SYSTEMS MANAGEMENT. Partner Guide

(1)

Partner Guide

SYSTEMS

(2)

1. PROLOGUE

Audience. Icons.

2. INTRODUCTION

Main features of Systems Management. Systems Management User. Profile. Main components. Key players of Systems Management.

3. HIERARCHY OF LEVELS WITHIN THE SYSTEMS MANAGEMENT CONSOLE

System Level. Profile Level. Device Level.

4. BASIC COMPONENTS OF THE SYSTEMS MANAGEMENT CONSOLE

General Menu. Tab Bar / List Bar. Icon Bar / Action Bar. Filters and Groups panel. Dashboards.

5. DEVICES

Downloading the Systems Management agent to the devices on the client’s network. Installing the Systems Management Agent on Mac OS X and Linux platforms. Installing the Systems Management agent on Windows platforms. Installing the Systems Management Agent on Android and iOS. Approving devices. Configuring a Connection Broker. Viewing device information. Managing the resource consumption of the devices.

6. FILTERS AND GROUPS

What are Groups and Filters?. Types of Groups and Filters.

7. HOW TO EFFICIENTLY ADMINISTER THE MANAGED DEVICES

Differences between Profiles, Groups and Filters. General approach and device management structure. Quick view of device information.

8. THE FIRST 8 STEPS TO START USING SYSTEMS MANAGEMENT

Create and configure the first Profile. Deploy the Systems Management Agent. Check the device list in the Profile and basic Filtering. Hardware, software and license audit. Patch Management. Create Monitors. ComStore. Access remote managed device resources.

9. POLICIES

What are Policies?. How to define a System Policy. How to define a Profile Policy. Policy types. How to deploy a Policy.

10. MONITORING

What is it?. Composition of a Monitor. Manual creation of Monitors. Automatic creation of Monitors.

11. COMPONENT EXECUTION

Why develop components?. What are the requirements for developing components?. General architecture of Systems Management components. Create a Monitor component. Create a Script type component.

12. ASSETS AUDIT

Hardware audit at Profile Level. Software audit at Profile Level. Audits at Device Level.

13. CENTRALIZED SOFTWARE DEPLOYMENT AND INSTALLATION

Package deployment and installation procedure. Centralized software installation requirements. Objective of centralized software installation. Deployment examples. Save bandwidth in software deployment.

14. TICKETING

What is the Ticketing system?. Description of a Ticket. Create a Ticket. Ticket Management.

15. PATCH MANAGEMENT

What is Patch Management?. What patches can I deploy / apply?. Patch deployment and installation. Audits.

16. USER ACCOUNTS AND ROLES

What is a User account?. What is a Role?. Why are Roles necessary?. The accountadmin Role. Access User account and Role configuration. Create and configure User account. Create and configure Roles. Configure Roles. How many different Roles are needed?.

17. MOBILE DEVICE MANAGEMENT

Which platforms are supported?. Mobile Device Management Policies. Tools for remotely managing mobile devices.

18. SECURITY AND CONTROL OVER ACCESS TO THE SYSTEMS

MANAGEMENT SERVICE

Two-factor authentication. Essential requirements. Settings. Enabling Two Factor Authenticator for all accounts. Password policy. Systems Management console IP Address Restriction. Agent IP. Address Restriction.

APPENDIX A:

Source code

APPENDIX B:

(3)

1 Prologue

Icons

This guide contains the following icons:

Additional information, for example, an alternative method for performing a particular task.

Suggestions and recommendations.

Important and/or useful tips for using Systems Management.

This guide contains basic information and procedures of use to get maximum benefit from the product Systems Management.

Audience

This documentation is written for technical staff that offer support services to Users without IT knowledge and in two possible environments:

• The IT Department which wishes to professionalize the internal support it provides to the rest of the company.

• The Managed Service Provider (MSP), which currently provides services to its client accounts onsite, remotely, reactively or proactively.

i

(4)

2 Introduction

_{Requires no additional infrastructure on-site as the solution is hosted in the}

cloud.

Has a very gentle learning curve for technical support, allowing you to deliver value from day one.

Tools accessible from anywhere, anytime, allowing you to manage support remotely and avoiding wasted time and money by eliminating the need to travel to those sites.

Task and response automation triggered by configurable Alerts that prevent failures before they occur.

Systems Management is a cloud-based remote device Monitoring and management solution for IT departments that want to offer a professional service, while minimizing User disruption.

Systems Management increases efficiency through centralized and straightforward management of devices, while promoting task automation. The overhead costs dedicated to serving each client or account are reduced as Systems Management:

Systems Management is a product that promotes collaboration among the technicians in charge of providing support and minimizes or completely eliminates the time spent interacting with the User to determine the cause of problems

(5)

The following are the most important features of the product:

Feature Description

Cloud-based solution No additional infrastructure at the client or the MSP / IT Department site. Manage all your devices anytime, anywhere.

Managed via agent for compatible

devices. Extremely light agent for compatible devices with Windows, Linux, Mac OS X, Android and iOS.

Managed without agent Managed via SNMP for those devices in which it is not possible to install the Systems Management Agent, such as printers.

Automatic detection of devices A Systems Management Agent installed on a single device can detect other devices connected to the same network and initiate automatic installation.

Scheduled and custom audits Track all changes to the device (hardware, software and _system). Software license management Keep track of all software installed.

Alerts and Monitoring Monitor CPU usage, memory and disk space, services and Exchange Servers, performance graphs, panel Alerts... all in real time.

Create scripts and quick Jobs

Create your own scripts, download our pre-configured scripts from the online ComStore and deploy either on a scheduled basis or as an automatic response to an Alert. All at a click.

Patch management Automate deployment of updates and patches of the _{software installed.} Software deployment Centralized update and software deployment.

Policies Define a set of general settings to manage your IT _{environment in a flexible manner.}

Remote access

Task manager, file transfer, registry editor, command prompt, event log viewer, etc. All of these integrated tools enable you to repair multiple devices without interrupting the Users.

Remote control Shared access to the User's desktop or total control. _{Supports firewalls and NAT.} Secure communications All communications between the Agents and the Systems _{Management Server are encrypted (SSL).}

Service access control

Ensuring secure access to the Console by the service administrator with Two-factor authentication and with other resources that restrict access from devices to the Server.

Reports Send scheduled or special Reports via email. Find out who _{does what, when, and who uses most of those resources .}

Collaborative environment

Manage incident allocation, status and documentation with the Ticket System. Simplify creation of an

intervention history with Device Notes. Communicate live with the end User through IM Messaging service.

