Managing Dell Client Hardware Using the Dell Client Manager from Altiris
Authors:
Jordan Gardner
Todd Mitchell
As a component of both Dell OpenManage Client Administrator 3.0 and Altiris Client Management Suite software, the Dell Client Manager from Altiris is designed to provide effective management capabilities for enterprise IT organizations using Dell client hardware. The Dell Client Manager can enable automated, centralized management of Dell Precision workstations, OptiPlex desktops, and Latitude notebooks.
Dell OpenManage Client Administrator (OMCA) is a suite of integrated products based on Altiris technology that enables IT administrators to manage Dell Precision workstations, Dell OptiPlex desktop computers, and Dell Latitude notebooks. With OMCA, administrators can create, edit, copy, and remotely deploy system images as well as remotely distribute software applications, updates, and service packs over a network. OMCA also enables administrators to remotely migrate old PC software and settings to a new OS as part of a hardware refresh—all from a central management console.
In addition to deployment and migration features, Dell OMCA offers tools for system inventory and software delivery. Specifically, version 3.0 of OMCA includes the following Altiris products:
- Altiris Deployment Solution: Deploys operating systems via imaging or scripted installations, moves user data and settings between systems, performs remote control operations, and provides software packaging functionality
- Altiris Software Delivery Solution: Provides policy-based software delivery over a wide area network or LAN
- Altiris Inventory Solution: Performs robust hardware, software, and user inventory
- Dell Client Manager: Includes Dell-specific hardware and BIOS inventory information, helps configure and update BIOS, and provides hardware health monitoring
Altiris Deployment Solution, Altiris Software Delivery Solution, and Altiris Inventory Solution software is designed to manage any standards-based x86 hardware, not just Dell hardware. In addition, the Dell Client Manager1 from Altiris provides advanced management functions specifically for Dell systems. In addition to being a component of OMCA 3.0, the Dell Client Manager can be added to Altiris Client Management Suite—extending the Altiris serviceoriented architecture (SOA) to include Dell-specific hardware properties.
Altiris Client Management Suite includes the capabilities of OMCA 3.0 and adds integrated tools for patching Microsoft Windows operating systems, application metering (usage monitoring and denial of unauthorized applications), advanced remote control, and application management. While OMCA addresses fundamental client management needs, Client Management Suite offers a comprehensive approach by including additional tools and advanced, policy-based options to fully automate desktop management. Whether as part of Dell OMCA 3.0 or Altiris Client Management Suite, the Dell Client Manager extends either product to include options for managing Dell systems at the hardware level. This article examines the architecture and key functions of the Dell Client Manager.
Building upon the Altiris architecture
The Dell Client Manager employs the same architecture used by all Altiris software tools. This architecture is designed to simplify management tasks by integrating installed Altiris solutions into a central console that allows data and management functions to be shared across individual solutions (see Figure 1).
This architecture enables multiple Altiris solutions to work together. For example, Altiris Server Management Suite software, OMCA 3.0, and Altiris Handheld Management Suite software can be installed on the same back-end Altiris server to provide a single management console across an entire enterprise for server, desktop, and mobile device management. The Altiris role-and-scope security engine also works across installed Altiris tools. By leveraging the same infrastructure—policy engine, role/scope security engine, and client/server communication model—Altiris solutions are designed to provide efficiency and scalability.
Altiris Notification Server
The key component of the Altiris architecture is Altiris Notification Server. Notification Server is available at no cost and can be installed independently of any Altiris solutions. It is the engine that manages communication with the remote Altiris agents and the SQL database. The database can be collocated on the Altiris server or installed on a remote server. Notification Server manages the Altiris Web console, Altiris connectors into third-party products, and system notification policies. For more information about Altiris Notification Server, see the "Altiris Notification Server communication architecture" sidebar in this article.
Altiris solutions built on the Notification Server framework use the same Altiris Agent. When additional Altiris solutions are installed, the disk and memory footprints for this agent are dynamically extended with sub-agents as needed. The typical disk footprint for the Altiris Agent is approximately 5 MB to 12 MB, depending on which solutions are installed and how many policies the Altiris administrator has created.
