Getting Started with Management Center
For information on how to install and configure Management Center, refer to the relevant topics in the User Workspace Manager help files.
This section provides an overview of the steps to configure and set up Ivanti Management Center. It includes the tasks required to set up Deployment Groups and push out Deployment Agents.
-
Launch the Management console from Start> All Programs>Ivanti>Management Center.
If you do not have a Management Server setup, or have more than one, the Select Management Server dialog displays.
-
Add or select the required server and click Connect.
The Connect to Management Server dialog displays.
-
Select to connect as Current User or a Custom User.
Select Remember me to automatically connect as this user in the future.
- Click OK.
To create a deployment group:
- Select the Home button in the navigation pane.
- Right-click the Deployment Groups node and select New Deployment Group.
- Right-click the new node and select Rename. Give the node an intuitive name, for example, Terminal Servers UK.
- Repeat the above steps for additional deployment groups, for example, Terminal Servers US.
-
Configure the following settings:
- Server polling, downloads and uploads
- Deployment Agent permissions
- Agent and Configuration Installation schedules
- Failover servers
- Access credentials
Membership rules determine which group a computer is assigned to. You can configure the rules by adding and excluding conditions for computers, groups and containers. Membership rules have a one to one relationship with deployment groups.
The Discover action places a computer into the first group that has a matching rule.
Note, rules are read in the order they are listed in the Membership Rules work area. You can use the Move Up and Move Down commands to order the rules.
- Select the Home navigation button.
-
Select [Server] > Deployment Groups > [Deployment Group] > Configure Membership Rules button.
The Membership Rules work area displays and lists all the deployment groups.
- Select the deployment group in the list you want to add a condition to.
-
Select Edit Conditions in the Actions panel.
The Edit Group Conditions dialog box displays.
-
Click Add and do one of the following:
- Select Computer by NetBIOS Name and specify the NetBIOS name for the computer or browse to the computer.
- Use Active Directory and select Computer, Group
or Container and specify or browse
to the Active Directory component.
Note, Management Center 2020.3 and later supports the use of a wildcard for querying Active Directory Group or Container membership. Refer to Use of wildcards for further information.
- Repeat to add additional conditions, if required and click OK.
-
Click Submit to submit the changes to the rule.
Click Discover to perform an immediate discovery of computers.
-
If required, expand the deployment group you have discovered computers for and select the Computers node.
Details about the discovered computers display in the Computers work area.
The Management Center console installs with an Administrator account assigned to the user installing the software. This user is assigned a Server Administrator server role which gives full access and control to all areas and functions on the Management Server.
You can also add other user accounts and assign that server role or another of the default server roles, Modifier or Viewer. You can create custom server roles to which you can assign permissions from a comprehensive list.
You can also setup custom object roles which are used to setup security assignments in particular areas of the Management console. You can assign permissions to an object role to allow users to view, modify or delete objects in different areas of the console such as deployment groups, alert rules, packages or reports.
Object role access and control can be specified at a very granular level in some areas of the console allowing you to grant or restrict access either to a specific area such as a Deployment Group or to a particular object, such as a report or an alert rule.
- Select the Security button in the navigation pane to setup security.
- To view or edit the server permissions for a group or user expand the Server Permissions node.
-
Select either the Groups node or the Users node.
The Groups or Users display in the All Groups/All Users work area.
-
To edit roles click a group or user, select the group or user and select Edit Roles.
The Global Security Roles dialog box displays.
- Allow or deny the roles and click OK.
The poll period controls how frequently the Deployment Agent checks the Management Server for changes to the User Workspace Manager product agents, configurations and deployment groups. You can specify how often to poll.
You can also specify the upload event data period.
After you define a poll period and upload event data period you can include a poll variance to reduce the potential server load when multiple Deployment Agents are set to poll at the same time.
- Navigate to Deployment Groups > [Deployment Group] > Settings > General tab.
- Specify the server polling and downloads period. The period can be set between 1 minute and 7 days. The default is 1 hour with a default poll variance of 20%, that is +/-12 minutes.
