Introduction to Dell's OpenManage Client Administrator 3.0
Authors:
Jordan Gardner
Todd Mitchell
This new solution includes a module that extends Altiris' service-oriented management architecture (SOA) to include Dell machine properties that can be used to automate common Dell client management tasks such as remotely updating the system BIOS. Administrators can also use the new tool to view detailed hardware inventory and BIOS settings, remotely configure BIOS settings via policies, and monitor hardware health and system settings.
Introduction to Dell's OpenManage Client Administrator 3.0
Contents
- Introduction
- What is Dell OMCA?
- What is Altiris® Client Management Suite™?
- What is Altiris Dell Client Manager?
- Architecture
- The Dell Client Manager Sub-Agent
- Key Functionality
- Detailed Dell Hardware and BIOS Inventory
- Applying Dell BIOS Updates
- Remotely Set BIOS Configurations for Dell Clients
- Dell Hardware Health/BIOS Configuration Monitoring
- Support for future Dell Hardware Models
- Additional Information
- Conclusion
- Appendix – Altiris Notification Server Communication Architecture
Introduction
The 3.0 version of Dell's OpenManage Client Administrator includes a new module that promises a wealth of improved Dell specific management functions. This new solution, called the Dell Client Manager, also extends Altiris' service-oriented management architecture (SOA) to include Dell machine properties that can be used to automate common Dell client management tasks such as remotely updating the system BIOS. Administrators can also use the new tool to view detailed hardware inventory and BIOS settings, remotely configure BIOS settings via policies, and monitor hardware health and system settings.
This new Dell Client Manager solution is included in version 3.0 of Dell OpenManage Client Administrator (OMCA) tools and it can also be added to Altiris® Client Management Suite™.
OMCA is a suite of integrated products based on Altiris technology that gives Dell customers the power to create, edit, copy and remotely deploy system images as well as the ability to remotely distribute software applications, updates and service packs over the network. OMCA also enables administrators to remotely migrate old PC software and settings to a new operating system as part of a hardware refresh, all from a central management console.
In addition to the deployment and migration features, Dell's OMCA offers solutions for system inventory and software delivery.
Specifically, OMCA 3.0 includes these Altiris solutions:
- Altiris® Deployment Solution™–Deploys operating systems via imaging or scripted OS installs, migrates user data and settings between systems, performs remote control operations, etc.
- Altiris® Software Delivery Solution™–Provides policy-based software delivery over WAN or LAN
- Altiris Inventory Solution®–Robust hardware, software and user inventory of computers
- Altiris Dell Client Manager–A new solution added in the 3.0 version of OMCA that includes Dell-specific hardware/BIOS inventory, BIOS updating/configuration, hardware health monitoring, etc.
Note that the first three Altiris solutions listed above can be used to manage any vendor's hardware, not just Dell's. The fourth solution provides advanced management functions for Dell systems. Therefore, OMCA can be used to manage desktops and notebooks from any vendor, but it provides specific advantages for users of Dell hardware.
What is Altiris® Client Management Suite™?
Altiris Client Management Suite includes all the solutions in OMCA 3.0 and adds integrated tools for patching Windows operating systems, application metering (usage monitoring and denial of unauthorized applications), advanced remote control, application management, etc. OMCA is a subset of Client Management Suite. It includes the basic building blocks to address the most fundamental management needs. Client Management Suite offers a more comprehensive approach by including more solutions and advanced, policy-based options to more fully automate desktop management.
What is Altiris Dell Client Manager?
This new solution from Altiris, included in both OMCA 3.0 and Client Management Suite, extends either of these products to include options for managing Dell systems at the hardware level. Specific new features include:
- Remote BIOS updates
- Remote, policy-based BIOS configuration (model agnostic)
- Remote hardware health monitoring
- Bundling Dell OpenManage Client Instrumentation (OMCI), Dell's client agent software into the Altiris agent
- Detailed Dell-specific hardware inventory integrated into the Altiris Resource Manager
The primary purpose of this document is to introduce the new Dell Client Manager solution from Altiris and overview its architecture and key functions.
Architecture
The Altiris architecture is a key component of the Altiris value proposition and a distinguishing characteristic of Altiris solutions over competing products.
Dell Client Manager snaps into the same infrastructure used by all the Altiris solutions. This infrastructure simplifies management tasks by integrating all the Altiris solutions into a central console that allows data and management functions to be shared across individual solutions. This infrastructure can be deployed to support one or multiple Altiris solutions.
Even if multiple Altiris solutions are implemented, they all integrate into the same framework so they can work together from the same console. For example, Altiris® Server Management Suite™, OMCA 3.0 and Altiris® Handheld Management Suite™ can all be installed into the same backend Altiris server to provide a single management console across an entire company for server, desktop and mobile device management. The Altiris role-and-scope security engine also works across all installed solutions.
