WindowsNT/2000/2003 servers and NetWare servers.To install Remote Control and Inventory on a Windows NT/2000/2003 serverAt the server you're installing to:1. Log in with administrator rights.2. Map a drive to the core server's LDLogon share.3. Run IPSETUP.BAT to configure the server with LANDesk agents.17

INSTALLATION AND DEPLOYMENT GUIDEDeploying to clientsThere are three ways to configure clients:• Manual configuration: Map a drive to the core server's LDLogon share and runWSCFG32.EXE, the client configuration program. The components that are deployed tothe client must be selected interactively.• Push-based configuration: Use the Client Setup wizard to define a client configuration.Use the Scheduled Tasks window to push the configuration to clients. In the case ofWindows 95/98 clients, CBA must already be present on the client.• Logon script-based configuration: Use the Client Setup wizard to define a clientconfiguration (with the default option set to Yes). This configuration will be applied toclients as they log in. In the case of Windows NT/2000/2003/XP clients, end users needadministrative rights to their computers.Obviously, manual configuration is not practical in a large environment where many clients mustbe configured. In this initial phase of the client deployment, with no agents present on the clients,login script-based configuration is the only option for Windows 95/98 clients. For WindowsNT/2000/2003/XP clients, either login script-based or push-based configuration will work, butlogin script-based configuration is often impractical because it requires end users to haveadministrative rights to their computers.Creating a default configuration for clientsManagement Suite installs with a default configuration that includes all components exceptApplication Healing. Application Healing isn't enabled by default, because it requires extraconfiguration. You can use the default configuration or you can create your own. If you do createyour own, make sure you make your configuration the default. The default configuration has acheckmark on the icon. The default configuration is important if you are using manualconfiguration, because it's the one IPSETUP.BAT installs.Deploying clients manuallyManual client deployment is adequate for small networks, but because you have to go to eachcomputer, it isn't practical on a larger scale. If you're having problems configuring clients, manualconfiguration is usually trouble-free.To configure a client manually1. Go to the client you want to configure.2. Log in with administrator rights.3. Map a drive to the core server's LDLogon share.4. Run IPSETUP.BAT to configure the client with LANDesk agents.IPSETUP.BAT installs the configuration marked as default in the Client Setup window. OnceIPSETUP.BAT finishes, the newly-configured client will be visible in the console's network view.18

RAPID DEPLOYMENT STRATEGYDeploying clients with a push-based configurationManagement Suite also supports a scheduled, push-based configuration method. In the case of aWindows NT/2000/2003/XP client, the push-based method does not require CBA to be alreadypresent on the client.To enable a push-based configuration of Windows NT/2000/2003/XP clients not already runningCBA, the Management Suite Scheduler service that runs on the core server must be set up asfollows:1. In the console, click Configure | Services, then click the Scheduler tab.2. Click Change login.3. In the Username and Password fields, specify a domain administrator account (in theformat domain\username).4. Stop and restart the Scheduler service.5. Schedule the configurations.You can specify the domain administrator when configuring Windows NT/2000/2003/XP membersthat belong to the same domain as the core server. To configure Windows NT/2000/2003/XPclients in other domains, you must set up trust relationships. Remember that the accountidentified in step 3 above is also the account under which the Scheduler service will run on thecore server. Make sure the account has the Log on as a service right.For Windows XP, "Simple file sharing" must be disabled on the client. You can turn off this optionby selecting a share and clicking Tools | Folder Options.If a push configuration of a Windows NT/2000/2003/XP client fails and displays a message thatsays "Cannot Find Agent," try the steps listed below to identify the problem. These steps mimicthe Scheduler's actions during a push configuration.1. Find the username under which the Intel Scheduler service is running.2. On the core server, log in with the username you found in step 1.3. Map a drive to \\client name\C$. (This step is the one most likely to fail. It may fail for tworeasons. Most likely, you don't have administrative rights to the client. If you do haveadministrative rights, it is possible that the client's administrative share (C$) is disabled.)4. Create a directory \\client name\C$\$ldtemp$ and copy a file into it.5. Use the Windows NT/2000/2003/XP Service Manager and try starting and stoppingservices on the client.Deploying clients with a login scriptThough the login script-based configuration is usually the method of choice for Windows 95/98clients, this method is often impractical for Windows NT/2000/2003/XP clients, because itrequires end users to have administrative rights to their computers. In most companies, end usersdo not have such rights.If you want to deploy clients by using a client deployment service center and login scripts, seePhase 4: Deploying remote control, inventory, and CBA to clients.19

INSTALLATION AND DEPLOYMENT GUIDECongratulations!You've completed the rapid deployment of Management Suite. For help using this application,consult the LANDesk Management Suite User's Guide or online help. If you want to roll outManagement Suite to a larger management domain than this rapid deployment model canhandle, see Phase 2: Preparing your databases later in this guide.20

Phase 1: Designing your management domainIn phase 1, you gather information about your network infrastructure and make decisions thathelp you customize your management domain.In this phase you'll learn about:• Gathering network information• Selecting your core server and console• Selecting a database• Selecting service centers• Planning your security and organization model• Functionality available by client OS• Select components to implement• System requirements• Upgrading to LANDesk Management Suite 8Gathering network informationIdentify and collect all critical information about your network as it relates to Management Suite.Specifically, you need to:• Determine the number of sites• Estimate the number of clients at each location• Select your core server and consoles• Plan placement of program files• Select a database• Select service centers• Determine the number of domains• Understand the functionality available by client OSDetermining number of sitesFirst, identify all site locations where you want to deploy Management Suite. You'll use thisinformation to determine the size and reach of each management domain, as well as theplacement of core servers, service centers, and database servers.To get this information, refer to your corporate WAN or LAN topology charts and serverconfiguration charts.21

INSTALLATION AND DEPLOYMENT GUIDEEstimating number of clients at each locationYou need to identify how many clients per site will be managed by Management Suite and gatherpreliminary information about those clients. The number of clients is equivalent to the number ofdesktop computers, laptops, servers, and handheld devices. You'll use this information todetermine domain size, select a database, and compare with the Management Suite systemrequirements.The more information you can gather about the type of clients you'll manage, the better you canplan. Even rough estimates can help.Determining server configurationsGather configuration information on each server that you plan to manage. You'll use thisinformation later in the domain design process to help determine if the servers you've selectedmeet the system requirements for a core server, database server, and service center. Identify thisinformation for each server that will be managed by Management Suite:• Type of processor• Network operating system version, plus applied service packs or patches• Approximate available disk space• Hard disk type (for example, ultra-wide SCSI, disk arrays, and so on)• RAMSelecting your core server and consolesThe core server is the center of a management domain. All the key Management Suite files andservices are contained on the core server. A management domain can have only one core server.Console computers run the main Management Suite console where you conduct managementactivities such as taking remote control of a client, querying the core database, or distributing asoftware package.Refer to the Overview of rapid deployment section earlier in this guide for more information aboutthe core server and consoles.Consoles and management domainsAlthough a management domain can have only one core server, it can have as many as 25consoles. This limit isn't hardcoded, but it's the largest configuration characterized inManagement Suite. A larger number of consoles may be reasonable in some environments,based on core server and database server hardware capability.Make sure that the computers you select for your core server and consoles meet the systemrequirements. Refer to System requirements later in this phase.Planning placement of program filesDuring installation, you can specify where you want to install the Management Suite programfiles. Accept the default destination directories unless you have compelling reasons to changethem.The default destination directory for core servers and consoles is:C:\Program Files\LANDesk\ManagementSuite22

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINSelecting a databaseManagement Suite 6.6 and later replaces the old Access default database with the Microsoft SQLServer Data Engine 2000 (MSDE) database. The new MSDE database can handle more clientsand doesn't have many of the performance limitations the Access database had.Each MSDE database has a 2 GB database size limit. The number of clients this databasesupports depends on your network's inventory scan file size. In larger environments with manymanagement consoles, you should use the supported Microsoft SQL or Oracle8i* databases tokeep Management Suite performing optimally. In these larger environments, the MSDE databasewon't perform as well as a true enterprise-level database.You'll likely see performance issues with MSDE when the database has more than fiveconcurrent things to do. If you want to use MSDE, consider how often you might have more thanfive people accessing the database at exactly the same time. If it's likely more than five peoplewill be accessing the database, what will those people be doing? For example, if they're allrunning software-related queries against the core database, use SQL Server or Oracle, sincesoftware-related queries can take a while to complete because of the amount of data involved. Ifthey're all querying the core database for a set of clients with a certain hard drive size, you canprobably stay with MSDE, since that type of query usually takes less than a second to complete.If you want or need to use your own database, you can select either:• Microsoft SQL Server 2000 SP 3• Oracle8i* (8.1.7)• Oracle9i*For detailed information about databases, refer to Phase 2: Preparing your databases later in thisguide.Selecting service centersUse client deployment service centers to off-load the demands on the core server. Each servicecenter helps distribute the work throughout the network. Client deployment service centersprovide login services to configure clients. Install the client deployment service center on aWindows NT/2000/2003 PDC, BDC, Domain Controller, NetWare NDS* server, or NetWarebindery server to configure clients.Determining number of management domainsBefore you determine whether you need more than one domain, you need to understand theparticulars of having multiple management domains. A single management domain has beentested to support as many as 10,000 clients. However, the number of clients isn't the only factorto consider when determining whether you need more than one management domain. If you havesites separated by slow WAN links, for example, you may want to have a core server near thoseclients. You can use the Web console and a rollup core to manage multiple core servers and theirclients.Creating multiple management domainsIf you're creating multiple management domains, we recommend that you successfully completethe installation and deployment of one management domain before creating another.23

INSTALLATION AND DEPLOYMENT GUIDEFunctionality available by client OSThis table identifies the supported operating systems, protocols, and key functions ofManagement Suite.Key function Windows 95/98 Windows 2000/2003/XP MacintoshVersionssupportedWindows 95BWindows 98SEWindows 2000 w/SP 3Windows Server 2003Windows XP w/SP 1System* 8 and 9.21,OS 10.2Protocols TCP/IP TCP/IP TCP/IPConsole support No Yes, with MDAC 2.8 NoInventory Yes Yes YesCBA Yes Yes Yes (OS 10.2 only)Certificate security Yes, with Winsock 2 Yes Yes (OS 10.2 only)All other agentsnot listed hereYes Yes System 8 and 9.21,No. OS X* supportsSoftwareDistribution,Application PolicyManagement, andTargeted MulticastIn addition, Remote Control and Inventory support is available for:• NetWare 6.0• Red Hat Linux 7.3. 8, and 9• Unix IBM (AIX* 5.1)• Unix Intel Architecture (Solaris* 8)• Unix Hewlett Packard (HP-UX* 11.0)• Unix Sun Sparc (Solaris 8)In addition, Management Suite supports these directory services:• Microsoft Active Directory*• Novell eDirectory*• Novell NDS24

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINSelecting components to implementUse this table to identify the types of components you want to implement.Component type Description Decision criteriaRemote ControlInventory ScannerSoftware LicenseMonitoringEnhanced SoftwareDistributionTargeted MulticastingApplication HealingApplication PolicyManagementCustom Data FormsLets you take control of a client fromacross the network. Minimizes thetime it takes to resolve customerissues from a centralized help desk.Gathers software and hardwareinformation for clients that you canview through database queries.Monitors and reports on applicationlicense usage and deniedapplications. Doesn't limit access toapplications.Automates the process of installingsoftware applications or distributingfiles to clients.Allows clients to receive multicastsoftware distributions.Automatically keeps configuredapplications running on clients.Automatically installs a set ofapplications on groups of clients.Presents a form to users for them tocomplete. You can query thedatabase for the data that usersenter.Provide remote management ofcomputers across the LAN/WAN.Record detailed inventoryinformation about all clients.Provide reports on all softwareand hardware.Track installed software andsoftware usage.Install applications simultaneouslyto multiple clients. Update files ordrivers for multiple clients.Install applications simultaneouslyto multiple clients. Update files ordrivers for multiple clients.Reduce consumed networkbandwidth.Protect critical or commonly-usedapplications on clients.Manage groups of clients thathave common software needs.Retrieve customized informationfrom users directly.Bandwidth DetectionEnables bandwidth detectionbetween clients and the core server.You can limit Management Suiteactions such as SoftwareDistribution based on availablebandwidth.Detect remote clients or clientsthat connect to the network via aslow link.Local SchedulerEnables Management Suite tolaunch client tasks based on a timeof day or bandwidth availability. Forexample, you can use the LocalScheduler to allow mobile clientpackage distribution only whenthose clients are on the WAN.You have computers that may notalways be on the network or mayconnect to the network via adialup connection.25

INSTALLATION AND DEPLOYMENT GUIDECommon Base Agent(CBA)Task CompletionThe base client agent that enablesclient discovery, alert reporting, andother basic features. Required bymany other agents.Checks with the core server to see ifthere are any scheduled jobs theclient needs to run.Most clients need CBA. Manyagents in this table require CBAto work.You have mobile or other userswho aren't always connected tothe network and tend to missscheduled jobs.Compatibility with previous versions of Management SuiteManagement Suite 8 consoles can communicate with clients running Management Suite 6.62 andlater. With older clients, you won't have access to the new Management Suite 8 features.However, beginning with Management Suite 8, the Management Suite 8 client agentsauthenticate to authorized core servers, preventing unauthorized cores/consoles from accessingManagement Suite 8 clients.Each core server has a unique certificate that Management Suite Setup creates when you firstinstall the core. The Client Setup: Authentication dialog lets you pick the core server trustedcertificates you want clients to accept. For more information on certificates and security, see thenext section and chapter 2, "Configuring clients" in the User's Guide.26

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINPlanning your security and organization modelLANDesk Management Suite 8 introduces a new security model. Clients now authenticate to theirauthorized core server before communicating with the core, and role-based administration allowsManagement Suite administrators to control the rights Management Suite console users haveand which clients they can work with (scope).You should decide how you want to handle security before deploying Management Suite,because changing security and scopes requires you to redeploy client agents or securitycertificates.Planning your core server structureManagement Suite 8 uses a certificate-based authentication system. During the core installation,Setup creates a certificate for that core. Clients look for that certificate when communicating withthe core, and clients won't communicate with a core they don't have a certificate for. You caninclude certificates from multiple core servers in your client configurations if you want clients to bemanageable from multiple cores.Planning a scopeRole-based administration is a powerful new feature with Management Suite 8. Access the rolebasedadministration tools in the console by clicking Users in the Tools menu or on the Toolbox.You must be logged in with administrative rights.Role-based administration provides advanced network management capability by letting you addusers to your Management Suite system and assign those users rights and a scope. Rightsdetermine the tools and features a user can see and use (see "Understanding rights" in chapter 1of the User's Guide). Scope determines the range of devices a user can see and manage (see"Creating scopes" in chapter 1 of the User's Guide).You can create roles based on users' responsibilities, the management tasks you want them toperform, and the devices you want them to see, access, and manage. Access to devices can berestricted to a geographic location such as a country, region, state, city, or even a single office ordepartment.For example, you can have one or more users in charge of software distribution, another userresponsible for remote control operations, another user who runs reports, and so on. Toimplement and enforce this type of role-based administration across your network, simply set upcurrent users, or create and add new users as Management Suite users, and then assign thenecessary rights (to Management Suite features) and scope (to managed devices).27

INSTALLATION AND DEPLOYMENT GUIDEThe core server uses scopes to limit the clients that console users can see. Only one scope canbe assigned to a User, but the same scope can be used by multiple users. You can base scopeson one of these methods:• Default All Machines Scope: The assigned default scope for all users allows them tosee all clients on the network.• Default No Machines Scope: Users are unable to see any clients on the network.• Based on a Query: Users can see the clients that fit the selected criteria of a specificquery assigned to them by the Administrator.• Based on LDAP or custom directory: Users can see the clients from the selected leveldown within a LDAP or customer directory.• The scope page in the Client Setup wizard: If you don't have an LDAP-compliantdirectory or you want to categorize clients differently, enter a scope on this scope page.This scope page provides a convenient field you can deploy via Client Setupconfigurations and do queries on.The inventory scanner on each client reports that client's scope in a "location" database field. Ifyou entered a scope in that client's Client Setup configuration, that's the scope the scannerreturns. If you left the scope blank in that client's Client Setup configuration, the scanner tries topopulate the scope from an LDAP-compliant directory. If the scope isn't available from the ClientSetup configuration or an LDAP-compliant directory, the location field will be blank. You can stillassign scopes for clients with a blank location field, but you'll have to do it through queries.The Client Setup wizard scope page uses a path format that's similar to a file path, but withforward slashes as separators. When deciding on a scope, decide how you want to categorizeyour clients for management. You might do it by geography or by organization. Console userscan manage clients belonging to multiple scopes through query-based scopes.For more information on scopes, see chapter 1 in the User's Guide.Configuring Windows 9x/NT clients for LDAP scopesIn order for clients to be part of a scope that is targeted through Active Directory or NetWareDirectory Services, they have to be configured to log in to the directory. This means that theyneed to have all the correct client software installed, and they need to actually log in to the correctdirectory so that their fully distinguished name will match the name that was targeted throughManagement Suite's Directory Manager.Windows 9x/NT doesn't ship with Active Directory support. You must install Active Directorysupport on clients that log in to a directory. More information on installing Active Directory clientsupport is available here:http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp28

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINUnderstanding certificatesWith Management Suite 8, the certificate based authentication model has been simplified. Clientagents still authenticate to authorized core servers, preventing unauthorized cores fromaccessing clients. However, Management Suite 8 doesn't require a separate certificate authorityto manage certificates for the core, console and each client. Instead, each core server has aunique certificate and private key that Management Suite Setup creates when you first install thecore or rollup core server.Clients will only communicate with core and rollup core servers that the client has a matchingtrusted certificate file for. Each core server has its own certificate and private keys, and bydefault, the client agents you deploy from each core server will only talk to the core server fromwhich the client software is deployed. However, you can configure clients to talk to multiple cores.If you will have multiple core servers or a rollup core on your network, make sure you read "Clientagent security and trusted certificates" in chapter 2 of the User's Guide.Using a rollup core databaseA rollup core database summarizes data from multiple core servers and doesn't have the 10,000client limit that a core database has. The rollup core database allows you to use the Web consoleto do the following across core servers:• Remote control• Inventory queries• Reports• Software distributionThe rollup core database should be on a separate server from the core and requires a supportedMicrosoft SQL or Oracle database. Before installing a rollup core from Management Suite Setup,you need to install and configure the rollup database. Once you've installed your core servers andthe rollup core, you can configure periodic data rollups from the core databases to the rollup coredatabase.29

