DDM

Dell Desktop Manager
Getting Started Guide

Version 8.1.1
February, 2010
© Copyright 2010 Dell Inc.
All rights reserved.
Entire contents © copyright 2010, Dell Inc. All rights reserved. Distribution or publication (including text
and graphics) in any form without prior written permission is forbidden.
Dell and related Dell Incorporated logos are trademarks of Dell, Inc. All other trademarks or registered
trademarks used are the property of their respective holders. All company names, product names and
logos on these pages are also trademarks, registered trademarks, or trade names of their respective
holders. Dell´s use of company names, product names and logos or images – on this web site does not
necessarily constitute an endorsement of the company or products by Dell, Inc.
Dell Inc.
One Dell Way
Round Rock, TX 78682
February, 2010
Contents
Chapter 1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
About DDM Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . 3
DDM Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
DDM Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Vendor Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
DDM Service Descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 3 Start Here: Preparing for Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Deployment Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Deployment Readiness Flowchart . . . . . . . . . . . . . . . . . . . . . . 14
Using the Site Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Setting Bandwidth Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Chapter 4 Installing the Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Installation Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Installing the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Installing the DDM Service - Service Provisioning . . . . . . . . . . . . . . . . 27
Deactivating the DDM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Additional Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Chapter 5 Jobs & Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Navigating in DDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Scheduling Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Monitoring Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Managing Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Chapter 6 Device Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Deploying the Scan Host . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Creating Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Viewing Discovered Devices . . . . . . . . . . . . . . . . . . . . . . . . . 44
Chapter 7 Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Deploying Device Management Service . . . . . . . . . . . . . . . . . . . . 48
Viewing Device Information . . . . . . . . . . . . . . . . . . . . . . . . . 49
About the Hardware Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Viewing Basic Software Inventory Information . . . . . . . . . . . . . . . . . 52
Performing Active Directory Import . . . . . . . . . . . . . . . . . . . . . . 53
Chapter 8 Software Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Deploying Software Distribution Service . . . . . . . . . . . . . . . . . . . . 60
Distributing a Software Package . . . . . . . . . . . . . . . . . . . . . . . 60
Monitoring Software Package Distribution . . . . . . . . . . . . . . . . . . . 61
Creating a Software Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Chapter 9 Patch Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Deploying Patch Management Service . . . . . . . . . . . . . . . . . . . . 65
About Patch Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Patch Install Status . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Viewing Patch Information . . . . . . . . . . . . . . . . . . . . . . . . . 67
Targeted Patching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Policy-Generated Patching . . . . . . . . . . . . . . . . . . . . . . . . . 68
Approving and Disapproving Patches for Distribution . . . . . . . . . . . . . 71
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Chapter 10 Software License & Usage Management . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Viewing Advanced Software Inventory Information . . . . . . . . . . . . . . . 74
About Software Change Log . . . . . . . . . . . . . . . . . . . . . . . 75
IManaging Software License Information . . . . . . . . . . . . . . . . . . . 76
Tracking Software Usage Information . . . . . . . . . . . . . . . . . . . . . 77
Chapter 11 Anti-Malware and Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Deploying Anti-Malware & Antivirus Services . . . . . . . . . . . . . . . . . . 81
Viewing Anti-Malware Information . . . . . . . . . . . . . . . . . . . . . . 82
Identifying Vulnerable Devices. . . . . . . . . . . . . . . . . . . . . . . 84
Performing Anti-Malware Tasks . . . . . . . . . . . . . . . . . . . . . . . 84
Chapter 12 Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Deploying Remote Access Services . . . . . . . . . . . . . . . . . . . . . . 88
Initiating a Remote Access Session . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 13 Online Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Deploying Online Backup Service . . . . . . . . . . . . . . . . . . . . . . 92
Viewing Online Backup Information. . . . . . . . . . . . . . . . . . . . . . 94
Initiating a Backup Job . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Chapter 14 Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Deploying Data Encryption Service . . . . . . . . . . . . . . . . . . . . . . 98
1
Before You Begin
This Getting Started Guide outlines how to get started with the Dell Desktop Manager (DDM)
services and quickly begin managing your devices.
The guide can be used either as a stand-alone guide for each service (from Chapters 6 to 14)
or as a complete reference guide for all the services subscribed. The following chapters are
common to all services and should be read before reading the chapter on any one particular
software service:
Introduction
Start Here: Preparing for Deployment
Installing the Services
Jobs & Tasks
Additional Resources
This guide is intended to help you with getting started and using basic functionalities for each
software service. For detailed explanations of more advanced tasks, please refer to the DDM
Online Help. References to the specific Online Help topics appear throughout the document
to guide you to where you can get more information.
Before You Begin z 1

2
Introduction
About DDM Control Center

The DDM (Dell Desktop Manager) Control Center provides a single Web-based window into
the environment of all devices of a given company.
The graphic below shows the DDM Control Center Home page, also known as the Dashboard.
Administrators can access the DDM Control Center over the Internet and can get a snapshot
of all managed devices and perform any authorized tasks.
The DDM Control Center has a number of features that makes it easy to administer all devices
under management:
Web 2.0 User Interface – Customizable dashboard driven user interface with drag and
drop capabilities, customizable grids, multi-select rows, right-click actions, and clipboard
Introduction z 3
Widgets – Can click on widget to directly go to underlying data – enable personalized

home pages (see Working with Dashboard in DDM Online Help for details)
Reports – Nearly 60 reports and charts - can click on chart components to view the
underlying data
Query and Search – Query and search tools with both Boolean and full text search. See
Using Search Functions in DDM Online Help for more information.
Multi-Tenancy Architecture – Simplifies the implementation process and increase
flexibility as you access devices across one or more levels in your organization.
DDM Architecture
DDM Agent
Setting up the Dell Software Services begins with installing the Agent on each asset you want
to manage. When the Agent is installed on a device, it begins regular communication with the
DDM Control Center. This communication, called a “heartbeat” is initiated every 15 minutes
and sends encrypted information about the devices over port 443 back to the DDM Control
Center. The Agent provides mechanisms for software download, inventory gathering,
logging, and diagnostics. The type and level of asset information gathered by the Agent
depends on the software services your organization subscribes to.
4 z Introduction
The table below provides a summary of how communications for data transfer occur from the
DDM Data Center and the managed devices. Note that it is the DDM Agent on a managed
device that contacts the DDM Control Center via “heartbeat” to check for any queued tasks.
Data Being Transfer

DDM Service Protocol Port
Transferred Frequency
Every 15 minutes for https /

Basic Functionality Agent heartbeat 443
each device SSL Encrypted
Device hardware and

Once daily for each https /
Device Management basic software 443
device SSL Encrypted
inventory upload
Based on the
443 or customer
Software Software package distribution schedule https /
defined port for
Distribution being distributed set by the SSL Encrypted
relay server
administrator
Based on patch policy
Patch distribution or targeted
https /
Patch Distribution instructions and distribution schedule 80, 443
SSL Encrypted
patches set by the
administrator
Anti-malware Virus definition check / Every hour for each https /

443
Management update device SSL Encrypted
Anti-malware Based on policy set by https /

Firewall policy setup 443
Management the administrator SSL Encrypted
Anti-malware Firewall policy check/ Every three hours for https /

443
Management reset each device SSL Encrypted
Based on the
Symantec Antivirus
distribution schedule https /
Antivirus software and Live 21, 80, 443
set by the SSL Encrypted
Update downloads
administrator
Based on the
McAfee Antivirus
distribution schedule https /
Antivirus software and Live 21, 80
set by the SSL Encrypted
Update downloads
administrator
When initiated by IT https /

Remote Access Remote control session 80, 443, 1270
administrator SSL Encrypted
DDM Architecture z 5
Data Being Transfer

DDM Service Protocol Port
Transferred Frequency
Remote access https /

Remote Access Every 5 – 7 seconds 80, 443, 1270
heartbeat SSL Encrypted
Every 24 hours and/or https / 128-bit

times initiated by end Advanced
Online Backup Files to be backed up 16384 or 80
user or IT Encryption Standard
administrator (AES)
https / 128-bit
Manually at any time
Advanced
Online Backup Data retrieval initiated by end user 16384 or 80
Encryption Standard
or administrator
(AES)
Automatically based
on pre-set DE policy
Instruction to remove https /
Data Encryption or upon reporting of 443
encryption key SSL Encrypted
device being lost or
stolen to Dell Support
Manually by Dell
Instruction to restore https /
Data Encryption Support if device is 443
encryption key SSL Encrypted
reported to be found
6 z Introduction
Vendor Integration
DDM uses an Integration Framework to integrate some DDM service components from
trusted 3rd party partners such as Iron Mountain for the Online Backup service, Shavlik for
Patch Management and WebEx for Remote Access. These components also make use of DDM
Agents for seamless communication. The graphic below illustrates how all DDM components
are integrated to deliver the services.
DDM Services Descriptions

The DDM software services can be used individually or in any combination as needed. When
you sign up for software services, you select these pre-defined packages or individual
software services that fit your needs:
Device Management Service – inventory and track distributed desktops and laptops,
regardless of location, through automated tracking of software, hardware, assigned user,
and financial and warranty information. It is a component of Asset Management service.
Device Discovery Service – identify IP-based network devices including desktops,
notebooks, servers, and printers to better track IT assets. It is a component of Device
Management service.
DDM Services Descriptions z 7

Software Distribution Service – remotely deploy software packages. Administrators with

scripting knowledge can also build custom packages.
Patch Management Service – automate and centralize patch management process
through policy–based or targeted patch management. Supported patches for major
vendors including Microsoft, Adobe, VMWare, Apple, and over 500 applications.
Anti-Malware Management Service – track and manage virus and malware updates for
Symantec and McAfee software
Antivirus Service – remotely deploy Symantec and McAfee antivirus software
Software Inventory & Usage Management Service – view software inventory, assess
software usage, and reconcile license information
Remote Access Service – take control of a remote computer over the Internet, allowing IT
administrators to provide instructional or technical support without physically being
present at the end user’s site
Online Backup Service – automatically back up data from desktops and laptops to a
secure datacenter. Safeguard critical data of your managed devices from hard drive
malfunction, computer viruses, or simply human error
Data Encryption Service – ensure that the data stored on your managed devices does not
fall into the wrong hands even if the computer itself does. The service runs in the
background where it remains transparent to the end users. However, when it detects user
behaviors which are inconsistent with pre-specified rules, such as failed log-on attempts, it
eliminates the encryption key disabling the device.
8 z Introduction
3
Start Here: Preparing for

Deployment
You can deploy the DDM Agent and subscribed Software Services throughout your network
using the Remote Agent Deployment (see Installing the Agent on page 23) capability. Before
you start the process, make sure that your environment meets all of the hardware and
network configuration requirements described in the below. If your network does not meet
the requirements, you may need to modify your network configuration before you start the
deployment process.
Notes:
Installation may fail if you do not adhere to the settings outlined in this section before you
start the deployment process.
The Device Discovery (see Device Discovery on page 41 for more information) phase of the
Remote deployment process discovers devices that are connected to the network through
LAN connections. It may NOT discover remote users or devices using VPN connections. If
that occurs, you may be able to use other Agent deployment process. See Other Installation
Methods in DDM Online Help for more information.
This chapter includes:

Deployment Checklist
Deployment Readiness Flowchart
Using the Site Resolver
Configuring Relay Servers
Setting Bandwidth Policy
Start Here: Preparing for Deployment z 9

Deployment Checklist
Follow the checklist below to prepare for deployment. Also see Deployment Readiness
Flowchart on page 9.
1. Does your company have its own domain?
You meet requirement 1. Follow the steps described in this section and go to 2. You may
Yes also want to use Startup script as your main deployment method. See Start Script
Instructions in DDM Online Help.
If you have pass-thru authentication connection to the target devices (i.e. your logon user ID
and password have sufficient rights to log onto the target devices and perform tasks), then
you can still use the remote deployment method.
No
If not, consider using another deployment method. See Other Agent Installation
Identify the device(s) you want to use as device discovery and remote agent deployment host.
The host asset must meet the requirements described below. It will be used to scan your
network and discover deployable assets.
2. Does your host asset meet the requirements described below?
Yes You meet requirement 2. Go to 3.

