Dell OpenManage™ IT Assistant Version 7.2 User’s Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes and Notices NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ____________________ Information in this document is subject to change without notice. © 2005 Dell Inc. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 Introducing IT Assistant . . . . . . . . . . . . . . . . . . . . . . . . . Simplifying System Administration . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . 9 9 10 10 . . . . . . . 10 . . . . . . . . . . . . . . . . . . . 10 Identifying the Groups of Systems for Remote Management Consolidating a View of All Your Systems . . . . . . . . . . Creating Alert Filters and Actions . . . . . . . . . . . . . .
Selecting the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . 18 . . . . . . . . . . . . . . . . . . . . . . 19 Selecting a Hardware Configuration Selecting the MSDE Default Database or SQL 2000 Server . E-mail Notification Features . . . . . . . . . . . 19 . . . . . . . . . . . . . . . . . . . . . . . . . . 20 . . . . . . . . . . . . . . . . . 20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 20 20 21 . . . . . . . . . . . . . . . . . .
Configuring CIM for Manageability . . . . . . . . . . . . . . . . . . . . . . . 36 . . . . . . . . . . . . . . . . . 37 . . . . . . . . . . . . . . . . 37 . . . . . . . . . . . . . 38 Configuring CIM in the Operating System Best Practices for Setting Up Discovery Targets Discovery in Jane’s Small-to-Medium Size Business Determining Requirements for a Mixed Server-Client System . . . . Initial Tasks for Finding Systems on Jane’s Network . . . . . . . . .
5 Reporting and Task Management Custom Reporting . . . . . . . . . . . . . . . . . . 59 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Creating a New Report . . . . . . . . Editing, Deleting, or Running Reports. Pre-defined Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IT Assistant Database Schema Information . . . . . . . . . . . . . . . . . . . 63 . . . . . . . . . . . . . . . . . .
Assigning User Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating IT Assistant Users for Supported Windows Operating Systems . . . . . . . . Disabling Guest and Anonymous Accounts . . . . . . . . . . . . . . . . . 91 . . . . . . . . . . . . . . . . . . 93 A Configuring Protocols to Send Information to IT Assistant . . . . . . . . . . . . . . . . . . . . . Configuring the SNMP Service . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . . . . . . 95 . . .
Contents
Introducing IT Assistant Dell OpenManage™ IT Assistant provides a central point of access to monitor and manage systems on a local area network (LAN) or wide area network (WAN). By allowing an administrator a comprehensive view across the enterprise, IT Assistant can increase system uptime, automate repetitive tasks, and prevent interruption in critical business operations. Simplifying System Administration Using IT Assistant, you can: • Identify the groups of systems that you want to manage remotely.
Creating Alert Filters and Actions You can use IT Assistant to create alert filters to isolate alerts that are of greatest interest to a system administrator. System administrators can then create corresponding alert actions that are triggered when the criteria used to define the alert filter is met. For example, IT Assistant can alert a system administrator when a server fan is in warning or critical state.
Figure 1-1. IT Assistant User Interface, Services System, and Managed System user’s system IT Assistant Services firewall 1311 managed system CIM/WMI 2607 161, 162 IT Assistant User Interface Server Administrator Web Browser 80, 443 Array Manager 2148 RAC Array Manager NOTE: The numbers in Figure 1-1 are the port numbers used by IT Assistant to communicate with the managed systems.
Terminology: Managed System and IT Assistant System For the purposes of IT Assistant, a managed system is a system that has supported instrumentation or agents installed that allow the system to be discovered and polled for status. IT Assistant simplifies system administration of many managed systems by allowing an administrator to monitor them from one management console.
Dynamic Groups You can create dynamic groups of devices to help you manage and monitor them more effectively. For more information, see the Group Configuration topic in the IT Assistant online help. NOTE: You can re-use the device selection queries created in one module of IT Assistant in other modules as well. For example, a query created from the search-devices module will also be available when you are creating or editing a report, an alert filter, or a task.
Software Updates IT Assistant allows you to load Dell Update Packages and System Update Sets into a central repository, then compare the packages to the versions of the software currently running on your enterprise systems. You can then decide whether to update systems that are not in compliance, either immediately or according to a schedule you define. You can also customize the view of the package information by operating system, system type, component name, and software type.
Single Sign-On Single Sign-On on Windows systems is supported. Use Single Sign-On to bypass the login page and access IT Assistant by clicking the IT Assistant icon on your desktop. The desktop icon queries the registry to see if the Automatic Logon with current username and password option is enabled in Internet Explorer. If this option is enabled, then Single Sign-On is executed; otherwise, the normal logon page will be displayed. For more information on how to set these options, see "Single Sign-On.