INSTALLATION AND DEPLOYMENT GUIDESystem requirementsMake sure that you meet the following system requirements before you install Management Suite.Core and database serversMake sure that all of your core and database servers meet these requirements:• Windows 2000 Server or Advanced Server with SP 3 or SP 4• Windows Server 2003 Standard or Enterprise edition• Microsoft Data Access Components (MDAC) 2.8• Internet Explorer 6 or greater• The Windows 2000 server you use for your core server should be installed as astandalone server, not as a primary domain controller (PDC), backup domain controller(BDC), or Active Directory controller.• The servers should be dedicated to hosting Management SuiteCore server requirementsThe Windows 2000 pagefile should be at least 12 + N (where N is the number of megabytes ofRAM on the core server. Otherwise, Management Suite applications may generate memoryerrors.All Management Suite services hosted on one server (1-1,000 clients)For Management Suite management domains with 1,000 clients or fewer, you can install the coreserver, console, Web console server, and the core database on one server. For these networks,you may want to consider using the default Microsoft MSDE database, which is generally easierto maintain.Limitation considerationsYour server should at least meet these system requirements before you install Management Suitein a 1-1,000 client configuration:• Pentium 4 processor• 4 GB of free disk space on 10K RPM or faster drives• 768 MB+ of RAM30

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINManagement Suite services hosted on one server (1,000-2,500 clients)If your Management Suite management domain consists of 1,000-2,500 clients, you can still useone server. Your servers should at least meet the following system requirements before youinstall Management Suite:Management Suite core server and Web console software on one server• Dual Pentium III 1000 MHz or faster processors• 6 GB of free disk space on 15K RPM or faster drives• 1 GB or more of RAM• One fast, full-duplex 100 Mb network interface cardMulti-server configuration (3,000-6,000 clients)If your Management Suite management domain consists of 3,000-6,000 clients, you can still useone server. we recommend that you divide your Management Suite components between twoservers for improved database performance.Your servers should at least meet the following system requirements before you installManagement Suite:Management Suite core server and Web console software on one server• Dual Pentium III 1000 MHz or faster processors• 6 GB of free disk space on 15K RPM or faster drives (mirrored)• 1 GB or more of RAM• One fast, full-duplex 100 Mb network interface cardCore database on a second server• Dual Pentium III 1000 MHz or faster processors• 2 GB or more of RAM• Supported database• Two ultra-wide I20 controllers with RAID 5• 20 GB of free space on SCSI drives with a rotational rate of 15K RPM or faster• Two full-duplex 100+ MB network interface cards in teaming modeMulti-server configuration (8,000-10,000 clients)For optimum performance, we recommend that you install Management Suite on at least twoseparate servers for management domains with between 8,000 and 10,000 clients.Your servers should at least meet the following system requirements before you installManagement Suite:Management Suite core server and Web console software on one server• Dual Pentium III 1000 MHz or faster processors• 6 GB of free disk space on 15K RPM or faster drives (mirrored)• 1 GB or more of RAM• One fast, full-duplex 100 Mb network interface card31

INSTALLATION AND DEPLOYMENT GUIDECore database on a second server• Quad Pentium Xeon* 1000 MHz or faster processors• 2 GB or more of RAM• Supported database• Two ultra-wide I20 controllers with RAID 5• 20 GB of free space on SCSI drives with a rotational rate of 15K RPM or faster• Two full-duplex 100+ MB network interface cards in teaming modeService center requirementsThese server requirements are for Management Suite service centers.Windows NT/2000• Dual Pentium II processors (dual Pentium III or Pentium 4 processors recommended)• 16 MB of free disk space• 128-256 MB of RAM• Network interface cardPDCs and Windows NT/2000 Client Deployment service centersIf you're installing a Client Deployment service on a Windows NT/2000 server, you should installto a Primary Domain Controller (PDC), Backup Domain Controller (BDC), or Windows 2000Domain Controller. Only the PDC, BDC, or Domain Controller can run the domain-level logonscripts that are created by a Windows NT/2000 Client Deployment service center.NetWare• Pentium II processor (Pentium III recommended)• 16 MB of free disk space• 64 MB of RAM• TCP/IP or IPX* protocol stack. The service center and the core server both must use thesame protocol in order to communicate with one another.• SNMP servers aren't supported, except for the SNMP trap functionality within the ServerManagement component• Network interface card• NetWare 5.1 or 6.0Console• Windows 2000 with SP 4• Windows XP with SP 1• Pentium III processor (Pentium 4 processor recommended)• 256 MB of RAM• 180 MB of free disk space• Internet Explorer 6 or greater• Novell Client 32* is required to browse a Novell NDS environment32

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINClient computersManagement Suite supports these client operating systems (not all operating systems aresupported equally):• Windows XP with SP 1• Windows 2000 Professional, Server, and Advanced Server with SP 4• NetWare 5.1 and 6• Windows 95B and 98SE• Mac OS 9.2.2 and Mac OS 10.2 and higher• Red Hat Linux 7.3, 8, and 9• Unix IBM (AIX 5.1)• Unix Intel Architecture (Solaris 8)• Unix Hewlett Packard (HP-UX 11.0)• Unix Sun Sparc (Solaris 8)Dial-up support• Modems down to 28.8 where applicable• RAS connectionsSupported router configurationsThis section documents the various ports Management Suite components use. In some cases welist where you can change the port. You should use the default ports unless you have acompelling reason to change them.Remote ControlTCP 1761-1762, console to client.InventoryTCP 5007, client to core server.MulticastUDP 33353, client and core server to subnet representative.TCP 33353, core server to subnet representative.UDP 26387, subnet representative to client. This is the actual multicast-based communicationwithin the subnet. There is no need to open this port on routers.CBA (PDS2)TCP 9595, all clients to all clients. This port must be open for communication in both directions.Management Suite versions prior to 8 used PDS on TCP port 38293.33

INSTALLATION AND DEPLOYMENT GUIDECBA (MSGSYS)TCP 9594, all clients to all clients. This port must be open for communication in both directions.Management Suite versions prior to 8 used MSGSYS on TCP port 38292.TCP remote executeTCP 12174, core server to clients.Change this port from the console, Configure | Services | Custom Jobs | Remote ExecutePort.On clients, change this key to match the port on the core server:HKLM\Software\Intel\LANDesk\Xfer\RmtExePortQIP servicesTCP 12175, client to core server.For clients, change this port in the Client Setup wizards Client Status TCP Port page.For the core server, change the port at:HKLM\Software\Intel\LANDesk\LDWM\QIPSrvr\TCPPort.Application Policy Management and Task CompletionTCP 12176, client to core server.Wake On LANUDP 0, core to client.Wake On LAN packets are sent as subnet-directed broadcasts. Using port 0 ensures that noclients IP stack will process the packet. To allow Wake On LAN packets to cross routers,configure the routers to allow subnet directed broadcasts.You may also need to change the port. Any port will work for the client. Because Wake On LANpackets are recognized by the network adapter hardware, no configuration is needed on the clientside.LANDesk System Manager and LANDesk Server ManagerLANDesk System Manager and LANDesk Server Manager use port 9535 for remote control.They also use port 9595 for broadcast discovery. IPMI discovery requires port 623.Important non-Management Suite portsMicrosoft SQL Server, TCP 1433, console/core to SQL server.NetBIOS over TCP, TCP 139. This port is used by the console's network view for pushing clientconfigurations, for UNC-based software distributions, and so on.SMB over TCP, TCP 445 (Windows 2000 only).34

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINUpgrading to LANDesk Management Suite 8This section provides detailed information and step-by-step instructions for upgrading toLANDesk Management Suite 8. You can upgrade to Management Suite 8 from the previousversions 6.62 and 7.0.Read this section to learn about:• Before you begin• Upgrade tools• Upgrade methods• Upgrade procedures• Understanding component upgrade/migration• Migration at a glanceBefore you beginUpgrading to Management Suite 8 can be a complex process that requires careful planning. Youshould already be familiar with fundamental Management Suite concepts and deploymentconsiderations covered thoroughly in this guide, though you may want to review some of theplanning overview sections. We recommend that you read this section in its entirety beforeperforming an upgrade installation of Management Suite 8.An upgrade installation uses custom tools that automate most of the upgrade process (seeUpgrade tools). However, there are some core server settings and files that need to be movedmanually (saved or exported, and then imported) from the old environment to the new one. In thecase of an in-place upgrade, these settings and files must be copied before beginning theupgrade/migration process.Note that clients should be reconfigured with the Management Suite 8 agents as soon as possibleafter upgrading the core server and database to Management Suite 8 in order to take advantageof improved security and other enhanced features. For more information on the newauthentication and security model, see the Client configuration chapter in the User's Guide. Also,if your clients are currently running LANDesk Software Metering, you should remove this program(with the predefined Uninstall Metering Client script located in the Manage Scripts tool) beforeupgrading or soon after in order to avoid memory problems on the clients.AssumptionsYou need to consider a number of issues before performing a Management Suite upgrade:• All core servers and databases should be backed up or imaged prior to upgrading anyLANDesk software.• Due to the new security model of Management Suite 8, once a client has been upgradedto the Management Suite 8 agents, it cannot be remote controlled by older version coreservers.• Several add-on tools and enhancements exist that can be used in conjunction withManagement Suite, including some tools developed by third-party vendors. Theupgrade/migration process documented in this guide does not take these tools intoconsideration.• Upgrading assumes a working knowledge of Management Suite.35

INSTALLATION AND DEPLOYMENT GUIDEUpgrade toolsThe Management Suite migration process relies on the following executables that are included onyour LANDesk Management Suite CD.LANDesk Management Suite SetupThe Management Suite Setup program launches the normal installation process and prompts theadministrator for necessary network and configuration information. Setup also automatically callsthe tools that implement the migration process, MIGRATECORE.EXE and DBUPGRADE.EXE.MIGRATECORE.EXEThis tool gathers and restores core server files and settings.DBUPGRADE.EXEThis tool transfers most of the data stored on a previous core database to a new ManagementSuite 8 core database. For component-specific details, see Understanding componentupgrade/migration.Note: The database upgrade tool can also be manually executed as a stand-alone process inorder to migrate data from a previous core database to a Management Suite 8 core database. Inorder for this type of migration to work properly, the Management Suite 8 core database must beempty. To ensure an empty database, run COREDBUTIL.EXE (in theLANDesk\ManagementSuite directory) and select Reset database.Software License Monitoring Export and Import ToolsThis export tool exports all of the Software License Monitoring data from a Management Suite 7.0core server to an .XML file that can then be imported with the import tool.Both of these tools appear on the Software License Monitoring toolbar.Upgrade methodsThere are two methods to upgrade to Management Suite 8:• In-place upgrade: Upgrades an existing core server and database as a newManagement Suite 8 core server (preserving the core's settings), with the option of alsomigrating existing data from a previous core database. Note that if you are doing an inplaceupgrade, LANDesk recommends that you do NOT upgrade the OS of the coreserver.• Side-by-side upgrade: Installs a new Management Suite 8 core server and database,with the option of migrating settings from a previous core server, and the option of alsomigrating data from a previous core database. Use the side-by-side method if you want toupgrade the hardware or OS of the core server.Upgrade proceduresFollow the procedures below for the upgrade method you've chosen.36

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINIn-place upgradeTo perform an in-place upgradeOn an existing core server:1. Insert the LANDesk Management Suite CD into the server's CD-ROM drive or runAUTORUN.EXE from your installation image.2. Click Verify Core System Requirements to run the system requirements checker. Makesure all requirements pass.3. Click Install LANDesk Management Suite to run the Setup program.4. Select the language you want to install, and click OK.5. Setup detects an existing installation of Management Suite and prompts whether youwant to continue or exit. Click Ignore to have Setup continue with the migration process.6. The MIGRATECORE.EXE tool runs (with the /gather parameter) and gathers core serverfiles and settings.7. Uninstall runs automatically and removes the previous version of Management Suite.Status messages provide information about the processes as they run.8. Setup now runs the Management Suite 8 installation. At the Management Suite Welcomepage, click Next.9. Click Yes to accept the license agreement.10. Accept the default destination location by clicking Next.11. Accept the default selected features by clicking Next.12. Select Create New Database to install the default MSDE database, or select UsersuppliedDatabase to install a different database (such as Oracle or SQL 2000), andthen click Next. (For more information on database installation and maintenance, see therelated chapters in the Installation and Deployment Guide.)13. Enter a database password, and then click Next.14. If you selected to install OS Deployment and Profile Migration, specify a location for therequired Windows NT 4 files, and then click Next.15. If you selected to install OS Deployment and Profile Migration, specify a location for therequired Windows 98 files, and then click Next.16. Enter an organization and certificate name, and then click Next.17. Review the summary page, and then click Next to start copying files. The Setup Statuspage provides information on the various processes as they run.18. When the file copy process is complete, the MIGRATECORE.EXE tool runs again (thistime with the /restore parameter) and restores the gathered files and settings from theprevious core server to the new Management Suite 8 core server.19. The DBUPGRADE.EXE tool runs and opens the Database Upgrade Settings dialog.20. In the Database Upgrade Settings dialog, enter the data source name, logon name andpassword, and the core server where you want the data migrated. Data is exported fromthe database identified by the data source name (DSN) and imported to the newManagement Suite 8 core database. (If you are installing on a new core, you need tocreate a DSN to the old database. Click New DSN to open the ODBC Data SourceAdministrator dialog. This dialog includes its own online Help, or you can refer to yourprevious Management Suite's Installation and Deployment Guide for information onsetting up DSNs.)21. Click Start.22. When the data migration is finished, the Setup is Complete page appears.23. Click Finish to complete Setup. Restart the computer to finish Setup and load theManagement Suite services. You'll notice after you reboot and log in that Setup will runfor a few more minutes while it finishes the installation.37

INSTALLATION AND DEPLOYMENT GUIDESide-by-side upgradeTo perform a side-by-side upgradeOn a server that meets the Management Suite core server requirements (see Systemrequirements above):1. Insert the LANDesk Management Suite CD into the server's CD-ROM drive or runAUTORUN.EXE from your installation image.2. Click Verify Core System Requirements to run the system requirements checker. Makesure all requirements pass.3. Click Install LANDesk Management Suite to run the Setup program.4. Select the language you want Setup to install, and click OK.5. At the Management Suite Welcome page, click Next.6. Click Yes to accept the license agreement.7. Accept the default destination location by clicking Next.8. Accept the default selected features by clicking Next.9. Select Create New Database to install the default MSDE database, or select UsersuppliedDatabase to install a different database (such as Oracle or SQL 2000), andthen click Next. (For more information on database installation and maintenance, see therelated chapters in the Installation and Deployment Guide.)10. Enter an MSDE database password, and then click Next.11. If you selected to install OS Deployment and Profile Migration, specify a location for therequired Windows NT 4 files, and then click Next.12. If you selected to install OS Deployment and Profile Migration, specify a location for therequired Windows 98 files, and then click Next.13. Enter an organization and certificate name, and then click Next.14. Review the summary page, and then click Next to start copying files. The Setup Statuspage provides information on the various processes as they run.15. When the file copy process is complete, check the Migrate settings... option, and thenclick Finish.16. The MIGRATECORE.EXE tool runs and opens the Migration dialog.17. In the Migration dialog, fill in the following fields:• Capture data from:• Core name: Check the box and enter the name of the core server whosedata you want to migrate.• Web console path: If you want to migrate Web console data, check thebox and enter the UNC path, or browse, to the remote folder for the Webconsole (default location is: C:\Inetpub\wwwroot\remote). This foldermust be shared.• Select the intermediate file location: Enter or browse to the location where youwant the captured data saved. The default location is the local hard drive.• Restore data to:• Core name: Make sure the box is checked and that the newManagement Suite 8 core server name is correct. This should be thename of the server where you are currently running the upgradeinstallation.• Transfer data to specified core: Check the box to automatically launchthe database upgrade tool after the server data saved in the file locationspecified above is migrated to the new core server.18. Click OK.19. The DBUPGRADE.EXE tool runs and opens the Database Upgrade Settings dialog.38

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAIN20. In the Database Upgrade Settings dialog, enter the data source name, logon name andpassword, and the core server where you want the data migrated. Data is exported fromthe database identified by the data source name (DSN) and imported to the newManagement Suite 8 core database. (If you are installing on a new core, you need tocreate a DSN to the old database. Click New DSN to open the ODBC Data SourceAdministrator dialog. This dialog includes its own online Help, or you can refer to yourprevious Management Suite's Installation and Deployment Guide for information onsetting up DSNs.)21. Click Start.22. When the data migration is finished, the Setup is Complete page appears.23. Click Finish to complete Setup. Restart the computer to finish Setup and load theManagement Suite services. You'll notice after you reboot and log in that Setup will runfor a few more minutes while it finishes the installation.39

INSTALLATION AND DEPLOYMENT GUIDEUpgrade/migration diagramLANDesk Management Suite 8Upgrade/Migration ProcessRun LDMS 8SetupYesPreviousVersiondetected?NoLDMS 8 installedDo you want tocontinue and riskdata loss?IgnoreMigrate datafrom oldCORE?Migratecore called- files & registrygatheredYesMigratecore called- with UI showingUninstall removesprevious productbut leaves dbbehindCancelMigrate olddatabase?LDMS 8 installedNoYesMigrate olddatabase?NoMigratecore called- files & registryrestoredNoDatamover movesdata from oldCORE db to newCORE dbYesMigratecore called- files & registryrestoredDatamover movesdata from oldCORE db to newCORE dbSetup ends40

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINUnderstanding component upgrade/migrationThis section looks at the files, settings, and registry keys associated with the Management Suitecomponents. Much of this data is migrated as part of the new Management Suite 8 upgradeinstallation. However, some of the data is not migrated because of compatibility issues with thenew replacement features and functionality. Read about each component below for details.Client configurationClient configuration dataClient configuration data is not migrated because the previous versions of the LANDesk agentsare not compatible with Management Suite 8. An administrator must reconfigure clients with newManagement Suite 8 agents via the Client Setup wizard in the console. For more information, seethe Deploying agents to clients chapters in the Installation and Deployment Guide, as well as theClient configuration chapter in the User's Guide.XXSTACFG.INI filesThese files are not migrated because of incompatibility with new functionality.InventoryAlias filesAlias files and their contents are migrated to the Public Devices group in the new console'snetwork view.LDAPPL3.INI template fileThe template file is not migrated during the upgrade/migration process. However, if the templatefile has been modified, and you want to maintain those custom changes, it can be manuallycopied into the LDLogon directory of the new Management Suite 8 core server.Saved and stored queriesSaved queries (.QRY files saved on the core server) are moved into the LegacyQueryFilesdirectory on the new core server (under LANDesk\ManagementSuite). To import these savedqueries into your new console, right-click either the Public Queries or My Queries group, clickImport, and navigate to the directory where the queries are saved.Stored queries (queries stored in the core database) are migrated as part of the databasemigration and appear in the Public Queries group in the network view.Database groupsDatabase groups are migrated into the new Management Suite console.Scheduled tasksScheduled tasks are migrated into the new Management Suite console.Local Scheduler static settingsScheduler settings are saved in the client registry. When a client is configured with a newManagement Suite 8 client setup configuration package, Scheduler settings remain in place andfunction as normal.Custom data formsCustom data forms are migrated into the new Management Suite console.41