Fundamentally, Altiris Notification Server uses policies to associate tasks and software packages with collections of systems. Computers can belong to multiple collections, and collections can be either static or dynamic. When an administrator puts a system in a static collection, it stays in that collection until the administrator explicitly removes it. Membership in a dynamic collection is based on the properties of the system—as properties change, the system automatically moves into and out of dynamic collections. For example, an administrator can create a dynamic collection that consists of desktops running the Microsoft Windows XP OS with Service Pack 2 and belonging to a specific domain. If either of these properties changes for any system in the collection, Notification Server automatically removes the system from that collection, and the system is then disassociated with any policies assigned to manage that collection.
Dynamic collections can be a powerful mechanism for automating systems management. For example, a policy can be created to deliver, on an ongoing basis, a specific Dell BIOS update to any system that requires it. If a system is added to the LAN after the policy is created, that system joins all the predefined collections it qualifies for shortly after the Altiris Agent is installed on the system. Any policies assigned to those collections become effective for the added system—it automatically receives the BIOS update, if needed, and executes any other tasks associated with the assigned policies.
Dell Client Manager sub-agent
The Dell Client Manager sub-agent contains the same code that is available from Dell as Dell OpenManage Client Instrumentation (OMCI), which is commonly installed on any Dell system managed by Dell OpenManage Client Connector (OMCC) or Dell OpenManage IT Assistant (ITA). As part of its functionality, OMCI publishes hardware-specific values in the Dell Windows Management Instrumentation (WMI) namespace, allowing for detailed hardware and BIOS inventory to be taken from each client. When the Dell Client Manager agent is deployed on client systems, it automatically uninstalls any 6.x versions of OMCI before installing the latest OMCI version. It also upgrades any 7.x versions of OMCI to the latest version of OMCI as needed. If the Dell Client Manager sub-agent is uninstalled, administrators have the option of allowing the OMCI
WMI component to remain on the client system.
Another Dell OpenManage tool, the Dell Client Configuration Utility (DCCU), can be used to remotely retrieve or configure BIOS settings and update the BIOS version. The Dell Client Manager sub-agent includes code from DCCU to provide these functions.
When the Altiris Agent is installed, necessary code from the OMCI and DCCU tools are included with the Dell Client Manager sub-agent. Administrators do not need to download and install additional tools from Dell because the Dell Client Manager provides the functionality required to manage the Dell system (see Figure 2).
Enabling a single policy from the Altiris Web console extends the Altiris Agent with the Dell OpenManage code needed to manage Dell hardware (see Figure 3).
By using the Dell Client Manager, administrators have a single tool and console to manage their Dell client hardware—avoiding the need for individual Dell OpenManage tools such as ITA, DCCU, OMCC, or OMCI (see Figure 4).
Exploring key features of the Dell Client Manager
The Dell Client Manager provides key functions unique to Dell OpenManage software, including many enhancements over previous Dell systems management software releases. In particular, the Dell Client Manager enables detailed Dell-specific hardware inventory integrated into the Altiris Resource Manager; remote BIOS updates; remote, policy-based BIOS configuration (model agnostic); and remote hardware health monitoring.
Detailed Dell-specific hardware and BIOS inventory
The Dell Client Manager is designed to provide detailed hardware and BIOS inventory scans on Dell hardware. Dell hardware and BIOS properties are read from the Dell WMI namespace, and then published once the Dell Client Manager sub-agent is present. This inventory is forwarded to the Altiris server using the client/server communication model (for more information about this process, see the "Altiris Notification Server communication architecture" sidebar in this article). The inventory gathered through the Dell Client Manager sub-agent is displayed in data classes identified with an "OMCA" prefix in the Altiris Resource Manager (see Figure 5).
These data classes are displayed alongside other Altiris inventory data classes, allowing a single view of all information known for a particular Dell device.
