Chat now with support
Chat with Support

KACE Unified Endpoint Manager 11.0 - Getting Started: Implementing Modern Management

About Unified Endpoint Management

Modern device management is the practice of combining cloud-based enrollment, management and security features to accomplish systems management goals, empowering users to be secure and productive on any device, anywhere – regardless of their location.

If you use KACE Cloud Mobile Device Manager together with the KACE Systems Management Appliance, you can take advantage of the new Modern Management approach for Windows and Mac computers. KACE Unified Endpoint Manager enables Modern Management of your Windows and Mac laptops – similar to how you manage iOS and Android mobile devices. This product provides license reconciliation to avoid double counting co-managed nodes for Windows and Mac devices and enables your KACE Systems Management Appliance to correctly interpret inventory imported from KACE Cloud Mobile Device Manager.

Device management types

Your organization typically uses one or more of the following ways of device management:

  • Modern Management: Cloud- and profile-based management of computers, similar to mobile device management.
  • Traditional Systems Management: Premise-based, traditional, deep, granular management for computers and servers, including discovery, scripting, software installation, patching, software asset management, vulnerability scanning, IoT devices (printers, projector, SNMP-enabled devices). Agent or agentless monitoring.
  • IoT: Two types of device management:
    • Agentless SNMP-enabled devices like printers, projectors, network devices
    • Agent-managed POS, signage, SNMP enabled devices and Chromebooks

Device license types

Your managed devices utilize one of the following license types when it comes to endpoint management software:

Device type Mobile Modern Traditional IoT
Mobile device X X    
Server     X  
Windows device   X X  
Linux device     X X*
Desktop   X X  
Laptop   X X  
Chromebook       X
IoT agentless inventory (e.g., printers, projectors)       X
*IoT Embedded (e.g., Microsoft OS, Linux, Raspbian)     X  

Choosing a device management type

To identify which device management styles work for the users in your organization, review the following scenarios.

  • End users:
    • Mobile employees: They are not office-based and often travel for business. They do not require granular management, keeping their needs fairly simple. Everything is done through the cloud as opposed them connecting to an on-premises system. They use their laptops as mobile devices or tablets. KACE Unified Endpoint Manager can interact with Apple, Google, Microsoft's cloud services to help enroll, configure and manage the laptop.
    • Office-based users: They are usually online more than mobile employees, and as such need much more granular, traditional management that involves software and IT asset management, patching, and other features. This is the preferred method for managing most laptops and desktops for that reason, particularly for those who prefer on-premises solutions, and have a history of working with Group Policy, Microsoft AD, patch management and other traditional management features.

    • Data center staff: Modern Management is not an alternative for the users that work in a data center facility. Servers must be managed very granularly with limited access.

  • Administrators: Each organization has an overall endpoint management style preference. In addition to the three end-user types listed above, there are different administrative needs to consider.

    Domain Modern Preference Traditional
    Inventory X Either X
    Hardware Asset Management X Either X

    Enrollment

    (Apple, Google, Microsoft)

    		 X    
    Discovery     X
    Cloud X    
    On-Premises     X
    Subscription License X    
    Perpetual License     X
    OpEx X    
    CapX     X
    Over The Air X    
    Agent     X

    Profile

    		 X    

    Scripting

    (E.g., software distribution, Poweshell)

    		     X
    Active Directory     X
    Group Policy     X
    Software Asset Management     X
    Patching     X

 

 

 

 

Getting started

KACE Unified Endpoint Manager allows you co-manage Traditional and Mobile Endpoints using a single pane of glass.

This solution requires the following Quest product components:

  • KACE Systems Management Appliance: This virtual appliance is designed to automate device management, application deployment, patching, asset management, reporting, and Service Desk ticket management.
  • KACE Cloud Mobile Device Manager: This cloud-based product allows you to easily manage and secure your mobile devices. You must have the UEM Co-Managed Subscription to enable license reconciliation.

    KACE Unified Endpoint Manager provides license reconciliation to avoid double counting co-managed nodes for Windows and Mac devices, and enables your KACE Systems Management Appliance to correctly interpret inventory imported from KACE Cloud Mobile Device Management.

Follow this guide if you do not have any of these components installed in your environment, and want to get started with Unified Endpoint Manager.

Obtaining product components

  1. Contact the Quest sales team to obtain licenses for the following components:
  2. Obtain a KACE Systems Management Appliance installer.
    The appliance comes in different versions, such as appliances for VMware, Hyper-V, and MS Azure systems. You can download VMware and Hyper-V appliances from the Quest Support Portal, while the Azure virtual appliance is available in Microsoft Azure.