Introducing IT Assistant
Planning Your IT Assistant Installation It is important to plan before installing Dell OpenManage™ IT Assistant. Depending on your company's network management objectives, you may want to use IT Assistant primarily as a discovery and status polling tool that quickly scans the network to retrieve managed system information. On the other hand, you may want IT Assistant to only receive and forward alerts to support personnel about problems on specific managed systems. Or maybe you want a combination of both.
Primary Planning Questions System types and network management objectives differ among enterprises. Answering the following questions can better prepare you for an IT Assistant installation that will support your company's goals for network management. After reading this section, see Table 2-4 before performing your installation.
Selecting a Hardware Configuration The hardware configuration you choose must meet or exceed the recommended configuration for IT Assistant. Depending on your specific IT Assistant deployment and your network environment, it may be advisable to exceed the recommended configurations for processor speed, amount of memory, and hard-drive space.
E-mail Notification Features E-mail Alert Actions are useful in environments in which a system administrator does not want to use the IT Assistant User Interface (UI) to visually monitor the status of managed systems. By coupling e-mail alert actions with alert action filters, an administrator may identify a person to be electronically notified when a specific system sends alerts to the IT Assistant network management station.
Factors That Affect Protocol Choice Two factors affect protocol choice: • The systems that you want to monitor • Agents on the systems that you want to monitor Systems That You Want to Monitor Your network may consist of a combination of client and server systems, including portable computers, desktops, workstations, and standalone servers such as print and file servers, server modules (or blades), clustered servers, or hundreds of servers in densely populated racks.
Table 2-3. Agents Supported by IT Assistant (continued) Device Version(s) Supported Auto Discoverable Alerting DRAC 4 1.0-1.30 Yes Yes DRAC III, DRAC III/XT 1.0-3.50 Yes Yes ERA, ERA/O 1.0--3.50 Yes Yes ERA/MC 1.0--3.50 Yes Yes PowerEdge 1655MC/1855MC Integrated Switch N/A Yes Yes * IT Assistant requires Server Administrator 2.0 or later for remote software updates.
Table 2-3. Agents Supported by IT Assistant (continued) Device Version(s) Supported Auto Discoverable Alerting 2161 DS-2 N/A Yes Yes 4161 DS N/A Yes Yes Intel® PRO N/A No Yes Broadcom N/A No Yes ASF 1 No Yes 7.
Table 2-4. Pre-Installation Questions, Options, and Actions (continued) Question Option/Action Option/Action Should I use the default installed database (MSDE) or should I install the Microsoft SQL Server database? Generally, MSDE is adequate if you are managing fewer than 500 systems. However, heavy event traffic or other performance concerns may lead you to select SQL Server.
Installing, Uninstalling, and Upgrading IT Assistant Installation Requirements When installing Dell OpenManage™ IT Assistant, it is important to see the latest readme.txt file on your Dell Systems Management Consoles CD or on the Dell™ Support website at support.dell.com. This file defines the most current supported operating systems and hardware requirements for IT Assistant.
4 In the Windows Component Wizard window under Components, scroll to Management and Monitoring Tools. 5 Select Management and Monitoring Tools, click Details, select and check Simple Network Management Protocol, and click OK. 6 Click Next in the Windows Components Wizard window. The Windows Components Wizard will install SNMP. 7 Once the installation is complete, click Finish. 8 Close the Add/Remove Programs window. SNMP is now installed on your system.
Installing IT Assistant If you are installing IT Assistant for the first time, follow the steps shown here. If you are upgrading from a previous version, see "Upgrading from a Previous Version of IT Assistant." You can install IT Assistant from the Dell Systems Management Consoles CD or download and install it from the Dell Support website at support.dell.com. The Dell OpenManage Management Station installer program is used to install IT Assistant as well as other Dell OpenManage software.
Upgrading from a Previous Version of IT Assistant NOTE: Only IT Assistant versions 6.2 and later support upgrades from previous versions. The Dell OpenManage Management Station installer program detects whether you currently have an upgradable version of IT Assistant on your system. To upgrade IT Assistant: 1 Insert the Dell Systems Management Consoles CD into your CD drive. If the installation program does not start automatically, navigate to the /windows directory and click setup.exe.
9 Click Next. 10 Ensure that IT Assistant is included in the installation summary window and click Install to begin the installation. NOTE: When upgrading from IT Assistant version 6.x to version 7.2, you have to qualify the CIM user names. This qualification is necessary because CIM is enabled/disabled only per discovery range and requires each CIM user to be qualified with a domain, or local host if no trusted domain is configured.
