About Management Center
The Management Center comprises of the Management Server, Microsoft SQL Server, Management Console and the Deployment Agent installed on managed computers. The Deployment Agent uploads event data from managed computers to the Management Server and downloads product configurations and software updates from the Management Server. Product configurations are created using the product consoles and stored in the Management Center SQL database from where they can be downloaded along with product agents by the Deployment Agent for installation on managed machines.
The Management Console provides an interface to the Management Server and the other components of the Management Center. The console allows you to manage Deployment Groups, Global Settings, Packages, Alerts and Alert Rules, Reports and Security.
The console will normally run in the language selected for the installation. If required, the console language can be changed using the language selector in the console work area. For further information refer to Language settings in User Workspace Manager help.
The Navigation pane consists of the navigation tree and navigation buttons. The navigation tree is the area for managing nodes of the configuration. The navigation buttons allow you to view the different areas of the console, including:
Home - Provides an overview of the Management Center with the first three step up steps to help you get up and running. From here you can launch the User Workspace Manager product consoles; Application Control, Environment Manager and Performance Manager. The work area also contains overview details of the server connection, deployment groups, computers and alerts.
From within the Home view you can setup and manage the following:
- Deployment Groups
- Global Settings
- Membership Rules
- All Computers
- Packages - Manage User Workspace Manager software agent, configuration packages and any prerequisites on the Management Server.
- Alerts - Add and manage alerts and alert rules for User Workspace Managersoftware events sent to the server from client computers.
- Reports - Import and generate a range of reports for User Workspace Managerproducts.
- Security - Manage server and object permissions and role-based access rights to the Management Center console views and settings.
The Navigation pane is collapsible allowing you to create more viewing space for the other areas of the console.
The Work Area provides the main area for managing the settings, controls and views of the selected node in the navigation pane. The contents of the work area vary according to the selected nodes in the navigation tree and the selected navigation buttons.
The Actions panel displays in the right-hand column and shows available controls for the current view.
The Management Server manages communications with a Microsoft SQL database server for data access and storage. It provides security control, communications for managing network discovery services and software deployment to managed computers, resource management and auditing.
- Management Server security manages network authorization for Management consoles and product consoles.
- Management Center handles download schedules, group management and file transfers, and network discovery services for integration with Active Directory.
- Auditing manages event data access and storage via the Management console alert rules which includes mechanisms for generating SNMP and SMTP alert notifications.
- Management Center supports a list of failover of servers which can take over the role of the Management Server to allow the system to continue functioning in the event of a hardware or environment failure.
For further information, see Server Configuration Portal Help.
The Management Center relies on the availability on the network of a Microsoft SQL server for the storage and retrieval of User Workspace Manager software agents, configuration packages, license packages, and event and alert data.
The Microsoft SQL database server is administered by the Management Server and can be installed locally on the Management Server or on a separate server.
For more information about managing user permissions for the SQL database during installation and upgrades, refer to the Upgrade topic in the User Workspace Manager help.
SQL Server AlwaysOn is the preferred SQL Server technology to support High Availability/Disaster Recovery scenarios and User Workspace Manager 10.x servers have been optimized to support this technology.
SQL mirroring is available for DesktopNow 10.1 FR1 or later customers who are currently in the process of transitioning to AlwaysOn technology. For more information see the Database topic in the User Workspace Manager help. Note that DesktopNow was renamed to User Workspace Manager from 10.1 FR2).
The User Workspace Manager product consoles, including Application Control, Environment Manager and Performance Manager, allow you to configure and save configurations to the Management Server's database for adding to deployment groups and deploying to managed computers.
For more information on the product consoles refer to the relevant product help system. All Help systems can be accessed from the Help Portal.
The Deployment Agent is installed on managed computers to manage communications between the product endpoint and the Management Center.
The Deployment Agent polls the Management Server to manage the download and installation of agents, configurations and software package updates, and also sends event data generated by the product agents to the Management Server.
The Deployment Agent can be downloaded and installed directly on managed computers from the Management Server web site or by using the Management Center console. You can specify the Access Credentials used by the Management Server. This must be done before you can install the Deployment Agent using the console. Other methods of installation are Active Directory group policy objects, or third-party deployment solutions such as Microsoft Systems Center Configuration Manager (SCCM).
The Deployment Agent on managed computers runs a series of self-tests on first contact with the Management Server or when requested by the Management Server during a poll. Diagnostics can be enabled or disabled for any Management Server listed in the Failover Servers list.
Each failover server entry in the failover servers lists includes the Diagnostics Enabled check box option. The Management Server always requests a self-test when the Deployment Agent first polls due to a reboot or service restart.
All tests are run and an event, which indicates the test result, is raised in the Windows Event Log and sent to the Management Server. Each test contributes a success value to the results and, when tests fail, a detailed error report is also included in the event report. In the event of a test failure, the Management Console highlights, in red bold, the names of computers where the failure occurred and also highlights the deployment groups in the navigation pane containing computers on which the tests failed.
The Deployment Agent performs the following self-tests:
The connectivity test polls the Management Server. Any response, other than an HTTP 200 (Success) return value, indicates a failure and a detailed error message is returned. If this test fails, the results cannot be sent to the Management Server but can be viewed in the local Application Windows Event Log.
