Software Managed Compliance - vs - Package delivery
You will find a french version at this place - Veuillez trouver une version française ici: http://www.bemore.ch/marketing/pdfs/Altiris_CMS7_Newdelivery_Kotte_091116.pdf or here: https://docs.google.com/Doc?docid=0ARVPHy_8ksimZGd3OTIzMmJfOTM0aGN0Z243Z3E&hl=fr You can get problem to see images, because outside linked to Google docs: You must trust "symantec.com" and "docs.google.com", if you still get problem to see images: just go directly the Google version in there: https://docs.google.com/Doc?docid=0ARVPHy_8ksimZGd3OTIzMmJfOTQwZGs0eDV0Z24&hl=en
From my point of view: I identify currently 4 feature levels for computers software delivery:
-
Stage 0 « Mono manual » : install each PC manually, with a remote control option to avoid kilometers… This model is still a lot used currently, because before be able to stage next level, you must "packaging" all the software applications.
-
Stage 1 « Multi manual » : With a silent install package, we can use a tool to deploy multiple PC in a single operation. (That is the « Altiris Deployment Solution » DS 6.9)
-
Stage 2 « Static Policy » : A policy associated a static ‘collection’ (a group). Adding a PC in this group, just launch the single "one shot" deploy.
-
Stage 3 « Dynamic Policy » : A policy "choose" computers based predefined attributes: E.g. from inventory result, detecting existing or missing installed software. The policy can replay automatically the deploy (e.g. after a crash disk)
|
|
|
Manual
|
“Static Policy” (one shot)
|
“Dynamic Policy” (from Server side)
|
But, what we only need: That is associate a software to a predefined list of computers, or all. The automation tool should be able to detect, install, update, or repair, when it is necessary, and only report when we got a failure (creating a Help desk ticket or an email).
-
That is the Stage 4 « Managed Policy » : In CMS7, the server does not decide any more what to do or not on each client. It gives the Software listing & associated rules to the computers. So each computer can verify himself, if the detected installation is compliant, or missing, or need to be updated. If necessary, the client download what necessary from a secured place and will run the remediation for compliance (install, repair, install additional required software, update, etc...).
|
The secure DSL (Definitive Software Library) host: - Detection rules updated from the packages import - Dependencies or updating rules
The PC client can run the check alone: - If all "active" software are correctly there, with the good version, etc…
If necessary, the PC download the package from the secure place (DSL), for installing, repairing, configuring, removing, any required operations.
|
« Software Compliance »
|
|
Bonus: you can also activate the "redirect to Virtual layer" option, if you deploy the SVS agent (Virtual Software, now integrated with CMS7). Be care not all packages will support without some tuning.
Basic operations
Step 1: you import Packages:
Best are MSI or VSA packages, because you already got main basic information: Install/repair/remove commands:
You can complete or edit.
You get also the basic detection rule, you can extend:
For MSI only, VSA package are not "detected" ? Some improvements still required ;-) For SVS, we will see they are all version sharing the same MSI code :-( So I will create an additional article to explain how to extend detection rules, as soon as I can :-)
Step 2: You update rules:
Like dependencies and supersedes:
File Inventory relations: (be care the sample screen below is not related the SVS agent above, this is a sample for Altiris NS agent)
Step 3: You act:
-
Add to an inventory policy, report or create a "dynamic filter collection",
-
Quick deploy (single shot task), to manually assigned computers,
-
Add to a software compliance check list (managed delivery) on a "targeted computers collection",
-
Block any execution on all clients, etc...
Not such easy as it seems to be in there, but really great because innovating & change to a true ITIL perspective of Software catalog management instead of "package deploying".
Enjoy life in CMS 7 ;-) Vote My Post if you like it - I provide a PPT version to help presentation your side.