Installing, Uninstalling, and Upgrading IT Assistant
Configuring IT Assistant to Monitor Your Systems Dell OpenManage™ IT Assistant can discover, inventory, and perform a variety of change management tasks for each system in your enterprise. Managed systems can include a mixture of client systems (desktops, portables, and workstations), servers, systems with remote access cards, Dell™ PowerConnect™ switches, and digital keyboard/video/mouse (KVMs) switches used with rack-dense systems.
1 Locate the jpicpl32.exe of the JRE version you want to use. For example, if you want to use JRE version 1.4.2, you can locate jpicpl32.exe under C:\Program Files\Java\j2re1.4.2_05\bin. NOTE: This file is available for all JRE versions earlier than version 1.5.0. The Java Plug-in Control Panel appears. 2 In the Browser tab, deselect Microsoft Internet Explorer, and click Apply. 3 Now select Microsoft Internet Explorer, and click Apply (see Figure 4-1). This integrates JRE 1.4.2 with Internet Explorer.
If you want to use JRE version 1.5.0, perform the following steps: 1 In the Java Control Panel (for JRE 1.5.0), under the Advanced tab, expand the
Ensure That Agents and Instrumentation Are Installed and Running Whether large or small, all networks managed by IT Assistant share a basic requirement: all of the managed systems in the network must have Dell systems management agents (instrumentation) installed and running.
Configuring SNMP for System Manageability Before configuring SNMP for system manageability, let us look at the two scenarios we will use to illustrate IT Assistant in this section: Two systems administrators—let us call them Jane and Tom—are responsible for managing two separate network environments. Jane represents the small-to-medium size business (50 servers, plus over 200 client systems), while Tom represents a much larger enterprise (1,000 servers).
Information on the Managed System Needed for Optimal SNMP Configuration For every system to be discovered and managed using SNMP protocol, ensure that: • SNMP is installed. • The name or IP address for the IT Assistant system is in the list under the SNMP Service Properties window → Security tab → Accept SNMP packets from these hosts radio button. This value needs to be configured on the managed system.
Configuring CIM in the Operating System IT Assistant uses the Windows Management Interface (WMI) core to make CIM connections. The WMI core uses Microsoft network security to protect CIM instrumentation from unauthorized access. For more information on operating system CIM configuration, see "Configuring Protocols to Send Information to IT Assistant." NOTE: IT Assistant requires the CIM user name and password with administrator rights that you established on the managed systems.
Discovery in Jane’s Small-to-Medium Size Business Jane wants to discover all of the systems on her network. Discovery is a process whereby IT Assistant identifies each system and records identifying information for that system in the IT Assistant database.
Configuring SNMP for PowerConnect Switches Jane can monitor her ten PowerConnect switches by using IT Assistant.
Configuring Discovery Settings Jane begins by configuring the discovery settings for her systems using the Discovery Configuration Settings dialog box. This dialog is displayed either automatically when she clicks Step 1: Discovery Configuration from the IT Assistant or by choosing Discovery Configuration from the menu bar. Here, Jane enters information that IT Assistant will use for discovery.
Configuring Inventory Settings Next, Jane needs to enter inventory settings. IT Assistant collects inventory information about software and firmware versions, as well as device-related information about memory, processor, power supply, PCI cards and embedded devices, and storage. This information is stored in the IT Assistant database and can be used to generate customized reports. To set inventory settings: 1 Select Discovery and Monitoring→ Inventory Configuration from the menu bar.
Configuring Discovery Ranges IT Assistant maintains a register of network segments that it uses to discover devices. A discovery range can be a subnet, range of IP addresses on a subnet, individual IP address, or an individual host name. To identify her systems to IT Assistant, Jane must define a discovery range. To identify an include range: 1 Select Discovery and Monitoring→ Ranges from the menu bar. The Discovery Ranges navigation tree is displayed on the left side of the IT Assistant window.
access to this data. Therefore, she changes the default Get Community name (public) to a name known only to her and her designated backup. NOTE: Community names entered in the SNMP Get and Set community name fields for the managed system’s operating system must match the Get Community and Set Community names assigned in IT Assistant. • Enter a case-sensitive value for the Set Community name. Jane’s considerations: The Set Community name is a read-write password that allows access to a managed system.