Activity log History of all administrators’ activity in the Systems _{Management Console} ComStore Extend the capabilities of the platform. Select and _{download the components you need.}

Mobile Device Management (MDM)

Supports iOS and Android, allowing monitoring and management of smart phones and tablets, configuring settings and user policies, geolocation of devices and safeguarding of data should the device be stolen or lost.

(6)

Install the Systems Management Agent on both client devices and those belonging to the technicians for remote management..

SYSTEMS MANAGEMENT SERVER

The Systems Management Console, the processes required to collect, synchronize and redirect messages, events, and information flows generated by the Systems Management Agents and the databases that support them are all hosted on a cloud-based Systems Management Server and are available 24 hours a day. The status information that flows from each of the devices to the Systems Management Server is highly optimized so that the impact on the client’s network is negligible. This information is sorted and consolidated in the Systems Management Server so that it is displayed as a flow of events to diagnose and even efficiently foresee problems on managed devices.

User Profile

Most Systems Management Users will have a medium – high technical Profile, as this tool provides daily maintenance of computing devices subject to constant use and change.

However there are two specific, targeted user groups of Systems Management::

• Enterprise level IT technicians

Technicians subcontracted or belonging to a company to offer a company-wide support service for devices and end-Users.

These scenarios often include the remote offices to which access is restricted so technicians must use Monitoring tools and remote access for roaming Users or Users who work outside the office, which makes them vulnerable to all types of problems with their devices.

• Managed Service Provider (MSP) technicians Technical staff employed by a company to provide a professional service to client accounts that have decided to outsource or subcontract the IT Department for maintenance of their devices.

Main components

SYSTEMS MANAGEMENT CONSOLE

A web portal accessible via compatible browsers, from anywhere, anytime with any web enabled device. Most of the daily tracking and Monitoring tasks will be performed from this console via a browser.

This resource is available to technical support only.

SYSTEMS MANAGEMENT AGENT

This is a small (3 MB) program installed on all supported devices to be managed. After installing the Systems Management Agent on the device, its information will become directly accessible through the Systems Management Console.

For devices such as printers, on which it is impossible to install a Systems Management Agent, Systems Management can collect status information and display it in the Systems Management console using SNMP protocol. For more information, Chapter 5: Devices, “Management of devices not supported by the Systems Management Agent” section.

The Systems Management Agent supports two execution modes:

Administration Mode: In this mode, which is the usual mode, the agent is barely noticeable to the end-User and access to some specific settings can be delegated by the administrator.

User Mode and Monitor Mode: After entering valid credentials, the network administrator can use the Systems Management Agent in to access remote devices.

(7)

IT ADMINISTRATOR / ADMINISTRATOR / MANAGED SERVICE PROVIDER / MSP / IT DEPARTMENT / SUPPORT TECHNICIAN / TECHNICAL TEAM

These terms include all those who have access to the Systems Management Console, regardless of the privilege level associated with the credentials supplied.

These are the technical staff from the IT department of the company that opts for Systems Management to manage and Monitor its systems or the MSP staff who access the client’s devices to manage and Monitor them.

SYSTEMS MANAGEMENT ADMINISTRATION ACCOUNT / PRINCIPAL ADMINISTRATION ACCOUNT

Each client or company using Systems Management will be given a Principal administration account. An Account with the highest level of privileges that can manage all the resources of the product.

Chapter 16: User account and roles describes how to create new Users and Roles in order to restrict the access of systems technicians’ to key Systems Management resources. In Chapter 18: Security and control over access to the service you can see how to configure Two-Factor Authentication to access the Systems Management Console. Each Principal administration account belongs to a secure and separate product instance. Therefore, all of the settings of a Systems Management client and all of the devices managed will not be accessible or visible to other administration accounts.

CLIENT ACCOUNT / CLIENT

A client account is a contract between the Managed Service Provider and a company that comes to them with the intention of outsourcing their day to day IT Support needs. Except in Chapter 16: User account and roles, in this manual, account has an

organizational meaning: for the MSP, it is equivalent to a set of devices related to one another for belonging to the same client network that will require maintenance.

USER

The User is the person using the device that requires direct support from the MSP or IT department.

DEVICE

A device is a computer that has the Role of either client or server, which has a Systems Management Agent installed or is managed indirectly via SNMP.

(8)

3 Hierarchy of levels

within the Systems

Management

Console

In order to separate management of the devices of different client accounts and reuse and restrict procedures defined by technical staff in the Systems Management Console, and to expedite and refine management, Systems Management provides three entities / Group levels / operation levels.

From the most general to the most specific, these are the following: • System level

• Profile level • Device level

System level

Profile level

(9)

¿What is it?

System Level also referred to as Account or Account level entity cluster is the most general and highest level, and is also unique for each MSP / IT Department. It automatically groups all devices managed by the MSP / IT Department belonging to their clients and Users with a Systems Management Agent installed.

Scope

The actions performed on this level will affect all devices registered on the system, although they can be limited to a subset of devices using Filters and Groups, described in Chapter 6: Filters and Groups.

Access

The System Level resources are accessed from General Menu, System.

Funcionality

System Level can perform global actions. Therefore, you can obtain the status of all managed devices, consolidated Reports on your environment and actions on all or part of the registered devices.

Settings

The System Level settings include a wide range of parameters that are dealt with in several chapters throughout this guide. Below you will find a complete list of all the options in the General Menu, Account, Settings and a short description of each one.

Parameter Description

Password Policy This lets you set password policies. See Chapter 18: Security and control _{over access to the Systems Management service for more details.} Access Control Lets you set advanced access controls for the Console and the service. See Chapter 18: Security and control over access to the Systems

Management service for more details.

Power Rating Lets you set power consumption parameters (in Watts) for each type of device in order to calculate monthly consumption. See Chapter 5: Devices for more details.

Agent Deployment

Credentials Lets you set the credentials required for remotely installing the Agent. See Chapter 5: Devices for more details. End-User Ticket

Assignee Indicates the account to which users send the tickets that are opened directly from the Agent. See Chapter 14: Ticketing for more details. Variables Variables passed to the scripts run on the devices. See Chapter 11: _{Component execution for more details.} Custom Labels Lets you define the names of the labels used to collect the results of the scripts run on the devices. See Chapter 11: Component execution for

more details. Custom Agent

Settings Lets you define how the Agents will perform as the Connection Broker. See Chapter 5: Devices for more details. Agent Update

Settings Prevents or allows the automatic updates of the Agents installed. Mail Settings Lets you configure the source/target account for emails sent by the _{Server to service administrators.}

Mail Recipients Lets you configure the email accounts that will receive warnings, reports _{and notifications of new devices administered by Systems Management.} Update Profile

Variables Variables passed to the scripts run on the devices. Apple Push

Certificate Lets you configure the certificate required to administer Apple mobile devices. See Chapter 17: Mobile device management for more details. Reset Columns

(10)

What is it?