    Or:

Configuring KACE Unified Endpoint Manager

When you have all of the required components and licenses, complete the following steps:

  1. Install the KACE Systems Management Appliance. Setup guides for each supported platform are available for download from the Technical Documentation page on the Quest Support Portal at https://support.quest.com/kace-systems-management-appliance/technical-documents.
  2. Log in to the appliance and install the KACE Co-Managed Systems Management Appliance Add-on.
    1. In the appliance Administrator Console, go to Settings > Appliance Updates.
    2. Under Manually Update, click Browse.
    3. Navigate to the downloaded KACE Co-Managed Systems Management Appliance Add-on .kbin file.
    4. Click Update.
  3. Configure the appliance to sync with KACE Cloud Mobile Device Manager.
    1. Log in to the appliance.
      • Go to Inventory > Discovery Schedules and select Choose Action > New.
    2. Log in to KACE Cloud Mobile Device Manager.
      1. Go to Settings > Integrations > KACE SMA (K1000).
      2. Copy the Tenant Name and Secret Key information.

      For complete information about KACE Cloud Mobile Device Manager, visit https://docs.kacecloud.com/Content/Resources/Home.htm.

    3. On the appliance, complete the Discovery Schedule Detail page.
      1. Under the Discovery Type, select External Integration.
      2. Expand the KACE Cloud Mobile Device Manager section and provide the recorded Tenant Name.
      3. Create a new credential using the recorded Secret Key.

      For detailed instructions, see the appliance product help or visit the KACE Systems Management Appliance Technical Documentation page on the Quest Support Portal at https://support.quest.com/kace-systems-management-appliance/technical-documents.

When Unified Endpoint Manager is configured in KACE Cloud Mobile Device Manager and KACE Systems Management Appliance, the number of devices that are using UEM Co-Managed Subscription is indicated in both products:

FAQs

Where can I find my UEM Co-Managed Subscription Details once purchased and set up?

After applying the .kbin file:

  • In KACE Systems Management Appliance: A new license count appears in About > Co-Managed Devices.
  • In KACE Cloud Mobile Device Manager: The co-managed license can be found under Settings > Subscriptions/Licensing.

What happens if I have the KACE Co-Managed Systems Management Appliance Add-on and an incorrect license, or the other way around?

The KACE Co-Managed Systems Management Appliance Add-on includes explicit instructions to only use it if you have KACE Cloud Mobile Device Manager. Both the add-on and the KACE Systems Management Appliance 10.2 release or later are required. If co-managed devices in KACE Cloud Mobile Device Manager use up all their licenses, the appliance consumes a KACE Agent license. If those are exhausted, the appliance follows the standard procedure.

If my UEM Co-Managed Subscription doesn’t seem to be working, who can I contact?

Please contact Quest Support.

To whom do we escalate licensing issues?

Please contact Quest Support.

Will bootstrap fail on the KACE Systems Management Appliance if KACE Cloud Mobile Device Manager runs out of seats? And if so, will this cause a potential disruption in agent communication?

KACE Systems Management Appliance behaves the same way as it would when it does not have enough standard agents. Agents always consume a license. Adding devices is enforced separately for each license type. When managed computer licenses are exceeded, agent-based systems cannot be added. When non-computer licenses are exceeded, no non-computer devices can be added. However, an exceeded count on one type does not prevent usage on the other. If co-managed devices on the KACE Cloud Mobile Device Manager use up all their licenses, the appliance should consume a KACE Agent license count. If those are exhausted, the appliance follows the standard procedure.

How do I troubleshoot Unified Endpoint Manager if my end user says it is not working?

When a KACE Cloud Mobile Device Manager device is provisioned to the KACE Systems Management Appliance, complete the steps below. You can provision a KACE Cloud Mobile Device Manager device by selecting Choose Action > Provision > Agentless: Automatic on the Discovery Results page, or by selecting Auto-Provision in the Discovery Schedule.

  • Verify that only one instance of the device exists in the appliance inventory.
  • On the Device Detail page, verify that the Device Entry Type is reported as Agent or Agentless Device.
  • If the above two steps are not expected, delete the Agentless entry (assuming that it exists), and re-provision the device from the appliance  Discovery Results page.
  • Verify that the tenant the Discovery Schedule the device was created from has available co-managed licenses.
  • If the tenant does not have co-managed licenses and a customer wants to purchase them, Quest Sales can assist them.

Where does Unified Endpoint Manager store log messages?

When an attempt to use a co-managed license from a KACE Cloud Mobile Device Manager tenant fails, an error along with the status from KACE Cloud Mobile Device Manager is logged in kbox_log.

How often does Unified Endpoint Manager negotiate product licenses?

License reconciliation occurs at device provisioning time and on regular KACE Systems Management Appliance Agentless inventory. Its frequency is determined by the Agentless inventory interval setting.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating