KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Adding, editing, and deleting organizations

Adding, editing, and deleting organizations

You can add, edit, and delete organizations as needed. In addition, you can rename the Default organization and edit its settings.

Add or edit organizations

Add or edit organizations

You can add or edit up to 50 organizations on a single KACE SMA.

When you add organizations, you need to assign them Organization Roles. You can use the Default Role, but if you want to use a custom Organization Role, add that role before you add the organization. See Add or edit Organization Roles.

1.
Go to the Organization Detail page:
a.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System from the drop-down list in the top-right corner of the page.
c.
Display the Organization Detail page by doing one of the following:
Select Choose Action > New.

Option

Description

Name

Enter a name for the organization. You can modify the name later if required. If the fast switching option is enabled, this name appears in the drop-down list in the top-right corner of the page. See Enable fast switching for organizations and linked appliances.

Description

A description of the organization. You can modify the description later if necessary.

Role

The user role you want to assign to the organization. You can modify this selection later if required.

NOTE: To create a role, go to Organizations > Roles.

Client Drop Size

A file-size filter for the organization's Client Drop location.

The Client Drop location is a storage area (Samba share) for the organization on the KACE SMA. This storage area is used to upload large files, such as application installers and appliance backup files, to the appliance. Uploading files to the Client Drop location is an alternative to uploading files through the Administrator Console using the default HTTP mechanism, which can result in browser timeouts for large files.

The Client Drop Size filter determines whether files uploaded to the organization's Client Drop location are displayed on the Upload and Associate Client Drop File list on the Software Detail page. For example, if the Client Drop Size filter is set to 1 GB, the Upload and Associate Client Drop File list shows files that are 1 GB in size or larger. Files that are less than 1 GB in size are not displayed on the list.

Application files are moved from the organization's Client Drop location to the appropriate area when the file is selected on the Software Detail page and saved.

Appliance backup files that are placed in the Client Drop location are automatically identified as appliance backup files, and they become available for selection on the Backup Settings page within five minutes.

If you have multiple organizations, each organization has its own Client Drop location and Client Drop Size filter setting. See Copy files to the KACE SMA Client Drop location.

Option

Description

Name

Modify the name of the organization as needed. If the fast switching option is enabled, this name appears in the drop-down list in the top-right corner of the page. See Enable fast switching for organizations and linked appliances.

Locale

The language to use for the organization’s Administrator Console and User Console.

Description

A description of the organization. You can modify the description later if necessary.

Database Name

(Read-only) Displays the name of the database the organization is using.

Report User

(Read-only) The username used to generate reports. The report username provides access to the database (for additional reporting tools), but does not give write access to anyone.

Report User Password

The report user password. This password is used only by the reporting system and MySQL.

Role

The user role you want to assign to the organization. You can modify this selection later if required.

NOTE: To create a role, go to Organizations > Roles.

Client Drop Size

A file-size filter for the organization's Client Drop location.

The Client Drop location is a storage area (Samba share) for the organization on the KACE SMA. This storage area is used to upload large files, such as application installers and appliance backup files, to the appliance. Uploading files to the Client Drop location is an alternative to uploading files through the Administrator Console using the default HTTP mechanism, which can result in browser timeouts for large files.

The Client Drop Size filter determines whether files uploaded to the organization's Client Drop location are displayed on the Upload and Associate Client Drop File list on the Software Detail page. For example, if the Client Drop Size filter is set to 1 GB, the Upload and Associate Client Drop File list shows files that are 1 GB in size or larger. Files that are less than 1 GB in size are not displayed on the list.

Application files are moved from the organization's Client Drop location to the appropriate area when the file is selected on the Software Detail page and saved.

Appliance backup files that are placed in the Client Drop location are automatically identified as appliance backup files, and they become available for selection on the Backup Settings page within five minutes.

If you have multiple organizations, each organization has its own Client Drop location and Client Drop Size filter setting. See Copy files to the KACE SMA Client Drop location.

Filters

The filters you want to use to assign new devices to the organization when devices check in to the appliance. To select multiple filters, use Ctrl-click or Command-click.

Devices

(Read-only) Displays the number of devices assigned to the organization.

4.
In the Communication Settings section, specify the following settings:

Option

Suggested Setting

Notes

Agent Logging

Enabled

Whether the KACE SMA stores scripting results provided by Agents installed on managed devices. Agent logs can consume as much as 1GB of disk space in the database. If disk space is not an issue, enable Agent Logging to keep all log information for Agent-managed devices. These logs can be useful during troubleshooting. To save disk space, and enable faster Agent communication, disable Agent Logging.

Agent Inventory

12 hours

The frequency at which Agents on managed devices report inventory. This information is displayed in the Inventory section.

Agentless Inventory

1 Day

The frequency at which Agentless devices report inventory. This information is displayed in the Inventory section.