Profile Level is a grouping entity immediately below System. It is a logical grouping that contains the devices that belong to the same client account or office.

The Profiles list can be accessed from General Menu, Profiles.

Each Profile is associated with a number of configurations accessible from Tab Bar, Settings in the Systems Management Console, which in turn, are bundled with the Systems Management Agent.

Scope

The procedures triggered at Profile Level can affect all devices belonging to that Profile, while some actions can be restricted to a subset of devices using Filters and Groups, described in Chapter 6: Filters and Groups.

Unlike System Level, which is unique, the administrator can create as many Profile Groups as needed.

Membership

Membership of a given device to a Profile is determined when installing the Systems Management Agent.

Download the Systems Management Agent from the chosen Profile page so that when installed on the User’s device, it will be automatically added to the Profile in question in the Systems Management Console. For further details, see Chapter 5: Devices.

You can move devices from one Profile to another from the Systems Management Console after you have installed the Systems Management Agent on the User’s device.

In order to minimize the tasks required in the distribution phase, it is advisable to first create the Profile and then download the Systems Management Agent from there so that the relation between the devices and the Profile is automatic.

Funcionality

Profile Level can perform actions on all of the devices it contains. In this way, you can obtain the status of devices, consolidated Reports and tasks to perform on all or some of the devices which make up the Profile.

Settings

The Profile Level settings also include a wide range of parameters that are described in several chapters in this guide, some of these coincide with some of the parameters defined at System Level, in which case the latter shall have priority.

Below is a complete list of all options, noting the chapters in which they are described if applicable.

Parameter Descripción

General General Profile information: Name, internal identifier, description and _{types of devices hosted.} Power Rating Lets you set power consumption parameters (in Watts) for each type of device in order to calculate monthly consumption. See Chapter 5: Devices

for more details

Proxy Lets you set the proxy details for network users without a direct Internet _{connection. See Chapter 5: Devices for more details.} Agent Deployment

Credentials Lets you set the credentials required for remotely installing the Agent. See Chapter 5: Devices for more details.

Connection Broker Lets you define how the Agents will perform as the Connection Broker. _{See Chapter 5: Devices for more details.} Local Caches Lets you assign the role of cache to one of the network devices. This saves bandwidth during software deployment. See Chapter 13:

Centralized software deployment and installation for more details.

End-User Ticket

Assignee Indicates the account to which users send the tickets that are opened directly from the Agent. See Chapter 14: Ticketing for more details.

Variables Variables passed to the scripts run on the devices. See Chapter 11: _{Component execution for more details.} Credentials This is for setting the credentials for software deployment. See Chapter _{13: Centralized software deployment and installation for more details.} Custom Labels Lets you define the names of the labels used to collect the results of the scripts run on the devices. See Chapter 11: Component execution for

more details.

i

(11)

What is it?

This represents a single node, end-point, or device with a Systems Management Agent installed and Reporting to the Systems Management Server. Devices are automatically created in the Systems Management Console, as they are added as the Agents are installed on the client’s devices or it is managed indirectly through SNM.

Scope

All actions performed at this level affect only the selected device.

Funcionality

(12)

4 Basic components

of the Systems

Management

Console

The Systems Management Console is structured in an intuitive and visual manner, so that most management resources are just a click away, avoiding the clutter of unnecessary checkboxes and settings.

The goal is a Systems Management Console which is clean, quick and convenient to use, while avoiding, wherever possible, full page reloads and offering a gentle and short learning curve so that the IT department can deliver value to a client from the outset.

The basic components of the Systems Management Console to which we will refer throughout this guide are:

(13)

GENERAL MENU

This menu is accessible from anywhere in the Systems Management Console. It consists of 6 entries:

Elements:

Menu Description

System Access to System Level.

Profiles Access to Profile Level.

Components Access to components downloaded by and accessible to the _{administrator} ComStore Repository of components created by Panda Security that extend the _{functionality of Systems Management} Scheduled Jobs List of active and finished Jobs

Scheduled Reports List of configured and default Reports

Help Center Help center with links to Panda Security resources

Account Access to the details of the Principal administration account and to resources for creating new Roles and Users. For more information, see Chapter 16: User account and roles.

TAB BAR / LIST BAR

The Tab Bar and also the List Bar provides access to the tools available in the Systems Management Console for generating and presenting consolidated lists on-screen, with details of the status of the devices belonging to the level accessed. It also allows configurations to be defined and viewed.

This bar is slightly different if it is accessed from Profile Level, System Level or Device Level for a specific device, as each management scope is also different.

Tab Accessible from Description

Summary Profile, Device Status Information

Dashboard System General control panel

Devices Profile List of devices accessible with associated _information

Audit System, Profile, Device Hardware, software and license audit list

Manage System, Profile, Device List of patches pending and applied

Monitor System, Profile, Device List of Alerts created by Monitors or finished _Jobs

Support System, Profile, Device List of Tickets generated

Report System, Profile, Device List and generation of on-demand Reports

Policies System, Profile, Device List and generation of Policies, described later.

Settings Profile Configuration associated to the Profile.

Suspended devices System List of uninstalled Devices

Components:

The scope of the Tab Bar refers to the current level. Therefore, If you go to the Tab bar at System level, you’ll see consolidated information on all Devices. If you access at Profile Level, it will show consolidated information on the devices in the Profile. If you access at Device Level, it will only show information for that particular device.

(14)

ICON BAR / ACTION BAR

The Icon Bar or Action Bar accesses actions to change the status of the devices. This bar does not exist in General Menu, System and varies slightly if accessed from General Menu, Profile or a specific device, as the management scope is different.

The scope of the Icon Bar will be formed by manually selecting the devices that have been selected in a Profile.

Icon Accessible _from Description

Move Device to Profile, Device Move a or the devices selected to another Profile

Add Device to Profile, Device Move a or the devices selected to a Group

Edit Profile Add notes and custom fields to the selected devices _{that can be used by Filters.}

Toggle Profile Mark devices as favorite for quick access from _{Summary / Dashboard}

Delete Profile, Device

Delete a Device from a Profile. The device will no longer be managed, the Systems Management Agent will be uninstalled and the device will be added to the Suspended Devices Tab under General Menu, System.

Request audit Profile, Device Force the launch of an audit. For more details see _{Chapter 12: Assets Audit}

Schedule Job Profile, Device Create a scheduled Job for a later date

Run a Quick Job Profile, Device Create and run a Job already created

Download Profile Download the list of devices in the Profile

Add/Remove Cache Profile, Device Mark the device as network cache.