- Specify the event data uploads. The period can be set between 1 minute and 1 day. The default is 30 minutes with a default poll variance of 50%, that is +/-15 minutes.
If you intend on installing the Deployment Agent manually on end-point computers and not through the Management Center, the Allow self-registration option must be selected in the Deployment Agent Permissions section.
The Installation Schedule controls how agent and configuration packages install. If you do not enable the installation, agents and configurations will not install or uninstall. You can choose to install immediately, on computer startup, or on a schedule.
- Expand the Deployment Groups > [Deployment Group] > Settings node.
- Select the Installation tab.
-
Set the Agent and Configuration Installation Schedules to one of the following:
- Disable - Agents/Configurations do not install.
- Automatically at next client poll - Agents/Configurations install when the computer next polls.
- Automatically scheduled - Agents/Configurations install according to the specified schedule.
- At next system restart - Agents/Configurations install on next restart.
- Click Submit.
The installation schedule uses the local time of the endpoint.
Check the availability of packages in the Packages view. The Management Center installation loads the latest software into the database. Where appropriate, you can add existing packages such as configurations and earlier versions of the software agent packages which you have previously backed up in MSI file format prior to running the current installation.
Apply security access rights to packages to restrict or enable access and control.
Use the Packages view to view, add and remove agents and configurations, and to export configurations. Select the Packages button in the navigation pane to display all the available packages, that is, all the agents and configurations.
To assign a package to a deployment group.
- Select the Home button.
- Select Deployment Groups > [Deployment Group] > Packages node.
- To submit a package for assignment to the deployment group, select the package and click Submit.
- To assign the package, select the package and click Assign.
Caution: You must enable the installation schedule for the deployment group before you can install agents and configurations.
The Alerts view provides a comprehensive list of default alert rules which you can enable or disable. You can also create new alert rules by specifying combinations of the event ID, computer name and user name. Configure alert rule notifications using mail server details for e-mail and SNMP messages about critical events you wish to monitor.
- Select the Alerts button in the navigation pane.
- Expand the Alert Rules node.
- Select and expand the rule you want to use in the navigation pane.
- If required, click the Criteria node and specify criteria, for example, a user name.
-
Expand the Actions node and do one of the following:
- To send email messages when the alert criteria is met, select the SMTP node, select EnableSMTP and specify the email settings in the SMTP configuration area.
- To generate SNMP traps when the alert rule criteria is met, select the SNMP node and select Enable SNMP.
Use Auditing to specify which events client computers send to the Management Server for each product agent. You can also specify to display computer and user names anonymously.
Events can be generated by:
- Application Control
- Environment Manager
- Performance Manager
- Management Center
- Select the Home button in the navigation pane.
- Expand the Deployment Groups > [Deployment Group] > Settings node.
-
Select the Auditing tab.
The Auditing work area displays.
- To display computer names anonymously, select Always use anonymous MACHINE names in events.
- To display user names anonymously, select Always use anonymous USER names in events.
- In the Event Filter expand the product name that you want to enable events for.
- Select the Enabled column for the required events.
Before you can install the Deployment Agent on any endpoint, Access Credentials must be supplied. The list of credentials are used by the Management Server to install the Deployment Agent when chosen by the user. You can add multiple users to the list and they are attempted in the order defined in the Access Credentials work area.
Access Credentials configured from the top level tree view apply to all Deployment Groups by default, unless specific credentials have been defined within a specific Deployment Group. In this case, the Deployment Group’s Access Credentials precede the default credentials.
You can create default Access Credentials and credentials specific to a deployment group.
Global Access Credentials
- Select the Home button in the navigation pane.
- Select the Global Settings node.
- Select the Access Credentials tab.
- The Access Credentials work area displays.
-
Do one or more of the following:
- To add a credential enter the User name and Password and select Add.
- To remove a credential, highlight the required credential and select Remove.
