LANDesk Training Guideax - Software Download Portal

meetcokeΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 4 χρόνια και 6 μήνες)

228 εμφανίσεις

Section 1

LANDesk Management Suite Overview

Module Objectives

In this module you will learn how to understand:

The fundamental functional groups within LANDesk Management Suite

Which other products LANDesk Software offers and how they work with
Management Suite

The different complementary LANDesk Software products of the Management Suite environment

Managements Suite hardware requirements

Which platforms are supported by Management Suite

Management Suite Terms

The following are terms used throu
ghout this training manual. Familiarize yourself with these terms before continuing:

Core Server: The physical server that LANDesk Management Suite is install


Database Management System (DBMS): The database created by the Management Suite installati
on. This
database is normally installed on Core

Server managing less than 2000

Management Suite Console: The Console installed on the Core Server by default. This Console can optionally be

on other managed devices.

Web Console: The bro
based counterpart to the Management Suite Console. The Web Console Can only
be accessed @"http://jasper/remote/".

Managed Machine/Device/Node/PC: A PC that has had the LANDesk Management Suite agents installed to it,
and whose record exists in the i
nventory database.

LDMS: LANDesk Management Suite

Management Suite Fundamentals

Welcome to LANDesk Management Suite

(Management Suite). This section will cover the Core components and their

Once Management Suite is installed, it provides the

foundation and tools for the eight functional components of
desktop management:


Inventory/IT Asset Management

Operating System Imaging and Migration

Software Distribution

Software License Monitoring

LANDesk Management Gateway

Remote Control/Prob
lem Resolution

Reporting and Dashboard

Additional LANDesk products can be added to Management Suite to maximize the investment and provide a complete
security and management solution. For more information on complementary products, refer to the Complement
LANDesk Software Products (Purchased Separately)" section in this module.


Discovery consists of two separate types; Unmanaged Device Discovery (UDD)and Extended Device Discovery (XDD).

The UDD feature provides multiple discovery methods to

find unmanaged devices on the network. These methods
include standard LANDesk agent scan, network

scan, NT domain scan, LDAP scan, and SNMP scan. Scans can be
scheduled to occur during off
peak hours and can be targeted to specific subnets.

Once the
devices are found, they can have the Management Suite agents installed on them using the Agent
Configuration tool.

An unmanaged device is simpl

a device that does not yet have the agent installed on it. Once the agent is successfully
installed it becomes

a managed device. At this stage it also requires a valid license. Unmanaged devices do not require
a license, and do not, therefore, count towards the node count.

The XDD feature is a scalable discovery process. The primary function of XDD is to detec
t devices that the normal UDD
will not detect, such as devices behind firewalls.

Scanning for unmanaged devices has its limitations. It requires unmanaged devices to be on the network at the time of
the scanning process. Trying to time tasks to catch unm
anaged devices requires scans be scheduled frequently. This
increased the load on the core server and on the network.

Extended Device Discovery (XDD) works outside of the UDD scanning process. It uses Address Resolution Protocol (ARP).
ARP is part of T
CP/IP. ARP associates a device's IP address to its MAC address. ARP packets occur frequently on each
subnet as part of the TCP/IP process. XDD listens for ARP packets. It places information on devices it finds through ARP
in a cache and passes the data

to the Core Server. The Core Server checks to see if the devices is in its inventory if
devices are not in inventory, they are placed in the UDD list.

Inventory/IT Asset Management

Inventory/IT Asset Management helps companies take control of IT asset
s through extended hardware and software
inventory, compliance monitory, and maintenance planning, A unified asset repository brings information together so
user can change raw data into business intelligence.

automates key IT asset management t
asks to discover networked computing devices, automatically maintain
detailed hardware and software inventories, gather and track custom data fields, monitor software usage to reduce
licensing costs and maintain compliance, plan upgrades and maintenance,
and quickly respond to audits.

Operating System Imaging and Migration

Operating System Deployment (OSD) and Profile Migration (PM) automate the entire process for planning deployments
to configuration and maintenance.


PM allows users to used OSD to guide users through the entire OS deployment and migration process, create OS
images using remote image capture, deploy existing disk images created using another imaging tool, use the automate
profile migration to capture u
ser and application settings, use PXE proxy technology to enable rapid provisioning of
metal" machines without dedicated servers on each subnet, boot floppies, or boot network reconfiguration, use
SYSPREP to automate post image configuration, and dep
loy applications automatically to
get users up and running

Provisioning with LANDesk Management Suite

Provisioning with LANDesk management solutions breaks traditional OS imaging into operational phases that use a
sequence of reusable, predefi
ned actions, and then performs those actions as part of a single, continuous task.
ing is a way to define the optimal

baseline configuration for servers, desktops and laptops. That baseline can
be easily deployed and maintained using the power o
f LANDesk Managements solutions. Individual configuration tasks
are defined as building blocks, and then they are sequenced in a template that can be used for both initial system
deployment and ongoing maintenance.

Even complex hardware configuration and
setup, including BIOS and RAID configuration can be performed, prior to
deploying an OS and needed applications. Instead of applying a single image with a lot of information that may not
apply to the system being provisioned or maintaining a complex libra
ry of machine
specific images, install only what is
needed on each system using an optimized template, It can all be done quickly in one step.



Software Distribution gives IT staff the tools to implement controlled automation for fas
t and efficient software
installation, security and virus update, and application patch management across heterogeneous network environments.

Software Distribution allows users to use Targeted Multicast features that minimize bandwidth use, use Peer Downlo
to leverage local bandwidth efficiently, deploy task scripting to enable detailed control over how tasks complete,
distribute any package type, and push and pull distribution to support the deployment plans.

Software License Monitoring

Software License

Monitoring gives IT professionals the tools to implement complete, effective software asset
management and license compliance policies.

Software License Monitoring allows users to scan for both known and unknown applications, launch denial to keep

software from running, integrate with LANDesk Asset Management for current, complete information on
installed applications, report extensive application usage and license compliance, use the license reporting features,
configure license parameters, t
rack software when vendor information or file names change
, and downgrade rights to
enable tracking for discontinued licenses.

LANDesk Management Gateway

LANDesk Management Gateway is exclusive to Management Suite solutions and gives users the ability to
mange devices over the Internet, even users outside the corporate firewall and at geographically distributed sites. All of
the computer assets can be easily identified, their configurations determined, and where they are located on the
All the gateway requires is an Internet connection, (no dedicated leased line or expensive VPN is required).

Remote Control/Problem Resolution

Remote control and remote problem resolution enables IT staff to analyze computers, plan update strategies, reso
problems, and implement patch control for increased data security. An integrated Console brings asset data, remote
access and control features, remote monitoring, and software distribution together in a consistent interface that
provides rapid access
and control for each managed computer.

This enables IT administrators to perform problem resolution, maintenance, and infrastructure development tasks
quickly and easily from a single application.

Reporting and Dashboard

The reporting tool takes advantage

of the robust inventory scanning utility, which collects and organizes hardware and
software data, in order to produce useful, informative, and up
date reports.

The Executive Dashboard feature consists of a series of widgets (informative charts, diagr
ams, dials, and meters) that
display the health or status of the environment, including vulnerabilities, security threats, spyware, licensing, usage
statistics, and so on. This enhanced visibility of the business allows executives and IT managers to make
management decisions and quickly respond to critical issues.

LANDesk Host Intrusion Prevention

Reinforce existing security efforts with protection against targeted attacks and zero
day threats right at the host level
with LANDesk Host Intrusion P
revention System (HIPS). HIPS empowers the enterprise to thwart malicious attacks and
rootkits using application control that prevents applications from executing in malicious ways right on your individual
host systems. Use HIPS to extend the power of LA
NDesk Security Suite or LANDesk Patch Manager and access
everything needed for the most complete layered LANDesk security solution available.

Section 2


Module Objectives

At the end of this module you will learn how to:

Design a Management
Suite environment

Install LANDesk Management Suite

Utilize database tools and utilities

Understand Secure Sockets Layer

Migrate and recover from a disaster

Designing the Management Suite Domain

Although the design process is not covered in detail, it is s
till important to understand the steps that go into the
implementation of Management Suite. Because of the complexity of install a system such as this, it is important to take
several things into consideration and gather specific information about the env
ironment prior to starting the
implementation process.