You cannot deploy DDM services using the remote deployment method but you may be
No able to install manually or using another deployment method. See Other Installation
Host asset:
Browser Internet Explorer 6.0
Windows 2000 SP3, SP4 Workstation

Windows 2000 Server SP4
Windows XP SP1,SP2 ,SP3
Operating system Windows 2003 OEM, SP1, SP2
Windows Vista SP1, Vista SP2
Windows 7
Windows Server 2008 SP1, SP2
RAM 512 MB RAM
CPU 1.0 GHz
10 z Start Here: Preparing for Deployment

Host asset:
Hard disk space 100 MB; at least 350 MB if including Software services
Uninstall or disable from the host device:
winpcap
Other Personal firewall software programs
Note: These applications can cause a conflict during the device discovery
phase
3. Does your network use a proxy server?
Yes Go to 3.A.
No You meet requirement 3. Go to 4.
3.A. Do you subscribe to Online backup, Data Encryption, Antivirus, or Remote Access
service?
Yes These services are not supported in proxy environment.
No You meet requirement 3.A. Follow the steps in this section.
If you have a proxy server environment, you must configure your network to allow access to
DDM destinations or embed proxy instructions in the DDM Agent installer configurations.
There are three ways to achieve it:
Open firewall to allow access to allow outbound communications to *.dell.com. Configure
your proxy server to allow anonymous access to DDM Control Center destinations. See
Control Center Destinations in DDM Online Help.
Embed proxy instructions in the DDM Agent. The Agent will leverage the proxy
instructions to pass through the gateway. See Configuring Proxy Credentials in DDM
Online Help for step-by-step instructions.
4. Do you have any personal firewalls installed on your system (other than Windows XP default
firewall)?
Yes Follow the instructions in this section and go to 4.A.
No You meet requirement 4.
Deployment Checklist z 11
If a system’s personal firewall software allows traffic on an application-by-application basis,

the end users will see security warnings from the firewall software. This gives the user the
opportunity to deny access to the new application. Additionally, if the user does nothing, the
firewall is often set to deny access. Both situations cause the installation to fail. To prevent this
behavior, use a centrally managed firewall to adjust the configuration to allow the outbound
traffic.
4.A. Can your assets have outbound connections on TCP ports 80 and 443?
Yes You meet requirement 4.A. Go to 4.B.
No Follow the instructions in this section and go to 4.B.
Configure your devices to allow outbound connections for these IP ranges:

143.166.15.126, desktopmanager.dell.com
143.166.15.113, 0001-ddmagents.dell.com
143.166.196.126, desktopmanager.dell.com
EMEA:
163.244.19.20, distributedmanagement-emea.dell.com
163.244.18.20,distributedmanagement-emea.dell.com
4.B. Does your company subscribe to the Online Backup service?
Yes Follow the instructions in this section and go to 4.C.
No You meet requirement 4.B. Go to 4.C.
Configure your system to allow TCP port 16384 to have outbound connections for these IP
ranges:
US: 216.229.150.0/24, 216.229.146.0/24
Europe: 193.239.112.0/24, 93.239.113.0/24
Canada: 208.66.14.0/24, 208.66.142.0/24
Asia Pacific: 125.7.53.166, 125.7.53.167
4.C. Does your company subscribe to the Anti-malware and/or Antivirus service?
Yes Follow the instructions in this section and go to 4.D.
No You meet requirement 4.C. Go to 4.D.

As a requirement of Symantec’s and McAfee’s LiveUpdate feature, which the Control Center
uses in the virus protection service, configure your systems to allow TCP ports 21, 80, and 443
to have outbound connections for these domains:
*.symantec.com (for Symantec)
*.nai.com (for McAfee)
*.akamai.com
*.akamai.net
4.D. Does your company subscribe to the Patch Management service?
Yes Follow the instructions in this section and go to 4.E.
Once the patch scanner determines there are missing patches that need to be installed,
patches are downloaded directly from the vendor sites. Allow outbound connections for
these domains:
download.microsoft.com
download.adobe.com
www.real.com
ftp.mozilla.org
www.winzip.com
qtinstall.info.apple.com
download.skype.com
javadl.sun.com
support.citrix.com
xml.shavlik.com
License.shavlik.com
4.E. Does your company subscribe to the Remote Access service?
Yes Follow the instructions in this section.
No You meet requirement 4.E.
To ensure traffic to and from the WebEx domain is routed appropriately, allow exceptions to
the following domain:
US: controlcenterusaprod.webex.com
EMEA region: controlcenteremeaprod.webex.com
APAC region: controlcenterapacprod.webex.com
Note: Active X and/or JavaScript will need to be allowed through the firewall. WebEx sites
should not be cached on proxy servers.
Deployment Checklist z 13
Deployment Readiness Flowchart

Using the Site Resolver

Site Resolver enables you to automatically assign devices to Sites according to the site network
map that you specify. It is recommended that you configure the Site Resolver before
deploying the services. All managed devices will then be mapped to appropriate Sites and will
be governed by all policies and rules applied to whichever site the device is assigned
including bandwidth policies, patch policies, and relay assignments. If no match is found at
the time of Agent installation, the device will be assigned to the default site.
Before you start mapping your network in the DDM Control Center, you should become
familiar with your network topology and identify corresponding subnet CIDR or subnet
address / subnet mask for each of your Sites in the Control Center.
To create a site map,

1 Click Admin > Site resolver. The Control Center displays the existing Companies in your
organization.
2 Select the Company. The Control Center displays the Sites that belong to the selected
Company in the details pane navigation menu. If you want to create a new Site, following
the instructions described in Creating a Site in DDM Online Help.
3 Click the company to display the list of DNS suffixes that are mapped in your Company.
Enter applicable specific DNS Suffixes for all of devices that you want to manage.
a Click EDIT.
b Enter the DNS Suffix and click ADD. To remove an existing record, select the DNS Suffix
you want to remove and click DELETE.
c Repeat the steps until you have added all DNS Suffixes applicable to all of your devices
you want to manage.
d When you are done, click SAVE.
4 Click a Site to reveal subnets mapped to the selected sit.
5 Select a Site and enter the network information. To add a new map record,
a Enter either Subnet address / Subnet mask OR CIDR (subnet).
b Click ADD. To delete an existing map record, click on the applicable Site. Click EDIT.
Select the network information row and click DELETE.
Once the Site Resolver is configured, devices will be automatically mapped to Sites according
to the network map defined in the Site Resolver. If you want a device to remain assigned to
the original Site, you must turn off the automatic site update for that specific device. See How
to Disable Automatic Site Mapping for a Device in DDM Online Help for more information.
Using the Site Resolver z 15

Configuring Relay Servers

A relay server serves as a repository for service,software, and patch packages on a local area
network (LAN). The Agent downloads DDM jobs from the relay server rather than the DDM
Control Center itself, thus reducing Internet traffic that is generated from the Control Center.
When a job is created, the Control Center checks if the applicable relay servers have necessary
packages and download them first if they are missing before distributing to target devices.
When you distribute a job to target devices, the Agent downloads instructions that include a
list of relay servers beginning with local relay servers (relay servers within the site where the
target device resides), followed by remote relay servers (relay servers outside the site where
the target device resides but within the same company), and finally ending with the DDM
Control Center. The Agent reads the instructions and attempts to connect with a local relay
server. If the first local relay server (randomly selected among available servers) is unavailable,
then the Agent tries the next local relay server, and so forth. If there are not available local
relay servers, it tries a remote relay server, then finally directly from the Control Center.
The relay server you select can either be part of a workgroup or domain. It can be located on
either side a subnet or hardware firewall and must also meet the following system
requirements:
Browser - Internet Explorer 6.0 SP1 or higher
Operating system - Windows XP SP2 & SP3 and Windows 2003 SP2
.Net: Version 2.0.50727.0 or greater
RAM - 512 MB or greater
CPU - 1.0 GHz or greater
Hard drive - 50 GB or greater
Internet speed - 56KBps or faster
Tip: You can designate the same device to serve as the remote deployment host, device dis-
covery host, and relay server.
Any number of machines can be pointed to a relay as device utilization is dependent upon
how many concurrent downloads have been staged along with how many concurrent
downloads are allowed via a site’s bandwidth LAN (via local source) policy. As a best practice,
no more than 900 machines is recommended to a particular relay at each site.
To configure a relay server, you must install the Agent on the designated device and install
the Relay Server service on the device via Service Provisioning. If you have a third-party
firewall installed on the device, you must enable ports before you provision the service to the
device:
1 Click Admin > Service provisioning.
2 Enter the job Name.

3 Click Provision next to Base functionality. The Control Center dynamically reveals Relay
server.
4 Click the selection list button next to Relay server, then click Install and configure
component. The Control Center dynamically reveals additional fields.
5 Enter the port number, then enter the relay server name in Fully qualified host name
(computer name). Enter the Secure Socket Layer (SSL) certificate in Use SSL certificate
hash (default). Otherwise, click Opt-out of using SSL.
Note: The SSL certificate you enter must be installed on the target device and cannot be a
self-signed certificate.
6 Complete the Target devices section. You must choose one device.
Note: If you choose more than one target device here, you will get an error message.
However, you can still designate more than once device as relay server. You will have to
create multiple service provisioning jobs.
7 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target devices.
8 Complete the Schedule section. See Scheduling Jobs on page 37.
9 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the details of the job you just created. You can change job attributes if desired.
10 Click DISTRIBUTE. The Control Center takes you to Jobs > Service provisioning, where
you can monitor the progress of your job. See Monitoring Jobs on page 37.
Setting Bandwidth Policy

General communication between the DDM Agent and the DDM Control Center is minimal.
However, service jobs initiated by Control Center users and policies can result in network
saturation and latency if not planned ahead of time. It is important to set appropriate
bandwidth policies in the Control Center before using the services. Bandwidth policies are set
according to your network topology so you should have sufficient understanding of your
network before creating bandwidth policies in the Control Center.
Policies can be configured for any groups of devices. You can create rules that will limit the
amount of bandwidth used by a device or a set of devices as well as the number of
simultaneous downloads. You can also specify each rule to be applied to certain days and
times,ensuring optimal bandwidth usage. Users using this feature must have the Bandwidth
policies user permission (see Assigning User Permission in DDM Online Help for more
information).
All jobs that involve downloading of package files are governed by bandwidth policies. Jobs
will wait in queue if the maximum number of concurrent downloads is reached.
Setting Bandwidth Policy z 17

To create a bandwidth policy,

1 Navigate to Admin > Bandwidth management. All active bandwidth policies are
displayed by default. You can also click on Inactive to view inactive policies or All to view
both active and inactive policies.
2 You can EDIT the Default bandwidth policy or click CREATE if you want to create a new
policy. If you want the new policy to be based on an existing one, select the policy in the
results pane that you want to clone and click CLONE. If you want to edit an existing policy,
select the policy you want to modify and click EDIT instead.
3 Enter the new Policy information. If you selected CLONE in the previous step, the Control
Center displays the existing policy’s information, which you can keep or modify as desired.
Select the group of devices to which you want to apply the new policy.
Now you are ready to add bandwidth rules for the new policy. If you want to add a rule later,
you can click SAVE here to save the policy information.
To create a bandwidth rule,

1 To create a new rule for a new policy, create the policy first. See To create a bandwidth
policy, in the previous section. If you want to create a new rule for an existing policy,
a Navigate to Administration > Bandwidth management. Select the bandwidth policy
to which you want to add a new rule in the results pane.
b Click EDIT.
2 Click the add new rule icon located at the left bottom corner of the details navigation
pane. To remove an existing bandwidth rule, click the delete selected rule .
3 Complete the Recurring schedule section. Enter the Start time and End time and day(s) of
the week for the period that the rule will govern. You can specify a 24-hour time period by
entering the same time for Start time and End time. Note the time zone the bandwidth rule
will apply to.
Note: Bandwidth rule times are based in the Control Center user time. If the user time zone
is not specified, then it will be based in the Company's time zone. If neither is specified, it
will default to PST (America / Los Angeles) time zone.

4 Complete the Parameters section for both remote and local servers. Local source is
utilitized when a device downloads from a relay server in the same Site whereas Remote
source is utilized when the device downloads from a different Site in the Company or from
the Control Center itself. See Configuring Relay Servers on page 16 for more information.
Max group concurrency - maximum number of concurrent downloads you want to
allow
Max group bandwidth - maximum total download rate across all affected devices you
want to allow. Click the selection list button to choose a unit of measure. Maximum
value is 10.0 Gbit/s.
Max per-device bandwidth - Maximum download rate per device you want to allow.
Click the selection list button to choose a unit of measure. Maximum value is 1.0 Mbit/
S. If you do not specify a bandwidth policy, 1Mbit/s is the default maximum per-device
bandwidth.
Enter Priority. Priority determines the precedence of how the Control Center applies
conflicting rules. To avoid rule conflicts, do not create rules in the same policy that have
overlapping start and end times. You should assign the number 1 to the most
conservative rule, the number 2 to the next most conservative rule, and so forth.
5 Click add rule icon again if you want to create another rule. Click delete selected rule
icon if you want to delete an existing rule.
6 Click SAVE to save the policy and its rules. Alternatively, you can click on SAVE AND NEW
if you want to create a new policy and SAVE AND CLONE if you want create another policy
based on the policy you just created.
Note: Bandwidth management setting changes can take up to an hour to take effect.
Setting Bandwidth Policy z 19

4
Installing the Services
Before you can start managing your devices, you must install the DDM Agent and install
services on those devices. Service Provisioning refers to loading and installing of the DDM
services on the devices you want to manage. You can configure the Agent installer so that
you can install the Agent and the services simultaneously or deploy each service separately
after you install the Agent.

