Intel,Altiris Group

Improving Loading Performance in Real-Time System Manager (RTSM) 

Apr 29, 2008 12:48 PM

One complaint I occasionally hear about Real-Time System Manager is the time it can take to load the initial RTSM console. This is usually caused by the full connection attempts on all supported protocols. This includes WMI, AMT, ASF, and SNMP. Often the user for the Real-Time tab is only interested in one or two of the supported technologies and doesn't need the others to load. The article discusses why this process can take time, and how to disable unused or technologies. We'll also discuss other ways to improve the general performance of the RTSM console.

Introduction

Slow performance in today's fast-paced world can create a negative impression. This is especially true when the performance concerns a required software application that has the potential to lower resolution times and costs. Real-Time System Manager offers a wide array of functions based off the following technologies:

  • Intel Active Management Technology (AMT)
  • Windows Management Instrumentation (WMI)
  • Alerts Standards Format (ASF)
  • Simple Network Management Protocol (SNMP)

By default we will attempt to connect to each of the technologies, waiting for a timeout if the applicable technology is available, or waiting for an authentication error on those technologies that are either not defined by the credential profile, or do not have working credentials in the runtime profile. Authentication failures can extend the load-times significantly as RTSM uses several different methods to authenticate to the system if the initial provided credentials fail.

For this article I'll take the example of configuring RTSM to only use WMI and AMT technologies when connecting to managed systems.

Security Settings

First, security should be setup to include a profile that authenticates with only those technologies you want supported. The profile will allow RTSM to automatically use the credentials provided in the profile. If no profile is set, RTSM uses a series of steps to try and authenticate to the system. The following things are checked:

  • Runtime Profile - Whenever we obtain credentials for a system, either through previous RTSM sessions or from Intel SCS for AMT, they are stored in a runtime profile. This profile is used automatically if no other profile has been defined.
  • User-defined Profiles - If the Runtime profile fails, RTSM then cycles through the user-defined profiles in search of working credentials.
  • Logged-on User - If all profiles fail, we attempt to pass the credentials for the Altiris Console user. If the user is part of a role, generally this option will not succeed. If Kerberos authentication is enabled for AMT the logged on user's credentials will be passed. Setting up a Connection Profile

Use the following steps to setup a connection profile and to set it as the default profile used by RTSM when the Real-Time tab is accessed, regardless of who is logged into the Altiris Console. This will take out the requirement for the user to input valid credentials to manage the target system.

  1. In the Altiris Console, browse under View > Solutions > Real-Time Console Infrastructure > Configuration > and select Manage Credential Profiles.
  2. Click the blue + in the icon bar to create a new connection credential profile.
  3. Under each tab, run through the following steps:
    1. Determine if the technology associated with the tab will be enabled in this profile or not. If not, ensure that the check box 'Enable this technology in the profile' is unchecked. Otherwise continue.
    2. Check the box 'Enable this technology in the profile'.
    3. Provide credentials in the username and password fields that has rights on all managed systems. For WMI this should be a Domain Administrator account. For AMT this should be the AMT user specified when provisioning the system (typically with the username of Admin). For ASF this should be the user specified when configuring the system. For SNMP simply provide the community string used for those computers that have SNMP enabled.
    4. Type in a name for the profile in the lower field of the page.
  4. Click OK to save the profile.
  5. Click the field under 'Default' so that a green checkmark is next to the new profile just created. This ensures that RTSM will use the credentials provided in the profile first before attempting any of the other methods previously discussed.
  6. Make sure to click the 'Apply' button at the bottom of the screen to save all changes.

For environments where users will not have full administrative access to destination systems, the above model will not work. In that case you'll need to depend on the runtime profile that will store credentials the first time a user uses them against a system. Keep in mind the following:

  • The Runtime Profile stores credentials based on the User + credentials + the target system.
  • A user will need to enter their credentials once per system they manage.
  • If they make a subsequent connection to the same system, the runtime profile will automatically use the previously entered credentials to connect.

Disabling Connection Attempts

By default connection attempts will be made to all 4 supported technologies, regardless of what's configured in the credential profile. In other words the connection will be attempted using the methods previously listed even if the checkbox for 'Enable this technology in the profile' is marked.

Likely you will not be using all 4 technologies in your environment. As such there is a method to disable one or more of the technologies for the environment. Use the following steps to disable one or more of the Technologies.