Creating Alert Action Filters and Alert Actions for Jane’s Small-to-Medium Size Business Jane creates an Alert Action Filter in IT Assistant by specifying a set of conditions. When tied to an Alert Action, IT Assistant will automatically execute whatever action Jane has defined. IT Assistant has three types of Alert filters: Alert Action Filters – used to trigger actions when an alert condition is met Ignore/Exclude Filters – used to ignore SNMP traps and CIM indications when they are received.
7 Under Date/Time Range Configuration, enter values for any or all of the optional categories. Jane leaves these options unselected since she wants the filter to apply at all times. 8 Under Alert Action Associations, select whether you want the event captured by the filter to trigger an alert or be written to a log file. Jane selects Alert to get a console notification. 9 The New Filter Summary shows your selections. Click Finish to accept, or Back to make changes.
As a result of how Jane has configured Alert Action Filters and Alert Actions in IT Assistant, here is what will happen: • IT Assistant will continuously monitor all servers and network switches on Jane’s network. • When any server or network switch reaches a warning or critical state, the Alert Action Filter Jane set up in IT Assistant will automatically trigger the accompanying Alert Action. • The Alert Action will send Jane an e-mail notification to the address she specified.
IP Subnet Ranges for Servers Tom’s first decision is to determine which of the 1,000 servers he wants to monitor with IT Assistant. Tom may want to record the IP subnet range of each subnet he wants to include in his discovery, any systems or ranges he wants to exclude from discovery, corresponding community names used on each subnet, and any other data he determines is relevant to his network. An example of a form that captures this data appears in Table 4-2.
Table 4-2. Example Subnet Ranges, IP Addresses, or Host Names and Corresponding Information for Data Center and Remote Servers (continued) System Include Subnet Exclude Hosts or Group Name Range Subnet Range Public/Private Community Names Number of Longest Ping Servers on Response Time Subnet Observed on Subnet Data Center 192.166.160.* Servers 8 dcp123/dcxprivall 100 59 Data Center 192.166.161.* Servers 9 dcp123/dcxprivall 50 128 Remote Servers 1 10.9.72.
Configuring Discovery Settings Tom also begins by configuring the discovery settings for his systems using the Discovery Configuration Settings dialog box. This dialog is displayed either automatically when he clicks Step 1: Discovery Configuration from the IT Assistant welcome screen or by choosing Discovery Configuration from the menu bar. Here, Tom enters information that IT Assistant will use for discovery.
Configuring Inventory Settings Next, Tom enters inventory settings. IT Assistant collects inventory information about software and firmware versions, as well as device-related information about memory, processor, power supply, PCI cards and embedded devices, and storage. This information is stored in the IT Assistant database and can be used to generate customized reports. To set inventory settings: 1 Select Discovery and Monitoring→ Inventory Configuration from the menu bar.
Configuring Discovery Ranges IT Assistant maintains a register of network segments that it uses to discover devices. A discovery range can be a subnet, range of IP addresses on a subnet, individual IP address, or an individual host name. Tom’s enterprise network is organized into a number of subnets. There are 850 servers in the datacenter and 150 remote servers. Tom refers to the IP subnet ranges he wrote down for his servers (see Table 4-2).
Although the Get Community name affects read-only information retrieved by IT Assistant from managed systems, such as the results of discovery, status polling, and alert logs, Tom wants to limit access to this data. Therefore, he changes the default Get Community name (public) to a name known only to him and his system administrators.
Exclude Systems From Discovery IT Assistant also provides the capability to exclude specific systems from discovery. This feature is normally used in larger enterprise environments to improve speed, to isolate a system with a problematic agent, or to enhance security and convenience. Tom has one system in his enterprise that contains highly sensitive information. So sensitive, in fact, that he doesn’t even want the system visible to his system administrators.
He decides to: 1 Create one custom group for the datacenter servers and one custom group for the remote servers. 2 Create an Alert Action Filter for each of the four administrators who help Tom with the remote and datacenter servers on different days and different shifts. 3 Create an Alert Action that will be triggered by the corresponding Alert Action Filter to automatically e-mail the appropriate administrator at the appropriate day and time.
Creating an Alert Action Filter Now, Tom will create an Alert Action Filter that includes each of the four administrators who work for him. In the following procedure, you can see how creating custom groups for the two types of servers make it easier to create the filters. To create an alert action filter: 1 Select Alerts→ Filters from the menu bar. The Alert Filters window appears. 2 Expand the Alert Filters in the navigation tree and right-click Alert Action Filters. Select New Action Alert Filter.
7 Under Date/Time Range Configuration, enter values for any or all of the optional categories. Tom selects different time and day values for each of the three filters. Tom does not select date filters, but could use this value if he wanted to create a filter and action for a vacation, an outside service vendor, or another special situation. For the DC 1st Shift filter, Tom enables the time range 7:00:00 A.M. to 7:00:00 P.M. and enables the days Monday through Friday.