Installation Overview
Installing the Agent
Installing the DDM Service - Service Provisioning
Deactivating the DDM Services
Installation Overview
The table below describes the high-level steps you can follow to install the DDM services.
Step Action Description

Make sure that your devices meet the requirements necessary for
Prepare for
1 installing the DDM Agent and the services. See Start Here:
Deployment
Preparing for Deployment on page 9.
Navigate to Admin > Company and create a Company (or

Companies if you want to set up a multi-tenant hierarchy
organization) and Sites belonging to each Company. Add
subscribed services and appropriate settings to the Company.
See Setting Up Your Account in DDM Online Help for more
2 Create an account information.
Create user logins for the administrators who will participate in
managing the devices and assign appropriate user permissions
and access level. See Managing User Logins in DDM Online
Help for more information.
Installing the Services z 21


Navigate to Admin > Site resolver and configure automatic
organization of devices by Site. See Using the Site Resolver on
Create Site page 15
3 mapping and
Navigate to Admin > Bandwidth management and create
bandwidth policy appropriate bandwidth policy to avoid inadvertent network
saturation. See Setting Bandwidth Policy on page 17.
Decide how you want to deploy the DDM Agent and subscribed
services to your network. You can first scan your network to
discover the deployable workstations and then deploy the Agent
remotely via the remote agent deployment host. However, you
can deploy the Agent in several different ways to take advantage
Decide the of your existing infrastructure – startup script, using a ghost
4
deployment plan image, by providing the installer URL link, or a combination of
these methods. See Other Installation Methods in DDM Online
Help for details.
Note: Steps 5 and beyond assumes that you will be using the
remote deployment method.
Navigate to Devices > Agent installers and create an Agent
installer. You can edit the default installer or create a new one.
You can load the subscribed services in the installer or you can
deploy the Agent first and deploy the services later.
Create an Agent If you have a proxy server environment, you must configure your
5 network to allow access to DDM destinations or embed
installer
credentials in the installer. See Configuring Proxy Credentials in
DDM Online Help for more information.
Enter user credentials in DDM before deployment. See Setting
User Credentials in DDM Online Help for more information.
Determine which device(s) you want to configure as the

discovery scan host. Review the System Requirements on
page 42 prior to choosing the target device.
Deploy the Deploy the Agent using the URL method (described in Other
6
discovery scan host Agent Installation Methods in DDM Online Help) on all scan
host devices and the device discovery service to the devices you
intend to use as the discovery scan host(s). See Deploying the
Scan Host on page 42
Navigate to Devices > Discover to create a device discovery job.

Discover deployable Scan results will include workstations that you can target and
7
devices deploy the Agent and additional services. Discovered devices
appear in the Unmanaged devices data set.
22 z Installing the Services


As with device discovery, remote Agent deployment also requires
a host. Determine which device(s) you want to use as the
deployment host and deploy the Agent and the Agent
Deploy the agent deployment service.
8
deployment host Tip: Same devices can serve as both discovery scan host and the
Agent deployment host. You can deploy both services in the same
provisioning job.
Navigate to Devices > Deploy agent and deploy the Agent to

discovered devices. You need to specify the deployment host,
9 Deploy the Agent
installer, and user credentials. Navigate to Jobs > Agent
deployment and monitor progress.
If you did not include all subscribed services in the Agent installer
(step 5), you can deploy additional services using Service
provisioning (Admin > Service provisioning) once the Agent is
Deploy additional
10 deployed. Always review the requirements for the services you
services
want install before you deploy. Note some services (i.e. data
encryption, remote access, and antivirus) require system reboots
to complete the installation.
Installing the Agent

The Agent is the core software, responsible for communication between the client devices
and the DDM Control Center and enables the DDM services. It is also responsible for
executing vital functions such as uploading/downloading package files, package execution,
inventory gathering, and logging.
The remote agent deployment process consists of the following steps:
1 Create an Agent installer

2 Identify device(s) to serve as scan / deployment host
3 Manually install Agent on selected host device(s)
4 Scan network for potential targets
5 Create Agent deployment job
6 Install Agent
7 Monitor Installation
Installing the Agent z 23

Note: You may need and/or want to use other installation methods. For example, if your
devices are not members of a domain, you may need to send a URL in an e-mail. If you
already have a Windows domain (NT or Active Directory), you may choose to use a startup
script as the primary method. For more information, see Other Agent Installation Methods
in DDM Online Help.
To create an Agent installer,

1 Navigate to Devices > Agent installers. The Control Center displays existing Agent
Installers.
2 Click CREATE and enter new Agent installer information.
3 Enter the Installer name and Installation drive.
4 (Optional) Click the Locale selection list button and choose applicable locales. English is
selected by default. English, French (France), and German (Germany) are supported at this
time.
Note: Selecting multiple locales will significantly increase the size of the installer. DDM will
automatically determine the locale of the target device and install appropriate version
regardless of what locales you specify. If the appropriate locale service package is not
included in the installer, downloads will come from the Control Center.
5 Check the Display the Registration page after the installation is complete box if you want the
Registration page to pop up where the end users can fill in the contact and location
information. Otherwise, the Agent installation process will be silent unless you include
services which require reboots in the installer. See Customizing the Registration Page in
DDM Online Help for more information.
Note: If you include the services such as Antivirus, Data Encryption, and Remote Access,
system re-boots will be required regardless of whether you select the registration page
option. See Customizing Reboot Parameters in DDM Online Help for more information.
6 Click on Services and configurations in the details pane navigation menu. The Control
Center displays available services. The size of the Agent installer will depend on the
services you include.
Tip: We recommend that you include the following services in the installer as they do not
require system reboots:
Device management
Patch management
Software distribution
Antimalware management
Software license management
Software usage

Caution: You can include Online Backup service in the Agent installer. However, it is
recommended that you stagger the OLB software installations across your devices after the Agent
installation to avoid inadvertent network saturation as the initial backup of a device can take up to
8-12 hours. The backup of data to the OLB data center are not governed by applied bandwidth
policy, unlike the provisioning jobs that install OLB.
5 (Optional) Check the Include with installer box for each service component you want to
include with the Agent Installer. Only the services to which your organization subscribes
will be listed. See Description of Service Provisioning Menu on page xx for more
information.
6 Click Proxy options in the details pane navigation menu if you have a proxy server
environment. DDM supports both static and dynamic proxy server environments. SOCKS
proxy server is not supported. See Step 3 of the on page 9 and Configuring Proxy
Credentials in DDM Online Help for proxy handling information.
7 Click SAVE or SAVE AND NEW if you want to create another Agent Installer.
To deploy the remote Agent deployment host,

Before you can initiate an Agent deployment job, you must designate one or more managed
devices on the network to serve as a deployment host.
1 Determine which device(s) you want to use as the deployment host. The device must
already have the DDM Agent installed and must reside on the network to which you want
to deploy the DDM services. See the on page 9.
2 Navigate to Admin > Service provisioning.
4 In the Configure services section, click Provision for Base functionality. Relay server and
Agent deployment options appear.
5 Click the Agent deployment selection list button and select Install component. Select
Uninstall component option if you want to uninstall the deployment host service.
6 Complete the Target devices section. Select one device.
Caution: If you choose more than one target device here, you will get an error message, as DDM
allows you designate one host at a time. You can still designate more than one device as
deployment hosts, but you will need to create additional service provisioning jobs.
summarizes the details of the job you just created. Change job parameters if desired.
10 Click DISTRIBUTE. The Control Center automatically takes you to Jobs > Service
provisioning page, where you can monitor the progress of your job. See Monitoring Jobs
on page 37 .
Installing the Agent z 25

To deploy the Agent,

Note: Make sure you have configured the Site Resolver (see Using the Site Resolver on page 15) and
bandwidth policies (Setting Bandwidth Policy on page 17) before you deploy the Agent.
1 Navigate to Devices > Deploy agent.

3 In the Select deployment host section, click the Host selection list button and select one of
the devices you designated as the deployment host. If you do not already have at least one
device designated as a deployment host, stop here and create a deployment host first (see
To deploy the remote Agent deployment host, on page 25).
4 Select target devices:
By device - Enter a list of IP addresses or computer names, separated by commas.
OR
By discovered device - Click selection list button. All devices that have been discovered
as result of previous device discovery jobs are displayed there (see Device Discovery on
page 41 for more information). Select the devices you want to install the Agent on and
click Add selection. Click Remove selection to remove devices from the list. When you
are finished, click OK.
5 Click the Installer selection list button to select the installer you want to use. If you do not
have an Agent installer, stop here and create one. Follow the steps in To create an Agent
installer, on page 24.
6 Complete the Authentication section. User credentials are required in order to authenticate
to target devices and electronically copy and launch the installer. Either enter user
credentials or select a pre-defined user credentials. See User Credentials in DDM Online
9 Click DISTRIBUTE. The Control Center automatically takes you to Jobs > Agent
deployment page, where you can monitor the progress of your job. See Monitoring Jobs
on page 37
Note: You can also clone a recently run a Remote Deployment job. See Cloning a Remote
Agent Deployment Job in DDM Online Help for more information.

To monitor the installation status,

Navigate to Jobs > Agent deployment.
The Devices tab in the details pane always indicates one device, which is the remote
deployment host. If the Agent deployment task to any target device fails, it will be logged
as a failure. For example, if you targeted 8 devices and deployment is successful on 7
devices but fails on 1 device, the job will be logged as a failure. You can click on Deployment
results tab to determine which target device failed and the reason.
The job source is always User.

Job details displays the job parameters you specified: target devices, domain name, user
credential, installer name, and bandwidth policy preference
Note: Only remote agent deployment jobs can be monitored here. Installations by other
means such as ghost imaging are not logged in the DDM Control Center.
Installing the DDM Service - Service Provisioning

Service provisioning refers to installing and configuring DDM services on the devices you
want to manage. Services can be included in the Agent installer so that you can install the
Agent and services simultaneously. Otherwise, you may deploy each service on-demand after
you install the Agent.
To create a service provisioning job,

3 Complete the Configure services section. Click the Provision button next to each service
you want to deploy. The table below lists the description for the services.
Notes:
Only the services your organization subscribes to will be visible.
Installing the DDM Service - Service Provisioning z 27

Auxiliary services such as LAN-Based Remote Control (part of Device Management) and
Relay Server (part of Basic Functionality) are revealed dynamically only when you select
the parent service.
Service Name Description
Default service that enables Control Center Agent

Base functionality deployment. There are two auxiliary services: Relay
server and Remote deployment server.
Enables a provisioned device to serve as a relay point for
distribution of software packages and patches. See
Relay server
Configuring Relay Points in DDM Online Help for more
information.
Enables a provisioned device to serve as a host for
Agent deployment
remote agent deployment.
Provides ongoing visibility and control of your
provisioned devices as well as viewing of basic software
Device management inventory at the individual device level. Two auxiliary
services are LAN-based remote control and Active
directory import
Enables administrators to take control of a provisioned
LAN-based remote control device using a LAN network connection. You can choose
between Auto accept or User accept user mode
Enables a provisioned device to serve as the Active
Active directory import Directory scan host. See Performing Active Directory
Import on page 53 for more information.
Enables a provisioned device to serve as the device
Device discovery
discovery scan host
Removes encryption key from provisioned devices’ hard
drives when it detects behaviors that are inconsistent
Data encryption
with authorized use. You must select a Data encryption
preset configuration for your Company.
Securely transfers files, installers, or scripts to your
Software distribution
provisioned devices
Manages anti-virus and anti-spyware programs, and
Anti-malware management establishes firewall policies and rules on your provisioned
devices
Antivirus Installs Symantec or McAfee anti-virus programs

Service Name Description
Online backup Backs up data over the Internet to a secure data center
Automates and centralizes the process of delivering

Patch management
missing patches to your provisioned devices
Software license Tracks software inventory and monitors software license

management compliance
Auxiliary service of software license management service

Software usage
that tracks software usage on provisioned devices
Enables administrators to take control of a provisioned

Remote access
device over the Internet
4 Complete the Target devices section. Specify the group of devices to which you want to
deploy the services by clicking the Target by selection list. The remaining fields in this
section will dynamically change according to your Target by selection. Servers will be
excluded by default. If you want to include the servers, click and uncheck the Exclude
Servers option.
applied to the target devices. See Setting Bandwidth Policy on page 17 for more
information.
6 Schedule the job. See Scheduling Jobs on page 37.
summarizes the details of the job you just created. You can change job parameters if
desired.
8 Click DISTRIBUTE. The Control Center automatically takes you to Jobs > Service
provisioning, where you can monitor the progress of your job. See Monitoring Jobs on
page 37.
Tip: Alternatively, you can use the shortcut action to install services. On the inventory
page, select the devices you want to target, right click on the selected devices, and select
Install services.
Notes:
Some service provisioning jobs (i.e. remote access, data encryption, antivirus) require
the end users to reboot their systems to complete the installation. You can customize
the reboot settings for your Company. See Customizing Reboot Parameters in DDM
Online Help for more information.
Installing the DDM Service - Service Provisioning z 29

It is recommended that you stagger the OLB software installations across your devices
after the Agent installation to avoid inadvertent network saturation as the initial backup
of a device can take up to 8-12 hours. Backup of data to the to the OLB data center are
not governed by applied bandwidth policy, unlike online backup deployment jobs.
Deactivating the DDM Services

You can remove the Agent and installed services from a device by applying the Uninstall all
services action. This action will immediately move affected devices to the Unmanaged data
set. The Control Center will remove the services and the Agent if any of unmanaged devices
that are connecting or starts to connect after the move.
Notes:
Even after all services have been removed, the device record does not disappear; they
remain archived in the Unmanaged data set in Unknown state.
Do NOT remove services using Add & Remove Programs.
To deactivate a device in the Control Center,

1 Navigate to Devices > Inventory > Computer systems.
2 Select the devices you want to deactivate. You can select up to 100 devices at a time.
3 Right-click on your mouse or click on the actions menu icon and select the Uninstall all
services option.
4 The Control Center displays the Uninstall confirmation page. Enter the number in the text
box as instructed and click OK. The number is randomly generated to re-affirm your
intention to deactivate the target devices.
5 The selected devices are immediately moved to the Unmanaged data set. However, they
will remain in the same Online state as when they were in the Managed data set.