  1. On the Notification Server, click Start > Run > type Regedit > click OK.
  2. Browse to the following location in the registry: HKEY_LOCAL_MACHINE | SOFTWARE | Altiris | eXpress | Notification Server | ProductInstallation | {13987439-8929-48d2-aa30-ef4bf0eb26a6}.
  3. Select the Guid key that matches the Guid shown above.
  4. Right-click in the right-side pane and choose New > DWORD.
  5. Name the DWORD Value based off the following list:
    • DetectAMT - Intel Active Management Technlogy (AMT)
    • DetectASF - Alerts Standards Format (ASF)
    • DetectWMI - Windows Management Instrumentation (WMI)
    • DetectSNMP - Simple Network Management Protocol (SNMP)
  6. For those technologies you want to disable double-click on the newly created value.
  7. Set the value to 0
  8. Any value above 0 will leave that technology enabled in the Real-Time tab. Leaving the value blank will also result in the technology remaining enabled.
  9. You may need to restart the Altiris Service and IIS to save the changes. Use the following process to do so:
    1. Be aware that restarting these services will interrupt Altiris Notification Server service, and interrupt any Altiris Console access that is currently in operation. Take necessary steps to avoid loss of work.
    2. Go to Administrative Tools and launch the Services Manager.
    3. Locate the Altiris Service.
    4. Right-click and choose to Restart this service. You will be prompted to also stop and restart the dependent service: Altiris Client Messenger Dispatcher. Choose 'Yes' to restart this service as well.
    5. When complete, close the Services Manager.
    6. Go to Start > Run > type iisreset > and click OK. The restart will occur in a command window. When the command window disappears. The IIS services will have restarted.

Other Performance Suggestions

The following are additional suggestions to improve performance for Real-Time System Manager.

  • Use the Altiris Console on a remote system - By opening the console on a remote computer from the Notification Server, the resources used to run the page are shared between what the Notification Server is required to do and the local system.
  • If you need ASF and AMT technologies available, but will not be using them frequently, you can adjust timeout sessions using the node found in the Altiris Console under View > Solutions > Real-Time Console Infrastructure > Configuration > and select the node 'Configuration'. Timeouts can be adjusted to be quicker, though use with caution as a timeout will result in that technology not being seen as active on the system.
  • Is browsing in the Altiris Console to a place you can launch RTSM slowing you down? You can create a shortcut to the Manage node that directly launches the Real-Time tab via the inputted Hostname or IP Address of the system. Follow these direction:
    1. In the Altiris Console browse to View > Solutions > Real-Time Console Infrastructure > Tools.
    2. Right-click on 'Manage' and choose 'Add to Favorites'.
    3. Note the subsequent screenshot that shows where in the console this node will appear.
    4. Do the same for any collection that is used for launching RTSM by record.
    Note: This option is only available in the Altiris Console version 6.5

Conclusion

Once you've identified the needs of your environment and configured RTSM accordingly, the performance can be greatly improved. In an instance where only WMI is used, the speed can be greatly improved by disabling all other technologies. The same is true if you only want to use AMT features under the Real-Time tab. This will improve the worker experience for those who take advantage of RTSM's abilities as an IT technician.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jan 21, 2013 07:14 AM

Hi, Joel:

Very interesting article. Do you have in mind updating it to newer versions of Altiris?

I've been requested to use the credentials of the user logged in the Internet Explorer to manage remote machines, and in case this is not an option, asking the user for the credentials before managing a remote machine.

Is this possible in any way?

I'm using SMP 7.1 SP2

 

Thanks

Jul 17, 2009 04:00 PM

To accelerate RTSM load in NS\CMS7 - will these registry tweaks work?

May 02, 2008 12:04 PM

The correction has been made to the article
Thanks!
Ohzone

May 02, 2008 11:44 AM

Thanks for the tip. I've made the correction once the edit has been approved.
Regards,
Joel Smith
Altiris Support
Principal Support Engineer

Apr 30, 2008 09:52 AM

Great article. This should help a lot. One note on the path in the registry. You need to reverse the "Notification Server" and "eXpress" around. It should be HKLM\Software\Altiris\eXpress\Notification Server.
I was worried for a minute that my NS registry keys had disappeared.

Related Entries and Links

No Related Resource entered.