3 Give the action a logical name in the Name field. Tom is configuring a separate Alert Action for himself, Bob, John, and Jill. Each time he repeats the procedure here, he uses the following names in the Name field: • Tom ADMIN MGR e-mail • DC 1st Shift Bob e-mail • DC 2nd Shift John e-mail • Weekend Admin Jill e-mail 4 From the Type pull-down menu, choose Email.
Configuring IT Assistant to Monitor Your Systems
Reporting and Task Management Dell OpenManage™ IT Assistant provides the ability to: • Create customized reports for all systems in your enterprise • Perform command line execution on managed devices from a central console, including shutdown and wake up • Perform software compliance checking and updates on an individual managed system The basics of these capabilities are shown here using the same user scenarios presented in "Configuring IT Assistant to Monitor Your Systems.
Figure 5-1. Custom Reporting in IT Assistant 6 Device Server 1 PCI Cards 48 rows returned NIC Device Cards 8 Contact Info Memory Devices ...
Creating a New Report To illustrate IT Assistant’s report capabilities, let us take another look at Jane’s enterprise: Among her group of managed systems, she has 50 Dell™ PowerEdge™ servers. However, she is not sure exactly which servers have which type of network interface card installed. She can answer that question quickly by using IT Assistant’s reporting tool: From IT Assistant, Jane will: 1 Select Views→ Reports, then right click on All Reports in the left navigation pane. 2 Choose New Report.
Table 5-1. Query Report Parameters Name of the Query Specifies the name of the query. Query Criteria Specifies the query criteria. For example, to create a new query with the query criteria for all devices that correspond to a subnet, specify: Where: IP Address Starts With 143.166.155 The query operators are: • Contains — Specifies that the query criteria string contain a certain set of characters. • Ends With — Specifies that the query criteria string ends with a certain set of characters.
IT Assistant Database Schema Information The rows in the Device table represent the devices in the network. IT Assistant gathers data that is stored in associated tables and is linked by the DeviceId, an internal identifier. The associated data is stored in the following tables. NOTE: The primary keys for the tables are marked with an asterisk (*). Table 5-2.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed DeviceDiscoveredTime datetime 8 Yes The last time IT Assistant interrogated the system to determine what agents were present. DeviceProtocols int 4 Yes Bitmask indicating what protocols the device supported. Bit 1 = SNMP Bit 4 = CIM DevicePreferredProtocol int 4 Yes The protocol by which the remote device prefers to be managed.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed AgentGlobalStatus int 4 Yes The global status of the agent. Not Known = 0 Unknown = 1 Normal = 4 Warning = 8 Critical = 16 AgentInstallTime datetime 8 Yes The time the agent was installed, if available. AgentId int 4 Yes Internal ID used to distinguish between agents.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed ArrayDiskName nvarchar 256 Yes The array disk’s name as represented in Storage Management. ArrayDiskVendorName nvarchar 64 Yes The array disk's reseller's name. ArrayDiskModelNumber nvarchar 64 Yes The array disk’s model number. ArrayDiskSerialNumber nvarchar 64 Yes The array disk's unique identification number from the manufacturer.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed ControllerName nvarchar 64 Yes The name of the controller in this subsystem as represented in Storage Management. Includes the controller type and instance, for example: PERC 3/QC 1. ControllerVendor nvarchar 64 Yes The controller's reseller's name. ControllerType nvarchar 64 Yes The type of controller.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed DeviceId* int 4 No The foreign key to the Device Table. EnclosureNumber* int 4 No The instance number of the enclosure entry. EnclosureName nvarchar 256 Yes The enclosure's name. EnclosureVendor nvarchar 256 Yes The enclosure's reseller's name. EnclosureId int 4 Yes The SCSI address of the processor.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed EMMVendor nvarchar 256 Yes The management module reseller's name. EMMPartNumber nvarchar 64 Yes The part number of the enclosure memory module. EMMFWVersion nvarchar 64 Yes Firmware version of the enclosure memory module. DeviceId* int 4 No The foreign key to the Device Table. VirtualDiskNumber* int 4 No Instance number of this virtual disk entry.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed DeviceId* int 4 No The foreign key to the Device Table. VolumeNumber* int 4 Yes Instance number of the volume entry. VolumeDriveLetter nvarchar 64 Yes The volume's path (or drive letter) according to the operating system. VolumeLabel nvarchar 256 Yes The user-definable label for this volume. VolumeSize int 4 Yes The size of the volume in megabytes.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed MemoryDeviceBankName nvarchar 256 Yes This attribute defines the location of the bank for the memory device. MemoryDeviceType nvarchar 256 Yes This attribute defines the type of the memory device. MemoryDeviceFormFactor nvarchar 256 Yes This attribute defines the form factor of the memory device.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed OSRevision nvarchar 64 Yes The revision of the operating system (for example, the Microsoft Windows® service pack or the Linux kernel version) OSTotalPhysicalMemory int 4 Yes The total physical memory reported by the operating system in megabytes. OSLocale nvarchar 64 Yes The locale for the operating system. OSType int 4 Yes The type of operating system.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed ProcessorIndex* int 4 No This attribute defines the index (one based) of the processor. ProcessorFamily nvarchar 256 Yes This attribute defines the family of the processor device. ProcessorCurrentSpeed int 4 Yes This attribute defines the current speed of the processor device in MHz. Zero indicates that the current speed is unknown.
