지금 지원 담당자와 채팅
지원 담당자와 채팅

KACE Systems Management Appliance 13.2 Common Documents - Administrator Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Maintaining device and appliance security Manage quarantined file attachments
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Best practices for patching

Best practices for patching

Best practices for patching devices include testing patches, using labels to organize devices and patches, and notifying users when systems are being patched.

Test patches on selected devices before deploying them to all devices. This testing ensures that patches do not break anything before they are widely deployed.

When choosing test devices, look for these characteristics:

For a thorough test, devices should function normally for at least a week after being patched. If no problems are reported after a week, the patch can be deployed to the remaining devices on the network.

You can use Smart Labels to automatically group devices by type, such as laptop, desktop, and server. In addition, you can use Smart Labels to automatically group patches by importance, such as critical operating system patches and lower priority patches for other applications. You can then create patching schedules to match each type of device and patch.

See:

There are two options for patching Windows devices:

Use Windows Update: Windows Update is a Microsoft feature that downloads and installs updates to Windows operating systems. If you enable Windows Update on managed devices, use Patch Management on the appliance only to detect Windows operating system patches, not to deploy them. Patches will be deployed by Windows Update.
Use the appliance: You can download and deploy patches for Windows operating systems using Patch Management. If you use Patch Management on the appliance, disable Windows Update on managed devices, because patches will be deployed by the appliance.

Schedule patch deployment during periods when device use is lower to minimize downtime. Keep in mind that device use varies depending on the device type:

Servers: These require careful and well-publicized upgrades. When patching servers, you might need to plan ahead by several weeks.
Desktops: These have more flexible options for patching, because they are often left running when they are not in use.
Laptops: These are the most difficult to patch, because they are often only available to patch while being used.

For more information about creating patch schedules for each type of device, see:

Be sure to notify users when the devices they use are being patched. This is especially important if devices need to be restarted as part of the patching process. There are several ways to inform users of patching schedules:

Send email or use other messaging systems: Notify users in advance through email and other messaging systems outside the appliance Administrator Console. This notification is especially useful when patching might prevent access to critical systems, such as servers, for a time.
Send an alert message from the appliance: Use the appliance Administrator Console to create an alert and broadcast it to all devices or to selected devices. These broadcast alerts can be used to remind users that patching is about to start.

For more information on creating alerts, see Broadcasting alerts to managed devices.

Provide alerts during patching: When you schedule patching, choose to alert users before patching, and prompt users before rebooting their devices. You can also enable users to snooze or postpone reboots if necessary. See Configuring patch schedules.

For more information about scheduling patching for various devices, see:

Patching jobs can require extensive bandwidth and resources. To reduce the impact on users, you can set time limits on patching jobs. For example, you could configure patching jobs to start at 04:00 and stop at 07:00. Any patching jobs that are in progress at 07:00 are suspended. Jobs resume where they left off when the next scheduled patching job begins. See Configuring patch schedules.

Use Replication Shares to optimize network resource requirements and download time. Replication Shares are devices that keep copies of files for distribution, which can be useful for managed devices that are deployed across multiple geographic locations. For example, using a Replication Share, a device in New York could download patch files from another device at the same office, rather than downloading those files from an appliance in Los Angeles.

For more information on setting up and using Replication Shares, see Using Replication Shares.

Quest Support has a Knowledge Base of articles about the appliance, which you can access at https://support.quest.com/kace-systems-management-appliance/kb. The Knowledge Base is continually updated with solutions to real-world appliance problems that administrators encounter. To view patching articles, go to the Knowledge Base and search for Security.

Sponsored by Quest KACE, ITNinja.com (formerly AppDeploy.com) is a product-agnostic IT-focused community website. It is the Internet’s leading destination for IT professionals to share information and ask questions about system-management related topics. See http://itninja.com.

Subscribing to and downloading patches

Subscribing to and downloading patches

To enable patching, you need to subscribe to patches and schedule patch downloads to the appliance.

About patch subscription and downloads

About patch subscription and downloads

Patch subscription is the process of selecting the operating systems and applications for which you want to receive patches.

