Documente Academic
Documente Profesional
Documente Cultură
Entire contents © copyright 2010, Dell Inc. All rights reserved. Distribution or publication (including text
and graphics) in any form without prior written permission is forbidden.
Dell and related Dell Incorporated logos are trademarks of Dell, Inc. All other trademarks or registered
trademarks used are the property of their respective holders. All company names, product names and
logos on these pages are also trademarks, registered trademarks, or trade names of their respective
holders. Dell´s use of company names, product names and logos or images – on this web site does not
necessarily constitute an endorsement of the company or products by Dell, Inc.
Dell Inc.
One Dell Way
Round Rock, TX 78682
February, 2010
Contents
Chapter 2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
About DDM Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . 3
DDM Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
DDM Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Vendor Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
DDM Service Descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . 7
This Getting Started Guide outlines how to get started with the Dell Desktop Manager (DDM)
services and quickly begin managing your devices.
The guide can be used either as a stand-alone guide for each service (from Chapters 6 to 14)
or as a complete reference guide for all the services subscribed. The following chapters are
common to all services and should be read before reading the chapter on any one particular
software service:
Introduction
Start Here: Preparing for Deployment
Installing the Services
Jobs & Tasks
Additional Resources
This guide is intended to help you with getting started and using basic functionalities for each
software service. For detailed explanations of more advanced tasks, please refer to the DDM
Online Help. References to the specific Online Help topics appear throughout the document
to guide you to where you can get more information.
Introduction
The graphic below shows the DDM Control Center Home page, also known as the Dashboard.
Administrators can access the DDM Control Center over the Internet and can get a snapshot
of all managed devices and perform any authorized tasks.
The DDM Control Center has a number of features that makes it easy to administer all devices
under management:
Web 2.0 User Interface – Customizable dashboard driven user interface with drag and
drop capabilities, customizable grids, multi-select rows, right-click actions, and clipboard
Introduction z 3
Dell Desktop Manager
DDM Architecture
DDM Agent
Setting up the Dell Software Services begins with installing the Agent on each asset you want
to manage. When the Agent is installed on a device, it begins regular communication with the
DDM Control Center. This communication, called a “heartbeat” is initiated every 15 minutes
and sends encrypted information about the devices over port 443 back to the DDM Control
Center. The Agent provides mechanisms for software download, inventory gathering,
logging, and diagnostics. The type and level of asset information gathered by the Agent
depends on the software services your organization subscribes to.
4 z Introduction
Getting Started Guide
The table below provides a summary of how communications for data transfer occur from the
DDM Data Center and the managed devices. Note that it is the DDM Agent on a managed
device that contacts the DDM Control Center via “heartbeat” to check for any queued tasks.
Based on the
Symantec Antivirus
distribution schedule https /
Antivirus software and Live 21, 80, 443
set by the SSL Encrypted
Update downloads
administrator
Based on the
McAfee Antivirus
distribution schedule https /
Antivirus software and Live 21, 80
set by the SSL Encrypted
Update downloads
administrator
DDM Architecture z 5
Dell Desktop Manager
Manually by Dell
Instruction to restore https /
Data Encryption Support if device is 443
encryption key SSL Encrypted
reported to be found
6 z Introduction
Getting Started Guide
Vendor Integration
DDM uses an Integration Framework to integrate some DDM service components from
trusted 3rd party partners such as Iron Mountain for the Online Backup service, Shavlik for
Patch Management and WebEx for Remote Access. These components also make use of DDM
Agents for seamless communication. The graphic below illustrates how all DDM components
are integrated to deliver the services.
Device Management Service – inventory and track distributed desktops and laptops,
regardless of location, through automated tracking of software, hardware, assigned user,
and financial and warranty information. It is a component of Asset Management service.
Device Discovery Service – identify IP-based network devices including desktops,
notebooks, servers, and printers to better track IT assets. It is a component of Device
Management service.
8 z Introduction
3
Notes:
Installation may fail if you do not adhere to the settings outlined in this section before you
start the deployment process.
The Device Discovery (see Device Discovery on page 41 for more information) phase of the
Remote deployment process discovers devices that are connected to the network through
LAN connections. It may NOT discover remote users or devices using VPN connections. If
that occurs, you may be able to use other Agent deployment process. See Other Installation
Methods in DDM Online Help for more information.
Deployment Checklist
Follow the checklist below to prepare for deployment. Also see Deployment Readiness
Flowchart on page 9.
You meet requirement 1. Follow the steps described in this section and go to 2. You may
Yes also want to use Startup script as your main deployment method. See Start Script
Instructions in DDM Online Help.
If you have pass-thru authentication connection to the target devices (i.e. your logon user ID
and password have sufficient rights to log onto the target devices and perform tasks), then
you can still use the remote deployment method.
No
If not, consider using another deployment method. See Other Agent Installation
Methods in DDM Online Help for more information.
Identify the device(s) you want to use as device discovery and remote agent deployment host.
The host asset must meet the requirements described below. It will be used to scan your
network and discover deployable assets.
Host asset:
Host asset:
Hard disk space 100 MB; at least 350 MB if including Software services
Uninstall or disable from the host device:
winpcap
Other Personal firewall software programs
Note: These applications can cause a conflict during the device discovery
phase
Yes Go to 3.A.
3.A. Do you subscribe to Online backup, Data Encryption, Antivirus, or Remote Access
service?
Yes These services are not supported in proxy environment.
If you have a proxy server environment, you must configure your network to allow access to
DDM destinations or embed proxy instructions in the DDM Agent installer configurations.
There are three ways to achieve it:
Open firewall to allow access to allow outbound communications to *.dell.com. Configure
your proxy server to allow anonymous access to DDM Control Center destinations. See
Control Center Destinations in DDM Online Help.
Embed proxy instructions in the DDM Agent. The Agent will leverage the proxy
instructions to pass through the gateway. See Configuring Proxy Credentials in DDM
Online Help for step-by-step instructions.
4. Do you have any personal firewalls installed on your system (other than Windows XP default
firewall)?
Deployment Checklist z 11
Dell Desktop Manager
4.A. Can your assets have outbound connections on TCP ports 80 and 443?
EMEA:
163.244.19.20, distributedmanagement-emea.dell.com
163.244.19.22, 0003-ddmagents.dell.com
163.244.18.20,distributedmanagement-emea.dell.com
163.244.18.22, 0003-ddmagents.dell.com
Configure your system to allow TCP port 16384 to have outbound connections for these IP
ranges:
US: 216.229.150.0/24, 216.229.146.0/24
Europe: 193.239.112.0/24, 93.239.113.0/24
Canada: 208.66.14.0/24, 208.66.142.0/24
Asia Pacific: 125.7.53.166, 125.7.53.167
4.C. Does your company subscribe to the Anti-malware and/or Antivirus service?
As a requirement of Symantec’s and McAfee’s LiveUpdate feature, which the Control Center
uses in the virus protection service, configure your systems to allow TCP ports 21, 80, and 443
to have outbound connections for these domains:
*.symantec.com (for Symantec)
*.nai.com (for McAfee)
*.akamai.com
*.akamai.net
Once the patch scanner determines there are missing patches that need to be installed,
patches are downloaded directly from the vendor sites. Allow outbound connections for
these domains:
download.microsoft.com
download.adobe.com
www.real.com
ftp.mozilla.org
www.winzip.com
qtinstall.info.apple.com
download.skype.com
javadl.sun.com
support.citrix.com
xml.shavlik.com
License.shavlik.com
To ensure traffic to and from the WebEx domain is routed appropriately, allow exceptions to
the following domain:
US: controlcenterusaprod.webex.com
EMEA region: controlcenteremeaprod.webex.com
APAC region: controlcenterapacprod.webex.com
Note: Active X and/or JavaScript will need to be allowed through the firewall. WebEx sites
should not be cached on proxy servers.
Deployment Checklist z 13
Dell Desktop Manager
Before you start mapping your network in the DDM Control Center, you should become
familiar with your network topology and identify corresponding subnet CIDR or subnet
address / subnet mask for each of your Sites in the Control Center.
Once the Site Resolver is configured, devices will be automatically mapped to Sites according
to the network map defined in the Site Resolver. If you want a device to remain assigned to
the original Site, you must turn off the automatic site update for that specific device. See How
to Disable Automatic Site Mapping for a Device in DDM Online Help for more information.
When you distribute a job to target devices, the Agent downloads instructions that include a
list of relay servers beginning with local relay servers (relay servers within the site where the
target device resides), followed by remote relay servers (relay servers outside the site where
the target device resides but within the same company), and finally ending with the DDM
Control Center. The Agent reads the instructions and attempts to connect with a local relay
server. If the first local relay server (randomly selected among available servers) is unavailable,
then the Agent tries the next local relay server, and so forth. If there are not available local
relay servers, it tries a remote relay server, then finally directly from the Control Center.
The relay server you select can either be part of a workgroup or domain. It can be located on
either side a subnet or hardware firewall and must also meet the following system
requirements:
Browser - Internet Explorer 6.0 SP1 or higher
Operating system - Windows XP SP2 & SP3 and Windows 2003 SP2
.Net: Version 2.0.50727.0 or greater
RAM - 512 MB or greater
CPU - 1.0 GHz or greater
Hard drive - 50 GB or greater
Internet speed - 56KBps or faster
Tip: You can designate the same device to serve as the remote deployment host, device dis-
covery host, and relay server.
Any number of machines can be pointed to a relay as device utilization is dependent upon
how many concurrent downloads have been staged along with how many concurrent
downloads are allowed via a site’s bandwidth LAN (via local source) policy. As a best practice,
no more than 900 machines is recommended to a particular relay at each site.
To configure a relay server, you must install the Agent on the designated device and install
the Relay Server service on the device via Service Provisioning. If you have a third-party
firewall installed on the device, you must enable ports before you provision the service to the
device:
1 Click Admin > Service provisioning.
2 Enter the job Name.
3 Click Provision next to Base functionality. The Control Center dynamically reveals Relay
server.
4 Click the selection list button next to Relay server, then click Install and configure
component. The Control Center dynamically reveals additional fields.
5 Enter the port number, then enter the relay server name in Fully qualified host name
(computer name). Enter the Secure Socket Layer (SSL) certificate in Use SSL certificate
hash (default). Otherwise, click Opt-out of using SSL.
Note: The SSL certificate you enter must be installed on the target device and cannot be a
self-signed certificate.
6 Complete the Target devices section. You must choose one device.
Note: If you choose more than one target device here, you will get an error message.
However, you can still designate more than once device as relay server. You will have to
create multiple service provisioning jobs.
7 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target devices.
8 Complete the Schedule section. See Scheduling Jobs on page 37.
9 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the details of the job you just created. You can change job attributes if desired.
10 Click DISTRIBUTE. The Control Center takes you to Jobs > Service provisioning, where
you can monitor the progress of your job. See Monitoring Jobs on page 37.
Policies can be configured for any groups of devices. You can create rules that will limit the
amount of bandwidth used by a device or a set of devices as well as the number of
simultaneous downloads. You can also specify each rule to be applied to certain days and
times,ensuring optimal bandwidth usage. Users using this feature must have the Bandwidth
policies user permission (see Assigning User Permission in DDM Online Help for more
information).
All jobs that involve downloading of package files are governed by bandwidth policies. Jobs
will wait in queue if the maximum number of concurrent downloads is reached.
2 You can EDIT the Default bandwidth policy or click CREATE if you want to create a new
policy. If you want the new policy to be based on an existing one, select the policy in the
results pane that you want to clone and click CLONE. If you want to edit an existing policy,
select the policy you want to modify and click EDIT instead.
3 Enter the new Policy information. If you selected CLONE in the previous step, the Control
Center displays the existing policy’s information, which you can keep or modify as desired.
Select the group of devices to which you want to apply the new policy.
Now you are ready to add bandwidth rules for the new policy. If you want to add a rule later,
you can click SAVE here to save the policy information.
4 Complete the Parameters section for both remote and local servers. Local source is
utilitized when a device downloads from a relay server in the same Site whereas Remote
source is utilized when the device downloads from a different Site in the Company or from
the Control Center itself. See Configuring Relay Servers on page 16 for more information.