6 When an Unmanaged device connects to the Control Center again, regardless of its Online
state, the Control Center automatically removes the installed services and then finally the
Agent. If the device is in Currently connecting online state, it will be uninstalled
immediately. However, if it is in Missing, Temporarily offline, or Offline online state, the
uninstallation action will be executed whenever the device starts connecting again.
Note: To remove one or more services but not the Agent, use Service Provisioning instead
(i.e. click Remove instead of Provision). Navigate to Admin > Service provisioning. Click on
Remove button for the service you want to remove.
Tip: Alternatively, you can uninstall a device locally from the client's machine using the
AgentRem utility. See Using AgentRem Utility in DDM Online Help for instructions.
Click on the Help link anywhere in DDM to see the following:
Agent Product Specifications

List of information collected by the Agent
Startup script instructions
You can re-install the Agent on a device using the previously assigned device number. See
Recovering a Device for more information.
You uninstall a device locally from the client’s machine using the AgentRem utility. See
Using the AgentRem Utility for step-by-step instructions.
Additional Resources z 31
5
Jobs & Tasks
Overview
A Job is a collection of Tasks. A job can be created by a user or generated by the DDM Control
Center. Job name is used to facilitate monitoring.
A Task is an individual action contained within a job. There is usually a one-to-one correlation
between a task and a managed device. For example, a job can be created to distribute a
software package to 17 devices. Each device will be assigned a corresponding task, allowing
for monitoring of distribution on an individual device level.
When you monitor the job, the Control Center reports the job status in the results pane and
each task status in the details pane. However, for a job such as Device Discovery, which does
not involve specific target devices but rather a host device, DDM reports tasks in terms of job
states (i.e. upload, Netscan).
Navigating in DDM
The table below is a summary of how to navigate in DDM Control Center to perform DDM
actions.
DDM Task Navigation / Path
Administration
To create a Company Admin > Companies
To create a Site Admin > Sites
To create a Site map Admin > Site resolver
To create a bandwidth policy Admin > Bandwidth management
To create a Person record Admin > People
To create a User login Admin > Login
Jobs & Tasks z 33

DDM Task Description Navigation / Path
To create a login group Admin > Login groups
To set user credentials Admin > User credentials
To customize branding elements Admin > Branding
Deployment
To create an Agent installer Devices > Agent installers
To deploy the Agent Devices > Deploy agent

Admin > Service provisioning OR
Navigate to Devices > Inventory > Computer systems
To deploy a DDM service page. Select the devices you want. Right-click on the
selected device(s) or click on actions menu icon
and choose Install service service option.
To monitor Agent deployment progress Jobs > Agent deployment
To monitor service deployment progress Jobs > Service provisioning
1. Select target device(s) on devices inventory page.

2. Right-click on your mouse or click on actions menu
To deactivate a device
icon .
3. Select Uninstall all services option.
Device Management
To view device information Devices > Inventory > Computer systems
1. Devices > Inventory > Computer systems

To view the hardware change log for a 2. Select the device of interest.
managed device 3. Click on Hardware expand button.
4. Click on Change log.
To view basic software information for a
2. Select the device of interest.
managed device
3. Click on Software expand button.
1. Select target device(s) on devices inventory page.
To update inventory
icon .
3. Select Update inventory now option.
34 z Jobs & Tasks

Device Discovery
To create a scan Devices > Discover
Devices > Inventory > Computer systems - [Company

To view discovered workstations
name:Device discovery view]
To view discovered devices
Devices > Inventory > Other devices
(other than workstations)
To monitor a device discovery job Jobs > Device discovery
Software Distribution
To create a software package Software > Packages
Software > Distribute OR

Select target device(s) on devices inventory
To distribute a software package page, right-click on your mouse or click on
actions menu icon , and select Distribute
package option.
To monitor a software package
Jobs > Software distribution
distribution job
Patch Management
To see the patch library Security > Patch library
To view patch information for a

Devices > Inventory > Computer systems – Patch tab
managed device
To create a patch policy Security > Patch policies
Security > Distribute patches OR

To distribute patches Select target device(s) on devices inventory page,
(targeted patching) right-click on your mouse or click on actions menu
icon , and select Install patches option
To approve and disapprove patches for

Security > Approve patches
distribution
To monitor a patch distribution job Jobs > Patch distribution
Navigating in DDM z 35
Software Inventory and Usage Management
To view the software inventory summary Software > Inventory

To view the software change log for a 2. Select the device of interest.
managed device 3. Click on Software expand button.
4. Click on Change log.
To view the software license information Software > License units

To view software usage information for a 3. Click on Software expand button.
managed device 4. Click on the manufacturer expand button.
5. Click on the software name.
6. Click on Usage detail tab.
Anti-Malware Management & Antivirus
To view anti-malware information for a 1. Devices > Inventory > Computer systems
managed device 2. Click on the Antivirus & Antispyware expand button.

To create a virus scan and/or antivirus 2. Select target device(s).
definition update 3. Right-click on your mouse or click on actions menu
icon , and select Antivirus scan option.
To create a firewall policy Security > Firewall policies

2. Select target device(s).
To apply a firewall policy
icon , and select Apply firewall policy option.
Remote Access
Devices > Remote Control OR
Select the target device on devices inventory page,
To initiate a remote session right-click on your mouse or click on actions menu
icon , and select Remote control option
36 z Jobs & Tasks

To view remote control session logs Devices > Remote control sessions
Online Backup

To view online backup information for a
device
3. Click on Online backup expand button.

2. Select target device(s).
To enforce an online backup job
icon , and select Backup now option.
Scheduling Jobs
When a Job is created, the task is advertised by the DDM Control Center based on the
specified schedule to each target device while adhering to any bandwidth policy (see Setting
Bandwidth Policy on page 17 for more information) that may be in place for the affected
devices.
When the Agent initiates an outbound communication to the DDM Control Center, DDM
replies with the advertised task. The task is then downloaded by the Agent and executed
locally. The Agent reports back to the DDM server the progress of the task while the task is
running, finally reporting the final status (success or failure) of the task and the overall job.
DDM reports the job progress as Running until all tasks for the job are completed.
When scheduling a job, you can choose from:
Start immediately - The download process will begin the next time the Agent hearteats. If
a device is offline, the download will process when the device comes back online.
Choose start time - This option allows you to specify a later date and time. When scheduling
a job, the download process will begin when the Agent heartbeats after the scheduled
time is reached. Note that the time is based on the DDM user time, not the local device
time.
Monitoring Jobs
Whenever you create a job, DDM logs its progress so you can monitor it. A job can be created
by a user or the system (DDM Control Center).
Scheduling Jobs z 37
To monitor a job,
1 Navigate to Jobs. DDM displays the Current jobs by default. You can click on one of the
following to switch to another status:
Current: Currently running jobs
Scheduled: Scheduled jobs that have not run yet
Recent: Completed jobs that have not been Archived
Archived: Completed jobs that have been Archived
All: All jobs
Progress Bar :
Green - indicates tasks which successfully completed
Red - indicates tasks that failed
Yellow - indicates tasks which were cancelled
No color - indicates tasks that have not completed
2 Select the job category.

3 Select the job you want to monitor from the results pane. The Control Center displays more
information for the job in the details pane:
Job details - Displays the job type, job state, job execution time, number of retries, jobs
source and other job details. Also displays some job parameters specified by the user.
Devices - You can click on a status in the details navigation menu to view the status of the
job for each device. Device online state, operating system, and Windows installer
version are displayed by default.
Log messages - Displays messages indicating the job’s progress for each device
You can cancel, pause, and resume some tasks and jobs depending on their state. You can
also archive completed jobs. See Managing Jobs on page 39 for more details.
To view the job history for a specific device,

38 z Jobs & Tasks

2 Select the device you want.

3 Click the Jobs tab in the details pane navigation menu. All jobs that ran on the device are
listed in the details pane as well as the task state.
Managing Jobs
Not all jobs and tasks will succeed and you may encounter circumstances when you have to
take further action on previously sent jobs. Whether or not you take further action depends
on the state the job or the task is in:
Cancel - currently running jobs or tasks in a state before or on downloading state, manually
paused, or paused due to bandwidth policy. You cannot cancel tasks that have been
downloaded.
Note: You cannot cancel tasks that have already been downloaded or are executing.
Pause - currently running jobs before or on downloading state

Resume - successfully paused jobs
Retry - jobs that completed with exceptions. You cannot retry cancelled jobs
Archive - jobs that have been completed including those jobs that completed with
exceptions
To perform any one of the actions described above, do the following:
1 Navigate to Jobs. Select the job category and then the job you want to take action on. If
you want to take action on a task, click on Devices tab in the details pane navigation menu
and select the task you want to cancel.
2 Click the action icon or the actions menu icon located immediately above the results
pane or the details pane and select the action you want.
Note: Unavailable actions will be grayed out. For example, if you select a Currently running
job, Retry and Archive action buttons will be grayed out. If you click on a successfully
completed job, Pause, Resume, Cancel, and Retry action buttons will be grayed out.
Managing Jobs z 39
6
Device Discovery
Overview
The Device Discovery service enables you to scan your network to discover, identify, and
inventory IP-based devices. It uses Network mapper (nmap), Simple Network Management
Protocol (snmp), and nbtscan techniques to scan the network range you specify to discover
IP devices such as workstations, routers, switches, printers, and firewall. You can
subsequently distribute the DDM Agent to your newly discovered Windows-based
workstations.
Before you can initiate a network scan, you must first designate a managed device as the scan
host. User credentials must also be specified when initiating a device discovery scan. If the
discovery agent cannot authenticate to a device, it will not be discovered.

System Requirements
Deploying the Scan Host
Creating Scans
Viewing Discovered Devices
Before you begin:

Review the Deployment Checklist on page 10 to make sure your devices meet the
requirements necessary for deploying the DDM services.
Your company must subscribe to the Device Discovery service before you can deploy this
service.
DDM users performing device discovery service tasks must have the Device discovery user
permission.
Device Discovery z 41
System Requirements
Scan Host
Windows XP SP1,SP2 ,SP3
Operating systems Windows 2003 OEM, SP1, SP2
Windows 7
Minimum memory 512 MB
Minimum CPU 1 GHz
Min HD Space 100 MB
Ports used 80 and 443
Service package installer size 4 MB
Network traffic generated 78 KB of data will be sent/received per PC (IP)
Reboot required No
Deploying the Scan Host

Before you can initiate a device discovery job, you must designate at least one managed
device the network to serve as a scan host. When choosing a scan host, consider the System
Requirements described in the previous section.
Once you have identified system(s) to serve as scan Hosts, you are ready to deploy the Device
Discovery service to them.

3 In the Configure services section, select Provision for Device discovery.
4 Complete the Target devices section. You must specify one device only.
Note: If you choose more than one target device here, you will get an error message. To
designate more than one device as scan hosts, create additional service provisioning jobs.
42 z Device Discovery

8 Click DISTRIBUTE. The Control Center takes you to Jobs > Service provisioning, where you
can monitor the progress of your job. See Monitoring Jobs on page 37.
Creating Scans
Once a host device has been provisioned (see Deploying the Scan Host on page 42), you can
create a device discovery job.
To create a device discovery job,

1 Navigate to Devices > Discover.
3 Click the Host selection list button. DDM reveals all devices that have been configured to
serve as the discovery scan host. Select a device that is appropriate for the network range
you want to scan. If you have not yet designated a scan host, follow the steps described in
Deploying the Scan Host on page 42.
4 Select the scan range. You can enter IP range, subnet, or a local subnet.
Field Name Description Example

When entering the IP address range, do
IP Address Range 172.20.10.1-253
not include spaces before or after the dash.
The subnet mask range must be between
IP Subnet 172.20.10.0/20
/20 and /32. Use CIDR.
The scan can capture up to 4,096 nodes
Local Subnet N/A
from the subnet of the Host system.
5 Complete the Authentication section. You must enter User Credentials or select a pre-
defined user credential. See Setting User Credentials in DDM Online Help for more
information.
6 Check the Clear existing data box if you want to clear the results from previous discovery jobs before
uploading the information from the job you are about to create.
Creating Scans z 43
Note: If you do not choose the Clear existing data option, discovery records from the job
you are creating will be appended to the data from previous discovery jobs. DDM does not
discern whether duplicate device records exist.

9 Click DISTRIBUTE. The Control Center takes you to Jobs > Device Discovery, where you can
monitor the progress of your job. See Monitoring Jobs on page 37.
Viewing Discovered Devices

Once a device discovery job is successfully completed, you can view the newly discovered
devices in the Control Center. Navigation path depends on whether you are searching for
workstations or other device types.
To view discovered workstations,

2 Select [Company name:Device discovery] data set (see Devices Data Sets in DDM Online
Help for more information). DDM displays all discovered Windows-based workstations
since the last time the data was cleared.
Click on Unmanaged link to see the newly discovered devices that do not have the Agent
installed.
Click on Managed link to see the newly discovered devices that have the Agent installed.
Notes:
The device discovery discovers devices that are connected to the network through
LAN connections. Workstation devices using VPN connections may not be
discovered.
If you do not choose the Clear existing data option, discovery records from the job you
are creating will be appended to the data from previous discovery jobs. DDM does
not discern whether duplicate device records exist.
44 z Device Discovery
To view discovered devices other than workstations,

1 Navigate to Devices > Inventory > Other devices.
2 The Control Center displays all discovered devices other than the Window-based
workstations since the last time the data was cleared. Select a device in the results pane.
Click NMap in the details navigation menu to see details collected by the nmap
technique, such as computer name, IP address, and MAC address.
Click SNMP in the details navigation menu to see details collected by the SNMP
technique.
Tip: You can use the query (see Using the Advanced Search (Query)) in DDM Online Help for more
information) to search for a specific device type.
Viewing Discovered Devices z 45

7
Device Management
Overview
Device Management is a software service that provides ongoing visibility and control of your
managed devices. Hardware and basic software inventories are collected and uploaded
automatically to the DDM Control Center and updated daily, allowing for centralized viewing
and reporting. Because the service is Internet based, devices can be managed regardless of
physical location. In order to use this service, you must have the Device Management service
installed on your devices.

