Chat now with support
Chat with Support

InTrust 11.3 - Deployment Guide

InTrust Deployment Options Performing Extended Deployment of InTrust Extending a Default InTrust Deployment Mapping out Your Environment for InTrust Role-Based Administration of InTrust InTrust Configuration Licensing Sample Deployment and Configuration Scenario

AMS Organization Servers

The local AMS Organization Servers group includes the accounts under which the organization’s InTrust servers run. To allow your organization’s InTrust servers to communicate with the server you are setting up, add its account to this group.

For example, if you have two InTrust servers installed (IT1 and IT2), to allow data communication between IT1 and IT2, you can take the following steps:

  • Create a global domain group named, for example, All Org InTrust Servers
  • Include the InTrust server accounts (both IT1 and IT2) in this group
  • Add All Org InTrust Servers to the local groups AMS Organization Servers on both IT1 and IT2

Then, each time you add a new InTrust server to the organization and need to allow communication between all servers in the organization, you should do as follows:

  • Include the new server’s account in the All Org InTrust Servers domain global group
  • Add All Org InTrust Servers to the local AMS Organization Servers group on this new server

Caution: If you configured non-dbo accounts to access InTrust databases (as described in the Providing Database Access topic), include the corresponding group in the AMS Organization Servers group on all InTrust servers.

AMS Readers

AMS Readers

The local AMS Readers group includes the accounts that are permitted to connect to InTrust servers using InTrust Manager in order to run tasks, view the configuration and so on. Include in this group all personnel who are supposed to work with InTrust Manager.

This group is granted the Log on as a batch job right on the InTrust server where the task or job is executed. When you create a task or a job with a specific account, this account is automatically granted the Log on as a batch job right and included in the AMS Readers group.

Members of this group automatically have read access to all objects available in InTrust Manager. This lets the group's members run existing jobs and tasks but not delete or change them. To let an account perform configuration, make the account an InTrust organization administrator, as described in InTrust Organization Administrators.

Configuring InTrust Sites

InTrust offers a number of predefined sites for Microsoft Windows Network and UNIX network; you can use them by selecting the Configuration | Sites node in InTrust Manager.

Note: It is recommended that you do not change predefined sites directly to conform to your environment. Instead, consider copying existing predefined sites that correspond to the sites you need, and making changes to the copies.

You can populate a site with the following objects:

  • Whole network
  • Domains
  • Computers
  • IP address ranges
  • Computer lists (loaded from a text file)
  • AD organizational units
  • AD sites
  • All domain controllers in domains
  • All domain controllers in AD sites
  • Script object

You can use filters to populate InTrust sites basing on:

  • Computer roles
  • OS versions
  • Specific applications installed on computers, such as Microsoft IIS, (you can define your own applications based on registry values.)
  • Registry keys and registry values present on target computers

For example, you want to create an InTrust site with all domain controllers of the domain. For that on the Site Objects step of the New Site Wizard you should click Add button and select All Domain Controllers in | Domain.

InTrust automatically discovers and enumerates site resources in case shortcuts to domains, Active Directory organizational units, Active Directory sites, or IP ranges are used. This means, if you add a new domain controller to a domain processed by InTrust, it will be automatically discovered and included in the corresponding site.

You can perform domain enumeration for the site either by using the Computer Browser service, or by getting the computer list from a domain controller.

  • For InTrust gathering process, site objects will be enumerated each time a gathering session starts.
  • For InTrust real-time monitoring, you can schedule enumeration using site properties.
  • To display the computers included in the site at the moment, select the site and on the right pane, click Enumeration. On the enumeration pane, click Refresh.

Caution: In some cases, when an InTrust site is configured to include computers by matching a filter, ‘excessive’ computers may appear in the site after enumeration.

This happens if the filter matching cannot be done for some computers in the scope of the site (domain, OU, IP range, etc.) due to specific reasons (for example, if a computer cannot be accessed at the enumeration time).

However, to reduce a probability of data loss, such computers are included in the site as if they matched the filter defined for the site objects. InTrust tries to process such computers. If filter matching fails, users are notified by a message.

Configuring Notification Groups and Operators

Operators are persons responsible for specific InTrust operations, tasks and jobs. They receive notifications from InTrust jobs and real-time monitoring rules. Operators can be grouped into notification groups that also receive notifications.

To create a new operator, in InTrust Manager click Configuration, select Personnel and right-click Operators. Select New Operator. A new operator named “New Operator” is created, and its Properties dialog box pops up.

In the dialog box, specify the following:

  • Name
  • Computer name to be used with the Net Send Notification Provider.
  • Email address to be used with the Email Notification Provider.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating