Symantec™ Management Platform 7.0 Release Notes

Article:DOC1490  |  Created: 2007-08-23  |  Updated: 2010-09-21  |  Article URL http://www.symantec.com/docs/DOC1490
Article Type
Documentation



Description



The Symantec Management Platform is the key platform on which all Altiris solutions run. The platform lets administrators move from the role of executing tasks to the role of defining policies that automate tasks. You can configure the platform to install Altiris suites and solutions, manage tasks and filters, set up and run reports, set up security, and more. Symantec Management Platform 7.0 is a major new release of the product, introducing enhanced security features such as organizational views and groups, and hierarchy. Hierarchies let you replicate security settings, packages, resources, and events from one instance of the Symantec Management Platform to another or others. Organizational views are a new addition to the platform, and are designed to provide a secure means of segregating resources into manageable, well-structured units.

Quick Links

Where to get more information

The product installation includes the following documentation:

Document Description Location

User’s Guide

Information about how to use this product, including detailed technical information and instructions for performing common tasks.

This information is available in PDF format.

Help

Information about how to use this product. This information is the same as in the User’s Guide.

Help is available at the solution level and at the suite level.

This information is available in HTML help format.

The Documentation Library, which is available in the Symantec Management Console on the Help menu.

Context-sensitive help is available for most screens in the Symantec Management Console.

You can open context-sensitive help in the following ways:

  • The F1 key.
  • The Context command, which is available in the Symantec Management Console on the Help menu.

 

For more information, you can use the following resources:

 

Resource Description Location

Symantec Management Platform Release Notes

Information about new features and important issues in the Symantec Management Platform.

This information is available as an article in the Knowledge Base.

https://kb.altiris.com/article.asp?article=45141&p=1

You can also search for the product name under Release Notes.

Installing the Symantec Management Platform products

Information about using Symantec Installation Manager to install the Symantec Management Platform products.

This information is available as an article in the Knowledge Base.

https://kb.altiris.com/article.asp?article=45732&p=1

Altiris 7 Planning and Implementation Guide

Information about capacity recommendations, design models, scenarios, test results, and optimization best practices to consider when planning or customizing an Altiris 7 Infrastructure for your organization.

This information is available as an article in the Knowledge Base.

https://kb.altiris.com/article.asp?article=45803&p=1

Knowledge Base

Articles, incidents, and issues about this product.

http://kb.altiris.com/

Symantec Connect (formerly Altiris Juice)

An online magazine that contains best practices, tips, tricks, and articles for users of this product.

http://www.symantec.com/connect/endpoint-management-virtualization

Online Forums

Forums for users of this product.

http://forums.altiris.com/

Installation and Upgrade

All installations and upgrades can only be executed through the Symantec Installation Manager (SIM).

[[article:46030]]

Licensing

Both pre-HF18 and post-HF18 license type are supported (86)

 

Licenses can be now be removed simply in the user interface (87)

Licenses are managed via the Symantec Installation Manager. Notification Server 6.0 format licenses are supported. 

Features in this Release

The following are new features of this release:

Filters

Symantec Management Platform 7.0 introduces filters as a replacement for collections.

Hierarchy
 

Symantec Management Platform 7.0 lets you create a hierarchy of Notification Servers. With a hierarchy, you can replicate configuration and management items, resources, packages, security settings, and events from a parent Notification Server to child Notification Servers, or vice versa. Items and Security objects are replicated down from parent to child, while resources, packages and events can be replicated either up or down the hierarchy. Managing Notification Servers in a hierarchical structure can sharply reduce the amount of time required to configure and manage your Symantec Management Platform. Any solution can use hierarchy features.

Notification Server public and internal names can differ

You can now have a Notification Server with different public and internal names. For example, a Notification Server has an internal name NS01, while the Altiris Agent refers to the same Notification Server computer as swd.company.com.

Organizational Views and Groups

An organizational  view is a hierarchical grouping of resources (as organizational groups)  that reflects a real-world structure, or "view",  of your organization. You can use organizational views to secure and manage resources. You set up security by assigning the appropriate permissions for each security role on each organizational view, and on the organizational groups within each view. A permission that is assigned to an organizational group applies to all resources in that group and, by default, applies to all of its child groups. You cannot assign permissions directly to a particular resource. Permission  grants on a resource are accumulated across organizational views. The permissions that a security role has on a particular resource is the union of all the permissions that the resource has been assigned through the organizational groups to which it belongs. Implementing resource security in this way gives each security role its own unique view, or "scope", of the available resources. The security role determines  which  resources its members can access, and what actions  they can  perform on those resources.

The Active Directory integration component can be used to import organizational groups. User groups create a hierarchical structure.

Standardized Symantec Management Console

The new look of the Symantec Management Console, as previewed in Altiris Console 6.5, is the only model used in version 7.0. The 7.0 console has a customizable navigation system with new controls, user interface, and tree structures. All console pages are updated to the new model.

Task Server is integrated into the Symantec Management Platform

The integration of Task Server into the Symantec Management Platform allows for the immediate execution of all tasks and policies. For Task Server 7.0, Windows 2008 is only supported as a client, not as a Task Server.

Notification Server 7.0 supports IPv6

The following support for IPv6 is provided:

    • Agent identification of IPv6 address space and networking details for sending basic inventory
    • Reports include IPv6 column data, and both IPv4 and IPv6 addresses
    • Resource Manager includes IPv6 information
User-based policies are now supported

You can apply policies to specific users or groups of users. When a user logs on to a managed computer, the Altiris Agent will request any policies that apply to that user. Any relevant policies will be cached on the managed computer for the next time the user logs on. A policy for a single user may be cached on multiple computers. User-based policies are featured on all supported operating systems.

Calendar view

The new calendar view gives you a graphical overview of all scheduled Notification Server tasks, jobs, and maintenance windows. Items display as appointment style blocks to provide a visual representation of all impending tasks and jobs. The calendar view is found on both the Notification Server and in a managed computer's Resource Manager.

Maintenance windows

A maintenance window is a scheduled time and duration when maintenance operations may be performed on a managed computer. A maintenance operation  is one that changes the state of a computer, causes it to restart, or interferes with a user’s ability to operate the computer. A maintenance window policy defines one or more maintenance windows and is applied to a resource target in the same way as any other policy. These policies  provide the maximum flexibility for assigning maintenance windows to computers, without complicating the management of agent settings.

When you apply a maintenance window to a managed computer, maintenance tasks, such as patches and software deliveries, can only be carried out on them in the scheduled time period. Altiris Agents can download software delivery packages any time, but associated programs can be run only during the maintenance windows.

Users can create customized rules/automation policies

You can create your own custom rules to check for certain conditions or criteria, then enable an existing Notification Server action or execute a task. For example, an automation rule that sends the system administrator a weekly report on all new computers added to a network.

The expression builder that you use to build rules allows raw SQL queries. You must predefine tasks or jobs used in custom rules. Rules can target a filter or a member of a filter.

New languages supported

Symantec Management Platform 7.0 now supports Russian and Italian, and the Altiris Agent now supports Danish.

Support for site server

Site server is a middle-ware component of the Symantec Management Platform that manages "site services" such as Package Server and Task Server. Symantec Management Platform now provides the shared framework and user interface with Site Manager, which lets you install, uninstall, configure and manage site server services.

Previously, you could assign Altiris Agents to sites and Package Servers through their associated subnets. Now, you can also manually assign a group of Altiris Agents to a specific site server, or site, regardless of subnet.

Altiris Agent schedules support multiple time zones

You can set an Altiris Agent schedule to run simultaneously across multiple time zones. The new options are found in the scheduling options of various tasks and jobs, with the choice to run at server time, client time, or universal time.

Notification Server, Task Server, and Altiris Agent Known Issues

The following are unresolved issues in this release.

Known Issue
Remote launch of Symantec Management Console is very slow
Inventory license is not reclaimed when the computer resource retires
Applying a custom filter to the Resource Target View control shows no computers
Items created on a child Notification Server are unexpectedly deleted during replication

If a new item is created on a child Notification Server and placed in a folder that was replicated from a parent Notification Server, and then that folder is deleted on the parent, the new item created on the child will be deleted along with the folder in the next replication.

For example, a folder is created on a parent Notification Server and replicated to a child. The administrator of the child creates a new script task and adds it to the replicated folder. The administrator of the parent deletes the folder and replicates to the child. The folder and contents including the new script task are deleted on the child.

Distribution Domain Local groups cannot be added to Notification Server security roles
Non-administrator users cannot successfully use hierarchy management pickers

If a user other than an administrator (who only has read permissions to some resources and items) tries to use pickers within the hierarchy management page, all items that are not visible to the current user will be deselected upon applying changes.

Resource Discovery reports System Type of 64-bit computers incorrectly

When you perform a Resource Discovery on a Windows Server 2003 x64 computer that doesn't have the Altiris Agent installed, the Inv_AeX_AC_Identification table for the System Type column of that computer reports Win32 instead of Win64.

Running a report through a URL does not initially deliver correct results

When running a report by using a url, the report will not run correctly the first time and will need to be refreshed to deliver correct results.

After upgrading from 6.0 SP3 to 7.0, the Altiris Agent reports errors until fixed by 7.0 policy file

After the Altiris Agent is upgraded from 6.0 SP3 to 7.0, it reports errors in the log every time it attempts to communicate with the server. The cause of the problem is that the Altiris Agent uses the old 6.0 password encryption key which is not recognized by the 7.0 agent.

The error messages returned read “CryptHelper  AeXNetComms.dll  CryptDecrypt failed. Error Description: Bad Data”. As a result of the error, the agent cannot authenticate during communication if needed. However, the agent still communicates anonymously.

