KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Configuring network and security settings

Configuring network and security settings

Appliance network settings include the hostname, web server name, IP address, and other information required to access the appliance over the network.

Change appliance network settings

Change appliance network settings

You can change the appliance network settings to meet the needs of your environment any time after the initial configuration.

For virtual and physical versions of the appliance, network settings are initially configured during the first login to the Administrator Console or the Command Line Console. See Change appliance network settings.

For K1 as a Service, the appliance is preconfigured with a static IP address, subnet mask, and default gateway. For configuration information, see the KACE as a Service Setup Guide. Go to https://support.quest.com/k1000-as-a-service/release-notes-guides.

Changing the majority of appliance network settings requires that you reboot the appliance. Total reboot downtime is one to two minutes, provided that the changes result in a valid configuration.

1.
Go to the appliance Control Panel:
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
Click Network Settings to display the Network Settings page.
3.
On the Network Settings page, in the Appliance Network Configuration section, provide the following information:

Option

Description

DNS Hostname

Enter the hostname of the appliance. The default is k1000.

Web Server Name

Enter the fully-qualified domain name of the appliance. This is the Hostname concatenated with Domain. For example: k1000.example.com. Devices connect to the appliance using this name. Quest recommends that you add a static IP address entry for the appliance to your DNS server. If you use an SSL certificate, the hostname must be fully qualified and it must match the name on the certificate.

Automatically generate server name

Select this check box to enable the system to generate the KACE SMA web server name using this format: Hostname.Domain. For example: k1000.example.com. Clear this check box to enter a custom web server name.

4.
In the IPv4 Configuration section, provide the following information:

Option

Description

Configure Network Using DHCP

Select this option if you want to use DHCP (Dynamic Host Configuration Protocol) to automatically obtain the IPv4 address and other network configuration information for the appliance.

Configure Network Manually

Select this option if you want to manually specify the IPv4 address, domain, subnet mask, default gateway, and DNS settings for the appliance:

IP Address: Enter the static IP address of the appliance.
CAUTION: If the IP address is incorrect, you cannot access the appliance through the web interfaces (Administrator Console and User Console). If this happens, open the appliance Command Line Console, and use the konfig login to enter the correct IP address.
Domain: Enter the domain that the appliance is on. For example, example.com.
Subnet Mask: Enter the subnet (network segment) that the appliance is on. The default is 255.255.255.0.
Default Gateway: Enter the network gateway for the appliance.
Primary DNS: Enter the IP address of the primary DNS server the appliance uses to resolve host names.
Secondary DNS: (Optional) Enter the IP address of the secondary DNS server the appliance uses to resolve host names.
5.
In the IPv6 Configuration section, provide the following information:

Option

Description

Configure Network Using SLAAC

Select this option if you want to use the SLAAC (stateless address auto-configuration), offered by IPv6, to configure the appliance's network settings. SLAAC allows devices to select their own IPv6 addresses based on the prefix that is advertised from their connected interface.

Configure Network Manually

Select this option if you want to manually specify the IPv6 address, prefix length, and default gateway for the appliance:

IPv6 Address: Enter the static IPv6 address of the appliance.
CAUTION: If the IP address is incorrect, you cannot access the appliance through the web interfaces (Administrator Console and User Console). If this happens, open the appliance Command Line Console, and use the konfig login to enter the correct IP address.
Prefix Length: Enter the number of bits in the IPv6 address prefix. An IPv6 prefix typically consists of 64 bits.
Default Gateway: Enter the network gateway for the appliance.

Disable IPv6

Select this option if you want to disable an IPv6 address for the appliance. This is the default setting.

6.
Optional: To set a proxy server, select the Enable Proxy Server in the Proxy Configuration section, then specify proxy server settings:

Option

Description

Type

Enter the proxy type, either HTTP or SOCKS5.

Server

Enter the name of the proxy server.

Port

Enter the port for the proxy server. The default port is 8080.

Enable Basic Proxy Authentication

Select the check box to use the local credentials for accessing the proxy server.

Login

Enter the username for accessing the proxy server.