Turn Privacy On Profile, Device Prevent remote access to the devices by the _{administrator unless approved by the User}

Send a message Profile, Device Send a message to the selected devices

Schedule Reports Profile Schedule Reports for a later date

Refresh Profile, Device Refresh the data on the screen

Show device(s) on

Google Map Device Geolocation of devices on a map.

QR Code Device QR code associated to the device for paper auditing

Refresh the current

view Profile, Device Reloads the list of devices displayed or the specific device.

If you want to perform actions at System Level, you will need to create a Filter or Group, as System Level does not display the Icon Bar by default.

Elements:

(15)

FILTERS AND GROUPS PANEL

The left of the Systems Management Console contains three panels with different groups:

DASHBOARD

The Dashboards reflect the status of a set of devices. There are four types of Dashboard.

System Dashboard

Accessible from General Menu, System, clicking System Dashboard.

• Default Filters: Filters automatically generated by the system

• Profile Filters / System Filters: device Filters created by the administrator at Profile Level or System Level, respectively.

• Profile Device Groups / System Device Groups:

device Groups created by the administrator at Profile Level or System Level, respectively.

• System Profile Groups: only available at System Level, these are Groups of various Profiles.

It collects general information on the status of all devices: Notifications, Jobs, Alerts, etc

Security Status

Accessible from General Menu, System, it reflects the security status of all managed devices.

(16)

SUMMARY (PROFILE)

Accessible from General Menu, Profile and by selecting a specific Profile. It reflects the status of all the devices that belong to the selected Profile. There will be a Summary Dashboard for each Profile created.

SUMMARY (DEVICE)

Accessible from a Device. It reflects the status of a specific device. There will be one for each managed device.

(17)

See Appendix B to see the platforms that support installation of the Systems Management Agent.

In an environment managed by Systems Management a device is a computer that can be accessed from the Systems Management console for remote management and maintenance.

All devices managed by Systems Management send and receive information that the Systems Management Server collects, catalogs and displays in real-time in the Systems Management Console.

There are three possible forms of communication between the Systems Management Server and any given device:

• Directly by installing the Agent on supported platforms (see Appendix B). In this scenario Agents connect directly to the Internet and communicate with the Server without proxies.

• Indirectly via a proxy for those devices without a direct Internet connection. Later in this chapter we describe how to configure a proxy.

• Indirectly via SNMP

For devices on which it is not possible to install the Systems Management Agent, another device on the same subnet with the Systems Management Agent installed can be used as a relay or gateway and communicate with the device via SNMP.

This way, the gateway device receives commands from the Systems Management server and converts them to SNMP protocol before sending them to the device without the agent installed. In the response from the device, the same Systems Management Agent undoes the changes to deliver information from the incompatible device to the Systems Management server.

The discovery of manageable devices using SNMP is an automatic task. See “Management of unsupported devices (printers)” later in this chapter. See Chapter 12: Assets Audit for information about the process of discovering assets.

i

5

(18)

5. Devices

DOWNLOADING THE SYSTEMS MANAGEMENT AGENT TO THE DEVICES ON THE CLIENT’S NETWORK

The download process varies slightly depending on the platform, although in all cases the Systems Management Agent sent to the User’s devices requires certain basic information to be able to operate once installed:

• The Profile to which it will belong.

• The essential information it will need to connect with the Systems Management Server.

Profile to which the Systems Management Agent belongs

In order to keep all managed devices organized they must be put in the appropriate Profile within the Systems Management Console. For desktop platforms (Windows, Linux and Mac OS X) the Profile to which the device belongs is set automatically when the Systems Management Agent generated from the Profile is installed. This avoids having to manually configure the Systems Management Agent in each of the User’s devices.

For mobile platforms (tablets and smartphones), the Profile that the Systems

Management Agent belongs to must be entered manually through a configuration file provided by the Systems Management Server. See the section “Installing the Systems Management agent on Android and iOS platforms” later in this chapter

Essential information for connecting to the Systems Management server

In addition to belonging to the Profile designated by the administrator, the newly installed Systems Management Agent requires Internet connection information in order to communicate with the Systems Management server. On most IT infrastructures, Internet access only requires a basic TCP/IP configuration established by the operating system installed on the User’s device, which the Systems Management agent will use for communications.

For network configurations that have a proxy for Internet access, the Systems Management Agent will need this information, which will have to be entered manually or globally, by entering it in the Profile. This can be done from Profiles in the General menu, selecting the Profile to which the newly installed device belongs, then select the Tab Bar, Settings and enter the required data in the Proxy section.

Once this information has been entered, all Systems Management Agents installed from this Profile will have this proxy data.

(19)

Sending the Systems Management Agent via email

To start sending the Systems Management Agent via email to any supported device, go to the General menu, Profiles, select the Profile with the devices you want to manage, in the Tab Bar, Devices, click “Add Device”. You will see a dialog box with all the platforms supported by the Systems Management Agent: Windows, Mac OS X, Linux, iOS and Android.

Once you’ve selected the platform, you’ll be asked for the email addresses of the Users of the devices to be managed, separated by a semi-colon “;”.

Depending on the platform, the User will receive an email with the Systems Management Agent in an attachment (Windows, Mac OS X and Linux), or with a link to download it from Google Play or Apple Store.

Sending the download URL via email

You can use the same procedure for sending an email with the download URL for Windows, Mac OS X and Linux:

En este caso el usuario recibirá una URL desde donde podrá iniciar la descarga del Agente Systems Management.

Direct download

Administrators can download the Systems Management Agent from the Systems Management Console, then distribute it manually or using distribution tools such as Active Directory. To do this, use the same procedure but click the platform icon.

Unmodified mobile platforms only allow apps to be downloaded from the corresponding app store. For this reason, the only certificated method for delivering the Systems Management Agent to tablets and smartphones is by emailing the URL for the app in the app store.

(20)

INSTALLING THE SYSTEMS MANAGEMENT AGENT ON WINDOWS PLATFORMS The Systems Management Agent can be downloaded in three ways:

• Sending the Systems Management Agent via email • Sending the download URL via email

• Direct download

Once you’ve received or downloaded the Systems Management Agent, you only need to double-click the downloaded package. There is no confirmation and the process is completely silent. The installed Systems Management Agent will connect to the Systems Management Server automatically and will appear in the list of managed devices in the Profile selected from the Systems Management Console.

Given that installing the Systems Management Agent on networks with many devices can be a long and tedious process if you have to do it independently on each device, the process can be streamlined with the Remote deployment function, following the steps below:

• Send the Systems Management Agent to the first Windows device on the network using any of the methods described.