The Altiris Extensible Management Architecture (EMA) allows Dell-specific properties to be published to other components and solutions installed on the Altiris server. This data sharing can be used to create comprehensive management policies that automate management functions based on Dell hardware properties such as BIOS revisions and model numbers. The Altiris architecture allows Dell properties to drive Altiris notification policies, collection definitions, and reports.
Administrators can define the frequency of hardware and BIOS scans as well as the collections of systems for which the scan schedules apply. A collection can be defined using any hardware properties inventoried by Altiris software. Another option is to wake up powered-down systems to perform these scans. These settings are configured via two policies provided with the Dell Client Manager: the BIOS Inventory Scan Policy and the Hardware Inventory Scan Policy. These inventory scans use the same Dell Client Manager sub-agent; however, the policies differ in the WMI properties that they collect.
These policies exist on managed Dell clients as two small .xml files:
- actions.xml: Defines which WMI properties should be collected
- schema.xml: Formats the output of the scan so that Altiris Notification Server can recognize the data and successfully import it once it is posted to the Altiris server
These .xml files are communicated to the client prior to the first inventory scan and are periodically updated as additional Dell client models are released and additional BIOS properties become available with updated BIOS versions.
Administrators also can use Altiris Notification Server to throttle bandwidth to prohibit BIOS or hardware inventory from being sent over the network unless certain bandwidth thresholds are satisfied. These capabilities are particularly valuable for large environments or infrastructures with low-bandwidth connections.
Remote BIOS updates
The Dell Client Manager allows administrators to easily update the BIOS on Dell client hardware via automated policies. Administrators can download a Dell client BIOS update from support.dell.com to the Altiris server and then use the Altiris Web console to assign the update to a collection of Dell clients (see Figure 6).
Most often, BIOS updates are assigned to a collection of systems that are the same Dell model and do not already have the latest BIOS update.
For example, administrators can build a policy to assign a BIOS update to all the Dell Latitude D600 notebooks within the marketing department that do not already have the latest A16 BIOS revision. The policy can define when the update is applied and force a Wakeon-LAN if necessary. If the policy is created as a dynamic collection, when a Latitude D600 system that does not have the latest A16 BIOS revision appears on the LAN, the update is automatically applied—without requiring administrator intervention.
The BIOS update policy uses the .hdr file included in the BIOS package to perform the upgrade. The .hdr file contains the BIOS image and metadata for that image. This package is delivered to the client system using the Altiris Agent's ability to deliver a software package that is communicated via HTTP, HTTP over Secure Sockets Layer (HTTPS), or TCP/IP (all configurable by the administrator).
Once the package has been delivered to the client, the .hdr file is extracted and its metadata is used to perform required checks. These checks can include verifying a valid system ID (to help ensure that the BIOS update is a valid update for the target system) and whether a downgrade is permitted (if desired). Once all the checks have passed, the BIOS image is taken from the .hdr file and copied to a locked, contiguous memory buffer. In the client's shutdown process, the BIOS detects a valid BIOS update image in the system memory buffer and uses the image data to reprogram the system's flash memory. When the client powers up, the updated BIOS takes effect. A primary benefit of the Dell Client Manager is the ability to configure the installation schedule, reboot time, and deferment of BIOS update packages.
Remote configuration of BIOS settings
Dell has traditionally provided BIOS updates as part of the Dell Client Configuration Utility, which uses BIOS setup packages. Typically, one DCCU package is created for each Dell model to be configured, and administrators use a third-party tool to deliver the DCCU packages to the appropriate Dell systems.
The Dell Client Manager is designed to provide several advantages over DCCU by enabling the following features:
- Capability to create model-independent BIOS profiles
- Enforcement of remote BIOS configurations via policies
New profiles can be created from the Altiris Web console (profiles created this way can support all possible Dell client BIOS settings), or they can be captured from a reference system and then modified. BIOS profiles are defined in the central Altiris Web console and saved as templates that can be applied over and over again. Altiris administrators can add, edit, clone, and delete BIOS profiles (see Figure 7).
