Authors:

Jordan Gardner
Todd Mitchell

This white paper introduces the key features and architecture of Dell Client Manager, and helps you understand how the management of client systems is made easy.

Contents

• Introduction
  • What is Dell Client Manager Plus?
  • What is Altiris Client Management Suite?
  • What is Altiris' Dell Client Manager?
• Architecture
  • The Dell Client Manager (DCM) Sub Agent
• Key Functionality
  • Detailed Dell Hardware and BIOS Inventory
  • Applying Dell BIOS Updates
  • Remotely Set BIOS Configurations for Dell Clients
  • Dell Hardware Health/BIOS Configuration Monitoring
  • Support for future Dell Hardware Models
• Additional Information
• Conclusion
• Appendix A – Notification Server Communication Architecture

PDF Format

Introduction

Altiris' new Dell Client Manager (DCM) solution extends Altiris' service-oriented management architecture (SOA) to include Dell specific functions for client management. Specifically, it provides administrators the ability to view detailed hardware inventory and BIOS settings and define automated policies based on those Dell-specific properties. Other features include the ability to remotely upgrade a Dell system BIOS, remotely configure BIOS settings via policies, and remotely monitor hardware health and system settings.

This new Dell Client Manager Solution can be used stand-alone, or is included both the Dell Client Manager Plus or in Altiris' Client Management Suite (CMS).

What is Altiris' Dell Client Manager?

This new solution from Altiris – included in both DCM Plus and Altiris CMS – extends either of these products to include options for managing Dell systems at the hardware level. Specific new features include:

• Remote BIOS Updates
• Remote, policy-based BIOS configuration (model agnostic)
• Remote hardware health monitoring
• Bundling Dell OMCI – Dell's agent software into the Altiris agent
• Detailed Dell-specific hardware inventory integrated into the Altiris Agent
• Out of Band management for ASF or AMT compatible machines

The primary purpose of this document is to introduce the new Dell Client Manager Solution from Altiris and overview its architecture and key functions.

What is Dell Client Manager Plus?

Dell Client Manager Plus (DCM Plus) is a suite of integrated products based on Altiris technology that gives Dell customers the power to create, edit, copy and remotely deploy system images as well as the ability to remotely distribute software applications, updates and service packs over the network. DCM Plus also enables administrators to remotely migrate old PC software and settings to a new operating system as part of a hardware refresh, all from a central management console.

In addition to the deployment and migration features, DCM Plus offers a robust set of standard reports, allows customers to create custom reports and offers pre-configured Dell Readiness Advisors to help Dell customers make important asset management decisions such as when to replace legacy systems or migrate to a new OS environment.

DCM Plus includes the following Altiris Solutions:

• Altiris Deployment Solution – deploys operating systems via imaging or scripted OS installs, migrating user data and settings between systems, performing remote control operations, etc.
• Altiris Software Delivery Solution – for policy-based software delivery over WAN or LAN
• Altiris Inventory Solution – robust hardware, software and user inventory of computers
• Altiris Dell Client Manager – Dell-specific hardware/BIOS inventory, BIOS updating/configuration, hardware health monitoring, etc.

Note that the first three Altiris solutions listed above can be used to manage any vendor's hardware – not just Dell's. The fourth solution provides specific management functions for Dell systems. Therefore, Dell Client Manager Plus can be used to manage desktops and laptops from any vendor but it provides specific advantages for users of Dell hardware.

What is Altiris Client Management Suite?

Altiris Client Management Suite (CMS) includes all the solutions in DCM Plus and also adds integrated tools for patching Windows operating systems, application metering (usage monitoring and denial of unauthorized applications), advanced remote control, application management, etc. DCM Plus is a subset of Altiris CMS. It includes the basic building blocks to address the most fundamental management needs.

Altiris CMS offers a more comprehensive approach including more solutions and advanced, policy-based options to more fully automate desktop management.

Architecture

The Altiris architecture is a key component of the Altiris value proposition and a distinguishing characteristic of Altiris solutions over competing products.

The Dell Client Manager snaps into the same infrastructure used by all the Altiris solutions. This infrastructure simplifies management tasks by integrating all the Altiris solutions into a central console that allows data and management functions to be shared across individual solutions. This infrastructure can be deployed to support just one Altiris solution or multiple solutions.

Figure 1: Altiris Architecture

Click to view.

Even if multiple Altiris solutions are implemented they all integrate into the same framework so they can work together from the same console. For example, Altiris Server Management Suite, Dell Client Manager Plus and Altiris Handheld Management Suite can all be installed into the same backend server framework to provide a single management console across an entire company for server, desktop and mobile device management. The Altiris role and scope security engine also works across all installed solutions.

The key component of this infrastructure is Altiris Notification Server. Altiris Notification Server (NS) is provided to customers without charge and can be installed independently of any Altiris solutions. It is the engine which manages communication with the remote Altiris agents and the SQL database (MSDE can be used for evaluation purposes). The database can be collocated on the Altiris server or installed on a remote server. Altiris Notification Server manages the Altiris web console, Altiris connectors into third party products, and system Notification policies. For more information regarding the Altiris Notification Server consult Appendix A – Notification Server Communication Architecture.

All the solutions built on the Altiris Notification Server framework use the same Altiris agent. The agent disk and memory footprint is dynamically extended with "sub agents" as needed when new Altiris solutions are installed. Typical disk footprint for the Altiris agent is approximately 5MB to 12MB depending on what solutions are installed and how many policies the Altiris administrator has created.

The Dell Client Manager (DCM) Sub Agent

The DCM Sub Agent contains the same code that is available from Dell as OpenManage Client Instrumentation (OMCI). OMCI is Dell's OpenManage agent for client management. It is commonly installed on any Dell system to be managed by Dell's OpenManage Client Connector and IT Assistant tools. When the Altiris DCM agent is rolled out to client machines, it automatically uninstalls any 6.x versions of OMCI before installing the latest version. It will also upgrade any 7.x versions of OMCI to the latest version of OMCI as needed. As part of its functionality, Dell OMCI publishes hardware-specific values in the Dell WMI namespace allowing for detailed hardware and BIOS inventory to be taken from each client. If the Altiris DCM sub agent is ever uninstalled administrators are provided the option to leave the OMCI WMI component to remain on the client machines.

Dell has another OpenManage tool called the Dell Client Configuration Utility (DCCU) that is used to remotely retrieve or configure BIOS settings and update the BIOS version. The Altiris DCM agent also includes some code from DCCU to provide for these same functions.

Figure 2: The Altiris DCM Sub Agent

Click to view.

When the Altiris Agent is installed all necessary code from the Dell OMCI and DCCU tools are already included with the Altiris DCM sub agent that the solution automatically installs on supported Dell client hardware. Administrators do NOT need to download and install the additional tools from Dell. Altiris DCM already bundles everything customers need to manage Dell systems. Enabling a single policy from Altiris will extend the Altiris agent with the Dell OpenManage specific functions needed to manage Dell machines. (Figure 3)

Figure 3: The Dell Client Manager Agent is distributed by enabling a single policy

Click to view.

By using the Altiris Dell Client Manager Solution, administrators have a single tool and console to manage their Dell client hardware. This eliminates the need to use the Dell's OpenManage tools such as Dell's IT Assistant (ITA), the Dell Client Configuration Utility (DCCU), the Dell OpenManage Client Connector (OMCC) or Dell's OpenManage Client Instrumentation (Figure 4).

Figure 4: Altiris consolidates multiple hardware management tools into a single solution.

Key Functionality

Altiris' Dell Client Manager Solution provides many key functions unique to Dell OpenManage software with many improvements available over what Dell previously provided. This section overviews some of these basic capabilities.

Detailed Dell Hardware and BIOS Inventory

Altiris provides detailed hardware and BIOS inventory scans on Dell machines. Dell hardware and BIOS properties are read from the Dell WMI namespace which are published once the DCM sub-agent is present. This inventory is forwarded up to the Altiris server using the client/server communication model outlined in Appendix A. The inventory gathered through the Altiris DCM sub agent is displayed in data classes identified under the Dell Client Manager folders in the Altiris Resource Manager. It is displayed alongside all other Altiris Inventory data classes allowing a single view of all information known for a particular Dell device.

Figure 5: Dell OpenManage Inventory Displayed in Altiris Resource Manager

Click to view.

The Altiris Extensible Management Architecture (EMA) allows the Dell-specific properties to be published to other components and solutions installed into the Altiris server. This data sharing can be used to create comprehensive management policies that automate management functions based on Dell-specific machine properties such as BIOS revisions, model numbers, etc. The Altiris architecture allows Dell properties to drive Altiris notification policies, collection definitions and reports.

Administrators have the ability to configure the frequency of hardware and BIOS scans, and which collections, or group of computers, the scan schedules will apply to. An option is also provided to "wake up" powered down machines to perform these scans. These settings are all configured via two provided policies - the BIOS Inventory Scan Policy and Hardware Inventory Scan Policy.

The hardware and BIOS inventory scans utilize the same DCM sub-agent, however the two different policies determine which WMI properties will be collected. These policies exist on managed Dell clients as two small .xml files:

• actions.xml - defines what WMI properties should be collected
• schema.xml - formats the output of the scan so that the Altiris Notification Server can recognize the data and successfully import it once it is posted to the Altiris server.

These .xml files are communicated to the client prior to the first inventory scan, and are be periodically updated as newer Dell client models are manufactured and additional BIOS properties become available with new BIOS versions.