• Once installed, use the Remote deployment function to deploy the agent to the rest of the Windows devices on the network from the Systems Management Console. From the Audit tab, select the devices discovered by the installed Agent within the network segment and click the Deploy Agents icon..

Given that remote installation of a Agent is a process that creates services on the device and needs to be configured in order to be launched whenever the operating system is started, remote installation has to be done with administrator (or equivalent) permissions.

The domain account used for the installation is configured in the Settings tab of the Profile corresponding to the devices. Enter the user name and password of the domain administrator in the Agent Deployment Credentials section.

(21)

PLATFORMS

Mac OS X and Linux platforms support the three installation methods described above: • Sending the Systems Management Agent via email

• Sending the download URL via email • Direct download

In all cases, Users receive the installation package which downloads all the necessary libraries and dependencies, and the agent will be installed automatically when the operating system is restarted.

Mac OS X and Linux do not support Remote deployment.

INSTALLING THE SYSTEMS MANAGEMENT AGENT ON ANDROID AND IOS

Follow the steps below to manage your mobile devices from the central admin console.

Enable the console’s MDM feature:

To be able to interact with your mobile devices from the console, you need to enable the MDM feature. To do this, import the free component “Mobile Device Management” directly from the Comstore.

!

a Systems Management Agent installed will count as a regular license for the purpose of counting the total number of purchased licenses.

i

Once the component is added, the iOS and Android operating systems will appear in Add Devices.

Import the certificate into the Systems Management Console (for iOS-based devices)

It will also be necessary to incorporate -into the Systems Management Console- the certificate generated by Apple for iOS devices to be able to connect to the Systems Management Server.

Importing the Apple certificate is a mandatory, one-time process for each client/ partner who wants to manage one or multiple iOS-based devices.

Installing the certificate is a requirement from Apple to ensure the integrity, authenticity and confidentiality of all communications between the Systems Management Server and the User’s device.

To do so, follow the steps below:

• Browse to Account, Settings to access the Apple certificate settings (Apple Push Certificate section)

• Download the certificate signing request (CSR), signed by Panda Security (*_Apple_ CSR.csr)

• Upload the CSR file to the Apple Push Certificate Portal

To access the Apple Push Certificate Portal, you must have an Apple account. Any iTunes account will be enough. However, if you want to generate new Apple credentials, go to https://appleid.apple.com/, click “Create an Apple ID” and follow the instructions on-screen.

i

(22)

Download the new Apple signed certificate (.PEM) to your computer

Go to https://identity.apple.com/pushcert and sign in with your Apple credentials. Click “Create Certificate” and follow the instructions on-screen. Load the CSR file you downloaded in the previous step.

Go back to the Systems Management Console. Browse to the Apple signed

certificate (.PEM) downloaded from the Apple Push Certificate Portal, and upload it. Once uploaded, the following message will appear in the console.

Sending the download URL via email

Due to security restrictions, clients can only receive an email containing the link to download directly from the Apple Store or Google Play and a .MDM file containing the Profile information associated to the device.

As the Systems Management Agent is downloaded from the official app store for each mobile platform (Google Play or Apple Store), information about the Profile is not part of the downloaded package, as this would mean changing the content of the package in the store. This information is therefore kept in the .MDM file delivered in the email.

Associate the device with a Profile

After the iOS or Android Systems Management Agent has been installed on the client’s device, the User must take the following steps to associate it with the selected Profile. There are two ways to associate a device with a Profile:

• Option 1: Capturing the QR code using the device’s camera. On a PC with the Web console displaying the Profile to be associated with the User’s mobile device, click the QR code to enlarge it.

i

Then, the User must touch the wheel icon on their device to launch the camera and capture the QR code on the screen

(23)

After reading the code, the Systems Management Agent will display the message “Connected” on the User’s device, and appear on the Systems Management Console.

• Option 2: Importing into the agent the .MDM file attached to the email. On mobile phones without camera it is possible to open the .MDM file from the email message by simply touching the file. After loading the .MDM file, the Systems Management Agent will display the message “Connected” on the User’s device, and appear on the Systems Management Console.

MDM file import is only supported from the device’s native email client.

ADMINISTRATION OF DEVICES NOT SUPPORTED BY THE AGENT

By using the SNMP protocol, Systems Management can allow visibility of devices on which the Agent can’t be installed. SNMP devices can be divided into two large groups: printers, and the rest of the devices: routers, switches, scanners, switchboards, etc. The procedure and requirements differ depending on the group to which a device belongs.

Administration of network printers

To add this type of device, simply locate it using the device discovery function in the Audit tab.

!

Each printer-type device added to the Console uses a license from the total number of licenses contracted by the client.

See Chapter 12: Assets Audit for more details on the discovery of devices.

i

This tab displays all the non-administered devices found on clients’ networks where at least one Windows Agent is installed. As the list that is generated may be quite long, the Search field can be used to locate specific devices. Once a device has been located, click Manage printers and the device will appear in the list of the Profile to which it belongs, just as with other administered devices.

(24)

ADMINISTRATION OF OTHER SNMP DEVICES

Devices that are not printers and which don’t support the installation of the Agent can be managed through a Agent designated in the console as an SNMP monitor.

Although not strictly necessary, it is advisable for administrators to familiarize themselves with the basic concepts of SNMP (OID, MIB, NMS, etc.) as well as having an MIB browser to be able to browse the OIDs structure of the device. Mibble is an MIB browser available free from the website..

i

Which parameters can be monitored in devices managed via SNMP?

Most SNMP-compatible devices publish, in their MIB, a lot of detailed status information that allows you to monitor many functionality parameters, for example:

• Internal resource usage (memory, internal storage, CPU, etc.) • Bandwidth consumption.

• Internal device temperature.

• Descriptive information about the device and the manufacturer (model, version, latest firmware update, etc.)

• Detection of specific errors with error codes. • Changes to the devices configuration.

• Changes to the device status: ports enabled or disabled in a switch via STP, lines available on a switchboard, etc

Any data published in the device MIB can be read and interpreted by Systems

Management, though the manufacturers guide will determine which information can be of use. Similarly, it is important to know the units of measurement used in the published data and to be aware of the thresholds that determine whether a device is in danger of imminent failure and requires intervention from the maintenance department.

What steps are required to configure SNMP monitoring?

Follow the steps below:

• Designate a device as a SNMP monitor in the Systems Management console:

In the list of managed devices displayed in Profiles, Devices, select the computer that will act as the SNMP Monitor in the network by clicking “Add as SNMP monitor” from the icon bar.

It is important that the device is always on and that it belongs to the family of Windows operating systems, as the other platforms supported by Systems Management don’t allow SNMP monitor functions.