INSTALLATION AND DEPLOYMENT GUIDESoftware DistributionCustjob scriptsSoftware distribution scripts (CustJob scripts), and other custom scripts, that are stored in theScripts directory are migrated as part of the upgrade/migration.Note that scripts containing references to the old core server must be modified/updated so thatthey reference the new Management Suite 8 core server. You can do this by simply opening ascript in its script wizard (in the new console) and proceeding through the wizard.Software distribution log filesSoftware distribution log files are stored in the Logs directory on the old core server. These filesare not automatically migrated. However, you can manually copy log files to the newManagement Suite 8 core server if you want to preserve this information.APM dataApplication Policy Management (APM) data is migrated to the new core server as part of theupgrade process.Database queriesDatabase queries are "stored" in the database. Stored queries are migrated as part of thedatabase migration and appear in the Public Queries group in the network view.APM LDAP queriesThe settings from the Directory Manager tool (including LDAP directory connections) are migratedto the new core server along with any queries.Application Healing ARL files and packagesApplication Repair Lists (ARL files) are migrated. Application Healing files are moved, along withany executables found in the [PKG] section of the ARL files. Executables are placed in the samedirectory as the ARL file. The administrator is responsible for editing the ARLs with the newlocation of the package executables.The Application Healing packages are not included in the LDMSDATA.DAT file, but are copied tothe \\Program Files\LANDesk\ManagementSuite\LDLogon\packages directory.If the Application Healing packages location is a URL, the file is not copied but the URL addressremains in the ARL file.Multicast Domain RepresentativesMulticast Domain Representatives are represented by Alias files (.STA) in previous versions ofManagement Suite and are migrated as part of the upgrade process. (Note that this happens aspart of the Alias file migration mentioned earlier.)Software License MonitoringAliasesAliases are part of the Software Configuration data and are not migrated. Before upgrading, anadministrator should export this data from the Software Configuration window by using the Exporttool. This data can then be imported into the Management Suite 8 Software License Monitoringwindow in the new console.Software license dataLicense data is part of the Software Configuration data and is not migrated. An administratorshould export this data from the Software Configuration console by using the Export tool in theSoftware Configuration console before upgrading. This data can then be imported theManagement Suite 8 Software License Monitoring window in the new console.Application usage dataApplication usage data is part of the inventory data and is migrated with the database.42

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINClient registry settingsClient registry settings remain intact in the registry of the client when upgrading.OS Deployment and Profile MigrationOSD/PM scriptsOS deployment and profile migration scripts are migrated to the All OSD/Profile Migration Scriptsgroup in the Manage Scripts tool in the new console. Note that even though scripts are migrated,you need to reset them to the new core server by "editing" them in the script wizard (right-clickthe script and select Edit, click Next until the last page of the wizard, and then click Finish).DOS boot menuThe DOS boot menu is migrated during the upgrade process. However, in order for PXE clients tosee the menu when they boot, you must click the Update button in the new console's PXE BootMenu toolbar before booting the PXE clients.PXE proxiesPXE proxies (or PXE representatives) must be updated when you upgrade to Management Suite8. Inventory data identifies a client as a PXE proxy and is migrated as part of the databasemigration. However, after upgrading the core server to Management Suite 8, you must redeploythe PXE Representative script on all of your PXE proxies in order for them to communicate withthe new core server.SYSPREP.INF filesSYSPREP.INF files are part of the OS deployment component and are migrated to the new coreserver along with OSD scripts.Profile migration collectionsCollections are migrated.Profile migration file rulesFile rules are migrated.User-initiated profile migration packagesProfile migration packages are migrated.Web consoleCustom queriesCustom queries in the Web console are not migrated. They are stored in the database so youmust manually export the queries as .XML files, and then import them.43

INSTALLATION AND DEPLOYMENT GUIDEMigration at a glanceThe following table provides a quick reference of Management Suite components and whetherthey are migrated by the migration tools.ComponentMigration statusClient configurationClient configuration dataXXSTACFG.INI filesNot migratedNot migratedInventoryAlias filesLDAPPL3 template fileSaved queries (.QRY)Stored queriesDatabase groupsScheduled tasksCustom data formsCustom applicationinformationMigrated to the Public Devices groupNot migrated, but can be copied to the new coreserverMoved to the LegacyQueryFiles directory, can thenbe importedMigrated to the Public Queries groupMigratedMigratedMigratedMigratedSoftware DistributionCustjob scriptsLog filesAPM dataAPM database queriesAPM LDAP queriesARL files and packagesMulticast DomainRepresentativesMigratedNot migrated, but can be copied to the new coreserverMigratedMigrated to the Public Queries groupMigratedMigratedMigratedSoftware License MonitoringAliases Not migrated, but can be exported/imported (*1)Licensing data Not migrated, but can be exported/imported (*1)Product groups Not migrated, but can be exported/imported (*1)44

PHASE 1: DESIGNING YOUR MANAGEMENT DOMAINLicenses Not migrated, but can be exported/imported (*1)Files Not migrated, but can be exported/imported (*1)Denied applications Not migrated, but can be exported/imported (*1)OS Deployment and Profile MigrationOSD/PM scriptsProfile dataDOS boot menuMigrated, must be reset to the new core serverMigratedMigratedPXE proxies Migrated, must be updated (*2)SYSPREP.INF filesCollectionsFile rulesMigratedMigratedMigratedUser-initiated PM packages MigratedWeb consoleCustom queriesNot migrated, but can be saved as .XML andimportedFootnotes:1. Software License Monitoring data must be exported (from the SLM toolbar) to an .XML file,copied to the new core server, and then imported into the new console.2. PXE proxy data is migrated with the database; however, the Deploy PXE Representative scriptmust also be redeployed on all PXE proxies in order to update the proxies to the new core server.45

Phase 2: Preparing your databasesThis phase focuses on preparing the core and core rollup databases.In phase 2, you'll learn about:• Microsoft SQL Server 2000 configuration• Oracle database configuration• LANDesk Software support and DBMS issuesBefore you beginLANDesk Management Suite requires interaction with a database management system (DBMS).Your DBMS server is an integral part of the management domain infrastructure. It handles all ofthe information Management Suite needs to manage clients in your domains.The Management Suite default installation uses a Microsoft MSDE database on your core server.If you aren't planning on using a default MSDE database on your core server, you need to set upa database before running Management Suite Setup. During Setup, you'll point to the databasethat will hold your data.The database schema also supports these ODBC-compliant DBMSes:• Microsoft SQL Server 2000 with SP 3• Oracle8i (8.1.7). Requires Oracle's OLE DB version 8.1.7.3 update.• Oracle9iAll database servers need to have MDAC 2.8 on them. With Management Suite 8, you no longerneed to create a database DSN for ODBC.The deciding factor in selecting a DBMS for your database is the number of managed clients andconsoles in your Management Suite domain. In Phase 1: Designing your management domain,you determined the number of clients in your management domains. Based on that number ofclients, you can select the default database (MSDE) or a supported ODBC-compliant DBMS for alarger management domain.The steps below are for installing the core database. In Oracle, Management Suite uses publicsynonyms.If you have a preexisting Windows NT/2000/2003 master domainDon't install the DBMS to the primary domain controller (PDC). The DBMS should be installedonly on a standalone server. You can install the DBMS on the backup domain controller (BDC) ina small Windows NT/2000/2003 domain, but we don't recommend it.47

INSTALLATION AND DEPLOYMENT GUIDEMicrosoft SQL Server 2000 configurationManagement Suite needs the following parameters. These parameters will be set by default if youuse a typical install for SQL 2000:SQL server configuration parameters• Microsoft SQL 2000 performs self-tuning. You shouldn't need to tune any parametersmanually.Database parameters• Use the defaults.Other settings• Use sa or another user aliased into the database as DBO when creating the database.• Set up database maintenance.• Make sure that Microsoft Internet Explorer 6 or newer is installed.To install Management Suite so that it uses your SQL 2000 database1. Install Management Suite to the point where you need to choose a data source.2. In the Choose a Data Source page, click User-supplied database and then click Next.3. Enter the Server and Database names, and enter the User and Password thatManagement Suite should use to authenticate to the database. You MUST use a userwho is aliased into the database as DBO. Don't use "sa" for the login name. Don't useany other user to create or reset the database. If another user attempts to connect to thedatabase and the tables aren't owned by DBO, the user won't be able to see the tables.4. Click Next and finish the Management Suite install.SQL maintenanceYou must regularly perform maintenance on a Microsoft SQL Server database. Over time, theindexes become very inefficient. If your database has 10,000+ clients and queries seem to berunning more slowly than normal, updating statistics on all tables within the database cansubstantially improve query performance. On very large databases, you might want to updatestatistics daily.Microsoft SQL maintenance requires the SQLServerAgent service to be running on the SQLserver. You may need to set the service to Automatic in the Control Panel Services applet. SQLmaintenance won't run unless the SQLServerAgent service is started.48

PHASE 2: PREPARING YOUR DATABASESTo set up a maintenance task1. Click Start | Programs | Microsoft SQL Server | Enterprise Manager.2. Click the + next to these folders: Microsoft SQL Servers, SQL Server Group, the nameof your server, and Management.3. Right-click Database Maintenance and click New Maintenance Plan.4. In the Database Maintenance Plan dialog, click Next.5. In the Select Databases dialog, select These databases and select the checkbox foryour database. Click Next.6. In the Update Data Optimization Information dialog, click Reorganize data and indexpages.7. Set the Change free space per page percentage to option to 10.8. Click the Change button next to the Schedule window.9. In the Edit Recurring Job Schedule dialog, select the schedule you want formaintenance. We suggest you perform the maintenance at least weekly at a time whenthere will be minimal database activity.10. Click OK.11. In the Database Integrity Check dialog, select these options: Check database integrityand Include indexes, and click Next.12. In the Specify the Database Backup Plan dialog, specify your own backup scheduleand click Next.13. In the Specify the Transaction Log Backup Plan dialog, specify your own backupschedule and click Next.14. In the Reports to Generate dialog, select the Write report to a text file in directoryoption and click Next.15. In the Maintenance Plan History dialog, select the Write history to themsdb.dbo.sysdbmaintplain_history table on this server option.16. Set the Limit rows in the table to option to 1000.17. Click Next.18. In the Completing the Database Maintenance Plan dialog, enter a Plan name and clickFinish.49

INSTALLATION AND DEPLOYMENT GUIDEOracle database configurationAfter installing an Oracle database, do the following:1. Create a tablespace for LANDesk Management Suite Setup to use.2. Create a user with the following system rights for the LANDesk Management Suite Setupto use:• Create Procedure• Create Sequence• Create Session• Create Table• Create Trigger• Create Type• Create View• Force Transaction• Unlimited Tablespace3. Set the user's default tablespace to the tablespace created for Management Suite use.4. On the core server, create a TNS entry for the Oracle instance.Oracle performance tuning suggestions and scriptsLike any DBMS, Oracle should be tuned to help increase performance. The first step inincreasing performance is to make sure sufficient hardware is allocated for the Oracle instance.If your database has 10,000+ clients and queries seem to be running more slowly than normal,updating statistics on the all tables and indexes in the database can substantially improve queryperformance. On very large databases, you might want to update statistics daily.Miscellaneous Oracle issuesThe following sections contain specific issues that you should review to get optimal performancewhen using an Oracle database with Management Suite.TNS NamesUse Oracle's SQL Net Easy Configuration tool to create a TNS entry on the core server thatpoints to the physical location of the Oracle database. The configuration tool adds an entry into$ORACLE_HOME/Network/ADMIN/TNSNames.ora file. Because each console relies on the coreserver to provide a database connection string, and because Oracle uses TNS names, eachconsole must have the Oracle client installed with an identically named TNS name that exists onthe core server. You must run the SQL Net Easy Configuration tool on each console to set up aTNS name.You must create an Oracle TNS name entry on the consoleIf you don't create an Oracle TNS name entry on the console computer, the console won't be ableto communicate with the database.50

PHASE 2: PREPARING YOUR DATABASESIf services fail to start using OracleIf the LANDesk services are failing to start and checking the event log shows errors about“Adapter initialization failures” or “Adapter Authentication failures,” change the following file:$ORACLE_HOME/network/admin/sqlnet.oraChange:SQLNET.AUTHENTICATION_SERVICES = (NTS)To:SQLNET.AUTHENTICATION_SERVICES = (NONE)Using Oracle 9.2.0.1 with the Web consoleIf you use an Oracle 9.2.0.1, there is an Oracle install bug that doesn't set the proper permissionsfor authenticated users (which IIS uses). Follow these steps to fix it.1. Log in to Windows as a user with administrator privileges.2. Launch Windows Explorer from the Start menu and navigate to the ORACLE_HOMEfolder. This is typically the "Ora92" folder under the "Oracle" folder (i.e. D:\Oracle\Ora92).3. From the ORACLE_HOME folder's shortcut menu, click Properties.4. Click the Security tab.5. In the Name list, click Authenticated Users. On Windows XP, the Name list is calledGroup or user names.6. In the Permissions list under the Allow column, clear the Read and Execute option. OnWindows XP, the Permissions list is called Permissions for Authenticated Users.7. Re-check the Read and Execute option under the Allow column (this is the box you justcleared).8. Click Advanced and, in the Permission Entries list, make sure you see theAuthenticated Users listed there with Permission = Read & Execute and Apply To =This folder, subfolders and files. If this isn't the case, edit that line and make sure theApply onto box is set to This folder, subfolders and files. This should already be setproperly, but it's important that you verify this.9. Click the OK until you close out all of the security properties windows.10. Reboot your server to make sure that these changes have taken effect.51

INSTALLATION AND DEPLOYMENT GUIDELANDesk Software support and DBMS issuesLANDesk Software customer support is committed to helping you resolve database issues forLANDesk Management Suite. Some issues may require additional assistance from the databasevendor or through an approved third party. The database support that LANDesk Softwarecustomer support won't provide includes, but is not limited to, the following:• Configuring the DBMS with additional parameters for performance or other reasons• Creating scripts• Configuring an existing DBMS installation to work with Management Suite• Restricting rights or perform other user maintenance• Backing up the databases• Repairing corrupt databasesIf you call LANDesk Software customer support, support personnel will attempt to do thefollowing:• Isolate the problem• Verify that the specified DBMS parameters are correct• Verify that Management Suite is working correctly• Verify that Management Suite works with MSDEIf, at this point, the DBMS still doesn't work, you may need to either reinstall the DBMS or resolvethe issue through other means.52

Phase 3: Installing the core, console, andcore rollupThis phase focuses on installing the core server, console, and core rollup. During this installation,you'll use the information you recorded in Phase 1: Designing your management domain. If youhaven't completed all the tasks in the preceding phases, do so before beginning this phase.In phase 3, you'll learn about:• Selecting components to install• Installing the core server and console• Installing additional consoles• Managing databases after installation• Using the database Rollup UtilityThe installation of the components outlined in this phase requires about 1-3 hours. If you'recreating multiple domains, we recommend that you successfully complete the installation anddeployment of one management domain before creating another.Make sure you review the system requirements described in Phase 1: Designing yourmanagement domain.Selecting components to installDuring LANDesk Management Suite Setup, you'll need to select which components you want toinstall.• Core: The server that acts as the central location for Management Suite software.• Console: The primary interface for Management Suite. By default, this is installed on thecore. To install consoles on other computers, you should install the console from yourcore server as described in Installing additional consoles.• OS Deployment and Profile Migration: Deploys operating systems and migratesoperating system profiles.• Web console: Web-based interface for Management Suite. Not all features are availablefrom the Web console.• Rollup core: A database separate from the core server that summarizes informationfrom multiple core servers. Rollup cores allow you to exceed the core limit ofapproximately 10,000 clients. You must schedule rollup core updates to synchronize therollup core database with each core server's core database.53

INSTALLATION AND DEPLOYMENT GUIDEInstalling the core server and consoleTo install the core server and consoleAt the Windows 2000/2003 server you've selected to be your core server and console:1. Insert the LANDesk Management Suite CD into the CD-ROM drive or runAUTORUN.EXE from your installation image. The Autorun feature will display a Welcomescreen.2. Click Verify Core System Requirements to run the system requirements checker. Makesure all requirements pass.3. Click Install LANDesk Management Suite to run the Setup program.4. Select the language you want Setup to install.5. A Welcome screen for LANDesk Management Suite Setup appears. Click Next tocontinue.6. On the License Agreement screen, click Yes to accept and continue.7. Accept the default destination folder by clicking Next.8. Select the components you want and click Next to continue. For most core servers werecommend all components except the Rollup core, which must be installed on a differentserver.9. Choose the database you want to use, either a new MSDE database, a user-supplieddatabase that you've already configured, or a previous existing Management Suitedatabase.10. If you're using a user-supplied database: on the User-supplied Database Configurationpage, enter the database information. If the database is Oracle, select that option. Enterthe Server and Database names, and the User and Password that Management Suiteshould use to authenticate to the database. In the case of SQL Server, ManagementSuite uses SQL server authentication and a requires credentials for a user with db_ownerprivileges.ORIf you're using the the default database: on the Management Database: MSDE settingspage, enter an MSDE database password. Remember this password or write it down.You'll need it later. Click Next to continue.11. The Setup Complete dialog appears when the database Setup is complete.12. Select Yes I want to restart my computer now. Click Finish to complete Setup.13. Restart the computer to finish Setup and load the services. You'll notice after you rebootand log in that Setup will run for a few more minutes while it finishes the installation.Setup won't prompt you for any more information during the first reboot.Logging in to the consoleAfter you've rebooted the core server and Setup has finished, start the console by clicking Start |Programs | LANDesk | LANDesk Management Suite 8. Once the console starts, you'll see theconsole login window. Management Suite 8 uses Windows authentication to permit access to theconsole. Only members of the Windows LANDesk Management Suite group on the core servercan log on to the console. By default, Setup added the user you were logged in as when youinstalled the core to the LANDesk Management Suite group. If you want other users to be able toaccess the console, add them to this group.Management Suite 8 also introduces role-based administration, where you can configure whatclients and features other Management Suite console users have access to. For moreinformation, see "Role-based administration" in chapter 1 of the User's Guide.54