If the Organization component is enabled on your appliance, you select subscription settings for each organization separately.

After you subscribe to patches, the appliance downloads them according to the schedule you set. When patches are downloaded, you can test and deploy them. You can choose to automatically deploy patches as well, but such deployment is recommended for low-risk or time-important patches only. See:

Applications that the appliance can patch

For a list of applications that the appliance can patch, go to https://support.quest.com/kb/112030, and open the attachment.

NTP service requirement

When downloading patches using HTTPS, the NTP (Network Time Protocol) service must be running on the appliance. The NTP service is required because the secure protocol uses the current date stamps from the appliance to ensure certificate validity. If the NTP service is not running, patch download failures, suggesting invalid certificates, might result.

Websites that must be accessible to the appliance

Websites that must be accessible to the appliance

To complete patch downloads, access product information, and interact with Quest Support, the firewall, DNS server, and proxy server settings must allow the appliance to access specific domains on both port 80 and port 443.

Table 29. Domains that must be accessible to the appliance

Domain

Used for

https://support.quest.com/download-product-select

Quest updates

http://servicecdn.kace.com

SCAP (Secure Content Automation Protocol)

https://service.kace.com

appliance and Agent updates from Quest

https://support.quest.com

Quest Support

http://cdn01.catalog.kace.com/

Quest Updates

https://cdn01.catalog.kace.com/

Quest Updates

https://quest.com/kace

Localized content, third-party software licenses, and product information

http://www.itninja.com

ITNinja community features

http://appdeploy.com

Redirects to ITNinja.com

http://download.windowsupdate.com

Microsoft updates

http://download.microsoft.com

Microsoft updates

http://www.microsoft.com/en-us/default.aspx

Microsoft updates

https://api.dell.com

Dell updates

http://ftp.dell.com

Dell updates

http://ardownload.adobe.com/

Adobe Application Updates

http://armdl.adobe.com/

Adobe Application Updates

https://airdownload.adobe.com/

Adobe Application Updates

https://fpdownload.macromedia.com/

Adobe Application Updates

http://swcdn.apple.com/

Apple Updates

https://swdist.apple.com

Apple Updates

http://download.winzip.com/

Corel Updates including WinZip

https://download.winzip.com/

Corel Updates including WinZip

https://download.virtualbox.org/

Oracle updates including Java

http://download.autodesk.com/

Autodesk Updates

http://knowledge.autodesk.com/

Autodesk Updates

http://revit.downloads.autodesk.com/

Autodesk Updates

http://trial2.autodesk.com/

Autodesk Updates

http://up.autodesk.com/

Autodesk Updates

https://knowledge.autodesk.com/

Autodesk Updates

https://up.autodesk.com/

Autodesk Updates

https://cdn.sw.altova.com/

Altova Updates

http://download.imgburn.com/

ImgBurn Updates

https://www.realvnc.com/

RealVNC Updates

https://www.uvnc.eu/

UltraVnc Updates

https://download-installer.cdn.mozilla.net/

Mozilla Firefox Updates

https://www.python.org/

Python Updates

https://the.earth.li/

Putty Updates

http://cdn1.evernote.com/

EverNote Updates

https://cdn1.evernote.com/

EverNote Updates

http://cdn01.foxitsoftware.com/

Foxit Updates

https://download.ccleaner.com/

Piriform Updates

https://media.inkscape.org/

inkscape Updates

https://download.cdburnerxp.se/

Canneverbe Updates

http://download.videolan.org/

VideoLAN Updates

https://www.tightvnc.com/

TightVNC Updates

http://downloadarchive.documentfoundation.org/

LibreOffice Updates

https://download.filezilla-project.org/

FileZilla Updates

https://e3.boxcdn.net/

Box Inc. Updates

http://www.rarlab.com/

WinRAR GmbH Updates

https://www.rarlab.com/

WinRAR GmbH Updates

http://ftp.uni-kl.de/

Wireshark Updates

https://www.wireshark.org/

Wireshark Updates

https://notepad-plus-plus.org/

Notepad++ Updates

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택