System Requirements
Deploying Device Management Service
Viewing Device Information
Viewing Basic Software Inventory Information
Performing Active Directory Import
Before you begin:

Review the on page 9 to make sure your devices meet the requirements necessary for
deploying the DDM services
Your company must subscribe to the Device Management service before you can deploy
this service. You can also subscribe to LAN-based remote control and Active directory
import services which are auxiliary services.
DDM users performing the device management service tasks must have the Computer
systems user permission. The users performing the Active directory import must have the
Data sets user permission and those performing the LAN-based remote control must have
the Remote control (LAN) user permission.
Device Management z 47
System Requirements
Device Management
Device management including Active directory import (Host):
Windows XP SP1, SP2, SP3
Windows 2003 OEM, SP1, SP2
Operating systems Windows 7
LAN-based remote control:
Windows XP SP2, SP3
Windows 2003 OEM, SP1,SP2
Minimum memory 512 MB
Minimum CPU 66 MHz
Min HD Space 50 MB
Ports used 443
Proxy support Yes

Device management: 2 MB
Service installer size Active directory import: 606 KB
LAN-Based remote control: 1.6MB
Hardware inventory: 30 KB daily per device
Network traffic generated
Software inventory: 120 KB daily per device
Reboot required No
MSI 3.1 min (AD import host only)

Other requirements
2.0 .Net Framework min (AD import host only)
Deploying Device Management Service

Before you can start tracking and managing your devices, you must first install the Device
Management service on the devices you want to manage. You can do that either by including
the service in the Agent installer (see Installing the Agent on page 23) or post-adding the
48 z Device Management
service using Service Provisioning. Follow the steps in Installing the DDM Service - Service
Provisioning on page 27.
When you choose Device management on the service provisioning page, LAN-based remote
control and Active directory import will dynamically appear. Click Install and configure
component option and provide configuration information if you want to install the two
auxiliary services. See Performing Active Directory Import on page 53 and Using LAN-Based
Remote Control in DDM Online Help for more information.
Viewing Device Information

Once the DDM Agent and Device Management service are installed on a device, the Agent
periodically uploads information about the device to the DDM Control Center. There are over
100 hardware characteristics reported. You can also view installed software inventory, user
and financial information, and services related details for a specific device. Whether a
navigation menu is visible is determined by the services your organization subscribes to.
To view information for a specific device,

2 Select the device you want. The Control Center displays the summary of the selected
device in the Computer Summary in the details pane. It provides a snapshot of the device
status; when service scans occurred last, user information, as well as Windows installer (msi)
and Microsoft .Net framework versions.
Viewing Device Information z 49

3 Select the expansion button of the category you are interested in to view more details.
* denotes editable field
Navigation menu Description

Computer summary. Displays network level device information
and when applicable service scans occurred last. Users can
manually enter information in the Business status, Business
function, and Notation fields, if desired. To update existing
Device Number: XXXXXX information in these fields, click EDIT, and then make desired
changes. Click SAVE to save your changes.
Just like Notes, Notation field is where you can enter narrative
information about the device, up to 64 characters. Notation is a
searchable field, whereas Notes is not.
Physical location information for the device. To enter data or to
Location* update existing information in these fields, click EDIT and make
changes. Click SAVE to save your changes.
Reports over 100 hardware characteristics of the device. Click the
Hardware expand button and select a hardware or network attribute of
interest. Hardware information is once daily for connecting devices.
A log of hardware changes, e.g., when memory is added to the
- Change log
device. See About the Hardware Change log on page 52.
Navigation menu Description
The software products that are installed on the device. This

Software information is updated once daily and is sorted by the
manufacturer.
A log of changes to the device’s software inventory. This is a
- Change log
Software License Management service feature.
The anti-virus and antispyware applications that are installed on the
Anti-virus & Antispyware device, including any infection incidences. This is an Anti-Malware
Management service feature.
Displays the firewall policies and rules applied to the device. This is
Firewall
an Anti-Malware Management service feature.
Provides patch information. This is a Patch Management Service
Patch
feature.
Remote control A log of remote control sessions
A log of online backup sessions. Visible only to Online Backup

Online backup
service subscribers
Service Information Summary of the DDM services that are activated for the device
Contains Financials, Purchase, Lease, and Warranty information for
the device. Asset tag information is also stored here. All items are
editable. All items with the exception of Purchase price and Lease
Financials*
monthly cost are searchable. See Importing Warranty Information
in DDM Online Help for information on how to import Dell’s
warranty information.
Jobs Summary of all jobs and their status distributed to the device
Policies Summary of bandwidth and patch policies applied to the device
- Bandwidth rules Summary of bandwidth rules applied to the device
- Patch rules Summary of patch rules applied to the device

To enter additional narrative information about the device, click
Notes* EDIT. Click SAVE button to save your changes. Unlike Notation
(under Computer Summary), Notes is not a searchable field.
Management agent Services provisioned to the device
A log of Agent activity on the device, including policy generated

- Agent log
jobs and tasks. Also displays the source of download
- Agent uploads The files that have been uploaded to the device by the Agent.
Viewing Device Information z 51

About the Hardware Change log

DDM allows you to easily monitor and update device activity and assignments within your
organization as your IT environment grows and changes. Once the DDM Agent is installed on
a device, it scans your hardware inventory daily and updates the Change log whenever a
hardware item is added or removed from the device.
To view the hardware change log for a device,
2 Select the device you want and then click the Hardware expand button in the details pane
navigation menu. DDM displays all the hardware items for the device followed by Change
log.
3 Click Change log. DDM displays hardware change history for the device, including the
type of change, device type, and the date / time the change was made (expressed in local
device time), if any. You can click the layout menu icon to add or remove display
columns as desired.
Viewing Basic Software Inventory Information

The Agent scans and uploads the software inventory information once daily. It collects the file
name and file size of all EXE and COM files from all local drives. The Agent then collects the
Globally Unique Identifier (GUIDs) from the registry and the OS version and uploads the
inventory file to the DDM Control Center.
Note: Viewing basic software inventory on managed devices is a Device Management

service feature. To perform more advanced functions such as viewing inventory change
log, and managing software license and usage information, you must subscribe to the
Software License Information service.
To view the software inventory for a device,

2 Click on the Software expand button in the details navigation menu. Click on a
manufacturer expand button and then click the software title of interest.
Tip: Hardware and software inventory is updated once daily. To update the inventory
immediately, select the target devices on the inventory page and right-click on your mouse,
and then select the Update inventory now option.
Performing Active Directory Import

You can use the Active Directory Import service to import User-type data from your domain to
the DDM Control Center. Once configured, you can reconcile and synchronize Devices to
appropriate People data. This eliminates the need to manually modify device assignment
every time you re-deploy a device.
To set up automatic Device to People data synchronization,

1 Identify a device to serve as the Active Directory scan host. The host device must reside
within the same domain that you want to scan and must already have the DDM Agent
installed. The logged-in user of the host device does not have to be a domain
administrator, however, you must create a user credential (see Setting User Credentials in
DDM Online Help) to impersonate domain administrator rights during the AD scan.
2 Deploy the Active Directory Import service to the selected scan host device. Follow the
steps in To deploy Active Directory Import service, on page 53.
3 Selected Active Directory is scanned once daily and imports new user data to the DDM
Control Center. To disable daily AD scanning, you must remove the AD import service from
the scan host device.
Note: To terminate daily AD scanning, remove the AD import service from the scan host
device using Service provisioning.
4 DDM user reconciles the imported AD user data to be added as part of the Main People
dataset. Follow the steps described in To reconcile imported Active Directory data, on
page 55
5 DDM automatically synchronizes Devices to Persons using logged-in user as the matching
criteria.
To deploy Active Directory Import service,

Before you can initiate the AD scan process, you must designate a managed device in your
domain to serve as the scan Host.
Performing Active Directory Import z 53

Once you have identified a system to serve as a scan Host, you are ready to deploy the AD scan
service to it.

3 In the Configure services section, click Provision for Device management. The Control
Center dynamically reveals LAN-based remote control and Active directory import.
4 Click the selection list button for Active Directory Import and select Install and configure
component.
Click Reconfigure component if you want to modify any component.
Click Uninstall component if you no longer want the device to scan the AD.
5 Enter the Domain name. For example, for the hypothetical AD shown below, the domain
name is everdream.corp.
6 Enter Organization Unit (OU) and domain information in Organization Unit. You can
configure to scan more than one OU by entering multiple command lines. Declare OU
names and DC name following the syntax as illustrated below for the following
hypothetical AD:
Organization Unit to
Type in the Organization Unit field,
Scan
QE OU=QE,OU=Engineering,OU=Internal,OU=EDC Domain Accounts,DC=everdream,DC=corp
All sub-OUs in the EDC

OU=EDC Domain Accounts,DC=everdream,DC=corp
Domain Accounts OU
OU=QE,OU=Engineering,OU=Internal,OU=EDC Domain Accounts,DC=everdream,DC=corp

QE and Dev Services
OU=Dev Services,OU=Engineering,OU=Internal,OU=EDC Domain Accounts,DC=everdream,DC=corp
* Note that spaces are accepted, but periods (.) are not.
7 Click the User credentials selection list button and select the credential applicable to this
AD import, then click OK. If you do not have a pre-defined credential, you must create one
before continuing. See Setting User Credentials in DDM Online Help for instructions on
how to create domain credentials.
8 Complete the Target devices section. Choose one device only.
Tip: You can designate only one device per AD scan host deployment (service
provisioning) job. If you enter more than one device, you will get an error message. If you
want to enable more than one device as a scan host, create additional service
provisioning jobs.
applied to the target device. See Setting Bandwidth Policy on page 17.
you can monitor the progress of your job (see Monitoring Jobs on page 37).
To reconcile imported Active Directory data,

Once you successfully provision a device to serve as an active directory scan host (see To
deploy Active Directory Import service, on page 53), the Control Center performs an AD scan
once daily and uploads data for AD users added since the last reconciliation. To view the
imported data, navigate to Admin > People. The Control Center displays the Main data set
by default. Click on Company Name: Active directory to view the imported active directory
data.
Performing Active Directory Import z 55

The Control Center dictates what time of day the scan occurs. Reconciling causes the
imported AD user data to become part of the Control Center’s Main People dataset (see
Managing People Data in DDM Online Help for more information).
The reconciliation process inserts and updates records to the Main data set that are new or
modified; it does not delete records (i.e., The Control Center does not remove People data for
those users that are removed from the AD).
To view and reconcile imported AD data,

1 Click Admin > Data sets. The Control Center displays the active directories that have
already been configured for daily scanning.
2 Select the Company whose AD imported you want to view and click on the People record
changes tab. The Control Center displays information uploaded for AD users added since
the last reconciliation. For example, if you last reconciled AD data a week ago, all added AD
users resulting from daily scans for the last six days will be displayed here.
3 Click the actions menu icon and select Reconcile. All user data under the People record
changes tab disappears and is now visible in both the Main and Active Directory People data
sets. See Viewing People Data in DDM Online Help for more information.
DDM segments all workstation devices according to whether the device has the Agent
installed (Managed or Unmanaged) and/or whether it was discovered via device discovery.
See Devices Data Sets for more information.
The Online state of a managed device is defined by when the Agent installed on the device
last connected with the DDM Control Center. See Agent Online State for more information.
You can automatically assign managed devices to Sites according to your network map.
The device is then is governed by all policies and rules applied to which site the device is
assigned including bandwidth, firewall, and patch policies. See Using the Site Resolver on
page 15 for instructions on how to enable the feature.
You can send a message to the end user of a managed device. See Sending a Message to
Devices for more information.
8
Overview
The Software Distribution provides secure electronic transfer of files, installers, or scripts to
your devices. The Control Center tracks all distribution jobs and the user is able to monitor
the progress of the distribution, review error logs, and identify jobs that may have failed. For
those users with scripting knowledge, DDM allows them to create custom packages.

System Requirements
Deploying Software Distribution Service
Distributing a Software package
Monitoring Software Package Distribution
Creating a Software Package
Before you begin:

deploying the DDM services.
Your company must subscribe to the Software Distribution service before you can deploy
this service.
DDM users performing the software distribution service tasks must have the Package
distribution and Package library user permissions.
Before you start distributing software package to your devices, set appropriate bandwidth
policies and rules to avoid unintended network saturation. See Setting Bandwidth Policy on
page 17 for more information.
You can configure one or more relay points to serve as a repository for service, software,
and patch packages on a local area network (LAN). The Agent then downloads DDM jobs
from the relay server rather than the DDM itself, thus reducing Internet traffic. See
Configuring Relay Servers page 16
Software Distribution z 59
System Requirements
Operating systems Windows 2003 OEM, SP1, SP2
Windows 7
Ports used 443
Proxy support Yes
Service installer size N/A (no additional service package installed).
Reboot required No
Deploying Software Distribution Service

Before you can start distributing software packages to your managed devices, you must first
install the Software Distribution service on the devices. You can do that either by including
the service in the Agent installer (see Installing the Agent on page 23) or post-adding the
service using Service Provisioning. Follow the steps in Installing the DDM Service - Service
Provisioning on page 30.
Distributing a Software package

You can create a package distribution job in several ways:
From Software > Distribute page
Using one of the shortcut actions, invoke one of shortcut actions and select the Distribute
package option. See Using the Shortcut Actions Menu in DDM Online Help for more
information.
To distribute from the Software > Distribute page,
1 Navigate to Software > Distribute.
3 Click the Choose package selection list button. The Control Center lists all active packages
that are available for distribution. Select the package you want to distribute.
60 z Software Distribution
4 Check off the Bypass bandwidth policies box only if you want to bypass bandwidth policies
applied to the target devices. See Setting Bandwidth Policys on page 17 for more
information.
5 Complete the Target devices section. You can specify the group of devices that will be
receive the package in the Target by field. The second field in this section will dynamically
change according to your selection. Servers will be excluded by default. If you want to
include the servers, click and uncheck the Exclude Servers option.
6 Schedule the job. See Scheduling Jobs on page 37 for more information.
summarizes the job you just created. Change job parameters if desired.
8 Click DISTRIBUTE. The Control Center takes you to the Jobs > Package distribution page,
where you can monitor the progress of your job. See Monitoring Jobs on page 37.
Note: Before you start distributing software package to your devices, set appropriate
bandwidth policies and rules to avoid unintended network saturation. See Setting
Bandwidth Policyon page 17 for more information.
Tip: You can configure one or more relay points to serve as a repository for service, software, and
patch packages on a local area network (LAN). The Agent then downloads DDM jobs from the relay
server rather than the DDM itself, thus reducing Internet traffic. See Configuring Relay Servers in
DDM Online Help for instructions.
Monitoring Software Package Distribution

To monitor a software distribution job, navigate to Jobs > Software distribution and select
the job you want to monitor.
DDM Software distribution tasks proceed in the order shown below.
Pending - The task is advertised

Waiting for Agent - The task has been scheduled and is waiting for the Agent to connect to
download the file. May be postponed due to bandwidth policy, or is waiting for a
previously sent task to complete
Downloading - The task is in the process of being transferred to the device
Downloaded - The task has been fully transferred to the device and will initiate executing
shortly
Download failure - The Agent is unable to download a package file after multiple tries
Monitoring Software Package Distribution z 61

Executing - The downloaded task has begun executing

Success - The task ran successfully and returned a Success code to DDM
Failure - The task encountered a problem and was unable to complete successfully.
For those jobs that have Completed with exceptions, you can click the Devices tab in the details
pane to view the details of all tasks. Some exceptions may be due to the devices stuck in
Waiting for agent state or cancellation by a user.
You can cancel, pause, and resume some tasks and jobs depending on their state.
You can also archive completed jobs. See Managing Jobs on page 39 for more information.
Creating a Software Package

The Software Distribution service allows the users to create software packages in the Control
Center, which can then be distributed and monitored. However, the users taking on this task
should have basic scripting knowledge and an understanding of how .msi files and command
line arguments work. Creating and managing software packages require the Package library
user permission.
For step-by-step instructions on how to create a software package, see Creating a Software
Package in DDM Online Help.
When you create a software package, you can manage the visibility of the package with
other DDM users within your Company and in child Companies. See Sharing Software
Package in DDM Online Help for more information
62 z Software Distribution
9
Patch Management
Overview
The Patch Management service enables IT administrators to automate and
centralize the process of delivering missing patches to managed devices.
Administrators can distribute missing patches either by defining policies or targeted
patching method. In order to use this service, your organization must subscribe to
the Patch Management service and deploy the service to your devices.
This service currently covers Microsoft operating systems and Office products, as
well as selected applications from the following vendors (subject to change):
Microsoft
Mozilla Foundation
Adobe
Apple
Real
WinZip
Apache Software Foundation
Sun Microsystems
Research In Motion
Skype Technologies
VMware
Citrix

System Requirements
Deploying Patch Management Service
About Patch Library
Patch Management z 63
Viewing Patch Information

Policy-Generated Patching
Targeted Patching
Before you begin:

Patch distribution jobs, regardless of whether created by policy or targeted patching
method, are governed by active bandwidth policies and relay server rules applied to the
affected devices. Make sure appropriate bandwidth policy (see Setting Bandwidth Policy on
page 17) and relay server rules are in place before deploying patches (see Configuring Relay
Servers page 16).
Your company must subscribe to the Patch Management service before you can deploy
this service.
DDM users performing the patch management service tasks must have the Patch jobs and
reports and Patch approvals and policies user permissions.
Before you start distributing patches to your devices, set appropriate bandwidth policies
and rules to avoid unintended network saturation. See Setting Bandwidth Policy on page 17
for more information.
After applying a patch or a set of patches, DDM will reboot the device before the patches
can be considered installed or no longer missing. You can customize the reboot alerts and
settings the end users will see. See Customizing Reboot Parameters in DDM Online Help
for instructions.
64 z Patch Management
System Requirements
Patch Management
Operating systems Windows 2003 SP1, SP2
Windows 7
80 & 443. Patches are distributed directly from the vendor sites.
Ports used
See on page 9 for a list of necessary outbound connections.
Service installer size 3MB
Minimum HD space Per patch requirements
Network traffic generated 30KB daily per device
Proxy support Yes
MSI MSI 3.1
Reboot required No
Deploying Patch Management Service

Before you can start distributing missing patches to your managed devices, you must first
install the Patch Management service on the devices you want to manage. You can do that
either by including the service in the Agent installer (see Installing the Agent on page 23) or
post-adding the service using Service Provisioning. Follow the steps in Installing the DDM
Service - Service Provisioning on page 27.
About Patch Library

The Patch Library lists all patches supported by the DDM Control Center. To see the Patch
Library, navigate to Security > Patch library. DDM displays the Applicable view by default.
Applicable view lists the patches that are Installed (explicitly and effectively) or Missing by
any device in the Company view you are in. See Patch Install Status on page 66 for more
information.
System Requirements z 65
Not applicable view lists the remaining patches. It is comprised of all patches in the DDM
patch catalog that are NOT applicable to the devices in your Company.
All view includes both Applicable and Not applicable patches
From the Patch Library page, you can:

View detailed information about the selected patch
Determine which devices are missing a specific patch.
Create a patch installation job
Patch Install Status

DDM categorizes the patches as follows:
Install Status Description

Patch was installed on the system at one point in time. An action was
Explicitly Installed taken (e.g. Windows Update or Control Center Patch Distribution Jobs)
to deploy the referenced patch on the device.
Patch was not found on the scanned device but the vulnerability
posed by the patch has been corrected. This can be due to another
patch updating the same files, such as a superseding or rollup patch.
Example:
MS02-001 for Windows 2000 - also known as the Windows 2000 Post-
Effectively Installed SP2 SRP1, or simply the SP2 SRP (security rollup package). If you've
installed only Windows 2000, SP2, and MS02-001, you've 'explicitly'
installed 1 hotfix (MS02-001 Q311401), but you've effectively installed
20+ earlier hotfixes that were subsumed by MS02-001. (Examples of
the superseded hotfixes would include: MS00-077, 079, 01-004, 007,
011, 013, 015, 024, etc)
Patch is applicable to the scanned system but was not found on the
Missing
system
Patch was not found on the system but is NOT applicable to the
Not Applicable
system
Install Status Description
Not Scanned Scanning for the patch has not yet occurred
Viewing Patch Information

Managed connecting devices are scanned for missing and installed patches and this
information is uploaded to the DDM Control Center once daily and after patches have been
applied on the system. If the Patch Management service is not installed or scanning has
stopped, you need to deploy the service to the affected devices (see Installing the DDM Service
- Service Provisioning on page 27 for instructions).
You can assess patch status and identify vulnerable systems in several ways:
Patch management reports - Patch management reports provide the most efficient way to
assess the overall patch status for your entire organization. From the Reports menu, click
on the Patch management category and select the report you want.
Dashboard - You can view patch related widgets and add to your dashboard. See Using the
Dashboard in DDM Online Help for more information.
You can view patch information for a specific device or identify which devices are missing
a specific patch.
To view patch information for a specific device,

2 Click Patch tab from the details pane navigation menu.
Click the Missing patches tab to see what patches are missing on the device.
Click the Installed patches tab to see what patches are installed on the device.
To identify devices missing a specific patch,

3 Navigate to Security > Patch library.
4 Select the patch for which you want to view information. Click the Devices tab view the
devices for each batch install status (see Patch Install Status on page 66).
5 Click on the other tabs in the details pane to see more details about the selected patch:
Patch details displays details about the selected patch.
Inventory chart displays a graphic representation of the devices affected by the patch
and the number of devices for each patch install status.
Policies displays the active policies that apply to the selected patch.
Viewing Patch Information z 67

Targeted Patching
You can create a job to install or uninstall a single or multiple patches to a targeted group of
devices on a schedule that you decide. DDM logs these patch distribution jobs so you can
monitor them.
To create a targeted patch distribution job,

1 Navigate to Security > Distribute patches.
3 Complete the Select update section. Patches is the only mandatory field. When you click
on the selection list button, DDM lists only patches that are missed by at least one device
within your Company. Use the other selection parameters (Vendor, Product, Patch Type,
and Patch Severity) to narrow the selection scope.
4 For Action, click Install to install patches.
5 Complete the Target devices section. You can specify the group of devices that will be
affected by the patch in the Target by field. The second field will dynamically change
according to your first selection.
6 Enter Earliest start time and Latest start time (expressed in local device time). The start
time is when DDM will start to install the patches to target devices.
summarizes the job you just created. Change job parameters if needed.
8 Click DISTRIBUTE. The Control Center takes you to the Jobs > Patch distribution page,
where you can monitor the progress of your job. See Monitoring Jobs on page 37 on page
xx for more information.
Tip: Alternatively, you can create a patch distribution job in two other ways:
From the Patch Library page: Click on the Missing tab in the details navigation menu and click the
install patches icon OR click the actions menu icon and select Install patches.
From the Devices page: Select the devices you want. Right-click on your mouse and
select Install patches.
Policy-Generated Patching
The policy generated patching method is the most efficient way to distribute patches to your
managed devices. You can use this method to create patch policies and rules that fit your
environment and have the DDM download and install patches on the target devices
automatically.
Use caution when using this powerful tool by ensuring that you set patch policies and rules
accurately and appropriately.
Tip: A recommended best practice is to distribute missing patches by targeting specific

devices prior to enabling policies. This is to tightly control the rate of initial patch
distributions when there is likely to be a large number of missing patches.
To create a patch policy,

1 Navigate to Security > Patch policies. DDM displays patch policies that are currently
Active in your organization by default. You can also click on the Inactive link to view inactive
policies or All link to view both active and inactive policies.
2 Click CREATE. If you want the new policy to be based on an existing one, select the policy
in the results pane that you want to clone and click CLONE.
3 Complete the Policy information section. If you selected CLONE in the previous step, the
Control Center displays the existing policy’s information here, which you can keep or
modify as desired.
4 Enter the Earliest start time and Latest start time for the patches to be installed,
expressed in local device time. This is the actual time that the device will begin executing
patches it has downloaded. It is best to select time periods that will work within active
bandwidth policies and relay server rules applied to the affected devices.
Now you are ready to create patch rules for the policy. Click add new rule . If you want to
create rules later, you can click SAVE instead to save the policy information. However, you will
have to click EDIT the policy to add rules.
To create a patch rule,

1 Navigate to Security > Patch policies. Select the policy for which you want to add the rule.
Click EDIT.
2 Click on Rule 1 if you are creating the first rule for the selected policy. Click on add new rule
icon if you are creating an additional rule.
3 Enter information in the Rule page:
Vendor / Product - You can select either Vendor OR Product, but not both. Click the
selection list button and select the items you want, and then click OK. You can click the
Add selection button to add items in the Choose items tab or click the Remove
selection button to remove items in the Selected items tab.
Note: If you specify 0 Vendors and 0 Products on the Rules page, the rule will apply to
ALL products and ALL vendors.
Patch type - This is governed by how the vendor classifies the patch.
Severity - Limits the scope of primarily Microsoft security updates.
Policy-Generated Patching z 69
Approval type - Indicates when DDM will administer the patch:
Approval Type DDM will administer the patch…

Auto approve Immediately upon release of the patch by the vendor
After X days specified in the Patch will approve in days field
have passed after the patch is released.
Auto approve with delay Tip: Recommended setting as it will allow time for the
admin to address issues that may occur with newly released
patches.
When the patch is approved. See Approving and
Manual approve disapproving patches for distribution on page 71 for more
information.
DDM will not apply the patch. For more information on
Disapprove how to approve patches, see Approving and disapproving
patches for distribution on page 71 for more information.
Exceptions - Allows users to exclude specific patches from approval or disapproval list.
To exclude specific patches from being governed by the rule you are working on, click
on the Exceptions selection list button and select the patches you want to exclude.
4 If you want to create additional rules, click the add new rule icon again. If you want to
remove a rule, select the rule and click the delete selected rule icon .
5 Click SAVE to save the policy and the rules. Alternatively, you can click SAVE AND NEW if
you want to create more than one policy and SAVE AND CLONE if you want to create
another policy based on the information you just entered.
Notes:
If you apply conflicting patch policies or rules to a device, the most restrictive policy or
rule will be applied. This feature facilitates exception handling.
Example:
Rule 1: Automatically approve all Microsoft security updates
Rule 2: Manually approve critical Microsoft security updates
If you apply both the above rules to a device, all Microsoft security updates except critical
updates will be automatically applied as soon as they are released. The Control Center will
not apply critical updates until they are approved.
Patch downloads, regardless of whether invoked by the policy generated patching
method or targeted patching method, are governed by active bandwidth policies and
relay server rules that have been applied to the affected devices.
New patch policies and rules or changes to existing policies and rules may take up to an
hour to take effect.
Approving and disapproving patches for distribution

When you navigate to the Approve patches page, you can click on the Pending Approval
(default), Approved, or Denied links to search for the patches to approve or disapprove.
Pending Approval - patches whose applied patch rules specify Manual approve.
Approved - patches whose applied patch rules specify Auto approve or Auto approve with
delay.
Denied - patches whose applied patch rules specify Disapprove or have been manually
disapproved.
To approve a patch,
1 Navigate to Security > Approve patches. You can approve any patch that is under
Pending Approval or Denied views.
2 Select the patches you want to approve, and then click the approve patch policy icon
OR click the actions menu icon and select Approve.
3 Click the Approved link to view the newly approved patches.
To disapprove a patch,
1 Navigate to Security > Disapprove patches. You can disapprove any patch under
Pending Approval or Approved views.
2 Select the patches you want to disapprove, then click the disapprove patch policy icon
OR click the actions menu icon and select Disapprove.
3 Click the Denied link to view the newly disapproved patches.
Occasionally, hotfixes and security updates create patch conflicts, or known patch conflicts
could be installed by end users. You can create a job to uninstall a single patch or multiple
patches for a targeted group of devices on a schedule that you determine. See Uninstalling
Patches in DDM Online Help for more information.
10
Software License & Usage

Management
Overview
The Software License & Usage Management service enables you to view software inventory,
track software usage, and reconcile license information so that you can easily assess where
you are over-licensed or under-licensed.
In order to use the service, your organization must subscribe to the Software License
Management service and install the service on your devices.