It is advisable to designate one or more Windows servers as SNMP Monitors and check that communication through UDP port 161 between the SNMP Monitor and the monitored device is correct.

Once the computer is selected, the installed Agent has to be configured with the devices to monitor and the conditions that will prompt Alerts and Tickets.

• Preparing the devices to monitor:

Practically all devices connected to a network can be monitored via SNMP. To do this it is usually necessary to enable this protocol in the device settings and make a note of the Community it belongs to (usually Public by default).

In some devices it will also be necessary to configure the SNMP protocol version to be used (v1/v2) and the IP address from which the device will receive SNMP requests. In this case the IP address will be the device designated as Systems Management Monitor.

(25)

It is important to collect and keep this data as they will be required later when configuring the service.

Once SNMP is enabled in the device to monitor, establish the OIDs that need to be monitored. SNMP-compatible devices periodically dump internal status data in the MIB structure. It will be necessary to consult the manufacturer’s documentation to see which OID nodes of the MIB structure contain useful information and make a note of them.

It is also possible to obtain these OID nodes by browsing the MIB structure with Mibble or similar.

• Configuring the Agent designated as the SNMP monitor:

To access the SNMP settings, connect to the Agent designated as SNMP Monitor and click the icon indicated in the image below:

If the icon does not appear, check the connection to the Agent designated as SNMP Monitor in the Console and move the panel separator to the right in the Agent.

From this screen you can configure SNMP Monitors and SNMP Alerts.

Each SNMP Monitor controls one or more values on a single device, so it will be

necessary to configure as many SNMP Monitors as there are devices to monitor on the network.

The parameters to configure are:

• Device Name: Field identifying the device.

• IP Address: IP address of the monitored device.

• SNMP version: Version of the protocol used.

• Community: Community to which the SNMP device belongs.

Once the monitor is configured and the changes are saved, you can start to define the SNMP Alerts.

An SNMP Alert comprises a field of the MIB of the monitored device, a reference value that you can define, and a comparison criteria.

To add an alert to an existing SNMP Monitor, click “Add” and complete the fields:

• OID: String of numbers separated by dots which is obtained from the manufacturer’s MIB and identifies the monitored object.

• Description: Text describing the OID.

• Description (alert): Text describing the comparison criteria.

• Operator (alert): Comparison criteria to apply to the Value field to identify an alert situation.

• Value (alert): OID limit or reference value.

Once all the fields are completed, click “Save” and after 60 seconds, or by clicking “Refresh”, the monitor will begin to operate.

When the Agent designated as SNMP Monitor begins to receive information from the SNMP devices, its status switches to “Receiving responses” and the Value field of each alert changes to green or red depending on whether the alert condition has been met or not.

Every 60 seconds the agent launches an SNMP query to the IP, OID and Community items designated in each SNMP alert, collecting the value published in the MIB OID of the device. Using the criteria in the Operator field, this value is compared against the reference Value. If the comparison is successful, the Agent sends the data to the Server so there will be an alert in the Monitor tab and a Ticket with the collected values.

(26)

If you have problems starting a remote desktop session on a network segment, restart the computer acting as the Connection Broker and try again.

Specific factors for monitoring devices via SNMP

5. Devices

Unlike printer-type devices or those supported directly by the Agent, SNMP-managed devices are not integrated in the Console and therefore do not have visibility and cannot be grouped in Groups or Filters or managed using normal procedures (Audits, Monitors, Reports, etc.). In forthcoming versions there will be greater integration in order to offer the same functions as devices managed directly with the Agent. That’s why the configuration of all settings for SNMP monitoring is carried out through the Systems Management Agent designated as the SNMP Monitor.

Devices managed with the procedure described in this section do not consume licenses.

APPROVING DEVICES

Service administrators can also ask for manual approval of devices when integrating a new one with the recently installed Agent. This process may be necessary to monitor which devices are added to the service, particularly in environments where the Agent is freely accessed from within the company (mapped drive or shared resource).

To configure manual approval of devices go to the General menu, Account, Settings.

Even if devices are not approved, they will still be included in the inventory processes and it will be possible to access them via remote desktop.

Non-approved devices will still use up licenses.

Non-approved devices will not receive Jobs nor deployed components.

!

When a device is waiting approval a message will appear in the corresponding Profile’s list of devices.

A Connection Broker is a Windows device with an Agent installed and which is responsible for performing a series of additional tasks aimed at minimizing traffic on clients’ networks, as well as supporting connectivity of the remote desktop on neighboring devices.

CONFIGURING A CONNECTION BROKER

By default on each network segment there will be an Agent that automatically takes the role of Connection Broker. It will be responsible for maintaining centralized communication with the Server and the administered devices in order to minimize bandwidth consumption. The Connection Broker also discovers devices on the same network segment, even if they are devices without an Agent installed, printers, routers or others.

Once manual approval of devices is activated, they will appear under the Approve Devices option as the Agents are installed on the computers. The administrator will then be able to approve the devices to be included in the service.

(27)

Disabling the use of Connection Brokers

Given that when an Agent is promoted to a Connection Broker it requires resources on the device CPU and on the client’s local network which may not be available, it is possible to completely disable this feature from the General menu, Account, Settings in Custom Agent Settings or from Profile, Settings if you only want to disable this feature for a specific Profile..

Other Connection Broker Parameters

If you want to change the Connection Broker settings, from the General menu, Account, Settings you can set the connection parameters:

With the exception of NetAssets Subnet Limit these parameters should only be altered with the express permission of the Panda Security Support dept. Any modification could result in the loss of connection with the Agents..

!

Field Description

Control Channel Address Use restricted to the Panda Security Support Dept. Control Channel Port1: Use restricted to the Panda Security Support Dept Control Channel Port2 Use restricted to the Panda Security Support Dept Web Service Address: Use restricted to the Panda Security Support Dept Tunnel Server Address:: Use restricted to the Panda Security Support Dept NetAssets Subnet Limit Restricts the device scanning range of the Connection Broker to the specified number (0-65535) within a

network segment.

Assigning the role of Connection Broker to a device

Even though promoting a device to Connection Broker is an automatic process

performed on the basis of the characteristics of each device (the time it is switched on, available bandwidth, CPU power, etc.), in some cases it may be advisable to promote a specific network device manually.

Make sure you assign the role of Connection Broker to a server-type device on each network segment, to ensure it has sufficient resources and it is always in service..

To do this, go to the settings of the Agent that you want to act as Connection Broker, right-click and select Settings, Preferences.

(28)

VIEWING DEVICE INFORMATION

Systems Management lets you centrally display in the Console the information compiled by each Agent. This information is available at the Device Level associated with each device, accessible from the General menu, Profiles, selecting the Profile the device belongs to and clicking the Device tab and then the device itself.

