Management and Security
Ivanti provisioning allows you to define all the attributes and features of new devices before they are introduced into your environment. Provisioning uses automation to apply this set of attributes and features to the devices. With provisioning, you can reduce downtime and make sure new devices are reliable and predictable when they go into your production environment. You can access the provisioning history of each device to find out when and with what it was provisioned, and, if necessary, return it to a previous state. Provisioning runs on both Windows and Mac; there is no difference in the way you create templates for either operating system.
Provisioning consists of a series of actions to be executed on a target device. Actions are the fundamental unit of provisioning. A template is a collection of actions that are executed in a pre-defined order. Ivanti provides pre-built provisioning templates to get you started. You can combine these provisioning templates with your own master templates. You can also split the provisioning tasks the way you split the work when setting up a system manually.
Provisioning works equally well on new devices or dynamic devices. You can provision new devices with the precise configuration you require, setting up the configuration before the new device has even arrived. You can also use provisioning to reconfigure a device from one purpose to another, changing a device's base function to handle your organization's changing demands.
Provisioning is also very useful for OS migration. You can capture a profile from a previous OS and then deploy a new OS with the same profile and previously installed software applications. You can even automatically do the same from an older computer to a newer computer, as well as upgrade application versions on the fly.
You can use alerting to let you know when provisioning events occur.
For more information on provisioning, visit the provisioning home page on the Ivanti Community.
The center of provisioning is the agent ldprovision, located in the core server's ldlogon/provisioning folder. This agent consists of small applications for each action. The agent needs to reside on the target device, which you can place there through a PXE server, a virtual boot (vboot), or physical boot media such as a USB drive or a CD.
The provisioning process is completed as the agent does the following:
- It requests a template's configuration settings from a web service on the core server.
- It checks the preboot type tag to ensure it is running in the correct preboot environment.
- It performs the actions in the order designated in the configuration.
- It reboots the device (if necessary).
- It injects a version of itself into the target OS so it can continue working when the real OS loads after the reboot.
- It sends feedback to the web service on the core server.
The agent spans any reboots required, immediately moving to the next action after the reboot. Most provisioning work can be done before you receive a new device. You can create a template and create the task for the template to run on the new device. The task will not run until the provisioning agent runs on the new device.
To use provisioning in full, users are required to have the provisioning role in User management. These rights are automatically enabled for any users with Administrator rights and can be enabled for any other users.
Provisioning requires the ability to boot the device prior to putting an operating system on it. This can be accomplished through a PXE server or through a physical boot media (CD or USB drive). PXE is the most convenient way to boot many computers at a time into the same preboot environment; however, CD or USB drives are highly portable and guarantee that the computer running the preboot environment is the one you intended to provision.
The preboot environment (PE) includes an operating system complete with video, networking, a small inventory scanner, and an agent capable of receiving files and executing commands. This agent executes an imaging tool or scripted install tool to install the OS on the device. The agent initiates the provisioning process. Provisioning supports the Windows preboot environment.
You don't need unique boot media for each client system; you can re-use the boot media for other devices.
The provisioning interface
The provisioning tools are a part of the operating system deployment tool (click Tools > Provisioning > OS provisioning). A tree structure displays provisioning templates, and a toolbar opens dialog boxes for different tasks.
In the tree structure, available templates are organized in the following folders:
- My templates: Templates that you have created. Only you and administrative users can access these templates.
- Public: Both your templates and templates marked as public.
- Other users (administrative users only): A list of users and their templates.
Public templates are created by users with Administrator rights and are viewable by all users. Templates in the My templates folder are visible to others but can only be edited by the template's creator or users with Administrator rights. Each time you use a template not marked public, the instance of the template is locked. This instance can't be deleted, but it can be hidden.
The right pane displays the selected folder's templates, with columns that show the template properties. Double-click a template to view its complete properties, including a list of other templates that include the selected template.
The toolbar includes buttons for creating, modifying, and managing provisioning templates.
If you double-click a template, the Template view opens. From this view, you can modify the action list (add or delete actions, modify the action order, and so forth). You can modify variables that apply specifically to this template, view and modify the list of templates included by this template, or view and modify the list of templates that include the template. You can also make a template public, view its history (when the template was executed), and view or modify the template's XML code.
You can open multiple templates at once and use copy and paste (CTRL+C and CTRL+V) to copy actions you've configured between open templates. The template window is also resizeable.
Creating and editing provisioning templates
The New template toolbar dropdown is the starting point for creating a new template. Pre-configured Capture and Deploy wizard templates are available that only take a minute to configure. These preconfigured templates automatically support normal and UEFI BIOS booting and device provisioning. Default actions are automatically added to support basic image capture or deployment. If necessary, you can further customize capture and deploy templates on your own.
To modify a template, right-click the template and select Edit. To remove a template, select it and click the Delete button. You can only delete templates that have never been used.
Creating template groups
You can use provisioning groups to organize your templates in ways to suit your needs. For example, you could create groups based on specific vendors and additional subgroups based on device models. You can create subgroups up to six layers deep.
Cloning existing templates
Once you use a template, you can't change it directly. However, you can clone and change it. For this reason, we recommend that templates be smaller in nature so that if any changes are required, you can change that one component of the provisioning configuration.
The Clone option makes a copy of the selected template. You can modify the copy, making minor changes to the copy rather than taking the time create an entirely new template.
If you clone a public template, the copy is placed in the My templates folder and acquires the properties of a private template.
- Click the Public or My templates folder to display templates in the right pane.
- Right-click a template and select Clone.
A copy of the template is created in the folder, with the name of the original template and the date and time the clone was created.
- To change the name, description, boot environment, or target OS of the cloned template, right-click the clone, click Properties, modify the settings, and click OK.
- To modify the actions, included templates, user variables, or the XML of the cloned template, double-click the clone to open the Template view.
Condensing a template
Each template has a Condense right-click menu option to combine multiple templates into one template. This feature is useful when you want to simplify a template for export or make one public.
If other templates are included within the current parent template, condensing will merge their XML code with the XML code of the parent template to create a single XML file—the parent will no longer have dependencies. Once a template is condensed, it's a new template, and you can't expand it into separate templates again.
Was this article useful?