Table 5-2. IT Assistant Database Schema (continued) Column Name 74 Data Type Data Size Nulls Description Allowed WakeupOnLAN nvarchar 64 Yes Defines whether Wakeup On LAN is disabled, enabled for on-board NIC only, or enabled for add-in NIC only. If Enabled with boot to NIC option is selected, the system boots from the NIC boot-ROM upon a remote wake up. WakeupOnLANMethod nvarchar 64 Yes Defines the Wakeup On LAN method supported by the system.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed PCISlots nvarchar 64 Yes The status of the system's add-in PCI slots (enabled/disabled). USBPorts nvarchar 64 Yes The status of the USB ports (on/off). DeviceId* int 4 No The foreign key to the Device Table. ComponentId nvarchar 64 Yes The component identifier for the software. InstanceId* nvarchar 32 No The instance identifier for the hardware.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed OSMinorVersion nvarchar 16 Yes The minor version of the operating system. OSSPMajorVersion nvarchar 16 Yes The Service Pack major version. OSSPMinorVersion nvarchar 16 Yes The Service Pack minor version. DeviceId* int 4 No The foreign key to the Device Table. SwitchIndex* int 4 No The index of the switch. SwitchAssetTag nvarchar 255 Yes The asset tag of the switch.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed UserInformationUserName nvarchar 64 Yes The user name. ExtendedWarrantyStartDate nvarchar 64 Yes The extended warranty start date. ExtendedWarrantyEndDate nvarchar 64 Yes The extended warranty end date. ExtendedWarrantyCost nvarchar 64 Yes The extended warranty cost. ExtendedWarrantyProviderName nvarchar 64 Yes The extended warranty provider name.
Table 5-2. IT Assistant Database Schema (continued) Column Name Data Type Data Size Nulls Description Allowed DepreciationPercentage nvarchar 64 Yes The depreciation percentage. DepreciationMethod nvarchar 64 Yes The depreciation method. RegistrationIsRegistered nvarchar 64 Yes The registration is registered. DeviceId* int 4 No The foreign key to the Device Table. ContactName* nvarchar 64 No The contact name.
Software Updates IT Assistant provides a centralized software update capability. You can load Dell Update Packages and System Update Sets into a central repository, then run a compliance check of all the systems in your enterprise against the Update Packages. A System Update Set is a logical set of Dell Update Packages designed to enable package sequencing and minimize system reboots. Dell Update Packages are available from the Dell Support website at support.dell.com or from the Dell PowerEdge Updates CD.
5 Click Compare to check the devices you selected against the contents of the Update Package. IT Assistant performs a comparison and generates a compliance report that shows an iconic representation of the differences found, full version information on the devices she chose, and other information that can help her identify out-of-compliance systems or devices. 6 If IT Assistant finds servers or devices that need updating, Jane can select which ones she wants to update and click the Update button.
7 If she is rebooting an SNMP-enabled system, she must enter the instrumentation user name and password in the Enter Credentials window. If her system is CIM-enabled, she must enter the fully qualified domain user name and password. 8 At the Summary window, she either confirms her selections or chooses Back to make changes. The server she specified will begin a reboot immediately after she selects Finish.
Reporting and Task Management
Ensuring a Secure Dell OpenManage IT Assistant Installation This section discusses several specific topics useful in implementing a more secure Dell OpenManage™ IT Assistant installation. IT Assistant leverages HTTPS for secure communications, as well as the Microsoft® Active Directory for role-based access. For detailed information on security across the Dell OpenManage platform, including IT Assistant, see the Dell OpenManage Installation and Security User’s Guide.
