Server Configuration Procedures

When setting up Ivanti Endpoint Security to be a local repository for a Linux or Unix platform, complete each of the following procedure for platforms you support.

Solaris Server Configuration

Enable enhanced content to allow Ivanti Endpoint Security server to download content directly from third parties rather than from the Global Subscription Service. This functionality leads to faster turnaround time when installing content.

If you are running the Oracle Solaris 10 or earlier operating system, you must configure your credentials with My Oracle in order to receive content.

  1. From the Navigation Menu, select Tools > Subscription Updates.
  2. Click Update Now.
    Replication between your Ivanti Endpoint Security (Ivanti Endpoint Security) server and the Global Subscription Service (GSS) begins.
  3. When replication is complete, open a command prompt.
  4. Navigate to the Replication Services directory. You can locate this directory here:
    <Installation Directory>\HEAT Software\EMSS\Replication Services.
  5. From a command prompt, enter the following command and usage, replacing the variables listed below with the appropriate values:
    CredentialsManager.exe /source:solaris /username: SolarisUserName /password: SolarisPassword

    If you use a proxy to separate your Ivanti Endpoint Security Server from the Internet, the proxy settings defined the Subcription Updates page are used during replication of Linux and UNIX content.

    6. You can now remediate your Oracle Solaris endpoints through using the Ivanti Endpoint Security server.

After Completing This Task:
Complete Updating Ivanti Endpoint Security System Files and Content. You cannot remediate your Oracle Solaris endpoints until your Ivanti Endpoint Security server replicates with the GSS.

You must also allow outbound access through ports 80 and 443 to the following URLs:

Oracle Linux Server Configuration

Enable enhanced content to allow Ivanti Endpoint Security server to download content directly from third parties rather than from Global Subscription Service. This leads to faster turnaround time when installing content

If you are running the Oracle Enterprise Linux operating system, you must configure your credentials on the Oracle Unbreakable Linux Network in order to receive enhanced content.

  1. From the Navigation Menu, select Tools > Subscription Updates.
  2. Click Update Now.
    Replication between your Ivanti Endpoint Security server and the Global Subscription Service begins.
  3. When replication is complete, open a command prompt.
  4. Navigate to the Replication Services directory. You can locate this directory here:
    <Installation Directory>\HEAT Software\EMSS\Replication Services.
  5. From a command prompt, enter the following line, replacing the variables listed below with the appropriate values:
    CredentialsManager.exe /source:oracle /u: username /p: password /csi: xxxxxxxx / hostname: computername /release: x /arch: architecture

    Note:

    • You must perform this step for each Oracle Enterprise Linux subscription that you want Ivanti Endpoint Security server to remediate.
    • If you use a proxy to separate your Ivanti Endpoint Security Server from the Internet, the proxy settings defined the Subcription Updates page are used during replication of Linux and UNIX content.
    • For a complete list of commands, type /source: oracle /HELP.

A successful registration message displays.

After Completing This Task:
Complete Updating Ivanti Endpoint Security System Files and Content. You cannot remediate your Linux endpoints until your Ivanti Endpoint Security server replicates with the GSS.

SUSE Linux Server Configuration

Before you can deploy patch content to your SUSE endpoints, you must configure Ivanti Endpoint Security so that it can log in to SUSE repositories.

  1. From the Navigation Menu, select Tools > Subscription Updates.
  2. Click Update Now.
    Replication between your Ivanti Endpoint Security (Ivanti Endpoint Security) server and the Global Subscription Service begins.
  3. When replication is complete, open a command prompt.
  4. Navigate to the Replication Services directory. You can locate this directory here:
    <Installation Directory>\HEAT Software\EMSS\Replication Services.
  5. From a command prompt, enter the following command. Replace the variables with your SUSE subscription credentials.
    CredentialsManager.exe /source:suse /a:mirror /u: <username> /p: <password>

    Note:

    • If you use a proxy to separate your Ivanti Endpoint Security Server from the Internet, the proxy settings defined the Subcription Updates page are used during replication of Linux and UNIX content.
    • For a complete list of commands, enter: /source:suse /HELP at the command prompt.