Password and Confirm Password

Enter the password for accessing the proxy server.

7.
To use an external SMTP server, select Enable SMTP Server in the Email Configuration section, then specify SMTP server options:

Option

Description

Server

Specify the hostname or IP address of an external SMTP server, such as smtp.gmail.com. External SMTP servers must allow anonymous (non-authenticated) outbound email transport. Ensure that your network policies allow the appliance to contact the SMTP server directly. In addition, the mail server must be configured to allow the relaying of email from the appliance without authentication. If you specify an IP address, enclose the address in brackets. For example [10.10.10.10].

Port

Enter the port number to use for the external SMTP server. For standard SMTP, use port 25. For secure SMTP, use port 587.

Login

Enter the username of an account that has access to the external SMTP server, such as your_account_name@gmail.com.

Password and Confirm Password

Enter the password of the specified server account.

a.
Click Test Connection.
b.
In the Connection Test SMTP dialog box that appears, type the email address to which you want to send a test email using the newly configured SMTP server, and click Send Test Email.
The Connection Test SMTP dialog box refreshes, showing the test results. status of the email operation. If the test fails, verify your configuration, and try again.
9.
Click Save.

Configure local routing tables

Configure local routing tables

Configure local routing tables to enable the KACE SMA to route traffic through multiple gateways on a network.

Local routing tables are useful when the physical appliance is located in one office, and managed devices are located in a different location. For example, if the appliance is located in Texas, and managed devices are located in California, the KACE SMA would serve devices on the Texas subnet. Using the a local routing table, the appliance could be pointed to the network in California, so that it could host the California devices as well as the Texas devices.

1.
Go to the appliance Control Panel:
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
Click Local Routing Table to display the Local Routing Table Settings page.
3.
Click the Add button to add an entry: .

Option

Description

Name

Enter a name for the route.

Destination

Enter the IP address or network for the destination with which you want your KACE SMA to communicate.

Subnet Mask or CIDR

Enter the subnet mask of the specified network. For example: 24, 255.255.240.0. This is applied to the host.

Gateway

Enter the IP address of the router that routes traffic between the KACE SMA and the destination network.

5.
Click Save at the end of the row to save the entry.
6.
Click Save and Reboot at the bottom of the page to save all changes.
7.
Click OK to continue.

Configure local web server settings and whitelist hosts

Configure local web server settings and whitelist hosts

You can configure local web server settings to specify a whitelist of hosts that are allowed to access the Administrator Console, System Administration Console, and the User Console. After you create the whitelist, access is restricted to the hosts on the whitelist.

NOTE: After an IP address or domain name is whitelisted (added to the Allow List), only that IP address or domain has access. All others are blocked.
1.
Go to the appliance Control Panel:
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
Click Access Control List to display the Access Control List Details page.

Option

Description

No access restrictions

Select this option to allow access from any web address.

Restrict access as specified below

Select this option to restrict access to web addresses on the Allow List. To whitelist IP addresses on the appliance’s subnet in addition to the specified destinations, select Allow all IP addresses in the same subnet as the appliance.

4.
In the Allow List section, click the Add button to add an entry: .

Option

Description

Destination

Specify the destination:

adminui: This is the Administrator Console, Admin level. A whitelist of users who can log in to http://KACE_SMA_hostname/admin.
userui: This is the User Console. A whitelist of users who can log in to http://KACE_SMA_hostname/user.
systemui: This is the System Administration Console (available only if the Organization component is enabled on the appliance). A whitelist of users who can log in to http://KACE_SMA_hostname/system.

IP Address/Domain Name

Provide the address to be allowed. This can be either:

Subnet Mask/CIDR

(Optional) Provide a subnet mask/CIDR (Classless Inter-Domain Routing) to be allowed. This enables a finer-grained subnet control.

6.
Click Save at the end of the row to save the entry.
7.
Click Save at the bottom of the page to save all changes.
8.
Click OK to continue.
NOTE: After an IP address or domain name is added to the Allow List, only that IP address or domain can access that page. All others are blocked.
Documents connexes