PHASE 3: INSTALLING THE CORE, CONSOLE, AND CORE ROLLUPInstalling additional consolesBy default, the core server is set up as a console (unless you cleared the console option duringinstallation). If you want additional consoles, read the system requirements below and follow theinstructions.• Windows 2000 Professional or Advanced Server with SP 4• Windows XP SP 1• Pentium III processor minimum; Pentium 4 processor recommended• 256 MB of RAM• 180 MB of free disk space• Microsoft Internet Explorer 6 and laterIf you install from a mapped driveYou must make it a permanent mapping that will reconnect when you reboot.To install additional consolesAt the computer you're installing the console files on:1. Log in to the computer you're installing to with an account that has administrator rights.2. Map a drive to the LDMAIN share on the core server.3. From the Install\Console folder, run SETUP.EXE.4. Complete Setup.This runs the console installation program from the core server. Either accept the defaultinstallation folder, or browse for an acceptable location.You should always install additional consoles directly from the core server, rather than using youroriginal LANDesk Management Suite 8 installation source. If you apply any patches toManagement Suite that require console updates, those patches will automatically update theconsole installation files on the core server.On additional consoles attaching to an Oracle database, an entry for the core database needs tobe created in the TNSNAMES.ORA. If you don't do this, an Oracle TNS error will occur indicatingthe connection was not made. You can create these entries with Oracle's Net ConfigurationAssistant tool. The definition in TNSNAMES.ORA must exactly match the name stored in thisregistry key on the core server:HKLM\SOFTWARE\LANDesk\ManagementSuite\Core\Connections\local55

INSTALLATION AND DEPLOYMENT GUIDESetting additional console permissionsBy default, Management Suite Setup creates the LANDesk Management Suite group and gives itread, read/execute, and list files rights on the LDMAIN (C:\ProgramFiles\LANDesk\ManagementSuite) share. You should add users needing additional consoleaccess to this group.Setup also creates these shares:• LDLOGON: The main file share clients use. Contains the client setup files and inventoryscanner files, among other things.• LDLOG: The results of all scheduled tasks.• SCRIPTS: All scripts available from the Manage Scripts window.Verifying a successful installationWith the installation of the core server and consoles complete, you can now use the ManagementSuite console.To verify successful installation1. Click Start | Settings | Control Panel | Administrative Tools | Services and confirmthat these services have started on the Windows NT/2000 core server:• Intel Alert Handler• Intel Alert Originator• Intel PDS• Intel QIP Server• Intel Scheduler• LANDesk Device Monitor• LANDesk Inventory Server• LANDesk Management Agent2. Start the console by clicking Start | Programs | LANDesk | Management Suite.3. Log in and view inventory to confirm that the core server has been scanned into the coredatabase.56

PHASE 3: INSTALLING THE CORE, CONSOLE, AND CORE ROLLUPManaging databases after installationIf you've installed more than one core server, you can:• Install a rollup core• Use the database Rollup UtilityInstalling a rollup coreYou can use a rollup core to to combine the data from multiple core servers. Rollup cores allowyou to exceed the core limit of approximately 10,000 clients. You must schedule rollup coreupdates to synchronize the rollup core database with each core server's core database. Using theManagement Suite Web console, you can then manage clients in the rollup core using queries,software distribution, remote control, and the other features the Web console supports.Before installing a rollup core, you need to have configured an additional Oracle or SQL Serverrollup database server as described in Phase 2: Preparing your databases. Management SuiteSetup's rollup option will prompt you for information about the database you've set up.To install a rollup core1. Set up a rollup core server and database. Install the database as described in Phase 2:Preparing your databases.2. Log in to the rollup core server with an account that has administrator rights.3. Map a drive to the LDMAIN share on the core server.4. From the Install\Rollup Core folder, run the Rollup Core shortcut.5. Proceed through Setup, and make sure you select the Rollup core component.6. Finish Setup.Using the database Rollup UtilityThe database Rollup Utility (DBROLLUP.EXE) enables you to take multiple source coredatabases and combine them into a single destination core rollup database. A core serverdatabase can support about 10,000 clients, and the rollup core client limit depends on yourhardware and acceptable performance levels. The source database can be either a core serveror a rollup core server.The system requirements for a destination database may be substantially greater than the systemrequirements for a standard database. These requirements can vary considerably depending onyour network environment. If you need more information about hardware and softwarerequirements for your destination database, contact your LANDesk Software supportrepresentative.Setup installs the database Rollup Utility automatically with the rollup core. The Rollup Utility usesa pull mechanism to access data from cores you select. For database rollups to work, you mustalready have a drive mapped to each core you want the Rollup Utility to get data from. Theaccount you connect with must have rights to read the core server's registry.The Rollup Utility checks with a registry key on the core server for database and connectioninformation (HKLM\SOFTWARE\LANDesk\ManagementSuite\Core\Connections\local) and usesthat key's information to access the database associated with each core you add to the RollupUtility. For Oracle databases, the TNS definition on the server you're running the Rollup Utilityfrom must match the TNS definition on the core server the utility is accessing.57

INSTALLATION AND DEPLOYMENT GUIDEYou can use the rollup utility to select the attributes you want rolled up from the cores. Theattribute selections you make apply to all cores. Limiting the number of attributes shortens therollup time and reduces the amount of data transferred during rollups. If you know you won't bequerying on certain attributes, you can remove them.The Rollup Utility always rolls up the selected attribute data and Software License Monitoringdata. You can't customize the Software License Monitoring rollup. Rollup also doesn't include anyqueries or scopes you've defined. Any console users with rights to the rollup database haveaccess to all data within that database. You can use feature-level security to limit access to Webconsole features.Once you've added the core servers you want to roll up and the attribute list for those servers,you can click Schedule to add a scheduled rollup script for each core server. From a Webconsole, you can then schedule these rollup scripts to run at the time and interval you want.Rollup scripts are only visible from the Web console and reside on the rollup core.To launch the Rollup Utility1. On a rollup core, run the Rollup Utility (\ProgramFiles\LANDesk\ManagementSuite\dbrollup.exe).2. Select an existing rollup core server to manage from the list, or click New to enter thename of a new rollup core.3. Once you select a rollup core, the Source cores list shows cores you've configured to rollup to the selected rollup core.To configure the attributes that you want to roll up1. From the Rollup Utility, select the rollup core you want to configure.2. Click Attributes3. By default, all database attributes are rolled up. Move attributes from the SelectedAttributes column to the Available Attributes column that you don't want to roll up.4. Click OK when you're done. Moving attributes to the Available Attributes column deletesassociated data from the rollup database.To configure the source core servers for a rollup core1. From the Rollup Utility, select the rollup core you want to configure.2. Once you select a rollup core, the Source cores list shows cores you've configured to rollup to the selected rollup core. Click Add to add more cores or select a core and clickDelete to remove one. Clicking delete immediately removes the selected core and all ofthat core's data from the rollup core database.To schedule database rollup jobs from the Web console1. From the Rollup Utility, select the Rollup core you want to configure.2. In the Source cores list, select the core you want to schedule for rollup and clickSchedule. If you don't select any cores, by default all cores in the list will be scheduledwhen you click Schedule. Clicking Schedule adds a rollup script for the selected core tothe selected rollup core.3. From a Web console, connect to the rollup core server.4. In the left navigation pane, click Schedule rollup jobs.5. Click the rollup script you want to schedule. The script names begin with the source corename followed by the destination rollup core name in parentheses. Click Schedule rollup.58

PHASE 3: INSTALLING THE CORE, CONSOLE, AND CORE ROLLUP6. Select when you want the roll up to happen and whether it should automaticallyreschedule or not. Click Continue to next step.7. Verify the script schedule and click Finish.Increasing the rollup database timeoutWith large rollup databases, the Web console's query editor may time out when it tries to displaya large list, such as the Software Package Name list. When this happens, the list you are trying todisplay won't show any data. If you experience timeouts you need to increase the databasetimeout value. This needs to be done wherever the IIS service or the Web console server is beinginstalled. At the following registry key:HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk\ManagementSuite\CoreAdd a new DWORD, Timeout, with a decimal value of 1800. This value is in seconds. You canadjust this value based on your query types and database performance. Stop and restart IIS forthe change to take effect.About the Rollup UtilityUse the database Rollup Utility (run from the rollup core) to manage data rollups from coreservers.• Rollup core: You can manage multiple rollup cores from the Rollup Utility. Select thecore you want to manage. You first must have a drive mapped to each rollup core.• New: Click to add a new rollup core that you want to manage. You first must have a drivemapped to the rollup core you're adding. Enter the rollup core's computer name and clickOK.• Attributes: Click to select the attributes you want rolled up. The attributes list is global forall core servers the selected rollup core uses. Move individual attributes or attribute treesfrom the Selected Attributes column (these attributes will be rolled up) to the AvailableAttributes column (these attributes won't be rolled up).• Reset database: Click to reset the selected rollup database. This deletes all data andrebuilds all tables.• Add: Click to add a core that you want to include data from in the selected rollup core.• Delete: Click to remove the selected core and its data from the selected rollup core'sdatabase. WARNING: This option deletes the selected core's data when you click OK.Data from other core servers remains in the rollup database.• Schedule: Click to add a rollup script for the selected core. If you don't have a coreselected in the Source Cores box, this option creates rollup scripts for all cores in theSource Cores box.• Rollup: Click to do an immediate rollup from the selected core. If you don't have a coreselected in the Source Cores box, this button rolls up all cores immediately.• Close: Click to close the Rollup Utility.59

INSTALLATION AND DEPLOYMENT GUIDERunning CoreDbUtil to reset, rebuild, or update a databaseThe CoreDbUtil.exe utility, in the core server's \Program Files\LANDesk\ManagementSuite folder,creates all the tables, indexes, and constraints needed to use the core database. Before runningCoreDbUtil.exe, you must install your database as described in Phase 2: Preparing yourdatabases or the table creation may fail. CoreDbUtil.exe looks for registry keys on the core serverto determine the core database connection information. CoreDbUtil doesn't work on core rollupdatabases.Use CoreDbUtil to:• Reset database: Drops all tables and rebuilds an existing core database from scratchusing metadata.xml. Warning: all existing data will be lost.• Build Components: Updates the schema (specifically to include column additions) in anexisting core database from metadata.xml. This isn't destructive to existing data.• Update Display Names: Updates the Display Name field in an existing core database forall devices in that database. This isn't destructive to existing data.To run CoreDbUtil1. On the core server, run CoreDbUtil.exe2. After CoreDbUtil connects to the database, select the option you want.3. Wait until the Status is finished. Depending on the database size and the task you chose,this could take a few minutes or several hours.60

Phase 4: Deploying the primary agents toclientsIn phase 4, you'll learn about the phased deployment of LANDesk Management Suite.Deployment is the process of expanding your management capabilities to the clients you want toinclude in your management domain.You deploy Management Suite by loading LANDesk agents and services onto clients. This allowsyou to manage them from a single, central location.In Phase 4 you'll learn about:• The phased deployment strategy• Checklist for configuring clients• Using a service center to deploy Remote Control, Inventory, and CBA to clients• Understanding the client configuration architecture• Reversing the client configuration processThe phased deployment strategyPhased deployment is based on three principles:1. Deploy the Management Suite components that have the least impact on your existingnetwork first; then progress to the components that have the most impact.2. Confirm that the functionality of each deployed component is stable on all client typesbefore continuing to the next stage.3. Proceed through the deployment of Management Suite in well-planned phases, ratherthan deploying all components at once, which may complicate any requiredtroubleshooting.If you've completed the first three phases, you're ready to begin this final phase of deployingManagement Suite to your servers, laptops, and desktop computers.61

INSTALLATION AND DEPLOYMENT GUIDEChecklist for configuring clientsThere are three ways to configure clients:• Manual configuration: Map a drive to the core server's LDLogon share and runWSCFG32.EXE, the client configuration program. The components that are deployed tothe client must be selected interactively.• Login script-based configuration: Use the Client Setup wizard to define a clientconfiguration (with the default option set to Yes). This configuration will be applied toclients as they log in. In the case of Windows NT/2000/2003/XP clients, end users needadministrative rights to their computers.• Push-based configuration: Use the Client Setup wizard to define a client configuration.Use the Scheduled Tasks window to push the configuration to the clients. In the case ofWindows 95/98 clients, the Management Suite CBA agent must already be present.Obviously, manual configuration is not practical in a large environment where many clients mustbe configured. In this initial phase of the client deployment, with no agents present on the clients,login script-based configuration is the only option for Windows 95/98 clients. For WindowsNT/2000/2003/XP clients, either login script-based or push-based configuration will work, butlogin script-based configuration is often impractical because it requires end users to haveadministrative rights to their computers.Regardless of the way you're configuring clients, make sure you've used the Client Setup wizardto create the client configuration you want to deploy.Particularly in bandwidth-sensitive environments, you should deploy the most important or mostheavily used agents first, then gradually adding the other software as you verify that your systemis stable with the new additions.For the initial deployment, we recommend that you first deploy the primary agents:• Common Base Agent• Enhanced Software Distribution• Inventory Scanner• Remote ControlTo create the primary agent client configuration1. Click Tools | Client Setup.2. Double-click the Add client Configuration icon.3. Enter a Configuration name.4. Under Components to install, we recommend at a minimum that you click CommonBase Agent, Enhanced Software Distribution, Inventory Scanner, and RemoteControl.5. Click Next and proceed through the wizard, customizing the options you selected. ClickHelp for more information if you have questions about a page.6. Make the configuration default by selecting that option at the end of the wizard or byclicking your configuration in the Client Setup window, and from its shortcut menu clickingSet as Default.For more information about deploying to clients, see Understanding the client configurationarchitecture at the end of this chapter.62

PHASE 4: DEPLOYING THE PRIMARY AGENTS TO CLIENTSDeploying to Windows NT/2000/2003/XP clientsThough the login script-based configuration is usually the method of choice for Windows 95/98clients, this method is often impractical for Windows NT/2000/2003/XP clients, because itrequires end users to have administrative rights to their computers. In most companies, end usersdo not have such rights.Fortunately, Management Suite also supports a scheduled, push-based configuration method. Inthe case of a Windows NT/2000/2003/XP client, the push-based method does not require CBA tobe already present on the client.To enable a push-based configuration of Windows NT/2000/2003/XP clients not already runningCBA, the Scheduler service that runs on the core server must be set up as follows:1. In the console, click Configure | Services, then click the Scheduler tab.2. Click Change login.3. In the Username and Password field, specify a domain administrator account (in theformat domain\username).4. Stop and restart the Scheduler service.5. Schedule the configurations.You can specify the domain administrator when configuring Windows NT/2000/2003/XP membersthat belong to the same domain as the core server. To configure Windows NT/2000/2003/XPclients in other domains, you must set up trust relationships. Remember that the accountidentified in step 3 above is also the account under which the Scheduler service will run on thecore server. Make sure the account has the Log on as a service right.If a push configuration of a Windows NT/2000/2003/XP client fails and displays a message thatsays "Cannot Find Agent," try the steps listed below to identify the problem. These steps mimicthe Scheduler's actions during a push configuration.1. Find the username under which the Intel Scheduler service is running.2. On the core server, log in with the username you found in step 1.3. Map a drive to \\client name\C$. (This step is the one most likely to fail. It may fail for tworeasons. Most likely, you don't have administrative rights to the client. If you do haveadministrative rights, it's possible that the client's administrative share (C$) is disabled.)4. Create a directory \\client name\C$\$ldtemp$ and copy a file into it.5. Use the Windows NT/2000/2003/XP Service Manager and try starting and stoppingservices on the client.63

INSTALLATION AND DEPLOYMENT GUIDEDeploying to Windows XP clients using local accountsWindows XP's default setting forces network logins that use a local account to log in using theguest account instead. If you aren't using a domain-level administrative account and are using alocal account for the Scheduler service, scheduled tasks will fail because the Scheduler servicewon't be able to authenticate. You can work around this by using the following procedure:To change the default Windows XP security model for local accounts1. On the Windows XP target client, click Start | Control Panel | Administrative Tools |Local Security Policy.2. Click Local Policies > Security Options.3. In the right hand pane, double-click Network Access: Sharing and Security Model forlocal accounts. Select Classic - Local users authenticate as themselves and clickOK.Upgrading clients that use older Management Suite agentsLANDesk Management Suite 8 can communicate with Management Suite 6.62 and 7 clientagents, but these older clients won't be able to benefit from the new features, including TargetedMulticast, peer download, and dynamic bandwidth throttling. Older clients also won't be able touse Management Suite 8's new certificate-based security model.To upgrade clients that aren't in your version 8 database, you can use Unmanaged DeviceDiscovery with the CBA option. Once clients are in the database, you can use the ScheduledTasks window to deploy a new version 8 client configuration. You don't need to uninstall theprevious 6.62+ client agents first.64

PHASE 4: DEPLOYING THE PRIMARY AGENTS TO CLIENTSUsing a service center to deploy Remote Control,Inventory, and CBA to clientsThis section includes background information about setting up Client Deployment services andinstructions for completing the deployment of Remote Control, Inventory, and CBA. Theseinstructions are organized based on the type of server you're deploying to. These are thecategories:• Deploying Remote Control, Inventory, and CBA to clients of a Windows NT/2000 server• Deploying Remote Control, Inventory, and CBA to clients of a NetWare serverIf you'll be using service centers, there are two steps to deploying Remote Control, Inventory, andCBA to clients:1. Set up a Client Deployment service center.2. Assign the login scripts created by the Client Deployment service to the users you wantto configure with these components.Setting up a Client Deployment service centerA Client Deployment service center provides an easy method for deploying Management Suiteagents to Windows clients. When you set up a Client Deployment service, login scripts areautomatically created. You then need to assign clients the appropriate script in order for them tobe configured.In accordance with the phased deployment strategy, you should initially limit the agents deployedto the clients. For the initial rollout, we recommended that you create a client configuration thatincludes CBA (the agent that provides communication with the core server), the Remote Controlagent, and the Inventory agent.The Service Center wizard uses the settings for each component that you establish in the ClientSetup wizard. The Client Setup wizard lets you specify the settings for each component youdeploy. If you don't establish these settings in the Client Setup wizard before running the ServiceCenter wizard, the default settings will be used.To create a client configuration1. In the console, click Tools | Client Setup.2. Double-click the Add new client configuration icon.3. In the Client Setup wizard's Install components page, select the Common Base Agent,Inventory Scanner, and Remote Control components.4. Proceed though the pages, making changes as necessary and clicking Next. Click Helpfor information on each page.5. At the end of the wizard, click Set as default configuration.6. Click Finish to complete the wizard.65

INSTALLATION AND DEPLOYMENT GUIDECreating configurations with a Client Deployment service centerEach time you create a Client Deployment service center, you also create a client configurationthat consists of a unique combination of components. These are the components you can deployto clients:• Application Healing• Application Policy Management• Bandwidth Detection• Common Base Agent• Custom Data Forms• Enable Migration Tasks• Enhanced Software Distribution• Inventory Scanner• Local Scheduler• Remote Control• Software Monitoring• Targeted Multicasting• Task CompletionThe first recommended client configuration is Remote Control, Inventory, and CBA. Otherconfigurations are created using a Client Deployment service as you progress through this finalphase.Estimated completion timeYou should deploy Remote Control, Inventory, and CBA to clients gradually. Be sure that yoursampling of users is representative of the types of computers, configurations, and operatingsystems used in your environment. You should plan on taking a few days to complete thisprocess, depending on how many Client Deployment services you create and how many clientsyou're deploying to.Necessary rights for configuring Windows NT/2000/2003/XP clientsFor users running Windows NT/2000/2003/XP, you must add their domain login name to the localAdministrator Group on their own computers. This grants the necessary rights to users so that theWindows NT/2000/2003/XP login scripts will run. You can also use the Client Setup wizard andScheduled Tasks window to enable Windows NT/2000/2003/XP clients for management. Formore information on the Client Setup wizard, see chapter 2 of the User's Guide.66

PHASE 4: DEPLOYING THE PRIMARY AGENTS TO CLIENTSDeploying Remote Control, Inventory, and CBA to clients of aWindows NT/2000 serverYou can deploy Remote Control, Inventory, and CBA to clients of a Windows NT/2000 server bycreating a service center.To set up the Client Deployment service on a Windows NT/2000 serverPDCs and Windows 2000 Client Deployment service centersIf you're installing a Client Deployment service on a Windows 2000 server, you must install to aprimary domain controller (PDC) or backup domain controller (BDC). Only the PDC or BDC canrun the domain-level login scripts that are created by a Windows 2000 Client Deployment servicecenter.1. Obtain Administrator rights on the target server.2. At the console, select the Windows NT/2000 server on which you'll install the ClientDeployment service.3. From the server's shortcut menu, click Service Center.4. Click Next on the Service Center wizard welcome page.5. Select the Client Deployment service and click Next.6. Enter the Core server name and click Next.7. Select Remote Control, Inventory, and Common Base Agent. Click Next.8. Specify a directory on this server where you will install Management Suite files. ClickNext.9. Finish the wizard, customizing any options you want.The wizard creates batch files that must be assigned to users before their computers can beconfigured for manageability. For details, refer to the next section, "Using the Windows NT/2000login scripts."Using the Windows NT/2000 login scriptsA Windows NT/2000 Client Deployment service creates an IPSETUP.BAT batch file that must beadded to the profile login script of each user you want to manage. This batch file is copied to%system root\system32\repl\import\scripts on the core server. On Windows 2000 ClientDeployment service centers, this batch file is stored in %systemroot\SYSVOL\Sysvol\Scripts\LANDesk.You must also copy these files from the core's LDLogon directory to the client deploymentserver's scripts directory:• ISDOSBOX.EXE• NBPSHPOP.EXEAssign the appropriate login script to a user according to the computer's network protocol. Someother scripts are installed to allow backward compatibility with earlier LANDesk products.If the client is running Windows NT/2000/2003/XPUsers must have administrator privileges on their computers to install components with a loginscript. If users don't have administrative rights, consider using the push-based configurationmethod.67

INSTALLATION AND DEPLOYMENT GUIDEThese are the actions that each batch file performs:• Determines the name of the client• Determines the operating system of the client• Downloads the configuration for that operating system to the client(1-2 minutes)• Updates the startup procedure for the client to load the components• Notifies the user to restart the clientTo assign a Windows NT logon script1. On the domain server, click Start | Programs | Administrative Tools | User Manager.2. Select the users to be configured for manageability. From the User drop-down list, clickProperties.3. Click Profile.4. In the Logon Script Name field, type the name of the logon script you want to use (don'tinclude a path), then click OK.To assign a Windows 2000 logon script1. Open the Windows 2000 MMC Group Policy snap-in.2. In the console tree, click Scripts.3. In the Details pane, double-click Logon.4. Click Add.5. Type the name of the logon script you want to use, then click OK.This assigns the batch file to be the user's login script. On next log on, the batch file will:• Scan the client into the Inventory database (if Inventory is selected)• Configure the client with the LANDesk agents so that you can manage itTo assign a Windows NT/2000 logon script to a user with a preexisting logon scriptAt the client that you want to receive the login script:1. Open a DOS box and run Edit.2. Edit the existing login script to include this line:@call ipsetup.bat (for IP environments)When the user authenticates to the Windows NT/2000 server, the assigned login script configuresthe client for manageability.68

PHASE 4: DEPLOYING THE PRIMARY AGENTS TO CLIENTSDeploying Remote Control, Inventory, and CBA to clients of aNetWare serverYou can deploy Remote Control, Inventory, and CBA to clients of a NetWare server by creating aservice center. Before you can make a NetWare server a service center, you need to run a utilityon it so the server appears in the network view.To add a NetWare server to the network view1. Connect to the target server with administrative rights2. Open a command prompt from your core server's LDMAIN share.3. At the command prompt, enter:AddNetWareSC Where is the name of your NetWare server.4. Refresh the console's network view to verify the NetWare server is there.To set up the Client Deployment service on a NetWare serverYou must be logged in with administrator rights on the target server and have the NetWare Client32 installed.1. At any console, use the network view to select the NetWare server on which you want toinstall the Client Deployment service.2. From the server's shortcut menu, click Service Center.3. Click Next on the Service Center wizard welcome page.4. Select the Client Deployment service and click Next.5. Select Remote Control, Inventory, and Common Base Agent. Click Next.6. If you've selected an NDS server, enter the name of the NDS container for the users youwant to configure.7. In the Service center name field, type the name of the service center you want to use forthe clients of this server. (If the selected server doesn't already have managementservices installed, the core server is your default service center.) Click Next.8. Click Yes to add the inventory scanner to your Windows Startup group; then you canverify the options you selected.9. Use the Edit Startup Script page to edit the startup script if necessary.10. Click Next to complete the wizard.11. The wizard creates two NetWare groups that have corresponding login scripts. Usersmust be placed in a group before their computers can be configured for manageability.For details, refer to the next section, "Using the NetWare login scripts."Using the NetWare login scriptsThe Service Center wizard creates these groups when you set up Client Deployment on aNetWare server:Group Use to configure. . .LANDESKIPGROUPClients using the TCP/IP network protocol.LANDESKIPXGROUP Clients using the IPX/SPX network protocol. LANDesk ManagementSuite 8 doesn't support this.69

INSTALLATION AND DEPLOYMENT GUIDEIf you're administering a NetWare network, you can use a single login script to configure all of theclients on the network by adding users to the NetWare LANDESKIPGROUP group.To assign a NetWare login script• Use your Novell network administrator tools to populate the LANDESKIPGROUP with theusers you want to manage.When you add a user to this group, on next login the client is:• Scanned into the core database (if Inventory is selected)• Configured with the LANDesk agents so that you can manage itThe Management Suite login scripts are appended to the system or container login script.Verifying successful completion of Remote Control, Inventory, and CBA deploymentTo verify that you've successfully deployed Remote Control, Inventory, and CBA to clients,confirm that you can do the following tasks from within the console. If you need additionalinformation to complete these tasks, refer to the chapters in the User's Guide that correspond tothe respective features.Remote Control• Select a user and remote control his or her computer. Do this for a sampling of users.• Perform all realtime access features: chat, file transfer, run program, and reboot for asampling of users.• Use the Client Setup wizard to create a customized configuration. Make any minormodifications to the Remote Control settings for testing purposes, then drag and drop thenew configuration onto a user or group. After the clients have been re-configured, remotecontrol a sampling of the newly configured clients and look at their version of the RemoteControl settings to confirm that the changes from your customized configuration areincluded.InventoryCBA• Perform an inventory query.• Select a client, then view the inventory data for that client, as well as its configurationfiles.• Configure the software scanning frequency.• Modify a client's WIN.INI file, rescan the client, then verify that changes were recordedwithin the CHANGES.LOG.• In the network view, right-click a client, then click Properties to confirm that CBAinstalled correctly.70

PHASE 4: DEPLOYING THE PRIMARY AGENTS TO CLIENTSDeploying clients from the command lineYou can control what components are installed on clients by using command-line parameters tooverride the default settings of batch files and login scripts.One way to do this is to use command-line parameters with the configuration program that isused by the batch files and login scripts, WSCFG32.EXE.You can launch WSCFG32.EXE in standalone mode. It's located in this directory on all ClientDeployment service centers: (system drive)\Program Files\LANDesk\ManagementSuite\LDLogon.WSCFG32.EXE can also be found in the \\coreservername\LDLogon share, which is readablefrom any Windows 95/98 or Windows NT/2000/2003/XP client.WSCFG32.EXE uses one of two files to configure clients. NTSTACFG.INI is used for clientsrunning Windows NT/2000/XP; 95STACFG.INI is used for clients running Windows 95/98. Thesefiles contain the unique client configuration you specified using the Client Deployment service.If you want to manually edit the configuration settings in these files, you can choose from thesemethods:• Running the Client Setup wizard with the Set as default configuration option checked.• Adding command-line parameters to WSCFG32.EXE and running it manually. For moreinformation, see Understanding WSFG32.EXE.71

INSTALLATION AND DEPLOYMENT GUIDEDeploying to clients using Enhanced SoftwareDistribution packagesYou can use an Enhanced Software Distribution (ESWD) self-extracting package to installcomponents onto clients. Clients need to have the Enhanced Software Distribution agent on themfor this feature to work.To create a Client Setup configuration package1. Create a client configuration.2. In the Client Setup wizard's Finished page, check Create ESWD Package.3. Click Finish.4. Type a filename and select a location to store the package. Note that the default directoryis the LDMain directory. Clients don't have access to this directory. Select the directoryyou're using to store packages and that clients have access to.5. Click Save. The wizard creates the self-extracting .EXE package.72

PHASE 4: DEPLOYING THE PRIMARY AGENTS TO CLIENTSUnderstanding the client configurationarchitectureManagement Suite has logic in the client configuration files that works with 32-bit clients. Here isa simple view of the process that is used to configure Windows 95/98 and WindowsNT/2000/2003/XP clients.Configuring Windows clientsWhen you assign a Windows NT/2000 login script (that is, IPSETUP.BAT) to a user, the batch filelaunches an executable called LDLogon\WSCFG32.EXE. This executable takes all instructionsfor how to configure clients from either the 95STACFG.INI file or the NTSTACFG.INI file.You will typically want to use the Client Setup wizard to change the settings in 95STACFG.INIand NTSTACFG.INI. When you create a client configuration using the wizard and click the Set asdefault configuration option, the settings are saved to the 95STACFG.INI and NTSTACFG.INIfiles.Understanding WSCFG32.EXEWSCFG32.EXE is LANDesk Software's client configuration utility. It configures Windows 95/98and Windows NT/2000/2003/XP clients for management in four steps:1. WSCFG32 determines whether the computer has been previously configured by anotherLANDesk product, such as older versions of Management Suite. If it has, WSCFG32removes the older files and reverses any other changes.2. WSCFG32 looks for a hidden file called CCDRIVER.TXT to decide whether the clientneeds to be (re)configured. (The decision process WSCFG32 goes through is coveredbelow.) If the client doesn't need to be (re)configured, WSCFG32 exits.3. If the client does need to be (re)configured, WSCFG32 loads the appropriate initializationfile (95STACFG.INI or NTSTACFG.INI) and executes the instructions contained in it.4. WSCFG32 creates a hidden CCDRIVER.TXT file, both at the root of the C: drive and inthe Windows directory. This file indicates that the client has been configured, and thedate is stored in the file.WSCFG32 doesn't configure the client with every login. Remember that WSCFG32 often runsfrom a login script. WSCFG32 will (re)configure the client only when one of the following is true:• The CCDRIVER.TXT file exists neither in C:\ nor in the Windows directory.• The date stored in CCDRIVER.TXT is older than the Configured On date inNTSTACFG.INI or 95STACFG.INI.• A /f (force) command-line parameter was specified.Using the dates as a mechanism for reconfiguration is very convenient. If you set the ConfiguredOn parameter to today's date, clients using the Management Suite login scripts will automaticallybe reconfigured at their next login. The Client Setup wizard sets the Configured On parameter inNTSTACFG.INI or in 95STACFG.INI to today's date when you define a new default configuration.73

INSTALLATION AND DEPLOYMENT GUIDEThe following command-line parameters are available for WSCFG32.EXE:ParameterDescription/F Force execution, ignoring the dates in CCDRIVER.TXT/I=Components to include:CBA (Common Base Agent)RC (Remote Control)INV (Inventory Scanner)DCF (Data Collection Forms)ESD (Enhanced Software Distribution)LS (Local Scheduler)APM (Application Policy Management)TC (Task Completion)AH (Application Healing)MC (Targeted Multicasting)BW (Bandwidth Detection)SWM (Software Monitoring)EMT (Enable Migration Tasks)Example: WSCFG32.EXE /I=CBA/IPConfigure using IP/L or /Log= Path to the CFG_YES and CFG_NO log files that log which clients were andwere not configured/LOGONExecute [LOGON] prefixed commands/N or /NOUI Do not display the user interface/NOREBOOT/NOCERTDon't reboot client when doneUndo the need for digital certificate authentication, the older security methodavailable as an option in earlier Management Suite versions./P Ask for user permission to execute/REBOOT/TCPIPForce reboot after runningSame as IP (see above)/U Remove client agents/X=Components to excludeExample: WSCFG32.EXE /X=SD74

PHASE 4: DEPLOYING THE PRIMARY AGENTS TO CLIENTS/CONFIG=/C[ONFIG]=Specifies a client configuration file to use in place of the default 95STACFG.INIor NTSTACFG.INI files.For example, if you've created configuration files called NTTEST.INI or95TEST.INI (depending on the operating system), then use this syntax:WSCFG32.EXE /CONFIG=TEST.INIThe custom .INI files should be in the same directory as WSCFG32.EXE andnote that the /config parameter uses the filename without the 95 or NT prefix./? or /H Display help menuCCDRIVER.TXTCCDRIVER.TXT is a hidden file created by WSCFG32.EXE. WSCFG32 creates it both at the rootof the C: drive and in the Windows directory. The file stores the date on which the client wasconfigured.The purpose of CCDRIVER.TXT is to allow the client setup program (WSCFG32) to decidewhether the client needs to be (re)configured. This decision is based on whether or notCCDRIVER.TXT exists, and, if it does exist, the date stored in it.75

INSTALLATION AND DEPLOYMENT GUIDEReversing the client configuration processExecuting WSCFG32 with the /U command-line parameter reverses the effects of clientconfiguration. Adding users to the NetWare LANDESKEXCLUDEGROUP automatically reversesthe client configuration when group members log in. For clients of Windows NT/2000/2003 serverdomains, you can edit the relevant batch file (SETUP.BAT) or the login script to manually add the/U parameter.To modify a Windows NT/2000 batch file1. Switch to the scripts path of the Windows NT/2000/2003 domain server, usually:\winnt\system32\repl\import\scripts2. In a text editor, open the batch file you want to edit.3. Modify the batch file as needed and save your changes.To modify the NetWare login script in NetWare 61. Use NetWare Administrator to edit the NetWare login script.2. Select the container that was set up as a Client Deployment service.3. Right-click on the Container, then select Details.4. Select Login Script to edit the container login script.5. Modify the login script as needed, then save your changes.76

Phase 5: Deploying other agents to clientsIn phase 5, you'll learn about deploying additional Management Suite agents. As describedearlier, phased deployment is based on three principles:1. Deploy the Management Suite agents that have the least impact on your existing networkfirst; then progress to the components that have the most impact.2. Confirm that the functionality of each deployed agent is stable on all client types beforecontinuing to the next stage.3. Proceed through the deployment of Management Suite in well-planned phases, ratherthan deploying all components at once, which may complicate any requiredtroubleshooting.At this point, you should have completed phase 4 and verified that Remote Control, Inventory,and CBA are working on the clients you deployed. If so, you can gradually start deploying theother Management Suite agents you want to use.These are the additional agents you can deploy:• Application Healing• Application Policy Management• Bandwidth Detection• Common Base Agent• Custom Data Forms• Enable Migration Tasks• Enhanced Software Distribution• Inventory Scanner• Local Scheduler• Remote Control• Software Monitoring• Targeted Multicasting• Task CompletionTo learn more about the functionality of these agents before deploying them to clients, see theUser's Guide.For more information about each page in the Client Setup wizard, click the Help button.To create a client configuration1. In the console, click Tools | Client Setup.2. Double-click Add new configuration.3. In the Client Setup wizard's Install components page, check the agents you want todeploy.4. Proceed though the pages, making changes as necessary and clicking Next.5. If you want to deploy your new configuration with the Scheduler, right-click your newconfiguration and click Schedule.6. From the Network View, drag and drop the clients you want this configuration deployed toonto the Scheduled Tasks window's right pane. You can also drag groups or queries astargets.7. In the Scheduler's Task pane, double-click the configuration you created and set whenyou want the task to happen and how many retries there will be.8. Click OK, and watch for status updates in the Scheduler.77

INSTALLATION AND DEPLOYMENT GUIDEDeploying Application HealingApplication Healing is an optional feature that can automatically repair files that might bedamaged or missing from client applications. If you intend to use Application Healing, you mustbuild a software distribution package for each piece of software you want the ability to heal. In theinstances of damage that Application Healing can repair, the agent verifies that all of thenecessary files exist on the client for any application it's healing. The Application Healing agentdetects and restores the missing or damaged files, enabling the targeted application to executeand function properly again.Application Healing requires the Common Base Agent and Enhanced Software Distributioncomponents.When you select the Application Policy Management or Application Healing agents, you'll alsosee a Client Status TCP Port page. This the is the port clients use to communicate status to thecore server. By default, this port is 12175.Deploying Application Policy ManagementThe Application Policy Management (APM) agent enables you to automatically install sets ofapplications on groups of clients that have common software needs. Application PolicyManagement requires the CBA and Enhanced Software Distribution components.You can configure policies to enable applications to be pulled by clients, based either on clientname or logged-in users. You can set required policies to install or reinstall applicationsautomatically whenever a user logs in or whenever the client boots. APM provides policy supportfor pull-based software distribution. An example might be pulling software programs from acentral location. Users can view the packages available for pulling, then download thosepackages to their individual computer. APM provides limited integration with directory managers,such as Microsoft’s Active Direcory and Novell’s NDS.In order for clients to receive policies that are targeted through Active Directory or NetWareDirectory Services, they have to be configured to log in to the directory. This means that theyneed to have all the correct client software installed, and they need to actually log in to the correctdirectory so that their fully distinguished name will match the name that was targeted throughDirectory Manager and Application Policy Manager.Windows 95/98 clients need to be configured to log in to the domain where the Active Directoryresides. Windows NT and Windows 95/98 don't include Active Directory support. You must installActive Directory support on clients that log in to a directory and require Application PolicyManagement. As of this printing, more information on installing Active Directory client supportwas available here:http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.aspLaunching the APM client at specified intervalsThere are two dialogs in the Client Setup wizard that control the APM client launch interval:• Application Policy Management Options dialog: Access this dialog by clicking theLaunch APM client at specified intervals option, then clicking the Configure button.• Local Scheduler Time Filter Options dialog: Access this dialog by clicking the TimeFilters button in the Application Policy Management Options dialog.78

PHASE 5: DEPLOYING OTHER AGENTS TO CLIENTSThe Application Policy Management Options dialog has a Run APM client periodically option.This option tells the Local Scheduler agent to rerun the task at the interval you select. If you don'tselect this option, APM will only be scheduled to run once.When you select the Run APM client periodically option, you must also specify a Run everyinterval to run the task daily, weekly, or monthly. This interval starts the first time the LocalScheduler runs the task. For example, if you select weekly, the first chance Local Scheduler gets,it will run the task. If it runs the task on Tuesday the first time, generally the Scheduler will run thetask every Tuesday.To configure in detail when the task will run, use the Time Filter Options dialog. You can set asmany as three filters that define when the task will run:• Time-of-day filter• Day-of-week filter• Day-of-month filterThese filters further define the Run every interval you specify (daily, weekly, or monthly). Forexample, if you set the Run every interval to "monthly," then specify a day-of-month filter for the"21st" to the "22nd," the Local Scheduler will run the task once a month, sometime during theperiod between the 21st and 22nd.You can set one or multiple filters on the Run every interval, but ensure that the filters makesense for the interval you've chosen. For example, if you set the Run every interval to "daily," andthen add a time-of-day filter of "8 p.m." to "11 p.m." and a day-of-week filter of "Monday," the taskwon't run daily, but rather each Monday between the times of 8-11 p.m.If you use a bandwidth filter in the Client Setup: Application Policy Management Options dialog,the bandwidth filter also determines when the Local Scheduler runs the job. Both the time andbandwidth filters must pass for the Local Scheduler to run the task. For example, perhaps you'veconfigured a job to run on Wednesday every week and you've also specified the high-speednetwork connection bandwidth filter. If a client connects via dialup on Wednesday, the task won'trun, even though the time filter criteria were met.Deploying Bandwidth DetectionBandwidth Detection enables bandwidth detection between clients and the core server. You canlimit Management Suite actions such as software distribution, based on available bandwidth. Usethis option if you have remote clients or clients that connect to the network via a slow link.Bandwidth detection enables you to specify that a certain bandwidth must be available betweenclients and the core server before the Software Distribution feature attempts to deploy a package.This is particularly important for mobile clients, because it ensures that scheduled tasks areexecuted only when the necessary bandwidth is available. This reduces the network congestionthat could result if a remote client tried to download a large application over a slow connection.The Bandwidth Detection agent must be installed on the client in order to take advantage of thebandwidth detection capabilities. Management Suite supports two bandwidth detectionalgorithms:• ICMP Sonar Algorithm• PDS/RAS Bandwidth CheckYou can specify how often the Local Scheduler checks for sufficient bandwidth to run thespecified task. The default is 120 seconds.79

INSTALLATION AND DEPLOYMENT GUIDEDeploying the Common Base AgentCommon Base Agent (CBA) is the underlying protocol of Management Suite, and it's required bymost components.Deploying Custom Data FormsYou can create and distribute Custom Data Forms to collect client information that willsupplement the standard information available in the core database. The forms you create usingthe Form Designer can be distributed by a Client Deployment service or by using the Client Setupwizard.Custom Data Forms requires the Inventory Scanner component.Customize the forms that are distributed to clients in your management domain using the FormDesigner. For more information, see chapter 4 in the User's Guide.Enabling Migration TasksThe Migration Tasks Client Setup option selects the components necessary for OS deploymentand profile migration. The only thing selecting the Migration Tasks option does is to provide a fastway of selecting the Bandwidth Detection, Common Base Agent, and Enhanced SoftwareDistribution components. If you've already selected these components, selecting the MigrationTasks option doesn't make a difference.Deploying Enhanced Software DistributionEnhanced Software Distribution automates the process of installing software applications anddistributing files to clients. Use this agent to install applications simultaneously to multiple clientsor to update files or drivers on multiple clients.Enhanced Software Distribution uses a Web or file server to store packages. Clients access thispackage server when downloading a package. You'll need to configure a package server asdescribed in chapter 6 in the User's Guide. You can deploy the Enhanced Software Distributionagent to clients before you set up a package server.Enhanced Software Distribution requires the Bandwidth Detection and Common Base Agentcomponents.Deploying the Inventory ScannerThe inventory scanner is a powerful tool that scans and catalogs the hardware and software onyour clients. The inventory scanner runs on the client and sends this information to the coreserver. The information is processed by the inventory service and saved to the core database.Once the inventory information is saved to the database, you can view it with the console on thecore server, an additional console on another computer, or through a browser with the Webconsole. The information appears in an inventory tree that you can browse to view the hardwareand software on the client.The Inventory Scanner requires the Common Base Agent component.80

PHASE 5: DEPLOYING OTHER AGENTS TO CLIENTSDeploying the Local SchedulerThe Local Scheduler agent enables Management Suite to launch client tasks based on a time ofday or bandwidth availability. The Local Scheduler agent is most useful for mobile computers thatmay not always be on the network or may connect to the network via a dialup connection. Forexample, you can use the Local Scheduler to allow mobile computer package distribution onlywhen those clients are on the WAN.When you schedule Enhanced Software Distribution packages for distribution, or when youcreate application policies, you can specify which bandwidth the packages or policies requirebefore they are applied.The Local Scheduler runs as a service on Windows NT/2000/2003/XP, or as a pseudo-service onWindows 95/98.The Local Scheduler requires the Bandwidth Detection component.Deploying Remote ControlThe Remote Control feature enables you to view and take control of a remote client anywhere onyour network. Once the remote control agents are in place, you can use any console to initiate aremote control session, where you can view, manipulate, and interact with the client as if youwere logged into it locally.You can also send files to or retrieve files from the remote client, chat with the remote user,launch applications, perform maintenance, and even reboot the remote client.Remote control supports multiple security models for you to select from to prevent unauthorizedaccess and to allow the level of end-user control you want.• Local template: This is the most basic security.• Windows NT security/local template: This security model uses a Windows NT RemoteControl Operators group. Members of this group are allowed to remote control clients.• Certificate-based/local template: This is the most secure option and is new toManagement Suite 8. It's also known as on-demand secure remote control.LANDesk Management Suite 8 introduces a new on-demand secure remote control that you canuse. This new remote control improves on the prior version in these ways:• Remote consoles authenticate with the core server.• The remote control agent on a client loads on-demand once a remote control session isauthorized by the core.• All remote control authentication and traffic is encrypted over an SSL connection.• Once a remote control session is over, the remote control agent unloads from the client.Remote Control requires the Common Base Agent component.81

INSTALLATION AND DEPLOYMENT GUIDEDeploying Software MonitoringThe Software Monitoring agent enables you to monitor license compliance and product usageand denial trends on clients across your network. The agent records data about all installedapplications on a client and stores this data in the client's registry. Using the SoftwareConfiguration window, you can choose to monitor the most important of these installedapplications. Application usage data that you don't monitor is ignored and eventually overwrittenwith newer data in the client's registry.After you indicate the product files and licenses that you want to monitor, the following occurs:• Management Suite detects clients that are running the applications you want to monitorand imports this list into the Software Configuration window. The client list is static untilthe next software scan occurs.• During the next scan, the scanner reads the client data collected by the SoftwareMonitoring agents and sends this data up to the core server. Management Suite thenupdates the Software Configuration window with information for the specific licenses andproducts you're monitoring.For mobile clients disconnected from the network, the Software Monitoring agent continues torecord data and caches it in the client's registry. After the client reconnects to the network, thenext scan detects which of the cached data is being monitored and sends that data to the coreserver. The Software Configuration window is then updated with the latest license compliance,usage, and denial data for those mobile clients.Software Monitoring requires the Inventory Scanner component.Deploying Targeted MulticastTargeted Multicast enables you to transmit software packages to multiple clients withoutmodifying your router configuration. It's designed to work with your existing software distributionpackages. When you use Targeted Multicast, you can easily distribute software, even in WANenvironments with multiple hops and low connection speeds (56k). Targeted Multicast uses HTTPfor delivery from a Web site to a subnet representative. Management Suite's inventory serviceprovides all of the subnet information to the Targeted Multicasting service.Targeted Multicast provides unique benefits that standard methods of "multicast" don't provide.Inventory-based targeting of clients enables you to send a package to a selected group ofcomputers that fit specific criteria via a broadcast. Targeted Multicast is also simplified becausethere's no need to configure routers to handle deliveries.You can turn on Targeted Multicast by checking the Use Multicast to distribute this packageoption on the Create Script dialog that you'll see when creating a distribution package script.Targeted Multicasting requires the Bandwidth Detection, Common Base Agent, and EnhancedSoftware Distribution components.82

PHASE 5: DEPLOYING OTHER AGENTS TO CLIENTSDeploying Task CompletionThe Task Completion agent checks with the core server to see if there are any scheduled jobsthat clients need to run. Task Completion is especially useful for mobile users who aren't alwaysconnected to the network and tend to miss scheduled jobs.When the Task Completion agent runs, it launches a status window on clients while it checks withthe core server. This window disappears after 15 seconds by default. You can specify that theTask Completion agent only run periodically or only between certain times/days/weeks/months. Ifthe Task Completion agent runs and the computer isn't connected to the network or it can't talk tothe core server, the Task Completion agent will exit.Task Completion requires the Bandwidth Detection, Common Base Agent, and EnhancedSoftware Distribution components.For more information on scheduling Task Completion, see Launching the APM client at specifiedintervals earlier in this chapter. The information in that section also applies to the TaskCompletion agent.83

Phase 6: Installing the Web consoleIn phase 6, you'll learn about installing the Web console. The Web console enables you to remotecontrol, query, and report on inventory data in the core and rollup databases; distribute software;and execute Wake on LAN* technology from any computer that has a supported Web browserinstalled.In this chapter you'll learn about:• Extending network management to the Web• Installation requirements• Installing the Web console• Accessing multiple databases• Setting up Web console security• Setting up role-based administration in the Web console• Setting up feature-level security for rollup core databasesExtending network management to the WebThe Web console is a series of predefined Web pages containing links to HTML-basedManagement Suite tools.With the Web console files installed on a Web server, you can turn any computer on the networkinto a console with very little overhead. Management tools that were once only available fromspecific, dedicated console computers can be accessed by any computer with Internet Explorer5.5 or later. Installing the Web console is optional.While the Web console does not replace the more fully-featured Management Suite console, youcan use it to perform these management tasks:• Remote control a computer• Run inventory queries on the core and rollup core databases• Run predefined reports from inventory information• Schedule and deploy software packages• Execute Wake on LAN technologyYou can install the Web console, including Web pages and management tools, on a Web serveryou specify, or on your core server. With the Web console installed, the server then has access tothe data in your core database, and any additional core and rollup core databases you configure.The Web console uses the same inventory and remote control agents as the Management Suiteconsole.If you want to restrict access to the Web console tasks, you can set up role-based administration.For more information, see Setting up roll-based administration in the Web console later in thischapter.85

INSTALLATION AND DEPLOYMENT GUIDEInstallation requirementsHere are the system requirements for installing and using the Web console.Management Suite requirementsBefore installing the Web console, make sure you've performed these installation and deploymentsteps for Management Suite:• Set up a Management Suite 8 core server and database: The Web console uses theexisting core database infrastructure to perform management tasks. For more informationabout setting up databases, see Phase 2: Preparing your databases earlier in this guide.• Set up a rollup core if you want to use data from multiple core servers: The Webconsole can use a rollup core database that combines data from multiple core servers.For more information, see phase 3: Installing the console and rollup core.• Installed Management Suite agents: The Web console uses the same client agentsthat the Management Suite console uses for management tasks.Web server requirementsThe Web server has the same software system requirements as the core server. Verify your Webserver's system requirements by running AUTORUN.EXE at the root of your Management Suiteinstallation image and clicking Verify Core Server System Requirements.Computer requirements for accessing the Web consoleYou can access the Web console from any computer that can run Internet Explorer 5.5 or higher.86

PHASE 6: INSTALLING THE WEB CONSOLEInstalling the Web consoleBefore you install the Web server, review this list of tasks you should have completed:• Installed a Management Suite 8 core server and optionally, a rollup core server:See Phase 2: Preparing your databases earlier in this guide.• Installed Management Suite agents: Your clients need the Remote Control andInventory agents. For more information, see Phase 4: Deploying the primary agents toclients earlier in this guide.• Installed a DBMS client on the Web server: See the section below.Database drivers are the client components of whatever database you use with your core server.You need to install these drivers on your Web server so that the Web console can access yourdatabase.The type of drivers you install, if you install any at all, depends on the type of database you'reusing. Management Suite 8 supports these databases:• Microsoft MSDE 2000 SP3• Microsoft SQL Server 2000 with SP4• Oracle8i (8.1.7) and Oracle9iSee your database application documentation for details about installing the database clientdrivers. With Management Suite 8, you no longer have to create a DSN to the core and rollupcore databases.By default, Setup places the Web console files in the \Intepub\wwwroot\remote folder.If you're installing the Web console on a server other than the core server, ensure that you'relogged in as a domain administrator, and that the domain administrator account is in the coreserver's LANDesk Management Suite user group.Don't run the Management Suite 8 Web console on an older core server or consoleYou should use only the version 8 Web console on a Management Suite 8 core server or consolecomputer. Earlier versions of Management Suite will not work.To install the Web console on a server other than the core server1. On the server that will host your Web console, map a drive to the LDMAIN share on yourcore server.2. In the LDMAIN\Install\Web Console folder, double-click Web Console.3. Select the language you want Setup to install.4. A Welcome screen for LANDesk Management Suite Setup appears. Click Next tocontinue.5. On the License Agreement screen, click Yes to accept and continue.6. Accept the default destination folder by clicking Next.7. Select the Web Console feature and any other features you want.8. If Setup prompts you for your core server name, enter it and click Next. If Setup thenprompts you for a username and password, enter credentials with administrativeprivileges on the core server.9. Reboot the server when Setup finishes and prompts you to.If you're installing to a Windows 2003 server, IIS disables active server pages by default. Youmust enable them for the Web console to work correctly.87

INSTALLATION AND DEPLOYMENT GUIDETo enable active server pages on Windows 2003 servers1. Click Start | Administrative Tools | Internet Information Services (IIS) Manager.2. Under the root tree item, click Web Service Extension.3. Click Active Server Pages, then click Allow.To verify the installation, open a Web browser, then enter the Web server URL, which by defaultis:http://webserver/remoteThe installation was successful if the browser prompts you for login information and, after youenter it, the Web console opens.88

PHASE 6: INSTALLING THE WEB CONSOLEAccessing multiple databasesIf the Web server you've installed the Web console on will be accessing databases on otherservers, you must also:• Configure domain-level software distribution• Configure the Web console for multiple coresConfiguring domain-level software distribution and Windows2003 serversIf you're going to distribute software from the Web console, the Web server you installed the Webconsole on must be able to access and change software distribution files on the core server. Thisis an issue if your Web server and core server are on different computers, or if your Web server isrunning Windows 2003 Server. To allow this, you need to register a component on the Webserver.To configure domain-level software distribution1. Go to the Web server you installed the Web console on.2. From the Windows Control Panel's Administrative Tools, double-click ComponentServices.3. Click Component Services > Computers > My Computer > COM+ Applications.4. From the COM+ Applications shortcut menu, click New | Application.5. On the wizard welcome page, click Next.6. Click Create an empty application and click Next.7. Enter a name for the new application. "LANDesk" is fine. Click Server application andclick Next.8. Click This user. You must enter a domain-level account with administrative privileges onthe core server. If the account isn't domain-level, software distribution from the Webconsole won't work. Click Next.9. Click Finish to close the wizard. You'll see a new COM+ Application tree node named"LANDesk" or whatever you chose.10. Click Component Services > Computers > My Computer > COM+ Applications >LANDesk > Components.11. From the Components shortcut menu, click New | Component.12. On the Wizard welcome page, click Next.13. Click Import component(s) that are already registered.14. From the component list, click Schcom.Schint.1, then click Next.15. Click Finish to close the wizard. You should see Schcom.Schint.1 as a registeredcomponent.16. Click Component Services > Computers > My Computer > COM+ Applications >LANDesk > Roles.17. From the Roles shortcut menu, click New | Role, enter "Everyone" as the name for thenew item.18. Click Roles > Everyone > Users. From the Users shortcut menu, click New | User,enter "Everyone" as the object name, and click OK.19. Restart IIS by clicking Start | Run and entering iisrestart.89

INSTALLATION AND DEPLOYMENT GUIDEConfiguring the Web console for multiple coresAfter you've installed the Web console on a Web server, you can edit the configuration file\Inetpub\wwwroot\remote\xml\core.asp to connect to additional databases. By default, this filepoints to the core server only. Once you add more servers to it, you'll be able to connect toadditional databases with a drop-down list box in the Web console. If you ever change theinformation referenced in core.asp, you'll need to update the file with the new information.Note that all entries in core.asp must be single-line entries. Multiple-line entries will cause anerror to occur.Here's a sample core.asp:Entryitem name=server=database=user=password=DescriptionThe server name you want the Web console to connect to. This also is the textstring that appears in the drop-down list of databases in the Web console's Loginpage.For SQL Server, this is the database servername\database instance name. Ifyour database is in SQL's default instance, don't specify a database instancename. For Oracle, this is the Oracle host string (the service\instance name).The SQL database name you created on the Web server. This option is blank forOracle databases.The default user ID for the database.The password associated with the default user ID.isoracle= Whether the database is Oracle (1) or not (0).software=For future use. Leave blank.rollup= Whether the database is a core rollup database (1) or not (0).To add databases to core.asp1. Locate core.asp on the Web server in the directory where the Web console is installed(by default c:\Inetpub\wwwroot\remote\xml).2. Open core.asp in a text editor, such as Notepad.3. Copy the lines of the file (similar to the example above), then paste them under theexisting text. Change the lines to reflect the information for the additional database(s).4. Save the core.asp file as a text file.90

PHASE 6: INSTALLING THE WEB CONSOLESetting up Web console securityIf you're using the Web console with a core database, the Web console uses the role-basedadministration settings you've made in the Management Suite console to control access tofeatures and clients. If you're using the Web console with a rollup core database and want tocontrol access to features for that rollup database, you need to set up feature-level security.For more information, read the following sections:• Setting up role-based administration in the Web console• Setting up feature-level security for rollup core databasesSetting up role-based administration in the Web consoleWhen accessing a core database (not a rollup core), the Web console uses the same role-basedsecurity as the Management Suite console. Use the Management Suite console to manage whatfeatures and scopes you want Web console users to be able to access. For more information onrole-based administration, see chapter 1, "Using the LANDesk Management Suite console" in theUser's Guide.To configure Web Console role-based administration1. Add domain-level accounts for Web console users to the LANDesk Management Suitegroup on the core server.2. In the Management Suite console, click Tools | Users.3. In the All Users group, double-click the user whose rights you want to change.4. After making changes, click OK.These are the role-based administration rights and what they do in the Web console:Software distributionA user assigned this right can:• See all software distribution scripts but not the OS deployment and profile migrationscripts.• Choose Targeted Multicast options in the Software Distribution dialog.• Send a Wake on LAN packet to a client to turn it on (the client must support Wake onLAN).• Schedule and view scheduled tasks (no PXE or OS deployment scripts).• Use local console links for LANDesk Server Manager and LANDesk System Manager (ifinstalled).ReportsA user assigned to this right can:• View and print reports.91