The Device level displays the following general information.

Depending on the type of device (server, workstation or smart phone / tablet) some entries may vary or not be available..

The information displayed is divided into five categories: • General device information

• System information • Administrator notes • Activity information • Performance information

General device information

Field Description

Description An editable text description of the device. Initially it contains the device name. Groups Groups to which the device belongs.

Version Version of the installed agent.

Power Rating Depending on the type of device a default consumption rating will be assigned. See later in the chapter for details about how to manage the power consumption of the devices.

Custom field

This field lets you define descriptive labels for the devices. The difference between this and the Description field is that the Custom field is accessible from the scripts run on the devices, as it is a visual way of integrating the result of executing a script in the Console. See Chapter 11: Component execution for more details.

System information

Field Description

Hostname Device name

UID Internal device identifier

Device Type Type of device (workstation, laptop, tablet, smart phone, _printer)

Domain Windows domain to which the device belongs

Last User Last user to log in to the device

Status Status (Online, Offline)

Last Seen Date that the Server last accessed the device.

Last Audit Date Last time a software and hardware audit was performed. _{See Chapter 12: Assets Audit for more details.} Date Created Date the device was created on the system.

Int IP Address: Local IP address of the device

Ext IP Address IP of the router or the device that connects the device to _{the Internet}

Additional IP(s) IP Alias

Manufacturer Model

Operating System Service Pack

Architecture 32 or 64-bit

Serial Number

Security Center Protection status of the resources on the device.

Some fields have a Google search field to provide information about the manufacturer, make or model of the device.

(29)

Also from Device Level, you can get information about the device desktop or start a remote control session from the four icons displayed below.

Refresh Takes a new screenshot of the device desktop and _{displays it on screen.} New Screenshot Lets you download a screenshot of the device _desktop. Connect to device Connects the local agent to the selected device. Remote takeover (RDP) Connects to the device’s remote desktop via RDP Remote takeover (VNC) Connects to the device’s remote desktop via VNC

Administrator notes

Here administrators can add reminders and comments as well as procedures for resolving recurring problems with the device to enable collaboration with other administrators.

Activity log

Displays the actions taken on the device. This is a summary of the information displayed in the Reports tab, selecting the Activity box. You can reach this screen directly by clicking the more… link at the bottom of the list.

• Memory

• CPU • Time that the device was

switched on that day.

Performance

The Console displays three line graphs showing usage of the CPU, the memory and the hard disk. It also indicates the time the device has been operating.

• Disk (a line for each disk on the device).

(30)

MANAGING THE RESOURCE CONSUMPTION OF THE DEVICES

Systems Management lets you automate the monitoring of the resource consumption of the monitored devices. This requires an initial configuration, which although largely corresponds to the default settings, may require an adjustment. It is therefore advisable to adjust the real resource consumption values to reflect the reality in each country / company infrastructure.

The complete cycle of resource consumption management is divided into three sections:

• Specification of the type of device

• Specification of the resource consumption of the type of device • General consumption view

Each section is described below:

Type of device

Systems Management distinguishes between five types of device. • Desktop

• Laptop • Server • Smartphone • Tablet

The system automatically assigns the type of device that best describes each administered device, though if this is not accurate, the value can be changed in the corresponding Device Level in the Summary tab.

Specifying the power rating for each type of device

By default the system assigns specific power ratings for laptops, smart phones or servers. These average values are calculated according to typical hardware

configurations and can be changed for all administered Profiles through the General menu, Account, Settings, Power rating by assigning the watts consumed for all types of devices. They can also be redefined for a specific Profile in the Settings tab of each Profile.

As electricity prices vary enormously from country to country, and even across regions, it is also possible to specify the cost per Kwh.

General power rating view

The consumption for each device can be activated by selecting the Cost in the list of Profile devices.

(31)

WHAT ARE GROUPS AND FILTERS?

Groups and Filters are resources for generating clusters of devices in a similar way to the Profile but more easily and dynamically.

So, while creating a Profile is considered a static aspect of marking devices as belonging to a specific client account, Groups and Filters are designed to be easily modified in response to temporary characteristics or criteria of the devices.

TYPES OF GROUPS AND FILTERS

There are various types of Groups / Filters:

• Profile Device Groups / Profile Filters: created within a specific Profile, they can only contain devices that belong to the selected Profile.

• System Device Groups / System Filters: created at System Level, they can contain devices that belong to one, various or all Profiles

• System Profile Groups: created at System Level, they are Groups of Profiles.

Filters and Groups can be inter-Profile device Groups; depending on where they are generated, they can include devices from one or various Profiles..

6 Filters and Groups

(32)

GROUPS

Groups are groups of static devices. A device is manually assigned to a Group by direct allocation.

FILTERS

The Filters are dynamic groups of devices. Whether a device belongs to a certain Filter or not is determined automatically when the device in questions meets the criteria established for that specific Filter. A Device can belong to more than one Filter.

Predefined filters

Systems Management includes a set of predefined Filters that simplify the organization and location of devices registered in the service.

6. Filters and groups

Filter name Use

All Devices Displays all the devices administered by Systems Management Offline Devices Displays all the offline devices administered by Systems Manage-_ment All Desktop O/S Displays all the desktop devices administered by Systems Manage-_ment Online Desktop O/S Displays all the online desktop devices administered by Systems _Management Offline Desktop O/S Displays all the offline desktop devices administered by Systems _Management All Server O/S Displays all the server devices administered by Systems Manage-_ment Online Server O/S Displays all the online server devices administered by Systems Ma-_nagement Offline Server O/S Displays all the offline server devices administered by Systems _Management MS Win 7 Displays all the Microsoft Windows 7 devices administered by Sys-_{tems Management} MS Win Vista Displays all the Microsoft Windows Vista devices administered by _{Systems Management} MS Win Server 2003 Displays all the Microsoft Windows Server 2003 devices administe-_{red by Systems Management}

MS Win Server 2008 Displays all the Microsoft Windows Server 2003 devices administe-_{red by Systems Management} MS Win XP Displays all the Microsoft Windows XP devices administered by _{Systems Management} MS Win 8 Displays all the Microsoft Windows 8 devices administered by Sys-_{tems Management} MS Win Server 2012 Displays all the Microsoft Windows Server 2012 devices administe-_{red by Systems Management}

Offline > 1 Week Displays all devices administered by Systems Management that _{haven’t been accessed by the server for more than a week.} Apple iOS Displays all devices with iOS (tablets and smart phones) administe-_{red by Systems Management} Mac OSX Displays all devices with Mac OS AX (tablets and smart phones) _{administered by Systems Management} Google Android Displays all devices with Android (tablets and smart phones) admi-_{nistered by Systems Management} All Mobiles Displays all smart phones administered by Systems Management Linux Displays all devices running Linux.