This test downloads a file from the Management Server to the local hard disk, using BITS. Instead of downloading an MSI package, the test downloads a small XML file which can be easily validated and has a minimal impact on network bandwidth. The XML file is downloaded from the same directory as packages to ensure the same access rights affect both file types. Once the test is complete, the downloaded file is deleted.
Since BITS downloads can be delayed if the local computer is under heavy load, the download occurs within a new high priority BITS job, ensuring the test completes in a shorter time. A single BITS job is used to download files from all enabled failover URLs.
If any errors are reported during the download, the test fails. The description of the error is included in the test results.
This test attempts to upload an events file using BITS from the local hard disk to the Management Server. The events file contains no events to help minimize impact on network bandwidth, and is uploaded to the same directory as standard event uploads.
Since BITS uploads can be delayed if the local computer is under heavy load, the upload occurs within a new high priority BITS job ensuring the test completes in a shorter time.
If any errors are reported during the upload, the test fails. The description of the error is included in the test results.
This test only verifies that events can be sent from the Deployment Agent to the Management Server. No checks are made to ensure that the events can be uploaded to the database. When this fails, an event is added to the Management Server event log and raises a Management Center event, where possible.
Raising High Priority Events
The high priority events mechanism allows critical events to be sent to the Management Server database. A typical high priority event is the reporting of a failure to install packages. The test attempts a call by the Deployment Agent to the Management Server web page with an empty list of events. Any error values returned by the call are added to the self-test results.
Diagnostic failures are highlighted in red in the console. For example, a deployment group node and a corresponding problematic computer.
Change Default Ports
You can change the default port settings for communications with the Management Center after installation as follows:
- In Internet Information Services (IIS) Manager:
- Select Default Web Site > Edit Bindings > Site Bindings
- Select the row which has a HTTP or HTTPS Type, click Edit.
- Change the TCP and SSL port settings according to requirements. Defaults are TCP:80 and SSL:443.
- Change the port number in the URL path of Deployment Agents connecting to the Management Server, using one of the following methods:
- Uninstall current Deployment Agents then reinstall on each target computer with the URL path specifying the new port number.
- Add the NetBIOS name, the fully qualified domain name or the IP address with the new port number to the Failover Servers list and update currently installed Deployment Agents using the Install Deployment Agent functionality within the console.
- Modify connectivity to the Management Server for the Management console and product consoles by editing the listed servers in the Select Management Server dialog box: http://<server name>:<port number>/ManagementServer
Prefix the address appropriately with HTTPS or HTTP depending on whether you are implementing the Management Center with SSL encryption and a valid certificate or without SSL.
Concurrency support ensures multiple users can connect to the Management Center simultaneously but not edit the same data simultaneously.
Users connecting with Management consoles are regulated by the principle that the first user to submit edits to a particular area are applied. Other users are notified that the settings have changed and the view is updated. However, multiple users can edit different data simultaneously. For example, a user editing the installation schedule, can submit changes at the same time another user submits changes to the group Membership settings.
Product consoles are regulated by a locking mechanism which ensures that the first user to access a configuration has exclusive editing control until the configuration is saved and unlocked. Other users can view the configuration while it is locked but not edit the data. When the configuration changes are saved and the configuration is unlocked, other users may attempt to access and edit the configuration.
Editing Management Center Settings
When different users compete to edit the same data in the Management console, the first to submit an edit is allowed, a notification is issued to the other users and the Management Console is refreshed.
Editing Product Configurations
Product configuration concurrency errors are prevented by a locking system which ensures that only one user can edit a configuration at any time. Product configurations can be unlocked when editing is finished to allow others users to modify the configuration.
When a configuration is locked, other users can only open the current saved version in read-only mode.
The locked status and details of the user who has locked the configuration display in both the Management console and in product consoles when editing a configuration.
Administrative users on the Management Center can override configurations which are locked by other users by resetting the lock. Select the Packages button in the navigation pane and then the Configurations node. Right-click a locked configuration and select Undo Lock.
The Management Center supports a list of failover servers which can take over the role of the Management Server to allow the system to continue functioning in the event of a hardware or environment failure. The primary Management Server and failover servers can use the same SQL database to ensure that existing data can be accessed at all times with any Management Server.
Failover in the Management Center provides support not only in the event of critical issues affecting the main Management Server but also to allow for system maintenance such as the decommissioning of a server or during a major upgrade or server overhaul.
Failover support ensures that the Deployment Agent on managed computers can maintain connectivity with alternative failover Management Servers, where the need arises, protecting data integrity and component communications.
Failover servers are maintained by the Management Center using the lists defined in the Management Console. The failover server lists are registered on managed computers via the Deployment Agent. The Deployment Agent can also register the Management Server URLs it uses, which are added to the list of failover servers in the Management Center. Each server is listed in order of priority.
In the event that the first listed Management Server is unavailable, the Deployment Agent attempts to connect with the next Management Server in the list until a connection is achieved.
The list of Management Servers can be managed both globally for all deployment groups or locally applying a unique list to each deployment group. A local list of Management Servers applied to a Deployment Group configuration overrides the global list.
Arranging Management Servers locally for each deployment group allows you to manage the Management Center infrastructure flexibly, for example by setting up servers geographically to conserve bandwidth or according to different connection types.