Catalog Inventory

24 hours

The frequency at which managed devices report inventory to the Software Catalog page.

Metering

4 hours

The frequency at which managed devices report metering information to the KACE SMA. Requires metering to be enabled on devices and applications.

Scripting Update

4 hours

The frequency at which Agents on managed devices request updated copies of scripts that are enabled on managed devices. This interval does not affect how often scripts run.

Disable Wait for Bootup Tasks

Disabled

If selected, this option stops the agent from executing bootup tasks.

Disable Wait for Login Tasks

Disabled

If selected, this option stops the agent from executing login tasks.

5.
In the Notify section, specify the message to use for Agent communications:

Option

Suggested Setting

Notes

Agent Splash Bitmap

As required

The path to an existing .bmp file that you want to use as the splash logo.

Disable Bootup Splash

Disabled

If selected, this option stops the agent from displaying the bootup splash logo.

Disable Login Splash

Disabled

If selected, this option stops the agent from displaying the login splash logo.

Agent Splash Page Message

Default text:

KACE Systems Management Appliance (SMA) is verifying your PC Configuration and managing software updates. Please Wait...

The message that appears to users when Agents are performing tasks, such as running scripts, on their devices.

6.
In the Schedule section, specify the Communication Window for Agent-managed devices:

Option

Suggested Setting

Notes

Communication Window

00:00 to 00:00 (+1 day)

The period of time during which Agents on managed devices are allowed to connect with the KACE SMA. For example, to allow Agents to connect between the hours of 01:00 and 06:00 only, select 01:00 from the first drop-down list, and 06:00 from the second drop-down list.

You can set the communications window to avoid times when your devices are busiest.

7.
In the Agentless section, specify communications settings for Agentless devices:

Option

Description

SSH Timeout

The time, in seconds, after which the connection is closed if there is no activity.

SNMP Timeout

The time, in seconds, after which the connection is closed if there is no activity.

Maximum Attempts

The number of times the connection is attempted.

WinRM Timeout

The time, in seconds, after which the connection is closed if there is no activity.

VMware Timeout

The amount of time in seconds to wait for a connection to the VMware vSphere API service running on a VMware host.

8.
Click Save.

The organization is added. If fast switching is enabled, and the default admin account passwords for the System and for your organizations are the same, you can switch between organizations and the System using the drop-down list in the top-right corner of the page. To see new organizations in the list, you need to log out of the Administrator Console and then log back in. In addition, if the option to require organization selection at login is enabled at the System level, the organization is available in the drop-down list on the Administrator Console login page, http://KACE SMA_hostname/admin, where KACE SMA_hostname is the hostname of your appliance.

NOTE: For new organizations, the password for the default admin account is the same as the password for the default admin account at the System level. This is assigned automatically. To change the admin account password, edit the admin user account.
NOTE: However, be aware that organizations with different admin account passwords are not available for fast switching using the drop-down list in the top-right corner of the page.

For more information about System-level settings, see Configure appliance General Settings with the Organization component enabled.

Configure Two-Factor Authentication for organizations

Configure Two-Factor Authentication for organizations

Two-Factor Authentication (2FA) provides stronger security for users logging into the appliance by adding an extra step to the login process. It relies on the Google Authenticator app to generate verification codes. The app generates a new six-digit code at regular intervals. When enabled, end users will be prompted for the current verification code each time they log in.

To download the Google Authenticator app, visit one of the following sites, as applicable:

You can enable or disable 2FA access to the Administrator Console and User Console for one or more organizations using the System Administration Console, as described below. Alternatively, you can enable 2FA access to the Administrator Console and User Console for all users in an organization using the Two-Factor Authentication page in the Administrator Console For more information, see Enable Two-Factor Authentication for all users.

1.
Go to the Organizations list page:
a.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System from the drop-down list in the top-right corner of the page.
2.
On the Organization list page that appears, select one or more organizations for which you want to configure 2FA.
3.
To enable 2FA for all users in the selected organizations in the Administrator Console, click Choose Action > Two-Factor Authentication > Admin Portal > Required for all Users.
4.
To disable 2FA for all users in the selected organizations in the Administrator Console, click Choose Action > Two-Factor Authentication > Admin Portal > Not Required.
5.
To enable 2FA for all users in the selected organizations in the User Console, click Choose Action > Two-Factor Authentication > User Portal > Required for all Users.
6.
To disable 2FA for all users in the selected organizations in the User Console, click Choose Action > Two-Factor Authentication > User Portal > Not Required.

Delete organizations

Delete organizations

You can delete organizations as needed. However, if you have a single organization on your appliance, you cannot delete that organization until you add another one. The appliance must always have at least one organization available.

1.
Go to the Organization Detail page:
a.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System from the drop-down list in the top-right corner of the page.
2.
Select Choose Action > Delete, then click Yes to confirm.

The organization, including information in the organization database, is removed from the appliance.

Documents connexes