ASF and the SNMP Protocol A final security consideration, starting with Dell™ OptiPlex™ GX260 systems, is the integrated Network Interface Controller (NIC) that provides support for Alert Standard Format (ASF). ASF issues Platform Event Traps (PET) corresponding to system health and security issues. Since these traps are supported by the SNMP protocol, the managed system NIC must be configured with the IP address and community string of the management station running IT Assistant.
Security and the SNMP Protocol There are several actions that can be taken to better secure environments using the SNMP protocol. Although the following samples refer to Microsoft Windows operating systems, similar steps can be performed for the Red Hat Linux and Novell NetWare operating systems. By default, when SNMP is installed, the community name is set to public.
Ensuring Database Security When Using IT Assistant If no SQL Server database is detected when IT Assistant is installed, the process installs a copy of MSDE 2000, which is set to an authentication mode of trusted or Windows only. However, other applications that may have previously installed MSDE or SQL Server, including previous versions of IT Assistant, frequently chose either an authentication mode of SQL or mixed mode, which allows SQL Server to manage its own user IDs and passwords.
Figure 6-1. Typical Installation Behind a Firewall user’s system IT Assistant Services firewall 1311 managed system CIM/WMI 2607 161, 162 IT Assistant User Interface Server Administrator Web Browser 80, 443 Array Manager 2148 RAC Array Manager Setting Up Additional Security for IT Assistant Access So far in this section, security has been addressed with respect to the existing TCP/IP connection between IT Assistant and the managed system.
Figure 6-2. Using Terminal Services for Additional Security Services system Terminal Services client 3389 terminal services Array Manager user’s system Internet Explorer IT Assistant User Interface managed system 2607 CIM/WMI firewall 161,162 IT Assistant Services Server Administrator RAC Array Manager 1311 80/443 2148 In Figure 6-2, a user may connect to the IT Assistant management station through a locally installed Terminal Services client or Windows XP Remote Desktop connection.
Securing Ports for IT Assistant and Other Supported Dell OpenManage Applications Securing port 2607 of the IT Assistant Services Tier and ports 1311, 161, and 162 of the managed system can be done using IP Security (IPSec). To list ports that are currently running on your server, you can use the command netstat -an from a command prompt to show the status of all ports on your system.
To launch IT Assistant using Single Sign-on authentication against the local system user accounts, the following parameters must be set: authType=ntlm&application=[ita]&locallogin=true For example: https://localhost:2607/?authType=ntlm&application=ita&locallogin=true Role-Based Access Security Management IT Assistant provides security through role-based access control (RBAC), authentication, and encryption.
Assigning User Privileges You do not have to assign user privileges to IT Assistant users before installing IT Assistant. The following procedures provide step-by-step instructions for creating IT Assistant users and assigning user privileges for Windows operating system: NOTICE: You should disable guest accounts for supported Microsoft Windows operating systems in order to protect access to your critical system components. See "Disabling Guest and Anonymous Accounts" for instructions.
4 Type the appropriate information in the dialog box, select or clear the appropriate check boxes, and then click Create. NOTICE: You must assign a password to every user account that can access IT Assistant to protect access to your critical system components. Additionally, users who do not have an assigned password cannot log into IT Assistant on a system running Windows Server 2003 due to operating system constraints. 5 In the console tree, under Local Users and Groups, click Groups.
Disabling Guest and Anonymous Accounts NOTE: You must be logged in with Administrator privileges to perform this procedure. 1 If your system is running Windows Server 2003, click the Start button, right-click My Computer, and point to Manage. If your system is running Windows 2000, right-click My Computer and point to Manage. 2 In the console tree, expand Local Users and Groups and click Users. 3 Click the Guest or IUSR_system name user account. 4 Click Action and point to Properties.
Ensuring a Secure Dell OpenManage IT Assistant Installation
Configuring Protocols to Send Information to IT Assistant Dell OpenManage™ IT Assistant uses two systems management protocols — Simple Network Management Protocol (SNMP) and Common Information Model (CIM). This appendix provides configuration information for SNMP and CIM. These systems management protocols allow IT Assistant to get status for Dell™ systems using server agents or Dell OpenManage Client Instrumentation (OMCI).
SNMP Community Names in IT Assistant and Server Administrator For IT Assistant to successfully read information, modify information, and perform actions on a system running Dell OpenManage Server Administrator (the Dell recommended server agent) and/or other supported agents, the community names used by IT Assistant must match the corresponding community read-only (Get) and read/write (Set) community names on the managed system.