Filter composition

A Filter is made up of one or more Attributes which combine with each other through the logical operations AND / OR. A Device forms part of a Filter if it meets the criteria established in the Attributes of the Filter.

The general layout of the Filter is divided into two blocks:

• Filter name: It is advisable for this to be a descriptive name that describes the characteristics of the Devices (e.g. “Microsoft Exchange servers”, “Workstations with limited disk space, etc.”).

• Criteria: here you can select the Attributes that will be checked on each Device and their Value. For each Attribute several Values can be specified, which are taken into account in line with the specified AND / OR values. Similarly, several Attributes can be specified in the same Filter which also relate to each other in line with the AND / OR values.

(33)

The Criteria block is broken down into three parts:

• Attribute: specifies the characteristic of the device that will determine whether it is part of a Filter. The main Attributes are listed and classified below.

• Condition: establishes the way the Attribute of the device is compared with the reference Value set by the administrator.

• Value: the content of the Attribute. Depending on the Attribute the Value field can change to allow terms such as dates, text, etc.

Below are the values available for each Criteria condition line:

Field Condition Search Term

String

Empty – Not empty,

Contains – Does Not Contain, Starts with – Does not start with, Finishes with – Does not finish with

String. Use % as a wildcard.

Integer

Greater – Greater than or equal to, Less – Less than or equal to, Includes,

Excludes

Numeric.

Binary True / False

Date Before – After, Older than 30/60/90 days Date Interval

Selección Is a member of, is not a member of Grupos disponibles

To specify different values for an Attribute you have to click the “+” to the right of the Value field. This deploys a new control and an AND / OR button that lets you choose the relation: two Values related with AND means that the device must have an attribute that complies with both fields. Two Values related with OR means that the device must have an attribute that complies with at least one of the fields.

Finally, to apply more complex Filters that cn examine several Attributes it is possible to add more Criteria blocks by clicking the “+” below, and repeating the process described above: the new Criteria cn be related with the same AND / OR logic.

(34)

Below you can see the Attributes available to create a Criteria block:

Attribute Description

Windows updates (Yes/No)

Lets you filter devices with the Windows Update engine enabled or disabled.

Display adapter

Lets you filter by brand name and model of the graphics card installed on the device.

Network adapted Lets you filter by brand name and model of the network _{adapter installed on the device.} Additional IP address IP alias of the device.

Antivirus (Yes / No) Lets you filter devices with or without an antivirus installed. Architecture Lets you filter devices with 32-bit or 64-bit architecture. Attached device driver file Lets you apply the filter to the driver file field of external USB drives connected to the device. See Chapter 12: Assets Audit

for more details. Attached device driver

manufacturer

Lets you apply the filter to the driver manufacturer field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

Attached device driver modified

Lets you apply the filter to the driver modified field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

Attached device driver name Lets you apply the filter to the driver name field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

Attached device driver name/ version

Lets you apply the filter to the driver name/version field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

Attached device driver version Lets you apply the filter to the driver version field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

Attached device driver name Lets you apply the filter to the driver name field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

Attached device driver port Lets you apply the filter to the driver port field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

Attached device driver type Lets you apply the filter to the driver type field of external USB drives connected to the device. See Chapter 12: Assets Audit for more details.

CPU Lets you filter by the make and model of the CPU installed on _{the device.} Disk size

Disk free space

Description Lets you filter by the Description of the device. See Chapter 6: _{Devices for more details.} Profile description Lets you filter by the Description field of the Profile to which _{the device belongs.} IP address

MAC address

Disk description Lets you filter by the description string of the internal drives _{on the device.} Managed devices Not used.

OnDemand devices Not used.

Domain Lets you filter by domain the device belongs to on Microsoft _networks. OnDemand profiles Not used.

Status – Online/Offline

Status – Web port OK Not used. Status – Suspended

External IP Address Lets you filter by the IP address with which the device _{connects to the Server} Manufacturer Company that assembled the device

Favorite Lets you filter devices marked as favourites. BIOS release date

Last seen date Date when the device was last seen by the Server. Firewall (Yes/No) Lets you filter devices with firewalls enabled or disabled. Patch title Lets you filter by name of the patches installed.

Memory Lets you filter by the amount of installed memory on the _device.

6. Filters and groups

(35)

Model

Monitor / screen BIOS name Host name

Profile name Lets you filter by the name of the Profile to which the device _belongs. Serial number Lets you filter by the device serial number.

Software package Lets you filter by the software packet installed on the device. Software package /version Software packet and version installed.

Custom field 1-6 Lets you filter by the content of the specified custom field _{(from 1 to 6). See Chapter 6: Devices for more details.} Motherboard Lets you filter by the manufacturer, make and model of the _{motherboard on the device.} Profile device group Lets you filter by the name of the Profile group the Device _{belongs to.} Service Pack

Operating system

System device group Lets you filter by the System group the Device belongs to. Device type

BIOS version

Software version Lets you filter by the version of a software packet installed on _{the device.} Agent version

Last audit Date of the most recent de hardware / software Audit on the _{device. See Chapter 12: Assets Audit for more details.} Last user Lets you filter by the last user to log on to the device.

(36)

The distribution in the Systems Management Console of the managed devices in an MSP with multiple client accounts or in an IT department with various offices, drastically affects efficiency, as many procedures and actions can be configured to run on many devices. This can be alleviated through the right combination of Profiles, Groups, and Filters.

DIFFERENCES BETWEEN PROFILES, GROUPS AND FILTERS

Below is a description of the benefits and limitations of the three grouping methods supported.

Profiles

• Benefits

• They associate the same internet connection settings to all devices: avoid having to manually configure each device locally

• They link email contact information for sending Reports, Alerts, Tickets, etc. • They can access the Tab Bar and the Icon Bar, allowing execution of Actions and display Lists and Consolidated Reports that cover all of the Devices in the Profile conveniently and rapidly.

• Limitations

• A Device can only belong to one Profile

• It is not possible to nest a Profile within a Profile

Groups and filters

• Benefits:

• Groups / Filters let you create subsets of devices within one or more Profiles • A device can belong to various Groups / Filters.

• Limitations

• Groups / Filters have limited functionality as the Tab Bar is not accessible so it is not possible to generate consolidated lists.

• Access to Reports is limited; the Reports generated will only contain information about one device.

7 How to manage

efficiently devices

Groups / Filters are Profiles within Profiles (as many as you like) but have limited access to consolidated Reports and the Tab Bar.