The situation will automatically rectify itself once a new 7.0 policy is received by the upgraded Altiris Agent.

Non-administrators cannot create resource targets

If a user other than an administrator attempts to create a resource target, the resource target builder control will be empty.

Non-administrators cannot create subnets or sites

If you are not an administrator and you try to create a site or subnet in the Site Server page (In the Symantec Management Console, click Settings > Site Server), you will receive the error "An unexpected error has occurred and the requested operation could not be completed".

"Use simple file sharing" option prevents push installation of the Altiris Agent

The Altiris Agent cannot be pushed to a Windows XP SP2 or VISTA client machine if the "use simple file sharing (Recommended)" setting is checked in Windows Folder Options > View tab > Advanced settings.

The Altiris Agent can only be pushed to small groups of managed computers

When pushing the Altiris Agent to managed computers (Actions > Agents/Plug-ins > Push Altiris Agent), you must select computers by clicking the Select Computers button. If you are pushing to many computers, they will all be added to the selected computers pane. When you press OK, these computers will be added to the List of Computers that can be pushed to, appearing as though the install will proceed for all the listed computers. However, only the computers that are currently displayed will be selected. Therefore, you must scroll through the entire list, 20 computers at a time, pushing to each set.

Task server Powershell scripts "Can't Find in Command path error" may appear

If you receive the error "can't Find in Command path", restart the Altiris Host Service to correct the problem.

A Notification Server cannot discover a domain when no trust relationship exists

When using the domain discovery method to discover a domain from a Notification Server, credentials will not be accepted if no trust relationship already exists between the two domains.

The Altiris Agent does not localize into French using Vista Ultimate with French MUI

If you install the French MUI via Windows Update on Vista Ultimate, then change language and regional settings to French in the Control Panel, log off and log back on, the Altiris Agent does not appear in French as expected.

Task instance replication requires the same version of task management on all servers in a hierarchy

Task instances will not be replicated down a hierarchy if the same version of task management is not installed on all servers in your hierarchy.

Client jobs must be based on client tasks

Conditions inside a server job are not evaluated correctly when based on any client task.  Use a client job if you want to base conditions on results from client tasks.

Status is not correctly displayed on a Parent Notification Server for tasks and jobs replicated down a hierarchy

To work around this problem, view the status on the child Notification Server.

Users are not logged off when running a power control task on Windows Vista or Windows 2008
Task Server assignment is not automatically changed when Alternative URL for accessing Notification Server is applied to the Altiris Agent

When you specify an Alternative URL for accessing Notification Server in the Targeted Agent settings, the client task agent is not updated. It remains registered to the Task Server that belongs to the original Notification Server. To change the task server assignment you need to run the Reset Agent task, or click the Reset Agent button in the Task Status tab of the Altiris Agent window.

Task Server - Run Script

When you run scripts on a UNIX, Linux, or Mac computer, the script always runs using the POSIX (or C) locale. It does not run under the locale set on the target computer.

Tasks that are contained within jobs must be migrated separately

When you migrate a job from 6.0 to 7.0, you also need to migrate the associated tasks. The tasks that are included in the job are not migrated automatically with the job.

Additional Release Notes for Symantec Management Platform Components

The Symantec Management Platform includes the following components:

  • Symantec Installation Manager Notes
    Symantec Installation Manager manages the installation of the Symantec Management Platform products. These products include the platform, suites, and solutions. It manages the entire installation process including licensing, data migration, and updates. 
      
  • Network Discovery Notes
    Network Discovery, a free plug-in component for Altiris Notification Server™, lets you discover all IP devices that are connected to your network. Network Discovery lets you find new network devices, identify previously-discovered network devices that are no longer found, and find network devices whose discovery properties have changed.
     
  • Event Console Notes
    View server and device health across your network. Collect alerts from Monitor Solution, SNMP, and other solutions to quickly respond to problems using automated actions.
     
  • Connection Profiles and the Pluggable Protocols Architecture (PPA) Notes
    The Pluggable Protocols Architecture unifies the configuration of protocals across the Symantec Platform. Connection Profiles is a feature of the Symantec Management Platform that is leveraged by other solutions and components in the Symantec Management Platform. It provides the ability to update and add protocals without requiring a wholesale upgrade of all dependent solutions.
     
  • Credential Manager Notes
    Credential manager provides a secure storage location for user names and passwords. The types of credentials that are stored are defined by the installed management solutions. Access to credentials is controlled using the built-in role-based security of the Symantec Management Platform. 
     
  • Software Management Framework Notes
    An interface that lets you create and manage the software resources that are in the Software Catalog. It also lets you manage the packages that are in the Software Library. The Software Catalog page provides a central location for initiating the software-related tasks that are performed in your organization.

     

 



Legacy ID



37648


Article URL http://www.symantec.com/docs/DOC1490


Terms of use for this information are found in Legal Notices