Max group concurrency - maximum number of concurrent downloads you want to
allow
Max group bandwidth - maximum total download rate across all affected devices you
want to allow. Click the selection list button to choose a unit of measure. Maximum
value is 10.0 Gbit/s.
Max per-device bandwidth - Maximum download rate per device you want to allow.
Click the selection list button to choose a unit of measure. Maximum value is 1.0 Mbit/
S. If you do not specify a bandwidth policy, 1Mbit/s is the default maximum per-device
bandwidth.
Enter Priority. Priority determines the precedence of how the Control Center applies
conflicting rules. To avoid rule conflicts, do not create rules in the same policy that have
overlapping start and end times. You should assign the number 1 to the most
conservative rule, the number 2 to the next most conservative rule, and so forth.
5 Click add rule icon again if you want to create another rule. Click delete selected rule
icon if you want to delete an existing rule.
6 Click SAVE to save the policy and its rules. Alternatively, you can click on SAVE AND NEW
if you want to create a new policy and SAVE AND CLONE if you want create another policy
based on the policy you just created.
Note: Bandwidth management setting changes can take up to an hour to take effect.
Before you can start managing your devices, you must install the DDM Agent and install
services on those devices. Service Provisioning refers to loading and installing of the DDM
services on the devices you want to manage. You can configure the Agent installer so that
you can install the Agent and the services simultaneously or deploy each service separately
after you install the Agent.
Installation Overview
The table below describes the high-level steps you can follow to install the DDM services.
Note: You may need and/or want to use other installation methods. For example, if your
devices are not members of a domain, you may need to send a URL in an e-mail. If you
already have a Windows domain (NT or Active Directory), you may choose to use a startup
script as the primary method. For more information, see Other Agent Installation Methods
in DDM Online Help.
Tip: We recommend that you include the following services in the installer as they do not
require system reboots:
Device management
Patch management
Software distribution
Antimalware management
Software usage
Caution: You can include Online Backup service in the Agent installer. However, it is
recommended that you stagger the OLB software installations across your devices after the Agent
installation to avoid inadvertent network saturation as the initial backup of a device can take up to
8-12 hours. The backup of data to the OLB data center are not governed by applied bandwidth
policy, unlike the provisioning jobs that install OLB.
5 (Optional) Check the Include with installer box for each service component you want to
include with the Agent Installer. Only the services to which your organization subscribes
will be listed. See Description of Service Provisioning Menu on page xx for more
information.
6 Click Proxy options in the details pane navigation menu if you have a proxy server
environment. DDM supports both static and dynamic proxy server environments. SOCKS
proxy server is not supported. See Step 3 of the on page 9 and Configuring Proxy
Credentials in DDM Online Help for proxy handling information.
7 Click SAVE or SAVE AND NEW if you want to create another Agent Installer.
1 Determine which device(s) you want to use as the deployment host. The device must
already have the DDM Agent installed and must reside on the network to which you want
to deploy the DDM services. See the on page 9.
2 Navigate to Admin > Service provisioning.
3 Enter the job Name.
4 In the Configure services section, click Provision for Base functionality. Relay server and
Agent deployment options appear.
5 Click the Agent deployment selection list button and select Install component. Select
Uninstall component option if you want to uninstall the deployment host service.
6 Complete the Target devices section. Select one device.
Caution: If you choose more than one target device here, you will get an error message, as DDM
allows you designate one host at a time. You can still designate more than one device as
deployment hosts, but you will need to create additional service provisioning jobs.
7 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target devices.
8 Complete the Schedule section. See Scheduling Jobs on page 37.
9 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the details of the job you just created. Change job parameters if desired.
10 Click DISTRIBUTE. The Control Center automatically takes you to Jobs > Service
provisioning page, where you can monitor the progress of your job. See Monitoring Jobs
on page 37 .
Note: Only remote agent deployment jobs can be monitored here. Installations by other
means such as ghost imaging are not logged in the DDM Control Center.
Auxiliary services such as LAN-Based Remote Control (part of Device Management) and
Relay Server (part of Basic Functionality) are revealed dynamically only when you select
the parent service.
Online backup Backs up data over the Internet to a secure data center
4 Complete the Target devices section. Specify the group of devices to which you want to
deploy the services by clicking the Target by selection list. The remaining fields in this
section will dynamically change according to your Target by selection. Servers will be
excluded by default. If you want to include the servers, click and uncheck the Exclude
Servers option.
5 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target devices. See Setting Bandwidth Policy on page 17 for more
information.
6 Schedule the job. See Scheduling Jobs on page 37.
7 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the details of the job you just created. You can change job parameters if
desired.
8 Click DISTRIBUTE. The Control Center automatically takes you to Jobs > Service
provisioning, where you can monitor the progress of your job. See Monitoring Jobs on
page 37.
Tip: Alternatively, you can use the shortcut action to install services. On the inventory
page, select the devices you want to target, right click on the selected devices, and select
Install services.
Notes:
Some service provisioning jobs (i.e. remote access, data encryption, antivirus) require
the end users to reboot their systems to complete the installation. You can customize
the reboot settings for your Company. See Customizing Reboot Parameters in DDM
Online Help for more information.
It is recommended that you stagger the OLB software installations across your devices
after the Agent installation to avoid inadvertent network saturation as the initial backup
of a device can take up to 8-12 hours. Backup of data to the to the OLB data center are
not governed by applied bandwidth policy, unlike online backup deployment jobs.
Notes:
Even after all services have been removed, the device record does not disappear; they
remain archived in the Unmanaged data set in Unknown state.
Do NOT remove services using Add & Remove Programs.
3 Right-click on your mouse or click on the actions menu icon and select the Uninstall all
services option.
4 The Control Center displays the Uninstall confirmation page. Enter the number in the text
box as instructed and click OK. The number is randomly generated to re-affirm your
intention to deactivate the target devices.
5 The selected devices are immediately moved to the Unmanaged data set. However, they
will remain in the same Online state as when they were in the Managed data set.
6 When an Unmanaged device connects to the Control Center again, regardless of its Online
state, the Control Center automatically removes the installed services and then finally the
Agent. If the device is in Currently connecting online state, it will be uninstalled
immediately. However, if it is in Missing, Temporarily offline, or Offline online state, the
uninstallation action will be executed whenever the device starts connecting again.