INSTALLATION AND DEPLOYMENT GUIDERemote controlA user assigned this right can:• Remote control, file transfer, chat, remote execute, and reboot.• Wake up/shut down.• Use a local console link for LANDesk System Manager (if installed).Public query managementA user assigned this right can:• Create, modify, copy, delete, and move queries. This applies to the private and publicqueries. Without this right, users have access to private queries only.LANDesk AdministratorA user assigned this right has access to all rights, including those mentioned above.Setting up feature-level security for rollup core databasesIf you're using the Web console with a rollup core database, and you want to control access tofeatures for that rollup database, you need to set up feature-level security as described below.The Web console administrator can set feature-level security by assigning users to any of fourgroups created during installation. By default, anyone with administrator privileges automaticallyhas access to all Web console features. All other users must be assigned to these groups, orthey're denied access to the features. The groups are:• rc_user for using Remote Control. A user with administrator privileges has to actuallydownload the Remote Control Viewer onto the computer before users in this group canremote control a client.• sd_user for viewing Software Distribution logs, scheduled jobs, and scripts. To furtherrestrict security, these users can only configure settings and distribute packages if theyhave administrator privileges.• inv_user for creating and running custom queries.• report_user for viewing reports and configuring how they look.NOTE: When assigning users to the sd_user group, ensure that you also give them accessrights to the distribution logs directory ([c:\inetpub\wwwroot]\remote\log by default). Whenassigning users to the report_user group, ensure that you also give them access rights to theimages subdirectory under report ([c:\inetpub\wwwroot]\remote\report\images by default).These groups are based on Windows NT and Windows 2000/2003 groups. By default, they're setup as local groups on the Web server, though you can set them up on the domain controller asglobal groups.Assigning usersYou can only assign domain users to these groups; if you assign users that are local to theWeb server, they won't authenticate. Local users can't log in to a remote client (in this case toaccess the Web console) as a local user on a Web server.92

PHASE 6: INSTALLING THE WEB CONSOLESetting up authenticationTo take advantage of feature-level security, you must set up authentication by disablingAnonymous Authentication on the Web server, but leave Windows NT/2000 Security enabled(this is Challenge and Response on Windows NT and Integrated Windows Authentication onWindows 2000).If Anonymous Authentication is left enabled, the Web console will resort back to the databaseauthentication used in previous releases.Changing the default IIS session timeoutYou can change the default session timeout for the Web console's Web pages. The IIS default is20 minutes of inactivity before a login expires.To change the IIS session timeout1. On the Web server, open the IIS Internet Service Manager.2. Expand the default Web site.3. Right-click the Remote folder, then click Properties.4. Under the Directory tab, click Configuration.5. Click the Application Options tab, then change the session timeout to the value youwant.Setting up the indexing serviceThe Web console's HTML online help has a search feature that you can enable to do full-textsearches. Normally, this feature is enabled by default. If you need to enable indexing on yourWeb server, do the following:To configure your IIS server to run the Web console as an application1. Open the IIS Internet Service Manager.2. Expand the default Web site.3. Right-click the Remote folder, then click Properties.4. In the Application section, click Create.5. Click OK.To start the indexing service on Windows 20001. Click Start | Programs | Administrative Tools | Services.2. Double-click Indexing Service and click Start.3. Click OK to exit out of the dialogs.Configuring rights for the Web consoleThe following rights should be configured automatically. If you're having problems with the Webconsole, you can verify that these rights have been set correctly. Update the following areas withthe appropriate information.93

INSTALLATION AND DEPLOYMENT GUIDETo configure database authentication1. Grant Modify rights for the IUSR_[MACHINE NAME] (IIS Internet Guest account) for thefollowing directories:inetpub\wwwroot\remote\queriesinetpub\wwwroot\remote\reports\images2. Grant Modify rights to IWAM_[MACHINE NAME] (IIS Web Application Manager account)for the following directory:inetpub\wwwroot\remote\reports\images3. Assign IUSR_[MACHINE NAME] to the Power Users group, or create a security policy tothat registry location and assigning it to the IIS Internet Guest User.Changing the Web console locationIf you move the location of the Web console files or the Remote Control Viewer after installation,you will need to modify the CONFIG.ASP file to designate the new location of the Remote ControlViewer.To update CONFIG.ASP1. Locate CONFIG.ASP on the Web server in the directory where the Web console isinstalled.2. Open CONFIG.ASP in a text editor, such as Notepad.3. Edit this line with the new URL where the Remote Control Viewer files are located:URL="http://yourwebserver.com/remote"4. Save CONFIG.ASP as a text file.94

Chapter 7: Installing OS Deployment andProfile MigrationThe OS deployment and profile migration component adds automated remote image deploymentand profile migration capabilities to LANDesk Management Suite. OS deployment and profilemigration streamline new computer provisioning and existing computer migration withoutrequiring additional end-user or technician input once the process starts. You can scheduledeployments and migrations to occur after hours, and by using Targeted Multicast technology todistribute images, you don't have to saturate network bandwidth by deploying the same image tomultiple computers.If you use Microsoft Sysprep with your images, OS deployment creates customizedSYSPREP.INF files and injects them into each computer's image on a per computer basis,customizing computer names, domain information, and so on from the core database.OS deployment includes a built-in imaging tool, or you can use imaging tools that youprovide. Your investments in Symantec Ghost*, PowerQuest*, and existing images won't bewasted with OS deployment.OS deployment supports two types of OS deployments--Management Suite agent-based andPXE-based:• Agent-based deployments use the client's existing Windows OS and Management Suiteagents to deploy images.• PXE-based deployments allow you to image computers with blank hard drives orunusable OSes. Lightweight .NET PXE proxies eliminate the need for a dedicated PXEserver on each subnet.In this chapter you'll learn about:• Installing OS deployment and profile migration• Step 1: Configuring an image server• Step 2: Verifying name resolution• Step 3: Configuring your network for multicast OS deployment• Step 4: Configuring PXEWARNING: The OS deployment functionality must be used with caution. Operating systemdeployment involves wiping all existing data off of a computer and installing a newoperating system. There is substantial risk of loss of data if the OS deployment function isnot performed precisely as described herein or if poorly implemented images are used.Before performing any operating system deployment, all data must be backed-up in such amanner that any lost data may be restored.95

INSTALLATION AND DEPLOYMENT GUIDEInstalling OS deployment and profile migrationTo install OS deployment and profile migration on your core server, you must have:• Windows 2000 Server SP 4 or later with IIS 5. The OS deployment .NET Web Serviceisn't compatible with Windows NT 4 or IIS 4.• Microsoft .NET Framework 1.1 or later (latest service pack recommended) on the coreserver. You can download the .NET Framework from Windows Update or fromwww.microsoft.com.During the install, you'll be prompted for:• Access to a Windows NT 4 Server CD. OS deployment uses Microsoft Windows NT 4client networking files.• A Windows 98 CD. OS deployment uses Microsoft boot and network files on the CD.Installing OS deployment and profile migration on your core server also updates the additionalconsole install image. You should reinstall your additional consoles so they are also updated. OSdeployment and profile migration don't need extra system requirements beyond those alreadyspecified for additional consoles.If you installed OS deployment when you installed the core server, you can ignore the installationsteps below.To install OS deployment and profile migration on an existing coreAt the Windows 2000/2003 core server:1. From your LANDesk Management Suite 8 installation image, double-click autorun.exe.The Autorun feature will display a Welcome screen.2. Click Install LANDesk Management Suite.3. Select the language that matches the core you are installing to, then click OK.4. Click Modify, then click Next.5. On the Select Features page, leave the existing options checked, and check OSDeployment / Profile Migration.6. Click Previous Management Suite Database, then click Next.7. Finish the Setup wizard.8. Reinstall any additional consoles that you installed before you added OS deployment andprofile migration to your core server.Once you've installed OS deployment and profile migration, you need to plan how you'll structureOS imaging and deployments on your network.You also need to decide whether you'll be using OS deployment PXE proxies to facilitatedeployments:• If you don't use PXE, you can only image computers running a supported Windows OSand the Management Suite agents, specifically the Enhanced Software Distributionagent. OS deployment uses the Enhanced Software Distribution agent to transfer OSdeployment files and images to clients.• If you use PXE, you can image any computer that supports PXE booting, regardless ofwhat is installed on it. For more information, see "Using PXE services" in the User'sGuide.96

CHAPTER 7: INSTALLING OS DEPLOYMENT AND PROFILE MIGRATIONConfiguring your OS deployment and profilemigration environmentBefore you can use OS deployment and profile migration, you'll need to configure yourenvironment. OS deployment requires the following:1. A share for images that clients can access from DOS2. A working DHCP and DNS/WINS server3. A multicast domain representative if you're doing Targeted Multicast deployments4. A PXE proxy if you are using PXE for deploymentsStep 1: Configuring an image serverYou need to put OS images and your imaging tool on a network server. Clients will need toaccess this server via the credentials you provide in the OS Deployment/Migration Tasks wizard.Make sure the share name you use for your images follows 8.3 DOS naming conventions anddoesn't have any spaces. The share must be reachable from DOS.IMPORTANT: DOS can authenticate to network resources with only one set of credentials. Forthis reason, we recommend having your images and imaging tool executable on one share. Youcan use multiple shares if the authentication credentials are exactly the same.IMPORTANT: For Targeted Multicast OS deployments, you must make the image share a nullsessionshare as described in the next section. Multicast clients can't access the image shareunless it is null-session.Making your image share null-sessionYou use the SYSSHRS.EXE utility to make your image share a null-session share folder. A nullsessionshare is a shared folder that doesn't require a username or password for access.Multicast deployments require null-session shares.To make a share null-session1. In Explorer, right-click the folder that will be your images share and then click Sharing.2. Click Share this folder and click Permissions.3. Add the Everyone and the Guest groups, but grant them only read permissions. ClickApply.4. Click Start | Run and browse to the LDMAIN\Utilities directory on your core server.5. Run the SYSSHRS.EXE utility.6. Check the shared folder you set up and click Apply and then Close.97

INSTALLATION AND DEPLOYMENT GUIDEStep 2: Verifying name resolutionIn an environment where WINS and/or DNS name resolution isn't available or doesn't workproperly, it may be necessary to implement a static IP address for the core server and hard-codethe IP address into the PXE and virtual boot images for OS deployment.To test if WINS is working on your network• From a DOS 6.22 environment (with Microsoft NDIS/DHCP stack) command prompt, trya NET USE command to map a drive to the server that stores your images. You must dothis from native DOS and not a Windows command prompt. Management Suite will useWINS/LMHOSTS resolution to map drives to your image server:NET USE G: \\imageserver\shareTo test if DNS is working for your environment1. From any Windows 2000/XP computer that has a DHCP address, type the following froma command prompt:NSLOOKUP2. At the NSLOOKUP prompt (>), type the name of your core server. OS deployment usesDNS to resolve the name of the core server when deploying operating systems.For OS deployment to work properly, your DNS server needs to be able to resolve both theNETBIOS (root servername) and fully-qualified domain name (FQDN,servername.mycompany.com) of the core server.Management Suite 8 also requires reverse DNS lookup support. If clients are taking severalminutes to reboot and start an OS Deployment job, reverse lookup probably isn't enabled.Step 3: Configuring your network for Multicast OS deploymentBefore using Targeted Multicast with OS deployment , you need to make sure the TargetedMulticast components are in place on the subnet you're distributing to.Each subnet must have a multicast domain representative. If you try to multicast to a subnet thatdoesn't have a domain representative, the deployment will start, but it won't be able to finish.You don't have to use Targeted Multicast to distribute OS deployment images, but TargetedMulticast will save a lot of network bandwidth if you distribute the same image to multiple clients.Make sure you don't image any Targeted Multicast representatives in a subnet, because youcould end up imaging your Multicast domain representative and the imaging will fail, leaving thecomputers in an unusable state.To manually specify which computers will be multicast domain representatives1. In the network view, click Configuration > Multicast Domain Representatives.2. Add domain representatives by dragging the computers you want to be representativesfrom the network view into this category.98

CHAPTER 7: INSTALLING OS DEPLOYMENT AND PROFILE MIGRATIONStep 4: Configuring PXEPXE services software is installed as part of OS deployment and provides another method—inaddition to agent-based deployment—of automated remote imaging of computers on a singleLAN or routed network environment.With PXE services implemented, you can boot both new and existing PXE-enabled computersand either:• Run an OS deployment script at the computer from an image menu you configure.• Add the computer to your core database, then schedule an image deployment job fromthe console.You don't have to use PXE to deploy OS deployment images, but if your clients support PXE,PXE can be the easiest and most flexible way to get images to clients.PXE service files are simply copied to the core server as part of the normal OS deploymentinstallation. To enable PXE services, you must first deploy a PXE representative (or proxy)computer on each segment of your network where you want PXE services available.You need to deploy at least one PXE proxy on your network and at least one additional PXEproxy on each subnet where you want to provide PXE boot services. You set up a PXE proxy byrunning the PXE Representative Deployment script on the selected computer. This script installsas part of OS deployment, and is available in the Scheduled Tasks window.Each PXE proxy forwards via HTTP any PXE boot requests on its subnet to the core server. Thecore server then checks to see if there are any pending jobs for that computer. If not, thecomputer boots normally.You can have multiple PXE proxies on a subnet to help with load balancing. If this is the case, thefirst PXE proxy to respond to a client's request is the one that will be used to communicate withthe core server.There are no special hardware requirements for the computer you select, but it must meet thefollowing software requirements:• Operating system: Windows NT 4, Windows 2000/2003, or Windows XP.For Windows NT and 2000, ensure that the Microsoft MSI service is running (XP includesMSI by default). If you've installed the latest service pack for either OS, MSI serviceshould be running. Otherwise, you can deploy it to the target PXE proxy from the consoleby following these steps: Click Tools | Scheduled Tasks, click the Schedule Scripttoolbar icon, select the MSI Service Deployment task, click OK, drag the targetcomputer(s) to the window, and click the Set Start Time icon to schedule the MSI servicedeployment.• Installed agents: Enhanced Software Distribution agent and Inventory Scanner agent.To deploy a PXE proxy1. In the console, click Tools | Scheduled Tasks, then click the Schedule Script toolbaricon.2. Select the PXE Representative Deployment script from the list, then click OK.3. In the console's network view, select the target computer on which you want to installPXE services (in this case the core server).4. Drag and drop the selected computer to the Machine list in the Scheduled Tasks window.5. Click the Set Start Time toolbar icon and schedule to run the script now. This scriptinstalls the PXE services software on the target computer.99

INSTALLATION AND DEPLOYMENT GUIDEIf you modify the PXE boot option settings (on the Configure | Services | OS deploymentdialog), you need to update a PXE proxy by re-running the PXE Representative Deploymentscript to apply those changes. This procedure of re-running the script is not necessary if yousimply move PXE proxies from the Available proxies list to the Holding queue proxies list.To update or remove a PXE proxy1. Click Tools | Scheduled Tasks, then click the Schedule Script toolbar icon.2. To update a PXE proxy, select the PXE Representative Deployment script from the list,then click OK. Or, to remove a PXE proxy, select the PXE Representative Removalscript, then click OK.3. Drag and drop the target computer(s) to the Scheduled Tasks window and schedule atime for the task to occur (for details, click the Help button or press F1 to view the onlinehelp).Verifying that the core server accepts PXE proxy communicationEach PXE proxy communicates with the core server via HTTP. You should verify that the coreserver is accepting this communication by trying to connect to the core with this URL:http:///landesk/managementsuite/core/core.webservices/pxe.asmxYou should see a Web page titled "PXE Web Service." If a Web page doesn't come up, you mayneed to reinstall the .NET Framework and OS deployment.Configuring PXE clientsYou must configure your clients to boot PXE before using OS deployment's PXE support.100

CHAPTER 7: INSTALLING OS DEPLOYMENT AND PROFILE MIGRATIONOS deployment phasesAfter you've created your images and run Sysprep on them, there are three OS deploymentphases:1. Run the OS Deployment/Migration Tasks wizard (select Deploy image) to create a scriptthat defines how OS Deplolyment will handle that image.2. Drag the script and the target computers to the Scheduled Tasks window and schedule atime for the deployment to happen. Watch the Custom Job Status window updates forsuccess/failure.3. Computers running Windows and Management Suite agents will begin the job whenscheduled. PXE-enabled computers will begin the job next time they boot.For more information on using OS deployment and profile migration, see the User's Guide.101

Chapter 8: Deploying to Macintosh, Linux,and UNIX clientsThis chapter explains how to deploy agents to Macintosh, Linux, and UNIX clients. LANDeskManagement Suite has limited support for these clients—at a minimum, you can do inventoryscans, and depending on the operating system and version, you can do more.In this chapter you'll learn about:• Deploying to Macintosh clients• Deploying to Linux and UNIX clientsDeploying to Macintosh clientsThe Macintosh agents support these operating systems:• Mac OS X (10.2.x)• Mac OS 9.2.2• All clients must have TCP/IP installed.Supported Mac OS 9.2.2 agent features:• Remote file transfer.• Remote program execution.• No reliance on Apple System Profiler.Management Suite 8 adds these features to the Mac OS X agents:• Software License Monitoring: Application usage monitoring, license compliancetracking/reporting, and application denial/reporting• Remote Control Enhancements: Render rate improvements, client-side icon toterminate session, remote login/out• Software Distribution: Macintosh clients can receive Targeted Multicast files• Application Policy Management: Macintosh clients can automatically receive softwarepackages (required, recommended, and optional packages) if they match query criteriayou set• Additional base agent support: Mac OS X agents also support chat, remote reboot,and CBA discovery103

