Video Screencast Help

Why New Version 7 “Altiris Client Management Suite ” from Symantec, Change the Game Rules for Software Delivery?

Created: 07 Dec 2009 • Updated: 26 Mar 2010 | 10 comments
Language Translations
Pascal KOTTE's picture
+4 4 Votes
Login to vote

Software Managed Compliance - vs - Package delivery

FR-flag.JPG You will find a french version at this place - Veuillez trouver une version française ici: http://www.bemore.ch/marketing/pdfs/Altiris_CMS7_Newdelivery_Kotte_091116.pdf or here: https://docs.google.com/Doc?docid=0ARVPHy_8ksimZGd3OTIzMmJfOTM0aGN0Z243Z3E&hl=fr You can get problem to see images, because outside linked to Google docs: You must trust "symantec.com" and "docs.google.com", if you still get problem to see images: just go directly the Google version in there: https://docs.google.com/Doc?docid=0ARVPHy_8ksimZGd3OTIzMmJfOTQwZGs0eDV0Z24&hl=en

From my point of view: I identify currently 4 feature levels for computers software delivery:

  • Stage 0 « Mono manual » : install each PC manually, with a remote control option to avoid kilometers… This model is still a lot used currently, because before be able to stage next level, you must "packaging" all the software applications.
  • Stage 1 « Multi manual » : With a silent install package, we can use a tool to deploy multiple PC in a single operation. (That is the « Altiris Deployment Solution » DS 6.9)
  • Stage 2 « Static Policy » : A policy associated a static ‘collection’ (a group). Adding a PC in this group, just launch the single "one shot" deploy.
  • Stage 3  « Dynamic Policy » : A policy "choose" computers based predefined attributes: E.g. from inventory result, detecting existing or missing installed software. The policy can replay automatically the deploy (e.g. after a crash disk)

Manual

Static Policy” (one shot)

Dynamic Policy” (from Server side)

But, what we only need: That is associate a software to a predefined list of computers, or all. The automation tool should be able to detect, install, update, or repair, when it is necessary, and only report when we got a failure (creating a Help desk ticket or an email).

  • That is the Stage 4 « Managed Policy » : In CMS7, the server does not decide any more what to do or not on each client. It gives the Software listing & associated rules to the computers. So each computer can verify himself, if the detected installation is compliant, or missing, or need to be updated. If necessary, the client download what necessary from a secured place and will run the remediation for compliance (install, repair, install additional required software, update, etc...).

The secure DSL (Definitive Software Library) host: - Detection rules updated from the packages import - Dependencies or updating rules

The PC client can run the check alone: - If all "active" software are correctly there, with the good version, etc…

If necessary, the PC download the package from the secure place (DSL), for installing, repairing, configuring, removing, any required operations.

« Software Compliance »

 

 Bonus: you can also activate the "redirect to Virtual layer" option, if you deploy the SVS agent (Virtual Software, now integrated with CMS7). Be care not all packages will support without some tuning.

Basic operations

Step 1: you import Packages:

Best are MSI or VSA packages, because you already got main basic information: Install/repair/remove commands:
You can complete or edit.
You get also the basic detection rule, you can extend:
For MSI only, VSA package are not "detected" ? Some improvements still required ;-) For SVS, we will see they are all version sharing the same MSI code :-( So I will create an additional article to explain how to extend detection rules, as soon as I can :-)

Step 2: You update rules:

Like dependencies and supersedes:
File Inventory relations: (be care the sample screen below is not related the SVS agent above, this is a sample for Altiris NS agent)

Step 3: You act:

  • Add to an inventory policy, report or create a "dynamic filter collection",
  • Quick deploy (single shot task), to manually assigned computers,
  • Add to a software compliance check list (managed delivery) on a "targeted computers collection",
  • Block any execution on all clients, etc...
 
Not such easy as it seems to be in there, but really great because innovating & change to a true ITIL perspective of Software catalog management instead of "package deploying".
 
Enjoy life in CMS 7 ;-) Vote My Post if you like it - I provide a PPT version to help presentation your side.

Comments 10 CommentsJump to latest comment

JeffDG's picture

The compliance and detection policies of the SM Framework are a huge change in thinking from V6 to V7, one that I'm having trouble communicating to our SW packagers sometimes.

Before, we needed to execute custom inventories, build collections on the servers based on the data returned, then later execute tasks based on that information.  Now I can achieve the same with the Managed SW delivery, resuling in both decreased development time and decreased deployment time (it takes a while for the custom inventory data to flow back up and trigger the task).

+1
Login to vote
Pascal KOTTE's picture

Hello, thanks a lot for your feedback, it helps me to provide more stuff.
I add a PPT version to help use for presentations. Great 2010 using Altiris CMS7 all ;-)

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

+1
Login to vote
hubert.clement's picture

Wouah, find.

I see that Pascal have great knowledge from Altiris solutions.

Many thanks and kind regards,
Hubert

+1
Login to vote
Pascal KOTTE's picture

see also the article from Joel:

Symantec Software Management 7.0 Best Practices
https://www-secure.symantec.com/connect/articles/symantec-software-management-70-best-practices
Very complete ;-)

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

+1
Login to vote
dlopes's picture

Any chances you have that presentation in English, i know absolut 0 french ;)

very usefull article.
Thanks

Daniel Lopes de Oliveira
Technical Team Leader - Endpoint Management & Mobility

0
Login to vote
Pascal KOTTE's picture

Hello Daniel,
I only write the 1st § with the link in french version, the version in there is in EN, infact ;-) except some screens part.

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

0
Login to vote
dlopes's picture

Pascal,

I mean the slide notes, those seems a great way to get the slides explained, and it looks like its all there, except its in french ;)

Daniel Lopes de Oliveira
Technical Team Leader - Endpoint Management & Mobility

0
Login to vote
Pascal KOTTE's picture

Sorry missunderstood, I was thinking you read only the 1st line. It is a good point, I will add another version in english as soon as I can. Best regards.

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

+1
Login to vote