Note: To remove one or more services but not the Agent, use Service Provisioning instead
(i.e. click Remove instead of Provision). Navigate to Admin > Service provisioning. Click on
Remove button for the service you want to remove.
Tip: Alternatively, you can uninstall a device locally from the client's machine using the
AgentRem utility. See Using AgentRem Utility in DDM Online Help for instructions.
Additional Resources
Click on the Help link anywhere in DDM to see the following:
Additional Resources z 31
5
Overview
A Job is a collection of Tasks. A job can be created by a user or generated by the DDM Control
Center. Job name is used to facilitate monitoring.
A Task is an individual action contained within a job. There is usually a one-to-one correlation
between a task and a managed device. For example, a job can be created to distribute a
software package to 17 devices. Each device will be assigned a corresponding task, allowing
for monitoring of distribution on an individual device level.
When you monitor the job, the Control Center reports the job status in the results pane and
each task status in the details pane. However, for a job such as Device Discovery, which does
not involve specific target devices but rather a host device, DDM reports tasks in terms of job
states (i.e. upload, Netscan).
Navigating in DDM
The table below is a summary of how to navigate in DDM Control Center to perform DDM
actions.
Administration
Deployment
Device Management
Device Discovery
Software Distribution
Patch Management
Navigating in DDM z 35
Dell Desktop Manager
To view anti-malware information for a 1. Devices > Inventory > Computer systems
managed device 2. Click on the Antivirus & Antispyware expand button.
Remote Access
Devices > Remote Control OR
Select the target device on devices inventory page,
To initiate a remote session right-click on your mouse or click on actions menu
icon , and select Remote control option
To view remote control session logs Devices > Remote control sessions
Online Backup
Scheduling Jobs
When a Job is created, the task is advertised by the DDM Control Center based on the
specified schedule to each target device while adhering to any bandwidth policy (see Setting
Bandwidth Policy on page 17 for more information) that may be in place for the affected
devices.
When the Agent initiates an outbound communication to the DDM Control Center, DDM
replies with the advertised task. The task is then downloaded by the Agent and executed
locally. The Agent reports back to the DDM server the progress of the task while the task is
running, finally reporting the final status (success or failure) of the task and the overall job.
DDM reports the job progress as Running until all tasks for the job are completed.
Start immediately - The download process will begin the next time the Agent hearteats. If
a device is offline, the download will process when the device comes back online.
Choose start time - This option allows you to specify a later date and time. When scheduling
a job, the download process will begin when the Agent heartbeats after the scheduled
time is reached. Note that the time is based on the DDM user time, not the local device
time.
Monitoring Jobs
Whenever you create a job, DDM logs its progress so you can monitor it. A job can be created
by a user or the system (DDM Control Center).
Scheduling Jobs z 37
Dell Desktop Manager
To monitor a job,
1 Navigate to Jobs. DDM displays the Current jobs by default. You can click on one of the
following to switch to another status:
Current: Currently running jobs
Scheduled: Scheduled jobs that have not run yet
Recent: Completed jobs that have not been Archived
Archived: Completed jobs that have been Archived
All: All jobs
Progress Bar :
Green - indicates tasks which successfully completed
Red - indicates tasks that failed
Yellow - indicates tasks which were cancelled
No color - indicates tasks that have not completed
You can cancel, pause, and resume some tasks and jobs depending on their state. You can
also archive completed jobs. See Managing Jobs on page 39 for more details.
Managing Jobs
Not all jobs and tasks will succeed and you may encounter circumstances when you have to
take further action on previously sent jobs. Whether or not you take further action depends
on the state the job or the task is in:
Cancel - currently running jobs or tasks in a state before or on downloading state, manually
paused, or paused due to bandwidth policy. You cannot cancel tasks that have been
downloaded.
Note: You cannot cancel tasks that have already been downloaded or are executing.
1 Navigate to Jobs. Select the job category and then the job you want to take action on. If
you want to take action on a task, click on Devices tab in the details pane navigation menu
and select the task you want to cancel.
2 Click the action icon or the actions menu icon located immediately above the results
pane or the details pane and select the action you want.
Note: Unavailable actions will be grayed out. For example, if you select a Currently running
job, Retry and Archive action buttons will be grayed out. If you click on a successfully
completed job, Pause, Resume, Cancel, and Retry action buttons will be grayed out.
Managing Jobs z 39
6
Device Discovery
Overview
The Device Discovery service enables you to scan your network to discover, identify, and
inventory IP-based devices. It uses Network mapper (nmap), Simple Network Management
Protocol (snmp), and nbtscan techniques to scan the network range you specify to discover
IP devices such as workstations, routers, switches, printers, and firewall. You can
subsequently distribute the DDM Agent to your newly discovered Windows-based
workstations.
Before you can initiate a network scan, you must first designate a managed device as the scan
host. User credentials must also be specified when initiating a device discovery scan. If the
discovery agent cannot authenticate to a device, it will not be discovered.
Device Discovery z 41
Dell Desktop Manager
System Requirements
Scan Host
Windows 2000 SP3, SP4 Workstation
Windows 2000 Server SP4
Windows XP SP1,SP2 ,SP3
Operating systems Windows 2003 OEM, SP1, SP2
Windows Vista SP1, Vista SP2
Windows 7
Windows Server 2008 SP1, SP2
Reboot required No
Once you have identified system(s) to serve as scan Hosts, you are ready to deploy the Device
Discovery service to them.
5 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target devices.
42 z Device Discovery
Getting Started Guide
Creating Scans
Once a host device has been provisioned (see Deploying the Scan Host on page 42), you can
create a device discovery job.
5 Complete the Authentication section. You must enter User Credentials or select a pre-
defined user credential. See Setting User Credentials in DDM Online Help for more
information.
6 Check the Clear existing data box if you want to clear the results from previous discovery jobs before
uploading the information from the job you are about to create.
Creating Scans z 43
Dell Desktop Manager
Note: If you do not choose the Clear existing data option, discovery records from the job
you are creating will be appended to the data from previous discovery jobs. DDM does not
discern whether duplicate device records exist.
Notes:
The device discovery discovers devices that are connected to the network through
LAN connections. Workstation devices using VPN connections may not be
discovered.
