KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

About patch subscription and downloads

About patch subscription and downloads

Patch subscription is the process of selecting the operating systems and applications for which you want to receive patches.

If the Organization component is enabled on your appliance, you select subscription settings for each organization separately.

After you subscribe to patches, the appliance downloads them according to the schedule you set. When patches are downloaded, you can test and deploy them. You can choose to automatically deploy patches as well, but such deployment is recommended for low-risk or time-important patches only. See:

Applications that the KACE SMA is able to patch

For a list of applications that the KACE SMA is able to patch, go to https://support.quest.com/kb/112030.

NTP service requirement

When downloading patches using HTTPS, the NTP (Network Time Protocol) service must be running on the KACE SMA. The NTP service is required because the secure protocol uses the current date stamps from the appliance to ensure certificate validity. If the NTP service is not running, patch download failures, suggesting invalid certificates, might result.

Websites that must be accessible to the KACE SMA

Websites that must be accessible to the KACE SMA

To complete patch downloads, access product information, and interact with Quest Support, the firewall, DNS server, and proxy server settings must allow the KACE SMA to access specific domains on both port 80 and port 443.

Table 28. Domains that must be accessible to the KACE SMA


Used for


Dell updates


Dell updates


Lumension patches


Lumension patches


Quest patches


Quest patches


Microsoft updates


Microsoft updates


Microsoft updates


ITNinja community features


Redirects to ITNinja.com


Localized content, third-party software licenses, and product information


Quest updates


SCAP (Secure Content Automation Protocol)


KACE SMA and Agent updates from Quest


Quest Support


Skype updates


Adobe application updates


Adobe application updates


Adobe application updates


Adobe application updates


Adobe application updates


Mozilla Firefox updates


Ultra VNC updates


7-Zip updates


VideoLAN VLC updates

Overview of first-time patch-subscription workflow

Overview of first-time patch-subscription workflow

Patch detection signatures and patch packages are not downloaded to the appliance by default. You must subscribe to the patches you want and then schedule a time to download them.

To save network bandwidth and disk space, Quest recommends that you download patch definition signatures first, because they are much smaller in size than patch packages. Then you can detect the patches that you need, and select the download settings that work best for your network.

The following workflow is for first-time patch-subscription.

Gather information: Identify the operating systems, language packages, and applications installed on managed devices so that you know what you need to subscribe to. You can find this information on the appliance Dashboard page as well as by running reports. See View details about operating systems and applications.
Select initial patch subscription settings: Subscribe to the operating systems and languages required by managed devices. See Subscribing to patches and configuring download settings.
Download patch detection signatures: Patch detection signatures are smaller files that can be downloaded quickly and do not require much disk space. Download the patch detection signatures of the patches you subscribe to. Downloading these signatures enables you to view available patches and identify the patch packages you want to download later. See Select patch download settings.
Run a detect-only patching job: Schedule a Detect-only patching job to identify the patches required by managed devices. A detect-only patching job is a one-time operation that shows how large the first patching job is going to be. Also, it indicates how to allocate resources based on device availability for patch installations and reboots. To run a detect-only patching job, create a patching schedule that detects patches on all devices. See Configuring patch schedules.
Select patch package download settings: After you have identified the patch packages that you need, set a time for package downloads to occur. See Select patch download settings.

View details about operating systems and applications

View details about operating systems and applications

You can view information about the operating systems and applications installed on managed devices on the Summary Detail page.

Before you subscribe to patches, gather information about the operating systems, language packages, and software installed on managed devices so that you know what subscriptions you need.

If your KACE SMA has the Organization component enabled, and you want view information for the appliance, log in to the KACE SMA System Administration Console: http://KACE_SMA_hostname/system, or select System from the drop-down list in the top-right corner of the page.
If your KACE SMA does not have the Organization component enabled, or if you want to view organization-level information, log in to the KACE SMA Administrator Console : http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled, select an organization in the drop-down list in the top-right corner of the page next to the login information.
Click Home to display the Dashboard page.
The Dashboard Detail page appears. The Devices section shows the operating systems of managed devices for the appliance or for the selected organization.
In the Software section, click Software Titles.

The appliance runs a report that displays the software installed on managed devices. See About reports.

Documents connexes