Policies can be created to apply BIOS profiles across any supported Dell client hardware regardless of the model. Settings that are not available in the BIOSs of legacy systems are simply ignored. Each managed Dell client with the Dell Client Manager sub-agent installed applies the BIOS profile settings by reading from the BIOS profile configuration file. This configuration file defines the values to be applied to the writeable BIOS WMI properties published by the Dell Client Manager sub-agent.
Remote hardware health and BIOS configuration monitoring
The Dell Client Manager enables administrators to monitor hardware components of Dell client systems. Several properties can be monitored, such as low disk space or chassis intrusion. Hardware health monitoring can be used in conjunction with Altiris notification policies and event handlers to quickly inform administrators of problem conditions and potential system failure.
The Dell Client System Monitoring Policy allows administrators to select which events and metrics should be monitored. This policy can also define the corresponding actions that should be triggered whenever those preset events or warnings occur (see Figure 8).
Figure 8. Configuring actions corresponding to specific events for monitored clients.
Dell Client Manager events are generated two ways:
- Using WMI event consumers: Whenever a change occurs to certain properties within the Dell namespace, registered WMI event consumers (contained in the Dell Client Manager sub-agent) pick up these changes and trigger an event. These events are read by the Altiris Agent and their information is forwarded to Altiris Notification Server for potential follow-up action.
- Monitoring the status of WMI properties: Selected property values are polled regularly, and change information is sent to the Altiris server as soon as it is detected. No registered WMI event consumers are used.
The Altiris server allows automated actions for responding to monitored events. These automated actions can include the following:
- Logging each event in the NT event log
- Sending notification e-mails to system administrators
- Creating or editing help-desk tickets
- Launching any custom script or executable on the Altiris server
Support for future Dell hardware models
The Dell Client Manager is extensible in that it is designed to support Dell BIOS updates and system models as they become available. Through the Supported Models Manager, administrators can view which models are currently supported, or they can update the Dell Client Manager to include additional Dell client models as they are released (see Figure 9).
Managing Dell clients from a single console
The Dell Client Manager from Altiris offers a simple, robust tool for one-to-many management of Dell workstations, desktops, and notebooks. It bundles Dell OpenManage code and is designed to improve upon individual Dell OpenManage tools, such as DCCU, OMCI, OMCC, and ITA. A key advantage of the Dell Client Manager is its ability to bring Dell-specific functions and hardware properties into the comprehensive Altiris SOA. This approach enables a level of automation, control, and extensibility previously unavailable for Dell client hardware. The Dell Client Manager allows enterprise IT organizations to benefit from the capabilities of Dell OpenManage software while using the Altiris infrastructure—all from a single, easy-to-use console.
ALTIRIS NOTIFICATION SERVER COMMUNICATION ARCHITECTURE
Altiris Notification Server incorporates a pull agent model. By default, the Altiris Agent requests a policy update from Notification Server every hour. In production environments, this interval is typically extended to be every 6 to 12 hours, although it may be longer or shorter. During this update, the Altiris Agent asks Notification Server to determine which new policies are applicable to the system hosting the agent.
If at least one policy addition or modification exists, the agent downloads a new policy configuration XML file, which informs the Altiris Agent of what work it should perform. For example, the file may inform the agent that it should run a software inventory scan every 12 hours and a hardware inventory scan once a week; it should deny access to any unauthorized software programs (such as games or instant messengers) during the working hours of 8 A.M. to 5 P.M.; and it should download and execute the most recent Microsoft patches or Dell BIOS updates from the Altiris server immediately. The entire process of downloading the configuration policy typically generates less than 2 KB of traffic per agent.
Communication between the Altiris Agent and Altiris Notification Server fundamentally consists of XML files that are compressed and transferred via HTTP (port 80) or HTTPS (port 443). As inventory scans are performed or other agent events are triggered, that data is communicated to Notification Server as an XML file with an *.nse extension (Notification Server Event).
Note:
To download a trial version of the Dell Client Manager, visit www.altiris.com/eval/dell and select "Dell OpenManage Client Administrator 3.0" from the drop-down menu.
Reprinted from Dell Power Solutions, May 2006. Copyright © 2006 Dell Inc. All rights reserved.