Configuring the SNMP Service on an IT Assistant Managed System Running a Supported Windows Operating System Server Administrator and certain other managed system agents, such as Dell PowerConnect™ switches, use the SNMP protocol to communicate with IT Assistant. To enable this communication, the Windows SNMP service must be properly configured to enable Get and Set operations and to send traps to a services system. NOTE: See your operating system documentation for additional details on SNMP configuration.
Enabling SNMP Set Operations SNMP Set operations must be enabled on the managed system to change Server Administrator attributes using IT Assistant. 1 If your system is running Windows Server 2003, click the Start button, right-click My Computer, and point to Manage. If your system is running Windows 2000, right-click My Computer, and point to Manage. The Computer Management window appears. 2 Expand the Computer Management icon in the window, if necessary.
7 To add a trap destination for a trap community, select the community name from the Community Name drop-down menu and click Add. The SNMP Service Configuration window appears. 8 Type the trap destination and click Add. The SNMP Service Properties window appears. 9 Click OK to save the changes. Configuring the SNMP Agent on Systems Running Supported Red Hat Linux Operating Systems Managed system agents such as Server Administrator use the SNMP services provided by the ucd-snmp or net-snmp SNMP agent.
Enabling SNMP Set Operations SNMP Set operations must be enabled on the system running Server Administrator in order to change Server Administrator attributes using IT Assistant. To enable SNMP Set operations on the system running Server Administrator, edit the SNMP agent configuration file, /etc/snmp/snmpd.
Configuring the SNMP Agent on Systems Running Supported NetWare Operating Systems Managed system agents such as Server Administrator use the SNMP services provided by the NetWare SNMP agent. You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a Services system. To configure your SNMP agent for proper interaction with IT Assistant, perform the tasks in the following sections.
5 Select Specified Community May Read. 6 Under Monitor Community, enter the read community name. 7 Select Control State to configure the write (or set) community name. The Control Community Handling menu appears with the following options: • Any Community May Write • Leave as Default Setting • No Community May Write • Specified Community May Write NOTE: Press for more information about Control State. Press to clear the help window. 8 Select Specified Community May Write.
18 Select SNMP Manager Table. The SNMP Manager Table menu appears with the following options: • Press to add SNMP trap destinations. • Press to modify SNMP trap destinations. • Press to delete SNMP trap destinations. NOTE: Press for more information about SNMP Manager Table. Press to clear the help window. 19 Select one of the SNMP Manager Table menu options. 20 Press to exit the SNMP Manager Table menu. A message box appears, prompting you to update the database.
NOTE: CIM discovery requires proper user ID and password credentials. Failure to supply proper credentials on a subnet configured for CIM discovery can result in account lockout. For Managed Systems Running Windows 2000 NOTE: The WMI core is installed with Windows 2000 by default. 1 Click Start→ Settings→ Control Panel→ Administrative Tools→ Computer Management. 2 In the Computer Management (Local) tree, expand the Local Users and Groups branch and click the Users folder.
3 On the menu bar, click Action and then click New User. a In the New User dialog box, fill in the required information fields with the user name CIMUser and password DELL. b Ensure that you clear (deselect) the User must change password at next logon check box. c Click Create. 4 In the right pane of the Computer Management dialog box, double-click CIMUser. You may have to scroll through the list to locate CIMUser. 5 In the CIMUser Properties dialog box, click the Member Of tab. 6 Click Add.
Configuring Protocols to Send Information to IT Assistant
Index A D adding users, 92 database schema information, 63 agents on systems, 21 alert filters, 10 disabling users, 93 ASF, 84 DMI support, 12 C E CIM, 36, 95 e-mail notification, 20 configuring discovery cycle, 46 discovery ranges, 42, 51 discovery settings, 40, 49 inventory settings, 41, 50 SNMP, 47, 95 status polling settings, 41, 50 system to send SNMP traps, 98 enabling SNMP, 98 creating alert action, 45, 56 alert action filter, 44, 55 custom groups, 54 device control task, 80 reports, 61
Index M S U managing tasks, 80 securing managed systems, 83-84 uninstalling IT Assistant, 29 MSDE, 19 multiple JREs, 31 security and IT Assistant, 87 security and SNMP, 85 single sign-on, 89 N network management station, 10, 12, 34 SNMP, 35, 39, 95 best practices, 35 optimal configuration, 36 user privileges, 90 users adding, 92 creating, 91 disabling, 93 using IT Assistant, 39 using software updates, 79 software update, 81 software updates, 79 R RBAC, 26, 34 remote client instrumentation