Administrators may also use the Notification Server's ability throttle bandwidth to prohibit BIOS or hardware inventory to be sent over the wire unless certain bandwidth thresholds are satisfied. These capabilities are particularly valuable for large environments or infrastructures with lower bandwidth connections.

Applying Dell BIOS Updates

The Dell Client Manager allows administrators to easily update the BIOS on Dell client hardware via automated policies. Administrators can download a Dell client BIOS update from support.dell.com to the Altiris server and then use a simple user interface to assign the update to a collection of Dell machines. A collection can be defined using any machine properties inventoried by Altiris. Most often, BIOS updates are assigned to a collection of machines of the same Dell model that do not already have the latest BIOS update.

For example, an administrator can build a policy to assign a BIOS update to a collection of all the Dell D600 laptops in the marketing department that don't already have the latest A16 BIOS rev. The policy can define when the update is applied and force a Wake-On-LAN if necessary. If the policy is created as a dynamic collection, any time a new Dell D600 machine appears on the LAN that does not have the latest A16 BIOS revision that update will be automatically applied – no administrator intervention required.

Figure 6: The Altiris DCM Update BIOS policy

Click to view.

The BIOS Update policy uses the .hdr file included in the BIOS package to perform the BIOS upgrade. The .hdr file contains the BIOS image and meta data about that image. This package is delivered to the client machine using the Altiris Agent's ability to deliver a software package which is communicated via HTTP(S) or TCP/IP (all configurable by the Admin).

Once the package has been delivered to the client, the .hdr file is extracted and its meta data used in performing required checks. These checks include verifying a valid SystemID (to ensure that the BIOS update is a valid update for the target system) and/or whether a downgrade is permitted (if a downgrade is desired). Once all the checks have passed, the BIOS image is taken from the .hdr file and is copied to a locked, contiguous memory buffer. In the client's shutdown process, the BIOS detects a valid BIOS update image in the system memory buffer and uses the image data to reprogram the system's flash memory. When the machine powers on the updated BIOS takes effect. A major benefit of the Altiris DCM solution, is the ability to configure the installation schedule, reboot time, and/or deferment of BIOS update packages.

Remotely Set BIOS Configurations for Dell Clients

Dell has traditionally provided BIOS updates as part of the Dell Client Configuration Utility (DCCU), which used "BIOS Set" packages. These DCCU packages could only be executed on machines of the same model. Altiris DCM provides several advantages over DCCU including:

• the ability to create model independent BIOS profiles
• enforcing remote BIOS configurations via policy

Profiles can be created "from scratch" using the user interface (profiles created this way will support all possible Dell Client BIOS settings) or a profile can be captured from a reference machine and then modified. BIOS profiles are defined in the central Altiris console and saved as templates that can be applied over and over again. Altiris administrators can add, edit, clone, and delete BIOS profiles (Figure 7).

Figure 7: DCM BIOS Setting Profile can be imported or created from scratch

Click to view.

Policies can be created to apply BIOS profiles across any supported Dell client hardware regardless of model. Settings which may not be available in certain BIOS configurations will simply be ignored (whereas similar settings will be assumed).

Each managed Dell client with the DCM sub-agent will apply the BIOS profile settings by reading from the BIOS profile configuration file. The configuration file defines the values to be applied to the writeable BIOS WMI properties published by the DCM sub-agent.

Dell Hardware Health/BIOS Configuration Monitoring

Altiris DCM also allows for monitoring hardware components of Dell client machines. Many different properties can be monitored including low disk space, chassis intrusion or even predicting a system failure. Hardware health monitoring can be used in conjunction with Altiris notification policies and event handlers to quickly inform administrators of preset problem conditions.

The Dell Client System Monitoring Policy allows administrators to select which events and metrics should be monitored. This policy can also define which values should trigger what corresponding actions, whenever those preset events or warnings occur. (Figure 8)

Figure 8: Administrator may configure which events and actions to take when monitoring clients

Click to view.

Altiris DCM Events are generated in one of two ways.

1. WMI event consumers. Whenever a change occurs to certain properties within the Dell namespace, registered WMI event consumers (contained in the DCM sub-agent) pick up these changes, and trigger an event. These events are read by the Altiris agent and their information is forwarded to the Notification Server for potential follow-up action.
2. Monitoring status WMI Properties (no registered WMI event consumers are used). With this method, selected property values are polled regularly, and any change information is sent to the Altiris server as soon as it is detected.

The Altiris Server allows automated actions to respond to monitored events. These automated actions include:

• Logging each event in the NT event log
• Sending notification emails to system administrators
• Creating or editing helpdesk tickets
• Launching any custom script or executable on the Altiris server

Support for future Dell Hardware Models

Altiris DCM is extensible in that it has features that allow support for future Dell BIOS updates and machine models that are not yet released. Through the Supported Models Manager you can view which models are currently supported, or update the Altiris solution to include new Dell Models as they become available.

Figure 9: The Altiris DCM Supported Models Manager

Click to view.

Additional Information

More information regarding the new Dell Client Manager solution can be found at:

http://www.altiris.com/dcm

http://www.altiris.com/dell

http://www.altiris.com/eval/dell - download a trial copy of the Dell Client Manager

http://www.dell.com/openmanage - click the Client Management Link

http://www.symantec.com/connect/dell - Altiris / Dell Users Community

http://www.altiris.com/support/documentation

Conclusion

The new Dell Client Manager solution from Altiris offers a simple, robust tool for the one-to-many management of Dell desktops and laptops. The solution bundles Dell OpenManage code and improves on many of the disparate tools offered in Dell's current OpenManage line up (DCCU, OMCI, OMCC, and ITA). A critical advantage of the Altiris DCM toolset is its ability to bring Dell-specific functions and hardware properties into the realm of Altiris' comprehensive Service-Oriented Architecture (SOA). This provides for a level of automation, control and extensibility that has been heretofore unavailable for Dell client hardware.

Now, Dell customers can leverage the best that OpenManage has to offer while leveraging the power of the complete Altiris infrastructure all in a single, easy-to-use console.

Appendix A – Notification Server
Communication Architecture

Communication between the Altiris agent and Altiris Notification Server fundamentally consists of XML files that are compressed and transferred via HTTP (port 80) or HTTPS (port 443). Altiris Notification Server incorporates a pull agent model. By default each Altiris agent requests a policy update from Altiris Notification Server every 1 hour. In production environments, this interval is generally extended to be every 6 to 12 hours though it may be longer or shorter.

During this update, the agent requests Altiris Notification Server to determine what new policies are applicable to the machine hosting the agent. If at least one policy addition or modification exists for an agent, that agent will download a new policy configuration XML file. This file informs the Altiris agent what work it is to perform. For example, the agent may download and parse the XML configuration file to determine that it is to run a software inventory scan every 12 hours, a hardware inventory scan once a week; it is to deny access to any unauthorized software programs (games or instant messengers, etc.) during the working hours of 8am to 5pm, and it is to download and execute the most recent Microsoft patches or Dell BIOS updates from the Altiris server immediately. The entire process of downloading the config policy generates a little less than 2K of traffic roundtrip per agent.

As inventory scans are performed or other agent events are triggered, that data is communicated to the Altiris Notification Server as an XML formatted file with an *.nse extension (NSE = Notification Server Event).

By leveraging the same infrastructure (policy engine, role/scope security engine, client/server communication model, etc.), Altiris solutions gain incredible efficiencies that are realized in part by the infrastructure's ability to scale. For example, while many competing solutions require 6 to 30 different servers to inventory a 25,000 node infrastructure it is entirely possible for Altiris to simply use one NS server (again depending on what solutions are installed and how many policies a customer defines). This scalability suggests the lower TCO model that Altiris software is designed to deliver. It should also factor into customer pricing considerations because most Altiris competitors charge based on the number of machines the customer will manage as well as the number of management servers the customer's topology will require. Altiris not only requires less server hardware resources to manage customer environments, but Altiris does not charge for management servers either (pricing is based on the number of machines that will be managed – not on the number of servers you will need).

Fundamentally, Altiris Notification Server uses policies to associate tasks and software packages with collections. A collection is a grouping of computers. Computers can belong to zero or more collections.

There are two types of collections:

• Static Collections – A computer's membership in a static collection can only change when an administrator explicitly assigns or removes the computer from a collection. When an administrator puts a server in a static collection, the server stays in that collection until the administrator removes it.
• Dynamic Collections – A computer's membership in a dynamic collection changes based on the properties of the computer. As the properties change, the computer automatically moves into and out of dynamic collections. It can be helpful to think of dynamic collections as being based on a SQL WHERE clause. For example, an administrator might create a dynamic collection that consists of all desktop machines where the operating system is Windows XP Service Pack 2 and the system is joined to a specific domain. If either of those two properties change then Altiris Notification Server will automatically remove it from that collection. It will then be disassociated with any policies assigned to manage that collection.

Dynamic collections are a very powerful mechanism for automating systems management. For example, policies can be created that will, on an ongoing basis, deliver a specific Dell BIOS update to any machine that might require it. Two months after the policy is created, a new machine might be added to the LAN. Soon after the Altiris agent is installed on that machine it will be joined to all the predefined collections it qualifies for. When that happens any policies assigned to those collections will become effective for the new machine - the machine will then automatically receive not just the BIOS update it needs but it will also execute any other tasks assigned to the policies that govern the machine.

PDF Format