The following information will need to be gathered prior to starting the implementation process:

Determine the number of sites

Estimate the number of devices at each location

Select the Core Server and


Plan placement of program files

Select a database

Determine the number of domains

Understand the functionality available for each device OS

Planning the Security and Organization Model

Before the implementation takes place, a security and organiz
ation model must be planned. This process typically
involves the following:

Planning your Core Server Structure:

Management Suite uses a certificate
based authentication system.
During the installation of the Core Server, the installation creates a certificate for that server. Managed devices
look for that certificated when communicating with their respective Cor
e Server, and devices won't
communicate with a Core Server for which they don't have a certificate. Certificates from multiple Core Servers
in device agent configurations can be included if devices are to be manageable from multiple Core Servers.


a scope:


administration provides management capability by allowing the addition of users
to Management Suite and assigning those users rights and scopes. Rights determine the tools and features a
user can see and use. Scopes determine the ra
nge of devices a user can see and manage.

Understanding certificates:

Device agents authenticate to authorized Core Servers, preventing unauthorized
cores from accessing devices. Management Suite Doesn't require a separate certificate authority to manage

certificates for the Core Server, Console, and each device. Instead, each Core Server has unique certificate and
private key that Management Suite Setup creates when the Core Server is installed. Devices will only
communicate with core and rollup Core S
ervers that the device has a matching certificate file for.

Understanding the usage of a rollup core database:

A rollup core database summarizes data from multiple
Core Servers up to a limit of 200,000 devices. The rollup core database can only be access
ed by the Web
Console and only perform the following functions across Core Servers:

Remote control

Inventory queries


Asset management

Software distribution

Selecting components to implement:
Management Suite offers the flexibility to activate only

the desired
agents. Some agents are installed by default. The Standard LANDesk Agent (SLA) is installed by default to
provide baseline functionality that all other agents rely on. Several other agents are responsible for specific
functionality that tak
es place between the managed machine and the Core Server. How these agents will be
deployed depends on which functionality across the network. The following is a list of the available agents:

Custom data forms

Remote control

Extended device discovery

tware distribution

Profile migration

LANDesk Trust Agent

LANDesk Antivirus Security and Patch scan

Understand the different functionality available by machine OS:
Different operating systems have different
levels of functionality. For example, Inventory

scanning is supported on Windows, Macintosh, NetWare, support
Linux and supported Unix, while Software License Monitoring is only supported on Windows and Macintosh
operating systems.

Understanding compatibility with previous versions of Management Suite

Management Suite 8 Consoles can
communicate with devices running Management Suite 6.62 and later. With older devices, there is no access to
the new Management Suite 8 features. However, preventing unauthorized Core Servers/Consoles from
accessing Manag
ement Suite 8 devices.

Management Suite Environment

The management suite

is composed of all the devices that report to and communicate with a single Core
Server. This section gives an overview of the various items commonly found in the Managem
ent Suite environment.


If desired, database information from multiple environments can be combined into a Rollup Database. While a Rollup
Database does not facilitate management of managed devices, it does provide ease of reporting, comi
ng data for up to
200,000 managed devices in a single location.

Core Server

The Core Server is the centerpiece of the LANDesk Environment. This server acts as the host system for each of the
service that provide most of the Management Suite functionality.

The Management Suite software must be installed on a server that is preinstalled with on the following Microsoft
Windows operating system:

MS Windows 2000 Server w/SP4

MS Windows 2000 Advanced Server w/SP4

MS Windows Server 2003 Standard

MS Windows Server

2003 Enterprise

MS Windows Server 2003 R2

NOTE: 64 Bit operating systems are NOT supported.

Additionally, the following requirements must be met:

A static IP address (only one network adapter in the server)

Microsoft NT File System (NTFS)

The Core Server

must be installed as a standalone server.

NOTE: The Core Server is not supported on a primary domain controller (PDC), backup domain controller (BDC), or
Active Directory controller.

The servers should be dedicated to hosting Management Suite or the supp
orted Database Management System

Additional Software

To ensure that the installation goes smoothly, the following is a list of additional required software that needs to be
install on the operating system.

Microsoft Data Access Components (MDAC) 2.
8 (2000 Server only)

Microsoft Internet Information Services 5.0 and 6.0 with ASP.NET

Microsoft Internet Explorer 6 with Service pack 1 (2000 Server only)

Microsoft .NET Framework 2.0 (2000 server only must be installed after IIS.