The key component of this infrastructure is Altiris® Notification Server™. Notification Server is provided to customers without charge and can be installed independently of any Altiris solutions. It is the engine that manages communication with the remote Altiris agents and the SQL database (MSDE can be used for evaluation purposes). The database can be collocated on the Altiris Server or installed on a remote server. Notification Server manages the Altiris Web console, Altiris connectors into third-party products, and system notification policies. For more information about Notification Server, consult Appendix – Notification Server Communication Architecture.
All the solutions built on the Notification Server framework use the same Altiris Agent. The agent disk and memory footprint are dynamically extended with "sub-agents" as needed when new Altiris solutions are installed. The typical disk footprint for the Altiris Agent is approximately 5 MB to 12 MB, depending on which solutions are installed and how many policies the Altiris administrator has created.
The Dell Client Manager Sub-Agent
The Dell Client Manager Sub-agent contains the same code that is available from Dell as OMCI, which is commonly installed on any Dell system to be managed by Dell's OpenManage Client Connector and IT Assistant tools. When the Dell Client Manager agent is rolled out to client machines, it automatically uninstalls any 6.x versions of OMCI before installing the latest version. It will also upgrade any 7.x versions of OMCI to the latest version of OMCI as needed. As part of its functionality, OMCI publishes hardware-specific values in the Dell WMI namespace, allowing for detailed hardware and BIOS inventory to be taken from each client. If the Dell Client Manager Sub-agent is ever uninstalled, administrators are provided the option to leave the OMCI WMI component to remain on the client machines.
Dell has another OpenManage tool called the Dell Client Configuration Utility (DCCU), which is used to remotely retrieve or configure BIOS settings and update the BIOS version. The Dell Client Manager Sub-agent also includes some code from DCCU to provide for these same functions.
When the Altiris Agent is installed, all necessary code from the OMCI and DCCU tools are already included with the Dell Client Manager Sub-agent that the solution automatically installs on supported Dell client hardware. Administrators do NOT need to download and install the additional tools from Dell. Dell Client Manager already bundles everything customers need to manage their Dell systems. Enabling a single policy from Altiris will extend the Altiris Agent with the Dell OpenManage code needed to manage Dell machines (see Figure 3).
Figure 3: The Dell Client Manager Sub-agent is distributed by enabling a single policy
By using Dell Client Manager, administrators have a single tool and console to manage their Dell client hardware. This eliminates the need to use the Dell's OpenManage tools such as IT Assistant (ITA), Dell Client Configuration Utility (DCCU), Dell OpenManage Client Connector (OMCC) or OpenManage Client Instrumentation (Figure 4).
Figure 4: Altiris consolidates multiple hardware management tools into a single solution.
Key Functionality
Dell Client Manager provides many key functions unique to Dell OpenManage software with many improvements available over what Dell has previously provided. This section overviews some of these capabilities.
Detailed Dell Hardware and BIOS Inventory
Altiris provides detailed hardware and BIOS inventory scans on Dell machines. Dell hardware and BIOS properties are read from the Dell WMI namespace, which are published once the Dell Client Manager Sub-agent is present. This inventory is forwarded to the Altiris Server using the client/server communication model outlined in the Appendix. The inventory gathered through the Dell Client Manager Sub-agent is displayed in data classes identified with an "OMCA" prefix in the Altiris Resource Manager (see Figure 5). These data classes are displayed alongside all other Altiris inventory data classes, allowing a single view of all information known for a particular Dell device.
The Altiris® Extensible Management Architecture™ (EMA) allows Dell specific properties to be published to other components and solutions installed into the Altiris Server. This data sharing can be used to create comprehensive management policies that automate management functions based on Dell machine properties such as BIOS revisions, model numbers, etc. The Altiris architecture allows Dell properties to drive Altiris notification policies, collection definitions, and reports.
Administrators have the ability to configure the frequency of hardware and BIOS scans, and which collections, or group of computers, the scan schedules will apply to. An option is also provided to "wake up" powered down machines to perform these scans. These settings are all configured via two provided policies. the BIOS Inventory Scan Policy and Hardware Inventory Scan Policy.
The hardware and BIOS inventory scans utilize the same Dell Client Manager Sub-agent; however, the two different policies determine which WMI properties will be collected. These policies exist on managed Dell clients as two small .xml files:
- actions.xml–Defines what WMI properties should be collected
- schema.xml–Formats the output of the scan so that Notification Server can recognize the data and successfully import it once it is posted to the Altiris Server.