System Requirements
Deploying Software License & Usage Management Service
Viewing Advanced Software Inventory Information
Managing Software License Information
Tracking Software Usage Information
Before you begin:

Your company must subscribe to the Software License Management and Software Usage
services before you can deploy this service.
DDM users performing the patch management service tasks must have the Software license
and reports user permission.
and rules to avoid unintended network saturation. See Setting Bandwidth Policyon page 17
Software License & Usage Management z 73

System Requirements
Software License & Usage Management
Operating systems Windows 2003 OEM, SP1,SP2
Windows 7
Ports used 443
1 MB (Software inventory management)
Service installer size 1 MB (Software license management)
1.2 MB (Software usage management)
Proxy support Yes
Reboot required No
120 KB daily per device (Software inventory)

Network traffic generated
30 KB daily per device (Software usage)
Deploying Software License & Usage Management Service

Before you can start managing the software license and usage information, you must first
install the Software License Management and Software Usage services on your devices.
Software Usage is an auxiliary service of the Software License Management service. You can
do that either by including the service in the Agent installer (see Installing the Agent on
page 23) or post-adding the service using Service Provisioning. Follow the steps in Installing
the DDM Service - Service Provisioning on page 27.
Viewing Advanced Software Inventory Information

With Device Management service, you can view only the basic software inventory at the
device level (see Viewing Basic Software Inventory Information on page 52). With Software
License Management service, you can also view the inventory summary across your
organization.
To view the software inventory summary at the Company level,

1 Navigate to Software > Inventory.
74 z Software License & Usage Management

2 DDM displays the entire software inventory for your company in the results pane. You can
click the Manufacturer selection list button to limit your search to the software products by
a specific manufacturer. Only the manufacturers for software products found in your
environment will be displayed in the selection list. Alternatively, you can perform a quick
search or advanced search (query) to limit the search scope. See Search in DDM Online
3 Click on a software title you want to view.
Detail: Clicking on the Detail tab in the details pane reveals basic information about the
selected software including how many devices have the software installed. You can click
the License unit:[Software product name] link to navigate to the License units page,
where you can add license unit and purchase order information for the software (see
Managing Software License Information on page 76).
Devices: Clicking on the Devices tab in the details pane reveals the devices that have the
selected product installed.
Tip: Alternatively, you can view the software inventory reports. From the Reports menu, select
the Software License Management category and view the report you want.
About the Software Change Log

Once the Agent installed on a device, it scans the device’s software inventory once daily and
updates the Change log when a software product is added or removed.
To view the software change log for a device,

2 Select the device you want and then click on the Software expand button. Scroll down
and click on Change log. Software change log for the selected device is displayed in the
details pane.
Tip: To see the software inventory change for a group of devices in your Company, see the Devices:
Software inventory changes report.
Viewing Advanced Software Inventory Information z 75

Managing Software License Information

DDM automatically creates a license unit for all software products when it is first detected for
the Company during inventory scans. The majority of software titles are categorized as
Untracked, which means they are assumed to NOT require a license. Tracked titles are
assumed to require a license and will be associated with a license purchase.
To view the software license information,

1 Navigate to Software > License units. DDM displays the Tracked license units in the
Current company by default.
2 To switch to Untracked view, click the View selection list button, and then click Untracked.
You can also select All option to see both Tracked and Untracked license units
information.
Click the in selection list button to limit to a specific Company if applicable.
3 Select a software license unit.

Details (default): Displays basic information as well as a list of software products
included in the selected license unit.
Purchases: States the number of purchase orders for the license unit. Click the Purchases
expand button, then select a purchase order of interest. DDM displays vital information
such as the license key and expiration date.
To add / remove software license information,

4 Navigate to Software > License units. All tracked license units are displayed by default.
5 Select the software license unit you want to modify, and then click EDIT.
Details: You can change whether the License unit type is tracked or untracked. Click
ADD to add a software product to include in the license unit.
Purchases: Click the Purchases expand button and select a purchase order you want to
modify. Make any changes to the purchase order as desired.
Click the add new purchase order icon to add a new purchase order for the license
unit.

To remove an existing purchase order, select the purchase order you want to delete
and click the delete selected purchase order icon.
6 Click SAVE.
To assess software license compliance status,

By running various dashboard widgets (see Using the Dashboard in DDM Online Help) and
software license management reports, you can quickly assess for which software products
your organization is over-licensed or under-licensed and whether there are licenses at the risk
of expiring soon.
Top 10 non compliant licenses dashboard widget: Lists license units where the maintenance
is about to expire
License units: Inventory analysis report: Displays the number of devices with installed
software in comparison to the number of licenses purchased for all licensed software titles.
Report is filtered on those titles which have been designated as Tracked.
Tracking Software Usage Information

Once you have identified which software applications are over-licensed or under-licensed
(see Managing Software License Information on page 76), you can track how frequently they
are being used, for how long, and by whom. You can then use this information to build your
software purchase and distribution strategy, e.g., whether to restrict access to certain
applications for some users or to purchase more licenses or fewer licenses.
To view the software usage information for a specific device,

2 Select the device you want. DDM displays the Computer summary by default. Scroll down
the details pane navigation menu and click the Software expand button.
3 Click on the manufacturer expand button you want, then the software product of interest.
4 Click on the Usage detail tab. Usage history data; usage date, number of launches, and total
minutes of usage data are displayed.
Click the Usage summary tab to see the graphical summary of monthly usage.
Tracking Software Usage Information z 77

Click the License information tab and click on the license unit link to view the license unit
details associated with the selected software product.
Tip: To assess the usage status of all software products at the Company level, you can run
various reports in the Software license management category.
Devices: Detailed unused applications report - Summarizes unused applications grouped by

company, device information, and product name. You can specify usage period.
Inventory: Detailed license usage analysis report - Detailed report of installed software titles.
Reports license title, product name/version, date of last usage, and frequency of usage
during specified usage period.
License units: Unused licenses summary report - Provides summary count of unused licenses

11
Anti-Malware and Antivirus
Overview
The Antivirus service enables the administrators to deploy Symantec and McAfee anti-virus
software installations and upgrades to managed devices. Symantec antivirus versions 10.1,
10.2, and 11.0 and McAfee version 8.7 are supported at this time.
The Anti-Malware Management service enables you to monitor, assess, and perform
functions across multiple anti-virus and anti-spyware applications. You can initiate
administrative scans and virus definition update tasks on your devices.
If your organization subscribes to the Antivirus service, you will automatically have access to
the Anti-malware management service.

System Requirements
Deploying Anti-Maware & Antivirus Services
Viewing Anti-Malware Information
Performing Anti-Malware Tasks
Before you begin:

Review on page 9 to make sure your devices meet the requirements necessary for
Your company must subscribe to the Anti-malware and Antivirus services before you can
deploy them to your devices.
DDM users performing the patch management service tasks must have the Anti-maware
user permission.
and rules to avoid unintended network saturation. See Setting Bandwidth Policy on page 17
Anti-Malware and Antivirus z 79

System Requirements
Anti-Malware
Windows 2000 SP4 Workstation
Windows XP SP2, SP3
Windows 7
Ports used 443
Service installer size 2.2 MB
Proxy support Yes

Less than 2 KB hourly (anti-definition update)
Network traffic generated 2 KB daily (anti-malware log);
150 KB daily (anti-malware log if the system is infected)
Antivirus
McAfee 8.7
Windows XP SP2, SP3
Windows 2003 SP1, SP2
Windows 7
Symantec 10.1
Windows XP SP2, SP3
Symantec 10.2
Windows 7
Symantec 11.0
Windows XP SP2, SP3
Windows 2003 SP1, SP2
Windows 7
80 z Anti-Malware and Antivirus

Antivirus
McAfee: 106MB
Symantec 10.1: 52MB
Service installer size
Symantec 10.2: 68 MB
Symantec 11.0: 93 MB
Symantec: 21, 80, 443
Ports used
McAfee: 21, 80
MSI 3.1 (McAfee)
Internet Explorer IE 5.5 Service Pack 2 or later
Proxy support No
Reboot required Yes
McAfee: Enligh (default), French, German

Languages supported
Symantec: English
Deploying Anti-Maware & Antivirus Services

You can deploy the Anti-malware and/or Antivirus services either by including the service in
the Agent installer (see Installing the Agent on page 23) or post-adding the service using
Service Provisioning. Follow the steps in Installing the DDM Service - Service Provisioning on
page 27.
To deploy the Antivirus service, you will have to select which antivirus product and version
you want to install and the scan schedule if allowed. Follow the steps described below.

3 In the Configure services section, scroll down to Antivirus.
4 Click on Provision. Option and Antivirus software dynamically appear with Install and
configure component as the default option.
5 Click the Antivirus software selection list button. Symantec is the default option. Select
McAfee if you want to deploy McAfee antivirus instead.
Notes:
If a target device already has a Symantec or McAfee program installed, it will be removed
before the selected antivirus program is installed. However, this may not always work.
Check the service provisioning job log for result.
Antivirus applications other than Symantec or McAfee should be removed before
distributing this job.
You can upgrade to a higher Symantec version but cannot downgrade.
Deploying Anti-Maware & Antivirus Services z 81

You can switch from Symantec to McAfee or vice versa.

6 When Symantec is selected, Symantec version dynamically appears. Select the version you
want to deploy.
a When Symantec 10.1 or 10.2 is selected, Device scan schedule dynamically appears. This
is where you can specify the frequency of full virus scan. You can choose from daily,
weekly, or monthly, and specify the time (based on local device time).
b Specify the Daily update check schedule. This is when the device checks daily to
determine if it requires a virus definition update. If it is required, DDM generates a job to
update the virus definition.
c Check the Perform scan after install box if you want the antivirus software to perform a full
scan after the software installation.
7 Complete the Target devices section. The second field in this section will dynamically
change according to your Target by selection.
8 Check the Bypass bandwidth polices box only if you want to bypass the bandwidth policies
9 Complete the Schedule section. See Scheduling Jobs on page 37 for more information.
10 Click CONTINUE. DDM displays the Confirm Distribution page, which summarizes the
details of the job you just created. You can change the job parameters if desired.
11 Click DISTRIBUTE. DDM takes you to Jobs > Service provisioning, where you can
monitor the progress of your job (see Monitoring Jobs onpage 37 for more information)
System reboots may be required to complete the installation. The end users will see a reboot
alert and have the option to either reboot immediately or delay the reboot (for up to 3 hours).
If neither option is selected, the system will be rebooted automatically after the default initial
reboot time specified in the Company’s Reboot management (see Customizing Reboot
Parameters in DDM Online Help for more information).
Viewing Anti-Malware Information

To view the anti-malware information for a specific device,
2 Select the device you want in the results pane. Anti-malware information - last antivirus
scan date, antivirus definition date, OS firewall enabled, and firewall policy conflict – are
displayed in the Computer summary.

3 In the details pane navigation menu, click on the Antivirus & Antispyware expand button to see
what anti-malware product is installed on the device. You can click on the virus/spyware product
name to view the infection log if any.
Tip: You can see the anti-malware information for all of your devices by clicking on the layout
menu icon and adding the related columns to the device inventory page.
Viewing Anti-Malware Information z 83

Identifying Vulnerable Devices

Antivirus and anti-spyware software identifies and stops threats before they become a
problem. DDM enables you to easily identify vulnerable devices such as:
Devices that have been infected with virus or spyware in the last 24 hours
Devices with no antivirus software installed
Devices that have not been scanned for virus for a while
Devices with outdated virus/spyware definition files
You can run Antivirus Dashboard widgets (see Using the Dashboard in DDM Online Help for
more information) or run the Anti-Malware and virus Management Reports to identify where
those vulnerabilities are.
Another way to identify vulnerable devices is by using the Advanced search (Query) function
(see Using the Advanced Search (Query) in DDM Online Help for more information). For
example, you can search for devices with last virus scan or definition update more than X days
ago. Use Boolean logic to limit the search scope.
Performing Anti-Malware Tasks

Once you have completed the vulnerability assessment and determined which devices need
virus scanning and/or definition file update, you can use one of the shortcut actions to create
a virus scan job for those devices.