If you do not choose the Clear existing data option, discovery records from the job you
are creating will be appended to the data from previous discovery jobs. DDM does
not discern whether duplicate device records exist.
44 z Device Discovery
Getting Started Guide
Tip: You can use the query (see Using the Advanced Search (Query)) in DDM Online Help for more
information) to search for a specific device type.
Device Management
Overview
Device Management is a software service that provides ongoing visibility and control of your
managed devices. Hardware and basic software inventories are collected and uploaded
automatically to the DDM Control Center and updated daily, allowing for centralized viewing
and reporting. Because the service is Internet based, devices can be managed regardless of
physical location. In order to use this service, you must have the Device Management service
installed on your devices.
Device Management z 47
Dell Desktop Manager
System Requirements
Device Management
Device management including Active directory import (Host):
Windows 2000 SP3, SP4 Workstation
Windows 2000 Server SP4
Windows XP SP1, SP2, SP3
Windows 2003 OEM, SP1, SP2
Windows Vista SP1, Vista SP2
Operating systems Windows 7
Windows Server 2008 SP1, SP2
LAN-based remote control:
Windows 2000 SP3, SP4 Workstation
Windows 2000 Server SP4
Windows XP SP2, SP3
Windows 2003 OEM, SP1,SP2
Minimum memory 512 MB
Min HD Space 50 MB
Reboot required No
48 z Device Management
Getting Started Guide
service using Service Provisioning. Follow the steps in Installing the DDM Service - Service
Provisioning on page 27.
When you choose Device management on the service provisioning page, LAN-based remote
control and Active directory import will dynamically appear. Click Install and configure
component option and provide configuration information if you want to install the two
auxiliary services. See Performing Active Directory Import on page 53 and Using LAN-Based
Remote Control in DDM Online Help for more information.
3 Select the expansion button of the category you are interested in to view more details.
50 z Device Management
Getting Started Guide
Service Information Summary of the DDM services that are activated for the device
Contains Financials, Purchase, Lease, and Warranty information for
the device. Asset tag information is also stored here. All items are
editable. All items with the exception of Purchase price and Lease
Financials*
monthly cost are searchable. See Importing Warranty Information
in DDM Online Help for information on how to import Dell’s
warranty information.
Jobs Summary of all jobs and their status distributed to the device
- Agent uploads The files that have been uploaded to the device by the Agent.
52 z Device Management
Getting Started Guide
Tip: Hardware and software inventory is updated once daily. To update the inventory
immediately, select the target devices on the inventory page and right-click on your mouse,
and then select the Update inventory now option.
4 DDM user reconciles the imported AD user data to be added as part of the Main People
dataset. Follow the steps described in To reconcile imported Active Directory data, on
page 55
5 DDM automatically synchronizes Devices to Persons using logged-in user as the matching
criteria.
Once you have identified a system to serve as a scan Host, you are ready to deploy the AD scan
service to it.
54 z Device Management
Getting Started Guide
Organization Unit to
Type in the Organization Unit field,
Scan
QE OU=QE,OU=Engineering,OU=Internal,OU=EDC Domain Accounts,DC=everdream,DC=corp
* Note that spaces are accepted, but periods (.) are not.
7 Click the User credentials selection list button and select the credential applicable to this
AD import, then click OK. If you do not have a pre-defined credential, you must create one
before continuing. See Setting User Credentials in DDM Online Help for instructions on
how to create domain credentials.
8 Complete the Target devices section. Choose one device only.
Tip: You can designate only one device per AD scan host deployment (service
provisioning) job. If you enter more than one device, you will get an error message. If you
want to enable more than one device as a scan host, create additional service
provisioning jobs.
9 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target device. See Setting Bandwidth Policy on page 17.
10 Complete the Schedule section. See Scheduling Jobs on page 37.
11 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the details of the job you just created. Change job parameters if desired.
12 Click DISTRIBUTE. The Control Center takes you to Jobs > Service provisioning, where
you can monitor the progress of your job (see Monitoring Jobs on page 37).
The Control Center dictates what time of day the scan occurs. Reconciling causes the
imported AD user data to become part of the Control Center’s Main People dataset (see
Managing People Data in DDM Online Help for more information).
The reconciliation process inserts and updates records to the Main data set that are new or
modified; it does not delete records (i.e., The Control Center does not remove People data for
those users that are removed from the AD).
56 z Device Management
Getting Started Guide
Additional Resources
Click on the Help link anywhere in DDM to see the following:
DDM segments all workstation devices according to whether the device has the Agent
installed (Managed or Unmanaged) and/or whether it was discovered via device discovery.
See Devices Data Sets for more information.
The Online state of a managed device is defined by when the Agent installed on the device
last connected with the DDM Control Center. See Agent Online State for more information.
You can automatically assign managed devices to Sites according to your network map.
The device is then is governed by all policies and rules applied to which site the device is
assigned including bandwidth, firewall, and patch policies. See Using the Site Resolver on
page 15 for instructions on how to enable the feature.
You can send a message to the end user of a managed device. See Sending a Message to
Devices for more information.
Additional Resources z 57
8
Software Distribution
Overview
The Software Distribution provides secure electronic transfer of files, installers, or scripts to
your devices. The Control Center tracks all distribution jobs and the user is able to monitor
the progress of the distribution, review error logs, and identify jobs that may have failed. For
those users with scripting knowledge, DDM allows them to create custom packages.
Software Distribution z 59
Dell Desktop Manager
System Requirements
Software Distribution
Windows 2000 SP3, SP4 Workstation
Windows 2000 Server SP4
Windows XP SP1, SP2, SP3
Operating systems Windows 2003 OEM, SP1, SP2
Windows Vista SP1, Vista SP2
Windows 7
Windows Server 2008 SP1, SP2
Ports used 443
Reboot required No
60 z Software Distribution
Getting Started Guide
4 Check off the Bypass bandwidth policies box only if you want to bypass bandwidth policies
applied to the target devices. See Setting Bandwidth Policys on page 17 for more
information.
5 Complete the Target devices section. You can specify the group of devices that will be
receive the package in the Target by field. The second field in this section will dynamically
change according to your selection. Servers will be excluded by default. If you want to
include the servers, click and uncheck the Exclude Servers option.