These .xml files are communicated to the client prior to the first inventory scan, and are be periodically updated as newer Dell client models are manufactured and additional BIOS properties become available with new BIOS versions. Administrators may also use Notification Server to throttle bandwidth to prohibit BIOS or hardware inventory to be sent over the wire unless certain bandwidth thresholds are satisfied. These capabilities are particularly valuable for large environments or infrastructures with lower bandwidth connections.
Dell Client Manager allows administrators to easily update the BIOS on Dell client hardware via automated policies. Administrators can download a Dell client BIOS update from support.dell.com to the Altiris Server and then use a simple user interface to assign the update to a collection of Dell machines. A collection can be defined using any machine properties inventoried by Altiris. Most often, BIOS updates are assigned to a collection of machines of the same Dell model that do not already have the latest BIOS update.
For example, an administrator can build a policy to assign a BIOS update to a collection of all the Dell D600 notebooks in the marketing department that don't already have the latest A16 BIOS revision. The policy can define when the update is applied and force a Wake on LAN if necessary. If the policy is created as a dynamic collection, any time a new Dell D600 machine appears on the LAN that does not have the latest A16 BIOS revision, that update will be automatically applied; no administrator intervention is required.
The BIOS update policy uses the .hdr file included in the BIOS package to perform the BIOS upgrade. The .hdr file contains the BIOS image and meta data about that image. This package is delivered to the client machine using the Altiris Agent's ability to deliver a software package that is communicated via HTTP(S) or TCP/IP (all configurable by the administrator).
Once the package has been delivered to the client, the .hdr file is extracted and its meta data used in performing required checks. These checks include verifying a valid SystemID (to ensure that the BIOS update is a valid update for the target system) and/or whether a downgrade is permitted (if a downgrade is desired). Once all the checks have passed, the BIOS image is taken from the .hdr file and is copied to a locked, contiguous memory buffer. In the client's shutdown process, the BIOS detects a valid BIOS update image in the system memory buffer and uses the image data to reprogram the system's flash memory. When the machine powers on the updated BIOS takes effect. A major benefit of Dell Client Manager is the ability to configure the installation schedule, reboot time, and/or deferment of BIOS update packages.
Remotely Set BIOS Configurations for Dell Clients
Dell has traditionally provided BIOS updates as part of the Dell Client Configuration Utility (DCCU), which uses BIOS Set packages. Typically, one DCCU package is created for each Dell model to be configured and a third-party tool is then used for delivering the DCCU packages to the appropriate Dell machines.
Dell Client Manager provides several advantages over DCCU, including:
- The ability to create model-independent BIOS profiles
- Enforcing remote BIOS configurations via policy
Profiles can be created "from scratch" using the user interface (profiles created this way will support all possible Dell Client BIOS settings) or a profile can be captured from a reference machine and then modified. BIOS profiles are defined in the central Altiris console and saved as templates that can be applied over and over again. Altiris administrators can add, edit, clone, and delete BIOS profiles (Figure 7).
Figure 7: Dell Client Manager BIOS Setting Profile can be imported or created from scratch
Policies can be created to apply BIOS profiles across any supported Dell client hardware regardless of model. Settings that may not be available in certain BIOS configurations will simply be ignored (whereas similar settings will be assumed).
Each managed Dell client with the Dell Client Manager Sub-agent will apply the BIOS profile settings by reading from the BIOS profile configuration file. The configuration file defines the values to be applied to the writeable BIOS WMI properties published by the Dell Client Manager Sub-agent.
Dell Hardware Health/BIOS Configuration Monitoring
Dell Client Manager also allows for monitoring hardware components of Dell client machines. Many different properties can be monitored, including low disk space, chassis intrusion or even predicting a system failure. Hardware health monitoring can be used in conjunction with Altiris notification policies and event handlers to quickly inform administrators of preset problem conditions.
The Dell Client System Monitoring Policy allows administrators to select which events and metrics should be monitored. This policy can also define which values should trigger what corresponding actions, whenever those preset events or warnings occur (Figure 8).
Figure 8: Administrator may configure which events and actions to take when monitoring clients
Dell Client Manager Events are generated in one of two ways.
- WMI event consumers. Whenever a change occurs to certain properties within the Dell namespace, registered WMI event consumers (contained in the Dell Client Manager Sub-agent) pick up these changes and trigger an event. These events are read by the Altiris Agent and their information is forwarded to the Notification Server for potential follow-up action.
- Monitoring status WMI Properties (no registered WMI event consumers are used). With this method, selected property values are polled regularly, and any change information is sent to the Altiris Server as soon as it is detected.
The Altiris Server allows automated actions to respond to monitored events. These automated actions include:
- Logging each event in the NT event log
- Sending notification e-mails to system administrators
- Creating or editing help desk tickets
- Launching any custom script or executable on the Altiris Server
Support for future Dell Hardware Models
Dell Client Manager is extensible in that it has features that allow support for future Dell BIOS updates and machine models that are not yet released. Through the Supported Models Manager you can view which models are currently supported, or update the Altiris solution to include new Dell models as they become available.