    6. A successful registration message displays.

  6. Optionally, you can list the operating system types registered with the Ivanti Endpoint Security server and validate the status of the channels providing enhanced content. Enter the following commands at the command prompt.
    • To list the operating system types registered with the server, enter:
      CredentialsManager.exe / source:suse /list.
    • To validate the status of the channels providing the enhanced content, enter:
      CredentialsManager.exe /source:suse /validate.

      You can now remediate your Novell SUSE Linux endpoints using Ivanti Endpoint Security server.

After Completing This Task:
Complete Updating Ivanti Endpoint Security System Files and Content. You cannot remediate your Linux endpoints until your Ivanti Endpoint Security server replicates with the GSS.

HP-UX Server Configuration

The Ivanti Endpoint Security server must be configured to download content directly from third-party vendors rather than the Global Subscription Service. This functionality leads to faster turnaround time when installing content.

If you are running the HP-UX operating system, you must configure your credentials with the HP IT Resource Center in order to receive content.

  1. From the Navigation Menu, select Tools > Subscription Updates.
  2. Click Update Now.
    Replication between your Ivanti Endpoint Security server and the Global Subscription Service begins.
  3. When replication is complete, open a command prompt.
  4. Navigate to the Replication Services directory. You can locate this directory here: %Installation Directory%\HEAT Software\EMSS\Replication Services.
  5. From a command prompt, enter the following lines, replacing the variables listed below with the appropriate values:
    CredentialsManager /source:hpux /u: HP IT Resource Center UserName /p: HP IT Resource Center Password

    6. If you use a proxy to separate your Ivanti Endpoint Security Server from the Internet, the proxy settings defined the Subcription Updates page are used during replication of Linux and UNIX content.

    Variable

    Description

    HP IT Resource Center Username

    Your user name on HP IT Resource Center.

    HP IT Resource Center Password

    Your password on HP IT Resource Center.

    A warning appears indicating that registering your server with the Credentials Management tool may result in a loss of patch deployment history and increased replication times.

  6. Enter Y to acknowledge the warning and confirm the registration.

    You must perform the previous step and this step for each Red Hat subscription that you want Ivanti Endpoint Security to remediate.

    7. You can now remediate your HP-UX endpoints using Ivanti Endpoint Security.

After Completing This Task:
Complete Updating Ivanti Endpoint Security System Files and Content. You cannot remediate your Linux endpoints until your Ivanti Endpoint Security server replicates with the GSS.

Additionally, you must also allow outbound access through ports 80 and 443 to the following URLs:

CentOS Server Configuration

In environments containing CentOS endpoints, Ivanti recommends defining a Mirror site that your Ivanti Endpoint Security server can use to download CentOS Patch and Remediation content. Using a mirror site increases content download speeds and reduces download traffic from the CentOS community locations.

Define a content mirror using your Web browser and the Ivanti Endpoint Security server Computer dialog.

Mirror site definition requires use of the Specify Site Mirror Tool. The Ivanti Endpoint Security Server downloads this tool during its first replication with the Global Subscription Service.

  1. From any computer, obtain the address of the content mirror closest to your enterprise geographical location.
    1. Open your web browser and navigate to https://www.centos.org/download/mirrors/.
    2. From the list of mirrors, identify the mirror closest to your geographical location. Write down or copy the mirror HTTP Location. Close the web browser when you're done.
  2. From the Ivanti Endpoint Security server, open a command prompt.
  3. From the command prompt, change directories to your Ivanti Endpoint Security Server Replication Services folder.
    Enter cd %Installation Directory%\HEAT Software\EMSS\Replication Services
  1. Enter SpecifyMirrorSite.exe /name:" name " /uri:" mirrorlist ".

    Note:

    • This command only validates that the URI resolves. It does not validate CentOS data.
    • Your Ivanti Endpoint Security must allow outbound access though ports 80 and 443 to the chosen mirror.
    • If you use a proxy to separate your Ivanti Endpoint Security Server from the Internet, the proxy settings defined the Subscription Updates page are used during replication of Linux and UNIX content.
  2. [Optional] Validate the CentOS mirror locations. Enter SpecifyMirrorSite.exe/validate.