2 Select target devices and click the action menu icon or right-click on your mouse.
3 Select Antivirus scan and select the desired action.
4 Click CONTINUE. The Control Center displays the Confirm action page, which summarizes
the details of the job you just created. Change job parameters if desired.
5 Click DISTRIBUTE. The Control Center displays the following message:
6 Click OK in the Info box. You can navigate to Jobs > Other actions to monitor the progress
of your job (see Monitoring Jobs on page 37).
Performing Anti-Malware Tasks z 85

12
Remote Access
Overview
The Remote Access service, also known as WAN-Based Remote Control, enables IT
administrators to take control of a device from a remote location over the Internet. You can
provide instructional or technical support without physically being present at the end user’s
site. Unlike the LAN-Based Remote Control where you can only access devices that reside
within your network (see Using the LAN-Based Remote Control in DDM Online Help for more
information), the Remote Access service enables you take control of any device as long as it
has the DDM Agent installed, the Remote Access service provisioned, and is connecting to the
DDM Control Center.

System Requirements
Deploying Remote Access Service
Initiating a Remote Access Session
Before you begin:

Your company must subscribe to the Remote Access service before you can deploy this
service.
DDM users performing the patch management service tasks must have the Remote access
user permission.
Remote Access z 87
System Requirements
Remote Access
Operating systems Windows XP SP1, SP2, SP3
Windows 2003 OEM, SP1,SP2
Windows Vista SP1, SP2
Ports used 80, 443 and 1270
Service installer size 11.5 MB
Reboot required Yes
MSI 2.0 min
Proxy support No
Language supported English
Deploying Remote Access Service

Before you can start using the Remote Access service, you must first install the Remote Access
on your devices. You can do that either by including the service in the Agent installer (see
Installing the Agent on page 23) or post-adding the service using Service Provisioning.
3 In the Configure services section, scroll down to Remote access.
4 Click Provision adjacent to Remote access. Option and User mode dynamically appear with
Install and configure component as the default option.
5 Click the User mode selection list button, then click either of these options:
Auto accept - You will be able to take control of the remote device without the end user's
approval.
User accept - The end user of the remote device will have to accept the remote control
request before you can take control of the device.
88 z Remote Access
you can monitor the progress of your job.
Note: A system reboot will be required to complete the installation. The end users will
receive a reboot alert and will have the option to either reboot immediately or delay the
reboot according to Company’s Reboot management parameters (See Customizing
Reboot Parameters in DDM Online Help for more information).
Initiating a Remote Access Session

To initiate a Remote Access session,
1 Navigate to Devices > Inventory > Computer systems. Select the device you want to take
control of. Check to make sure the device is connecting to the Control Center.
2 Right-click or click on the actions menu icon and then select the Remote control
option.
3 (Optional) Enter the Session name and Description.
4 Select WAN (Wide Area Network) method.
5 Click CONNECT. The Control Center flashes a series of messages indicating the connection
progress followed by the Access Code prompt
Initiating a Remote Access Session z 89

6 Enter the Access code that was created during the Service Subscription process, and then
click OK. If you are using the User accept configuration, the user of the remote device will
have to accept the remote control request before you can take control of the device (See
Using the User Accept Mode in DDM Online Help for more information).
7 Once the connection has been established, you will see the remote device’s desktop with
Remote access toolset icon displayed at the bottom right of your screen. You can use
the Remote Access toolset to facilitate the remote control tasks. See Using the Remote
Access Toolset in DDM Online Help for more information.
8 To end the remote session, click the Remote Access Toolset icon and select End
Remote Access Session.
Note: If you are using the Remote Access service for the first time, you may be asked to
allow a pop-up and install an ActiveX component. Install the component as directed.
To view the remote control session logs, from the Devices menu, select Remote control
sessions.
You can change the remote access user mode from User accept to Auto accept or vice
versa, but only for those devices that already have the Remote Access service provisioned.
For instructions, see Reconfiguring Remote Access User Mode in DDM Online Help.
90 z Remote Access
13
Online Backup
Overview
The Online Backup service automates the remote backup of end user data to a secure off-site
data center via the Internet. The purpose of the service is to safeguard critical data of your
managed devices from hard drive malfunction, computer viruses, or simply human error. See
How Online Backup Works in DDM Online Help for more information.

System Requirements
Deploying Online Backup Service
Viewing Online Backup Information
Initiating a Backup Job
Before you begin:

Review the Deployment Checklist on page 10 to make sure your devices meet the
requirements necessary for deploying the DDM services.
DDM users performing device discovery service tasks must have the Online backup user
permission.
Your company must subscribe to the Online Backup service before you can deploy this
service.
Online Backup z 91
System Requirements
Online Backup
Operating systems
Windows 7
Memory 1 GB or greater
Ports used 16384 (recommended) or 80

US: 60 MB
Canada: 35 MB
Service installer size
Europe: 35 MB
Asia Pacific: 50 MB
Windows 2000: 133 MHz or faster
Processor Windows XP: 233 MHz min, 300 MHz or faster recommended
Windows Vista: 800 MHz min, 1 GHz or faster recommended
Proxy support No
Reboot required No
Languages supported English (default), French, German
Deploying Online Backup Service

You can install the Online Backup service either by including the service in the Agent installer
(see Installing the Agent on page 23) or adding the service using Service Provisioning after the
Agent is installed. Follow the steps in Installing the DDM Service - Service Provisioning on
page 27.
When provisioning the Online Backup service, you will be required to select an Online backup
preset configuration. It dictates the backup client configurations rules for your organization
and to which data center to back up. This configuration also determines what file types are
backed up and who can modify the backup set.
92 z Online Backup
Complete Data - Backs up all files and folders on all drives except for system and
application files and the excluded extensions list
Locked Filtered - Backs up all files and folders (regardless of the file extension) in My
documents, desktop, Favorites and documents folder located anywhere on any drives with
the exception of the files listed in the excluded extensions list. Also backs up .pst and .nsf
files.
Unlocked Filtered - Backs up all files and folders (regardless of the file extension) in My
documents, desktop, Favorites and documents folder located anywhere on any drives with
the exception of the files listed in the excluded extensions list. Also backs up .pst and .nsf
files.
Once the Backup Agent has been successfully installed, the end user can initiate a backup
operation manually and/or will be prompted to back up on a pre-determined schedule. The
end user can cancel at any time during a backup operation.
Caution: Backup operations to the data center are not governed by applied bandwidth
policy, as are online backup deployment jobs. It is recommended that you stagger the
software installations across your devices to avoid network saturation as the initial backup of
a device can take up to 8 – 12 hours. All subsequent backup operations are smaller due to
non-duplication algorithms.
Deploying Online Backup Service z 93

Viewing Online Backup Information

DDM scans and uploads the details of online backup information for all your managed
devices once daily. You can view the Online backup information for a specific device or across
all of your managed devices to determine which devices needs to be backed up.
To view the Online Backup information for a specific device,

Navigate to Devices > Inventory > Computer systems.
Select the device you want. DDM displays the Last online backup date in the Computer
summary page.
In the details pane navigation menu, click Online backup. DDM displays a log of recent
daily online backup sessions for the device. The last backup date and backup file size are
also displayed.
To assess the Online Backup status across your Company,

You can view the summary of when your managed devices last backed up, including those
that were never backed up. You can either run the Backups: Completion analysis chart
report from Reports menu or the Last Backup Aging Dashboard widget. You can click on a
specific chart component to reveal the underlying data.
You can also use the advanced search function. For example, you can create and save a
query to search for connecting devices that last backed up before a specific date, as shown
next.
94 z Online Backup
Initiating a Backup Job

Once the Backup service has been successfully deployed, the end users should be
encouraged to backup frequently, at least once a day. Since the success of this service relies
heavily on your end users, there may be times when you need to enforce a backup job.
Tip: The more frequently they back up, the quicker backup operations will be (since only new files and
changes made to previously backed-up files are backed up).
To initiate a backup job remotely,

2 Select the target devices and right-click on your mouse and then select the Backup now
option.
Tip: You can create a clipboard item from the online backup assessment described in the previous
section (see To assess the Online Backup status across your Company, on page 94) instead.
3 DDM displays the Confirm action page with the Job name Backup. You can change the job
parameters if desired.
4 Click DISTRIBUTE.
Initiating a Backup Job z 95

5 Click OK. You can navigate to Jobs > Other actions to monitor the progress of your job
(see Monitoring Jobs on page 37).
Once the Backup Agent has been successfully installed, the end users can perform various
tasks within the Backup Agent as long as they are granted permission to do so. See
Navigating in the Backup Agent in DDM Online Help for more information.
96 z Online Backup
14
Data Encryption
The Data Encryption service ensures that the data stored on your managed devices will not
fall into the wrong hands even if the computer itself does. The service runs in the background
where it remains transparent to the end users. However, when it detects user behaviors
which are inconsistent with pre-specified rules, such as consecutive failed log-on attempts, it
eliminates the encryption key disabling the device. The definitions of unauthorized use are
specified and configured into your organization’s Data Encryption Preset Configuration along
with client rules, which is then included in the Data Encryption service installer. See How Data
Encryption Works and Data Encryption Rules and Policies in DDM Online Help for more
information.
Before you begin:

deploying the DDM services
Your company must subscribe to the Data Encryption service before you can deploy this
service.
Data Encryption z 97
System Requirements
Data Encryption

Windows XP SP2, SP3
Operating systems
Windows 7
Memory 256 MB is recommended
Ports used 443
Service installer size 12 MB
MSI 3.1 min
Reboot required Yes
Proxy support No
Languages supported English (default), French, German
Deploying Data Encryption Service

Before you can start using the Remote Access service, you must first install the Remote Access
on your devices. You can do that either by including the service in the Agent installer (see
Installing the Agent on page 23) or adding the service using Service Provisioning after the
Agent is installed.
When provisioning the Data Encryption service, you will be required to select a Data
encryption preset configuration. These configurations are provided to your organization by
Dell and they specify what client rules and policies the affected devices must follow. See Data
Encryption Rules and Policies in DDM Online Help for more information.
To install the Data Encryption service,

3 In the Configure services section, scroll down to Data encryption.
4 Click Provision next to Data encryption.
5 Select the Data encryption preset configuration you want.
98 z Data Encryption
you can mionitor the progress of your job.
Data Encryption Installation typically takes 10-15 minutes and most data is encrypted at the
time of installation.
Notes:
A system reboot will be required to complete the installation. The end users will receive a
reboot alert and will have the option to either reboot immediately or delay the reboot
according to Company’s Reboot management parameters (See Customizing Reboot
Parameters in DDM Online Help for more information)
Call Support to remove the Data Encryption service from a device. The DE account must be
deactivated from the Data Encryption server prior to deactivating it in the DDM Control
Center.
Deploying Data Encryption Service z 99

DDM

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

DDM

Încărcat de

Drepturi de autor:

Formate disponibile

Dell Desktop Manager

Getting Started Guide

All rights reserved.

Chapter 1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 3 Start Here: Preparing for Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 4 Installing the Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Chapter 5 Jobs & Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 6 Device Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 7 Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Chapter 8 Software Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Chapter 9 Patch Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Chapter 10 Software License & Usage Management . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Chapter 11 Anti-Malware and Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Chapter 12 Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Chapter 13 Online Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Chapter 14 Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Before You Begin

Before You Begin z 1

About DDM Control Center

 Widgets – Can click on widget to directly go to underlying data – enable personalized

Data Being Transfer

Every 15 minutes for https /

Device hardware and

Anti-malware Virus definition check / Every hour for each https /

Anti-malware Based on policy set by https /

Anti-malware Firewall policy check/ Every three hours for https /

When initiated by IT https /

Data Being Transfer

Remote access https /

Every 24 hours and/or https / 128-bit

DDM Services Descriptions

DDM Services Descriptions z 7

 Software Distribution Service – remotely deploy software packages. Administrators with

Start Here: Preparing for

This chapter includes:

Start Here: Preparing for Deployment z 9

1. Does your company have its own domain?

2. Does your host asset meet the requirements described below?

Yes You meet requirement 2. Go to 3.

Browser Internet Explorer 6.0

Windows 2000 SP3, SP4 Workstation

RAM 512 MB RAM

CPU 1.0 GHz

10 z Start Here: Preparing for Deployment

3. Does your network use a proxy server?

No You meet requirement 3. Go to 4.

No You meet requirement 3.A. Follow the steps in this section.

Yes Follow the instructions in this section and go to 4.A.

No You meet requirement 4.

If a system’s personal firewall software allows traffic on an application-by-application basis,

Yes You meet requirement 4.A. Go to 4.B.

No Follow the instructions in this section and go to 4.B.

Configure your devices to allow outbound connections for these IP ranges:

4.B. Does your company subscribe to the Online Backup service?

Yes Follow the instructions in this section and go to 4.C.

No You meet requirement 4.B. Go to 4.C.

Yes Follow the instructions in this section and go to 4.D.

No You meet requirement 4.C. Go to 4.D.

12 z Start Here: Preparing for Deployment

4.D. Does your company subscribe to the Patch Management service?

Yes Follow the instructions in this section and go to 4.E.

4.E. Does your company subscribe to the Remote Access service?

Yes Follow the instructions in this section.

Widgets – Can click on widget to directly go to underlying data – enable personalized

Software Distribution Service – remotely deploy software packages. Administrators with

Navigate to Admin > Company and create a Company (or

Determine which device(s) you want to configure as the

Software license management

The job source is always User.

Agent Product Specifications