Additional Information
For more information about Dell Client Manager, visit:
- http://www.altiris.com/dcm
- http://www.altiris.com/juice - Click on Dell Community. This is a new online forum for users of Altiris software and Dell hardware to go for sharing best practices, etc.
- http://www.altiris.com/eval Download a trial copy of Dell Client Manager.
- http://www.dell.com/openmanage - Click the Client Management link
- http://www.altiris.com/support/documentation
Conclusion
The new Dell Client Manager solution from Altiris offers a simple, robust tool for the one-to-many management of Dell desktops and notebooks. The solution bundles Dell OpenManage code and improves on many of the disparate tools offered in Dell's current OpenManage lineup (DCCU, OMCI, OMCC, and ITA). A key advantage of the Dell Client Manager solution is its ability to bring Dell specific functions and hardware properties into the realm of Altiris' comprehensive service-oriented architecture (SOA). This provides for a level of automation, control and extensibility that has been heretofore unavailable for Dell client hardware.
Now, Dell customers can leverage the best that OpenManage has to offer while leveraging the power of the complete Altiris infrastructure–all in a single, easy-to-use console.
Appendix – Altiris Notification Server Communication Architecturee
Communication between the Altiris Agent and Altiris Notification Server fundamentally consists of XML files that are compressed and transferred via HTTP (port 80) or HTTPS (port 443). Notification Server incorporates a pull agent model. By default each Altiris Agent requests a policy update from Notification Server every 1 hour. In production environments, this interval is generally extended to be every 6 to 12 hours, though it may be longer or shorter.
During this update, the agent requests Notification Server to determine what new policies are applicable to the machine hosting the agent. If at least one policy addition or modification exists for an agent, that agent will download a new policy configuration XML file. This file informs the Altiris Agent what work it is to perform. For example, the agent may download and parse the XML configuration file to determine that it is to run a software inventory scan every 12 hours, a hardware inventory scan once a week; it is to deny access to any unauthorized software programs (games or instant messengers, etc.) during the working hours of 8 a.m. to 5 p.m., and it is to download and execute the most recent Microsoft patches or Dell BIOS updates from the Altiris Server immediately. The entire process of downloading the config policy generates a little less than 2 KB of traffic roundtrip per agent.
As inventory scans are performed or other agent events are triggered, that data is communicated to the Notification Server as an XML formatted file with an *.nse extension (NSE = Notification Server Event).
By leveraging the same infrastructure (that is, the same policy engine, role/scope security engine, client/server communication model, etc.), Altiris solutions gain incredible efficiencies that are realized in part by the infrastructure's ability to scale. For example, while many competing solutions require 6 to 30 different servers to inventory a 25,000-node infrastructure, it is entirely possible for Altiris to simply use one Notification Server (again, depending on what solutions are installed and how many policies a customer defines). This scalability suggests the lower TCO model that Altiris software is designed to deliver. It should also factor into customer pricing considerations because most Altiris competitors charge based on the number of machines the customer will manage as well as the number of management servers the customer's topology will require. Altiris not only requires less server hardware resources to manage customer environments, but Altiris does not charge for management servers either (pricing is based on the number of machines that will be managed, not on the number of servers you will need).
Fundamentally, Notification Server uses policies to associate tasks and software packages with collections. A collection is a grouping of computers. Computers can belong to zero or more collections.
There are two types of collections:
- Static Collections–A computer's membership in a static collection can only change when an administrator explicitly assigns or removes the computer from a collection. When an administrator puts a server in a static collection, the server stays in that collection until the administrator removes it.
- Dynamic Collections–A computer's membership in a dynamic collection changes based on the properties of the computer. As the properties change, the computer automatically moves into and out of dynamic collections. It can be helpful to think of dynamic collections as being based on a SQL WHERE clause. For example, an administrator might create a dynamic collection that consists of all desktop machines where the operating system is Windows XP Service Pack 2 and the system is joined to a specific domain. If either of the two properties change, then Notification Server will automatically remove it from that collection. It will then be disassociated with any policies assigned to manage that collection.
Dynamic collections are a very powerful mechanism for automating systems management. For example, policies can be created that will, on an ongoing basis, deliver a specific Dell BIOS update to any machine that might require it. Two months after the policy is created, a new machine might be added to the LAN. Soon after the Altiris Agent is installed on that machine it will be joined to all the predefined collections it qualifies for. When that happens any policies assigned to those collections will become effective for the new machine - the machine will then automatically receive not just the BIOS update it needs but it will also execute any other tasks assigned to the policies that govern the machine.