6 Schedule the job. See Scheduling Jobs on page 37 for more information.
7 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the job you just created. Change job parameters if desired.
8 Click DISTRIBUTE. The Control Center takes you to the Jobs > Package distribution page,
where you can monitor the progress of your job. See Monitoring Jobs on page 37.
Note: Before you start distributing software package to your devices, set appropriate
bandwidth policies and rules to avoid unintended network saturation. See Setting
Bandwidth Policyon page 17 for more information.
Tip: You can configure one or more relay points to serve as a repository for service, software, and
patch packages on a local area network (LAN). The Agent then downloads DDM jobs from the relay
server rather than the DDM itself, thus reducing Internet traffic. See Configuring Relay Servers in
DDM Online Help for instructions.
For those jobs that have Completed with exceptions, you can click the Devices tab in the details
pane to view the details of all tasks. Some exceptions may be due to the devices stuck in
Waiting for agent state or cancellation by a user.
You can cancel, pause, and resume some tasks and jobs depending on their state.
You can also archive completed jobs. See Managing Jobs on page 39 for more information.
For step-by-step instructions on how to create a software package, see Creating a Software
Package in DDM Online Help.
Additional Resources
Click on the Help link anywhere in DDM to see the following:
When you create a software package, you can manage the visibility of the package with
other DDM users within your Company and in child Companies. See Sharing Software
Package in DDM Online Help for more information
62 z Software Distribution
9
Patch Management
Overview
The Patch Management service enables IT administrators to automate and
centralize the process of delivering missing patches to managed devices.
Administrators can distribute missing patches either by defining policies or targeted
patching method. In order to use this service, your organization must subscribe to
the Patch Management service and deploy the service to your devices.
This service currently covers Microsoft operating systems and Office products, as
well as selected applications from the following vendors (subject to change):
Microsoft
Mozilla Foundation
Adobe
Apple
Real
WinZip
Apache Software Foundation
Sun Microsystems
Research In Motion
Skype Technologies
VMware
Citrix
Patch Management z 63
Dell Desktop Manager
64 z Patch Management
Getting Started Guide
System Requirements
Patch Management
Windows 2000 SP3, SP4 Workstation
Windows 2000 Server SP4
Windows XP SP1, SP2, SP3
Operating systems Windows 2003 SP1, SP2
Windows Vista SP1, Vista SP2
Windows 7
Windows Server 2008 SP1, SP2
80 & 443. Patches are distributed directly from the vendor sites.
Ports used
See on page 9 for a list of necessary outbound connections.
Reboot required No
Applicable view lists the patches that are Installed (explicitly and effectively) or Missing by
any device in the Company view you are in. See Patch Install Status on page 66 for more
information.
System Requirements z 65
Dell Desktop Manager
Not applicable view lists the remaining patches. It is comprised of all patches in the DDM
patch catalog that are NOT applicable to the devices in your Company.
All view includes both Applicable and Not applicable patches
Patch is applicable to the scanned system but was not found on the
Missing
system
Patch was not found on the system but is NOT applicable to the
Not Applicable
system
66 z Patch Management
Getting Started Guide
Not Scanned Scanning for the patch has not yet occurred
You can assess patch status and identify vulnerable systems in several ways:
Patch management reports - Patch management reports provide the most efficient way to
assess the overall patch status for your entire organization. From the Reports menu, click
on the Patch management category and select the report you want.
Dashboard - You can view patch related widgets and add to your dashboard. See Using the
Dashboard in DDM Online Help for more information.
You can view patch information for a specific device or identify which devices are missing
a specific patch.
Targeted Patching
You can create a job to install or uninstall a single or multiple patches to a targeted group of
devices on a schedule that you decide. DDM logs these patch distribution jobs so you can
monitor them.
Policy-Generated Patching
The policy generated patching method is the most efficient way to distribute patches to your
managed devices. You can use this method to create patch policies and rules that fit your
environment and have the DDM download and install patches on the target devices
automatically.
Use caution when using this powerful tool by ensuring that you set patch policies and rules
accurately and appropriately.
68 z Patch Management
Getting Started Guide
Now you are ready to create patch rules for the policy. Click add new rule . If you want to
create rules later, you can click SAVE instead to save the policy information. However, you will
have to click EDIT the policy to add rules.
Patch type - This is governed by how the vendor classifies the patch.
Severity - Limits the scope of primarily Microsoft security updates.
Policy-Generated Patching z 69
Dell Desktop Manager
Exceptions - Allows users to exclude specific patches from approval or disapproval list.
To exclude specific patches from being governed by the rule you are working on, click
on the Exceptions selection list button and select the patches you want to exclude.
4 If you want to create additional rules, click the add new rule icon again. If you want to
remove a rule, select the rule and click the delete selected rule icon .
5 Click SAVE to save the policy and the rules. Alternatively, you can click SAVE AND NEW if
you want to create more than one policy and SAVE AND CLONE if you want to create
another policy based on the information you just entered.
Notes:
If you apply conflicting patch policies or rules to a device, the most restrictive policy or
rule will be applied. This feature facilitates exception handling.
Example:
Rule 1: Automatically approve all Microsoft security updates
Rule 2: Manually approve critical Microsoft security updates
If you apply both the above rules to a device, all Microsoft security updates except critical
updates will be automatically applied as soon as they are released. The Control Center will
not apply critical updates until they are approved.
Patch downloads, regardless of whether invoked by the policy generated patching
method or targeted patching method, are governed by active bandwidth policies and
relay server rules that have been applied to the affected devices.
New patch policies and rules or changes to existing policies and rules may take up to an
hour to take effect.
70 z Patch Management
Getting Started Guide
Pending Approval - patches whose applied patch rules specify Manual approve.
Approved - patches whose applied patch rules specify Auto approve or Auto approve with
delay.
Denied - patches whose applied patch rules specify Disapprove or have been manually
disapproved.
To approve a patch,
1 Navigate to Security > Approve patches. You can approve any patch that is under
Pending Approval or Denied views.
2 Select the patches you want to approve, and then click the approve patch policy icon
OR click the actions menu icon and select Approve.