INSTALLATION AND DEPLOYMENT GUIDEDeploying the Mac OS X agentsThe Macintosh client install files are stored on the core server in the \ProgramFiles\LANDesk\ManagementSuite\LDLogon\Mac folder. The LDMSClient.pkg.zip file contains thecompressed package that installs the agents. The Mac OS X agent installer installs files to theroot volume and requires root authorization.On each Mac OS X computer you install the agents on, you'll need to configure the scannerpreferences. At a minimum, you must enter the core server address that the scanner should sendscans to.To install the Mac OS X agents1. Connect to the core server's LDLOGON share.2. From \LDLogon\Mac\LDMSClient.pkg.zip, extract LANDeskOSXClient.pkg.3. Double-click LANDeskOSXClient.pkg to run it.4. Enter an administrator/root password when prompted.5. Finish the wizard to install the client agents.6. When the wizard finishes, open the OS X System Preferences and select the LANDeskClient panel.7. Click the Inventory Scanner tab.8. Enter the server's IP address or resolvable name into the LDMS server address box.9. Select the components you want to scan.10. Make any other changes you want in the Inventory or Remote Control tabs.11. Reboot to load the agents.Locking Macintosh client optionsBy default, the Management Suite preference pane options are locked for users without root-levelaccess. Non-root users can see the preferences, but they can't change them.To unlock a Macintosh client configuration1. Open the Mac OS X System Preferences and select the LANDesk Client panel.2. Click the lock icon in the panel's lower left-hand portion. The panel prompts you for aroot-level password to unlock the panel.Updating the Mac OS X agentsTo update the Mac OS X agents using a Client Setup wizard script, the agent installation file mustbe on a Web server. By default, the LDLogon share is a Web share. You can verify that this shareis working by accessing http:///ldlogon.Regardless of the options you select in the Client Setup wizard or the way you deploy the agents,the OS X agent package will install all of the agents with default options. The Client Setupwizard's remote control options don't affect the default OS X agent preferences.Uninstalling the Mac OS X agentsIf you want to uninstall the Mac OS X agents, run the uninstall script, lduninstall.command,located on each client in the /Library/Application Support/LANDesk folder.104

CHAPTER 8: DEPLOYING TO MACINTOSH, LINUX, AND UNIX CLIENTSDeploying the Mac OS 9.2.2 agentsThe Macintosh client install files are stored on the core server in the \ProgramFiles\LANDesk\ManagementSuite\LDLogon\Mac folder. The LANDesk_Classic_Client.sit filecontains the Setup files and agents.You will need version 5.5 or greater of StuffIt* Expander to extract files from the MACINIT.SIT file.If you don't have the correct version, you can download it from http://www.aladdinsys.com.To deploy the OS 9.22 Macintosh agents1. Extract the files in \ProgramFiles\LANDesk\ManagementSuite\LDLogon\Mac\LANDesk_Classic_Client.sit to alocation where your Macintosh computers can run the installation script. This location canbe a shared folder on a Macintosh volume, CD-ROM, Web server, and so on. You canalso e-mail these files to clients.2. At the location you extracted the MACINIT.SIT file to, edit the INVMAC.INI file'sServerAddress option so that it points to your core server. If you don't do this, scaninformation won't be added to the core database. You can use the core server's WindowsNT server name or its IP address.For more information about the .INI files, see Changing agent options via the .INI files laterin this chapter.3. From each Macintosh you want configured, run the Macintosh Client Install script fromthe location where you copied the MACINIT.SIT files.4. Reboot each Macintosh client when you are done.Installing non-English language support on clientsThe client agents use English by default. If you want to install support for one of the othersupported languages, follow the procedure below.To install non-English language support on clients1. From the \Program Files\Intel\DTM\LDLogon\MAC directory, extract the language file youwant to install from: MACISLNG.SIT (Inventory agent language files) andMACRCLNG.SIT (Remote Control agent language files).2. Copy these files to the Applications\Intel folder on each Macintosh client.105

INSTALLATION AND DEPLOYMENT GUIDEUpdating Mac OS 9.2.2 agentsOnce a Macintosh computer has the Remote Control agent on it, you can use the Client Setupwizard to configure and update the agents and settings on that client. The Allow Remote Executeand Allow File Transfer options must be enabled for this to work. You can use the Client Setupwizard for Macintosh client updates only—don't use it during initial client deployment.When you schedule a client configuration that's going to a Macintosh computer, this happens:1. Client Setup automatically generates an RCMAC.INI file based on your selections in theClient Setup wizard.2. Client Setup looks in the \Program Files\Intel\DTM\Install\Mac directory for theINVMAC.INI file to send out to clients. Make sure you've updated the INVMAC.INIServerAddress option to point to your core server.3. Client Setup copies all the files to a temporary directory on the Macintosh and runs theMacintosh Client Install script from there.Changing Mac OS 9.2.2 agent options via the .INI filesThis section only applies if you want to manually customize the agent .INI files.The Macintosh agents are on the core server in the \Program Files\Intel\DTM\LDLogon\Macdirectory. The MACINIT.SIT file contains the Inventory and Remote Control agents, and the .INIfiles that configure these agents.• RCMAC.INI: Specifies the client Remote Control settings.• INVMAC.INI: Specifies client Inventory settings.You can customize these files the way you want them before configuring Macintosh clients. If youdon't customize them beforehand, the agents will use the defaults. If you want to change thesettings in the future, you can distribute these files to clients later via the Scheduler. On the client,these .INI files are in the Preferences folder.If you want to add comments to the .INI files, you can use the semicolon (;) character.The only setting you must configure is the ServerAddress option in INVMAC.INI. The defaults inthese files will work otherwise. In the following tables, you can see a list of possible options andthe default values.Inventory client optionsThe only Inventory client option you must configure is ServerAddress, which specifies where theclient should send its inventory scans. This option is set to "Your server name here" by default.You can launch the inventory scanner manually from the Applications\Intel folder.To change inventory preferences on the client1. From Applications (MacOS9):LANDesk, double-click Inventory Scanner.2. Change the settings you want.106

CHAPTER 8: DEPLOYING TO MACINTOSH, LINUX, AND UNIX CLIENTSThe Macintosh Inventory client can have these options in INVMAC.INI:OptionServerAddress=SendToServer=1CreateFile=1ForceScan=0SoftwareScanItems=31DescriptionYou must specify the core server name or IP address here. This isthe server the agent sends scan information to. No scan informationgoes to the core database unless this server address is correct.Here's an example:ServerAddress=mycoreserverSends the scan results to the core server. You should leave thisenabled.Saves the scan results to a file called "scan" in the directory theagent ran from. Enabled by default, but disabling this option won'tcause problems.If enabled, forces the client to do a software scan regardless ofwhether the core server says one is due.Specifies which software items to scan. Add together these bitfieldvalues that you're interested in:1 Applications2 Desk Accessories4 Drivers8 Fonts16 INITSHardwareScanItems=127 Specifies which hardware items to scan. Add together these bitfieldvalues that you're interested in:1 I/O devices2 CPU4 Monitors8 NuBus/PCI cards16 SCSI devices32 Volumes64 System (network and system info)LastScanTime=ServerGUID=Don't change this option. Value managed by agent.Don't change this option. Value managed by agent.Remote Control client optionsThe Macintosh client install script adds an alias to the Startup Items folder that launches theRemote Control agent when the computer boots.Macintosh keyboards have some keys that PC keyboards don't. When remote controlling aMacintosh, use these keys on your PC keyboard to emulate a Macintosh keyboard:• The left Alt key maps to the Option key.• The right Alt key maps to the Apple key.You need to have system key pass-through enabled in the Remote Control Viewer window for theAlt keys to pass their Macintosh mappings.107

INSTALLATION AND DEPLOYMENT GUIDETo change Remote Control preferences on the client1. With the Remote Control Viewer window displayed, press the Command, Option, and Pkeys simultaneously.2. Change the settings you want.If you want to change the Remote Control agent preferences on a client via a remote controlsession, enable system key pass-through and hold down both Alt keys and the P key to displaythe Preferences dialog.Note that Macintosh remote control doesn't support 1-bit or 2-bit color depths.Unless you want to change the default Remote Control options for security or policy reasons,there aren't any values in RCMAC.INI file that you have to edit.You can set several Remote Control options in the Client Setup wizard. Doing this modifies theRCMAC.INI file. The Macintosh Remote Control agent has these options in RCMAC.INI that youcan also manually edit:OptionAllowTakeover=1AllowReboot=0PermissionRequired=0PermissionBoxTimeout=12VisibleSignal=0Allow RemoteExecute=1Allow FileTransfer=1Scan LinesPerSecond=4DescriptionIf enabled, allows others to remote control the client.If enabled, allows others to remotely reboot the client. If this option is disabled, itdoesn't prevent an administrator from remote controlling a client and selectingRestart from the Finder's Special menu.If enabled, displays an Accept/Reject dialog on the client that the client mustaccept before remote control begins.If Permission Required is enabled, this specifies how long before the PermissionRequired dialog times out and disappears. If the dialog times out, that deniesremote control permission. This option isn't configurable via the Remote Controlagent interface.If enabled, briefly displays a message box on the client for three secondsindicating that it's being remote controlled.If enabled, allows administrators to remotely execute programs on the clientcomputer. This feature must be enabled for auto-update to work.If enabled, allows administrators to transfer files to the computer. This featuremust be enabled for auto-update to work.Don't change this option. This option isn't configurable via the Remote Controlagent interface.108

CHAPTER 8: DEPLOYING TO MACINTOSH, LINUX, AND UNIX CLIENTSDeploying to Linux and UNIX clientsManagement Suite works with some versions of Linux and UNIX. These features of ManagementSuite are supported for Linux and UNIX computers:• Inventory scanning for hardware and software.• Queries from the management console on any attribute that the inventory scannerreports to the core database.The Linux/UNIX inventory scanner provides scanning for hardware and software. The scannerwill find these attributes of a Linux/UNIX computer:• Environment variables• Memory• Network• OS type/kernel version• Processor• Bound adapters• Mounted devices• SoftwareSystem requirementsLinux runs on a variety of architectures, but the Linux inventory scanner will only run on Intelarchitecture. TCP is the only supported protocol for the inventory scanner.Supported Linux and UNIX distributions:• Red Hat Linux 7.3 and 8.0• IBM AIX 5.1• Intel Architecture Solaris 8• Sun Sparc (Solaris 8)• HP-UX 11.0Installing the Linux/UNIX agentsYou'll need to install the Linux/UNIX agents manually. The Linux/UNIX agents include only theInventory Scanner agent.Copy the ldiscnux agent files from the appropriate directory under \ProgramFiles\LANDesk\ManagementSuite\LDLogon\unix\ that matches your Linux/UNIX distribution.Copy all the files from the \common directory.• aix: IBM AIX 5.1• common: Common man and configuration files used by all supported distributions• hpux: HP-UX 11.0• linux: RedHat Linux 7.3 and 8.0• solia: Intel Architecture Solaris 8• solsparc: Sun Sparc Solaris 8109

INSTALLATION AND DEPLOYMENT GUIDETo install the inventory scanner on Linux/UNIX1. Copy ldiscnux.conf and ldappl.conf to /etc. Give ldiscnux.conf read/write access forusers. Give ldappl.conf read access for users. Use the UNIX chmod command toassign rights to the files.2. Edit ldappl.conf to customize the software scanning if desired. See the sample entries inldappl.conf for more information.3. Copy ldiscnux.8 to /usr/man/man8.4. Copy ldiscnux to a directory that is accessible by the individuals who will be running theapplication. Usually this is /usr/sbin.5. If needed, make ldiscnux executable using the chmod command.Linux inventory scanner command-line parametersThe Linux inventory scanner, ldiscnux, has several command-line parameters that specify how itshould run. See "ldiscnux -h" or "man ldiscnux" for a detailed description of each. Each optioncan be preceded by either '-' or '/'. These command-line parameters are available in ManagementSuite:-d=DirStarts the software scan in the Dir directory instead of the root. By default, the scan starts in theroot directory.-fForces a software scan. If you don't specify -f, the scanner does software scans on the dayinterval (every day by default) specified in the console under Configure | Services | Inventory |Scanner Settings.-f-Disables the software scan.-i=ConfNameSpecifies the configuration filename. Default is /etc/ldappl.conf.-ntt=address:portHost name or IP address of core server. Port is optional.110

CHAPTER 8: DEPLOYING TO MACINTOSH, LINUX, AND UNIX CLIENTS-o=FileWrites inventory information to the specified output file.-s=Server specifies the core server. This command is optional, and only exists for backwardcompatibility.-stdoutWrites inventory information to the standard output.-vEnables verbose status messages during the scan.-h or -?Displays the help screen.ExamplesTo output data to a text file, type:ldiscnux -o=data.out -vTo send data to the core server, type:ldiscnux -ntt=ServerIPName -vLinux/UNIX inventory scanner filesldiscnuxThis is the executable that is run with command-line parameters to indicate the action to take. Allusers that will run the scanner need sufficient rights to execute the file.There is a different version of this file for each platform supported above./etc/ldiscnux.confThis file always resides in /etc and contains the following information:• Inventory assigned unique ID• Last hardware scan• Last software scanAll users who run the scanner need read and write attributes for this file. The unique ID in/etc/ldiscnux.conf is a unique number assigned to a computer the first time the inventory scannerruns. This number is used to identify the computer. If it ever changes, the core server will treat itas a different computer, which could result in a duplicate entry in the database.Warning: Do not change the unique ID number or remove the ldiscnux.conf file after it has beencreated.111

INSTALLATION AND DEPLOYMENT GUIDE/etc/ldappl.confThis file is where you customize the list of executables that the inventory scanner will report whenrunning a software scan. The file includes some examples, and you'll need to add entries forsoftware packages that you use. The search criteria are based on filename and file size. Thoughthis file will typically reside in /etc, the scanner can use an alternative file by using the -i=command-line parameter.ldiscnux.8Man page for ldiscnux.Web console/Management Suite console integrationOnce a Linux/UNIX computer is scanned into the core database, you can:• Query on any of the attributes returned by the Linux/UNIX inventory scanner to thecoredatabase.• Use Management Suite's reporting features to generate reports that include informationthat the Linux/UNIX scanner gathers. For example, Linux/UNIX will appear as an OS typein the Operating Systems Summary Report.• Use the Inventory Summary dialog to view information for Linux/UNIX computers.• Use Management Suite's inventory change history to track changes on items that theLinux/UNIX Inventory scanner inserts into the core database. The inventory servicesends alerts when inventory data changes.Miscellaneous issuesQueries on "System Uptime" sort alphabetically, returning unexpected resultsIf you want to do a query to find out how many computers have been running longer than acertain number of days (for example, 10 days), query on "System Start" rather than "SystemUptime." Queries on System Uptime may return unexpected results, because the system uptimeis simply a string formatted as "x days, y hours, z minutes, and j seconds." Sorting is donealphabetically and not on time intervals.Path to config files referenced in ldappl.conf doesn't appear in consoleConfFile entries in ldappl.conf file need to include a path.112

Chapter 9: Uninstalling LANDesk ManagementSuiteJust as there's a specific strategy you should follow to deploy the different LANDesk ManagementSuite components, there's a corresponding strategy for uninstalling the components.In this chapter you'll learn about:• Uninstalling Management Suite• Uninstalling the Web consoleUninstalling Management SuiteThe following sections show you how to properly uninstall each Management Suite component.You must uninstall the components in this order:1. Uninstall LANDesk agents from clients2. Uninstall the service centers3. Uninstall the consoles4. Uninstall the core serverUninstalling LANDesk agents from clientsThe first step to uninstall LANDesk software from your network is to uninstall its agents from yourclients.To uninstall agents from clients on a NetWare network• Use your network administrator tool to move users to the LANDESKEXCLUDE group.The next time the user logs in, Management Suite removes the agents from thecomputer.To uninstall agents from clients on a Windows 2000 network• In the batch file you originally used as the login script to configure the client, change the/IP or /IPX parameter in WSCFG32.EXE to /u. For more information, see Phase 4:Deploying Remote Control, Inventory, and CBA to clients earlier in this guide.113

INSTALLATION AND DEPLOYMENT GUIDEUninstalling the service centersAfter you uninstall LANDesk agents from your clients, you can uninstall software from yourservice centers.To uninstall your service centers1. Go to your core server.2. In the console's network view, select the computer where the service center is running.3. From that server's shortcut menu, click Service Center.4. To remove all services from the selected server, click Remove All | Finish.Uninstalling the consolesAfter you uninstall LANDesk agents from your clients and the software from your service centers,you're ready to uninstall the software from your consoles.To uninstall your consoles1. Go to the console computer where you want to remove the software.2. Click Start | Settings | Control Panel, then double-click Add/Remove Programs.3. Select LANDesk Management Suite.4. Click Add/Remove.Uninstalling the core serverThe final step in uninstalling Management Suite from your network is to uninstall the software onthe core server. Before you do so, make sure you've uninstalled the LANDesk software from yourclients, service centers, and consoles.To uninstall the core server1. Go to the core server.2. Click Start | Settings | Control Panel, then double-click Add/Remove Programs.3. To uninstall Management Suite software, select LANDesk Management Suite and anyother LANDesk products you installed.4. Click Add/Remove.Uninstalling the core and core rollup databasesYou need to manually uninstall the core and core rollup databases. For more information, refer toyour database manual.Uninstalling the Web consoleBecause Microsoft IIS loads the Web console into memory and keeps it loaded, you must rebootthe server before doing an uninstall. Make sure you don't reconnect to the Web console after youreboot.114

CHAPTER 9: UNINSTALLING LANDESK MANAGEMENT SUITETo uninstall the Web console1. Reboot the Web server.2. Click Start | Settings | Control Panel, then double-click Add/Remove Programs.3. Click Web Components, then click Add/Remove.4. Click Yes to remove the application.5. Click OK when the uninstall is completed.To uninstall the Remote Control Viewer from client computers1. Shut down all instances of your browser.2. Click Start | Settings | Control Panel, then double-click Add/Remove Programs.3. Click Remote Control Viewer, then click Add/Remove.4. Click Yes to remove the application.5. Click OK when the uninstall is completed.115

Appendix A: TroubleshootingThis appendix explains where to go to resolve problems you might encounter when installing andusing LANDesk Management Suite.Troubleshooting on the WebYou can reach LANDesk Software's online support services on the Web (available in Englishonly). The services contain the most up-to-date information about LANDesk Software products.You can also find installation notes, troubleshooting tips, software updates, and customer supportinformation. Visit the Web site below, then access the Management Suite page:http://support.landesk.com/supportYou can also download the latest versions of the Management Suite Release Notes anddocumentation, which may include information that wasn't available at the time the product wasshipped.Customer support optionsIf you can't resolve your issue using this guide or by consulting the LANDesk Software supportWeb site, LANDesk Software offers a range of paid support, consulting, and partner services. Formore information, see the customer support page at:http://www.landesk.com/contactus/contactus.htmBefore calling for customer support issues, have this information ready:• Your name, the name of your company, and the version of Management Suite you'reusing.• The network operating system you're using (name and version).• Any patches or service packs you've installed.• Detailed steps to reproduce the problem.• Steps you've already taken to troubleshoot the problem.• Any information unique to your system that may help the Customer Support engineerunderstand the problem, such as what kind of database application you're using, thebrand of video card you've installed, or the make and model of the computer you're using.117

Installation and Deployment Guide - LANDeskÂ® Software ...

Create successful ePaper yourself

Delete template?

Save as template?