- To order credentials in the list highlight the required credential and select Move Up and Move Down.
Access Credentials for Deployment Groups
- Select the Home button in the navigation pane.
- Navigate to Deployments Groups > [Deployment Group].
-
In the Details section in the work area select the Manage Credentials button.
The Manage Credentials dialog displays.
-
Do one or more of the following:
- To add a credential enter a User name and Password and select Add.
- To add the credentials to the global default list select Add to Global Credentials.
- To remove a credential, highlight the required credential and select Remove.
- To order credentials in the list highlight the required credential and select Move Up and Move Down.
The Deployment Agent can be installed on client computers using any of the following methods.
- Before you can install the Deployment Agent you must setup the Access Credentials.
- 64-bit Deployment Agent packages can only install on 64-bit operating systems. 32-bit Deployment Agent packages can only install on 32-bit operating systems.
- Download the Deployment Agent installation package from the Management Server website and run the installation package on the client computer.
- The Deployment Agent can be installed manually by running the installation package or silently using a command line prompt.
- Deploy the Deployment Agent to multiple client computers using the Install Deployment Agent functionality within the console or other third-party deployment mechanisms, such as Microsoft System Management Server, depending on the scale of deployment required.
Install using the Install Deployment Agent Functionality
- Expand the Deployment Groups > [Deployment Group] nodes.
- Select the Computers node.
- All the computers within the deployment group display.
- Select one or more of the computers and click Install Deployment Agent in the Actions panel.
The Client Access Log provides details on the installation process and the Deployed (%) column indicates the percentage of the package deployed.
Once the Deployment Agent is installed, the service registers with the Management Server at the website address you supplied during installation. After the Deployment Agent downloads the deployment group settings, the service implements the policies to install software, generate events and poll the server for further changes and package updates. The Deployment Agent regularly polls the server for updates and changes to the deployment policy, according to the deployment group settings.
Ensure that you provide a valid Management Server URL and prefix the address appropriately with HTTPS or HTTP depending on whether you are implementing the Management Center with SSL encryption and a valid certificate or without SSL.
Failover Servers provide a list of alternate Management Servers to which the Deployment Agent can connect to. In the event of a connection failure the Deployment Agent attempts to connect to the next available server in the list. Management Servers are listed in order of priority, starting with the first in the list.
The Failover Servers list is automatically populated with the URLs that the Deployment Agents use to connect to the Management Server.
Install additional Management Servers and select to use the existing SQL Server name and database name. After installation, add the URL of the failover server to the list of servers in the Management Center console.
You can specify default failover servers and failover servers specific to a deployment group. Failover servers assigned to a particular deployment group can override the default failover servers.
For more information about installing the Management Server, see the User Workspace Manager Install and Configure Guide.
Default Failover Servers
- Select the Home button in the navigation pane.
- Select the Global Settings node > Failover Servers tab.
-
Do one of more of the following:
- To add a server, select Add Serverin the Actions panel.
- The Add Failover Server dialog box displays. Specify the server you want to add.
- To remove a server, highlight the required server in the list and select Remove Servers in the Actions panel.
- To order existing servers, select Move Up and Move Downin the Actions panel.
-
To test a server connection, select Test Server Connectionin the Actions panel.
A message displays to confirm connection.
Deployment Group Failover Servers
- Select the Home navigation button.
- Expand the Deployments Groups > [Deployment Group] > Settings nodes.
- Select the Custom Failover Servers tab.
-
Do one or more of the following:
- To add a server, select Add Serverin the Actions panel. The Add Failover Server dialog box displays. Specify the server you want to add.
- To remove a server, highlight the server in the list and select Remove Servers.
- To order existing servers, select Move Up and Move Down.
- To test a server connection, select Test Server Connection. A message displays to confirm connection.
- To override the default list of failover servers, select the Override Default Failover Servers option. The deployment group list of failover servers overrides the default servers for all Deployment Agents in the current deployment group.
- To manage the default list of servers, select Manage Default Failover Servers.