3 Click the Approved link to view the newly approved patches.
To disapprove a patch,
1 Navigate to Security > Disapprove patches. You can disapprove any patch under
Pending Approval or Approved views.
2 Select the patches you want to disapprove, then click the disapprove patch policy icon
OR click the actions menu icon and select Disapprove.
3 Click the Denied link to view the newly disapproved patches.
Additional Resources
Click on the Help link anywhere in DDM to see the following:
Occasionally, hotfixes and security updates create patch conflicts, or known patch conflicts
could be installed by end users. You can create a job to uninstall a single patch or multiple
patches for a targeted group of devices on a schedule that you determine. See Uninstalling
Patches in DDM Online Help for more information.
Additional Resources z 71
10
In order to use the service, your organization must subscribe to the Software License
Management service and install the service on your devices.
System Requirements
Software License & Usage Management
Windows 2000 SP3, SP4 Workstation
Windows 2000 Server SP4
Windows XP SP1, SP2, SP3
Operating systems Windows 2003 OEM, SP1,SP2
Windows Vista SP1, Vista SP2
Windows 7
Windows Server 2008 SP1, SP2
Ports used 443
1 MB (Software inventory management)
Service installer size 1 MB (Software license management)
1.2 MB (Software usage management)
Proxy support Yes
Reboot required No
2 DDM displays the entire software inventory for your company in the results pane. You can
click the Manufacturer selection list button to limit your search to the software products by
a specific manufacturer. Only the manufacturers for software products found in your
environment will be displayed in the selection list. Alternatively, you can perform a quick
search or advanced search (query) to limit the search scope. See Search in DDM Online
Help for more information.
3 Click on a software title you want to view.
Detail: Clicking on the Detail tab in the details pane reveals basic information about the
selected software including how many devices have the software installed. You can click
the License unit:[Software product name] link to navigate to the License units page,
where you can add license unit and purchase order information for the software (see
Managing Software License Information on page 76).
Devices: Clicking on the Devices tab in the details pane reveals the devices that have the
selected product installed.
Tip: Alternatively, you can view the software inventory reports. From the Reports menu, select
the Software License Management category and view the report you want.
Tip: To see the software inventory change for a group of devices in your Company, see the Devices:
Software inventory changes report.
To remove an existing purchase order, select the purchase order you want to delete
and click the delete selected purchase order icon.
6 Click SAVE.
Top 10 non compliant licenses dashboard widget: Lists license units where the maintenance
is about to expire
License units: Inventory analysis report: Displays the number of devices with installed
software in comparison to the number of licenses purchased for all licensed software titles.
Report is filtered on those titles which have been designated as Tracked.
Click the License information tab and click on the license unit link to view the license unit
details associated with the selected software product.
Tip: To assess the usage status of all software products at the Company level, you can run
various reports in the Software license management category.
Overview
The Antivirus service enables the administrators to deploy Symantec and McAfee anti-virus
software installations and upgrades to managed devices. Symantec antivirus versions 10.1,
10.2, and 11.0 and McAfee version 8.7 are supported at this time.
The Anti-Malware Management service enables you to monitor, assess, and perform
functions across multiple anti-virus and anti-spyware applications. You can initiate
administrative scans and virus definition update tasks on your devices.
If your organization subscribes to the Antivirus service, you will automatically have access to
the Anti-malware management service.
System Requirements
Anti-Malware
Windows 2000 SP4 Workstation
Windows 2000 Server SP4
Windows XP SP2, SP3
Operating systems Windows 2003 SP1, SP2
Windows Vista SP1, Vista SP2
Windows 7
Windows Server 2008 SP1, SP2
Ports used 443
Antivirus
McAfee: 106MB
Symantec 10.1: 52MB
Service installer size
Symantec 10.2: 68 MB
Symantec 11.0: 93 MB
Symantec: 21, 80, 443
Ports used
McAfee: 21, 80
MSI 3.1 (McAfee)
Proxy support No
To deploy the Antivirus service, you will have to select which antivirus product and version
you want to install and the scan schedule if allowed. Follow the steps described below.
System reboots may be required to complete the installation. The end users will see a reboot
alert and have the option to either reboot immediately or delay the reboot (for up to 3 hours).
If neither option is selected, the system will be rebooted automatically after the default initial
reboot time specified in the Company’s Reboot management (see Customizing Reboot
Parameters in DDM Online Help for more information).
3 In the details pane navigation menu, click on the Antivirus & Antispyware expand button to see
what anti-malware product is installed on the device. You can click on the virus/spyware product
name to view the infection log if any.
Tip: You can see the anti-malware information for all of your devices by clicking on the layout
menu icon and adding the related columns to the device inventory page.
You can run Antivirus Dashboard widgets (see Using the Dashboard in DDM Online Help for
more information) or run the Anti-Malware and virus Management Reports to identify where
those vulnerabilities are.
Another way to identify vulnerable devices is by using the Advanced search (Query) function
(see Using the Advanced Search (Query) in DDM Online Help for more information). For
example, you can search for devices with last virus scan or definition update more than X days
ago. Use Boolean logic to limit the search scope.
2 Select target devices and click the action menu icon or right-click on your mouse.
3 Select Antivirus scan and select the desired action.
4 Click CONTINUE. The Control Center displays the Confirm action page, which summarizes
the details of the job you just created. Change job parameters if desired.
5 Click DISTRIBUTE. The Control Center displays the following message:
6 Click OK in the Info box. You can navigate to Jobs > Other actions to monitor the progress
of your job (see Monitoring Jobs on page 37).
Remote Access
Overview
The Remote Access service, also known as WAN-Based Remote Control, enables IT
administrators to take control of a device from a remote location over the Internet. You can
provide instructional or technical support without physically being present at the end user’s
site. Unlike the LAN-Based Remote Control where you can only access devices that reside
within your network (see Using the LAN-Based Remote Control in DDM Online Help for more
information), the Remote Access service enables you take control of any device as long as it
has the DDM Agent installed, the Remote Access service provisioned, and is connecting to the
DDM Control Center.
Remote Access z 87
Dell Desktop Manager
System Requirements
Remote Access
Windows 2000 SP3, SP4 Workstation
Windows 2000 Server SP4
Operating systems Windows XP SP1, SP2, SP3
Windows 2003 OEM, SP1,SP2
Windows Vista SP1, SP2
Proxy support No
88 z Remote Access
Getting Started Guide
6 Complete the Target devices section. The second field in this section will dynamically
change according to your Target by selection.
7 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target devices.
8 Complete the Schedule section. See Scheduling Jobs on page 37.
9 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the details of the job you just created. Change job parameters if desired.
10 Click DISTRIBUTE. The Control Center takes you to Jobs > Service provisioning, where
you can monitor the progress of your job.
Note: A system reboot will be required to complete the installation. The end users will
receive a reboot alert and will have the option to either reboot immediately or delay the
reboot according to Company’s Reboot management parameters (See Customizing
Reboot Parameters in DDM Online Help for more information).
6 Enter the Access code that was created during the Service Subscription process, and then
click OK. If you are using the User accept configuration, the user of the remote device will
have to accept the remote control request before you can take control of the device (See
Using the User Accept Mode in DDM Online Help for more information).
7 Once the connection has been established, you will see the remote device’s desktop with
Remote access toolset icon displayed at the bottom right of your screen. You can use
the Remote Access toolset to facilitate the remote control tasks. See Using the Remote
Access Toolset in DDM Online Help for more information.
8 To end the remote session, click the Remote Access Toolset icon and select End
Remote Access Session.
Note: If you are using the Remote Access service for the first time, you may be asked to
allow a pop-up and install an ActiveX component. Install the component as directed.
To view the remote control session logs, from the Devices menu, select Remote control
sessions.
Additional Resources
Click on the Help link anywhere in DDM to see the following:
You can change the remote access user mode from User accept to Auto accept or vice
versa, but only for those devices that already have the Remote Access service provisioned.
For instructions, see Reconfiguring Remote Access User Mode in DDM Online Help.
90 z Remote Access
13
Online Backup
Overview
The Online Backup service automates the remote backup of end user data to a secure off-site
data center via the Internet. The purpose of the service is to safeguard critical data of your
managed devices from hard drive malfunction, computer viruses, or simply human error. See
How Online Backup Works in DDM Online Help for more information.
Online Backup z 91
Dell Desktop Manager
System Requirements
Online Backup
Windows 2000 SP4 Workstation
Windows XP SP1, SP2, SP3
Operating systems
Windows Vista SP1, SP2
Windows 7
Memory 1 GB or greater
Proxy support No
Reboot required No
When provisioning the Online Backup service, you will be required to select an Online backup
preset configuration. It dictates the backup client configurations rules for your organization
and to which data center to back up. This configuration also determines what file types are
backed up and who can modify the backup set.
92 z Online Backup
Getting Started Guide
Complete Data - Backs up all files and folders on all drives except for system and
application files and the excluded extensions list
Locked Filtered - Backs up all files and folders (regardless of the file extension) in My
documents, desktop, Favorites and documents folder located anywhere on any drives with
the exception of the files listed in the excluded extensions list. Also backs up .pst and .nsf
files.
Unlocked Filtered - Backs up all files and folders (regardless of the file extension) in My
documents, desktop, Favorites and documents folder located anywhere on any drives with
the exception of the files listed in the excluded extensions list. Also backs up .pst and .nsf
files.
Once the Backup Agent has been successfully installed, the end user can initiate a backup
operation manually and/or will be prompted to back up on a pre-determined schedule. The
end user can cancel at any time during a backup operation.
Caution: Backup operations to the data center are not governed by applied bandwidth
policy, as are online backup deployment jobs. It is recommended that you stagger the
software installations across your devices to avoid network saturation as the initial backup of
a device can take up to 8 – 12 hours. All subsequent backup operations are smaller due to
non-duplication algorithms.
94 z Online Backup
Getting Started Guide
Tip: The more frequently they back up, the quicker backup operations will be (since only new files and
changes made to previously backed-up files are backed up).
5 Click OK. You can navigate to Jobs > Other actions to monitor the progress of your job
(see Monitoring Jobs on page 37).
Additional Resources
Click on the Help link anywhere in DDM to see the following:
Once the Backup Agent has been successfully installed, the end users can perform various
tasks within the Backup Agent as long as they are granted permission to do so. See
Navigating in the Backup Agent in DDM Online Help for more information.
96 z Online Backup
14
Data Encryption
The Data Encryption service ensures that the data stored on your managed devices will not
fall into the wrong hands even if the computer itself does. The service runs in the background
where it remains transparent to the end users. However, when it detects user behaviors
which are inconsistent with pre-specified rules, such as consecutive failed log-on attempts, it
eliminates the encryption key disabling the device. The definitions of unauthorized use are
specified and configured into your organization’s Data Encryption Preset Configuration along
with client rules, which is then included in the Data Encryption service installer. See How Data
Encryption Works and Data Encryption Rules and Policies in DDM Online Help for more
information.
Data Encryption z 97
Dell Desktop Manager
System Requirements
Data Encryption
Proxy support No
When provisioning the Data Encryption service, you will be required to select a Data
encryption preset configuration. These configurations are provided to your organization by
Dell and they specify what client rules and policies the affected devices must follow. See Data
Encryption Rules and Policies in DDM Online Help for more information.
98 z Data Encryption
Getting Started Guide
6 Complete the Target devices section. The second field in this section will dynamically
change according to your Target by selection.
7 Check the Bypass bandwidth policies box only if you want to bypass the bandwidth policies
applied to the target devices.
8 Complete the Schedule section. See Scheduling Jobs on page 37.
9 Click CONTINUE. The Control Center displays the Confirm Distribution page, which
summarizes the details of the job you just created. Change job parameters if desired.
10 Click DISTRIBUTE. The Control Center takes you to Jobs > Service provisioning, where
you can mionitor the progress of your job.
Data Encryption Installation typically takes 10-15 minutes and most data is encrypted at the
time of installation.
Notes:
A system reboot will be required to complete the installation. The end users will receive a
reboot alert and will have the option to either reboot immediately or delay the reboot
according to Company’s Reboot management parameters (See Customizing Reboot
Parameters in DDM Online Help for more information)
Call Support to remove the Data Encryption service from a device. The DE account must be
deactivated from the Data Encryption server prior to deactivating it in the DDM Control
Center.