Scope of Management

Overview  

After completing the installation of the summary server, the network administrator must define the Scope of Management. SoM policy refers to the list of computers that are to be managed in the network. They can be added via active directory, workgroup or any other directory service.

We can split the Scope of Management Policy into two views:

  • Summary Server Admin View.
  • Probe Administrator View.

Summary Server Administrator View :

As the summary server administrator, you can monitor the status of all the probes of the network, including all the devices linked to the probes. You can also create domains/workgroups and configure agent settings. The changes made in the Summary Server Admin scope will apply to all probes of the network.

Some of the functionalities that can be configured by the Summary Server Administrator:

  • Add domain.
  • Configure agent settings. 

Steps to add a domain:

  1. Login to Endpoint Central as summary server administrator and select 'All probes' scope.
  2. Go to Admin -> Scope of Management -> Domain
  3. Click on Add Domain.
  4. Fill in the domain name, network type and credentials of the domain.  

Steps to configure credentials in a specific probe after adding a domain as Summary server Admin:

  1.  Login to Endpoint Central as probe administrator.
  2.  Navigate to Admin ->Scope of Management -> Domain. 
  3. When the domain details are added to the summary server or a probe server, the details are also passed to the other probe servers. However, if the domain controller is not reachable, the credentials have to be entered manually.

     

  4. Enter domain username and password.

     

  5. Click Update Domain Details.

You have successfully created and configured credentials for a domain. 

Configure Agent Settings 

Endpoint Central's agent is a light-weight, non-intrusive application that resides on the computers that need to be managed. The agent settings can be configured in the Summary Server admin view. The configured settings will apply to all the probes and from there they are sent to all agents of the network.  

Agent General Settings 

  1. Login as Summary Server Administrator.
  2. Navigate to Admin -> Scope of Management Settings -> Agent Settings.
  3. The General Settings tab is selected by default. You can specify the following from here:
    1. Server IP Address: The IP Address of the computer where Endpoint Central server is installed is displayed here.  The agents residing in the client computers communicate to the Endpoint Central server using this IP Address. Endpoint Central automatically detects the server IP Address whenever Endpoint Central Server is started. If you wish to automatically detect and save the IP Address, select the Automatically detect and save the IP Address change option.  You can also enter the DNS name of the Server.
      1. Enable Secured Communication: Select this option, if the communication between the Agent and the Endpoint Central Server should be secured (HTTPS)

      2. Enable Checksum Validation: Select this option to verify the patch/software binaries downloaded from Endpoint Central server using the Checksum Validation (md5 algorithm)". If the checksum fails, then the installation will be aborted.

      3. Restrict Users from Uninstalling Agents from Control Panel: Selecting this option will ensure that users do not uninstall the Endpoint Central Agents from their computer.

      4. Restricting Users from Stopping Endpoint Central Agent service: Choosing this option will restrict the users from manually stopping the Endpoint Central agent service.  However, administrator can stop the Endpoint Central agent service by following the steps mentioned below:
        1. Click Tools on Endpoint Central server
        2. Choose System Manager
        3. Select the computer, on which you wanted to stop the service and click Manage
        4. Select the service "ManageEngine Endpoint Central - Agent", under Services tab
        5. Under Actions, click stop to stop the service.  
      5. Perform Patch Scanning: Select this option if patch scanning has to be initiated immediately after the agent installation. If this option is not selected, patch scanning will only happen when it is scheduled or when On Demand scanning is initiated.
      6. Perform Inventory Scanning: Select this option if Inventory Scanning has to be initiated immediately after the agent installation.  If this option is not selected, Inventory Scanning will only happen when it is scheduled or when On Demand scanning is initiated.
      7. Enable Firewall Settings : Endpoint Central requires the Windows Firewall running in the client computers to be configured for using all its features. Select this option to configure the firewall for enabling Remote Administration, DCOM, File and Printer Sharing, and Simple File Sharing in Windows XP.
      8. Enable Wake On LAN Settings: Select this option to enable wake on LAN feature in client computers to turn the computer on before deploying important configurations. 
  4. Click Save Changes. 

Agent Tray Icon Settings  

Endpoint Central provides an option to display the Agent Icon in the System Tray of all the managed computers. The users can perform the following actions using the system tray:

  1. Initiate Patch Scanning
  2. Initiate Inventory Scanning
  3. Pull and apply configurations that are available to them
  4. Self-Service Portal
  5. Launch ServiceDesk Plus
  6. Send requests to Help Desk for specific needs.
  7. When User Logon Reports is enabled, the user will be able to view his/her login history.

To configure the Tray icon settings, follow the steps below: 

  1. Navigate to Admin->Agent Settings under SoM Settings.
  2. Select the Agent Tray Icon tab and specify whether to display the icon in the system tray of the managed computers. When choosing this option, you can choose the following:
    1. Show Patch, Inventory, and Configuration Menu
    2. Show Last Logon Details
    3. Show Information Balloons While Processing Configurations, Patch Scanning and Inventory Scanning
  1. Click Save Changes. 

 Probe Administrator View     

To ensure a smooth workflow, all the functionalities have to be configured at every specific probe as different probes may have different requirements. The functionalities that can be performed by the probe administrator :  

Add Computers

To add computers, follow the steps given below:

  1. Login as probe administrator and choose to probe for which remote office is to be configured.
  2. Click the Admin tab.
  3. Under SoM Settings, click on Scope of Management.
  4. Click Add Computers.
  5. The Add Computers page will have the list of discovered domains and Workgroups.
  6. When no domains are discovered, use the Add Domain button and specify the credentials to add the domain/workgroup. Once the domain is added, all the computers belonging to the domain will be listed.
  1. Another way of adding domain/workgroup would be -
    • Navigate to the Admin tab --> Global Settings -->Domain --> Add Domain and specify the credentials of the domain/workgroup.
    • Click Add computers against a specific domain or workgroup under the Actions column for adding computers.
  1. Before adding the computers from the discovered domains, you need to specify the credentials that have administrative privileges in all the computers that are being managed by Endpoint Central. To specify the credentials, follow the steps given below:
    • Click Edit against a specific domain or workgroup.
    • Select either of the following network types:
      • Active directory: Specify a domain user who has administrative privileges in all the computers that are managed using Endpoint Central. Enter the domain name as specified in the Active Directory and the name of the domain controller.
      • Workgroup: Specify a local username and password with administrative privileges in all the computers that are managed by Endpoint Central.
      • Click Update Domain Details.
  1. Select the computers that you want to manage using Endpoint Central and click Next.
  2. Note: Alternatively, you can specify the names of computers and add them manually. All computers get added to the Selected Computers list.
  3. Click on Install agents to install the Endpoint Central agent in the selected computers immediately.
  4. Note: If you do not wish to install immediately, click on 'Add to SoM' and the computers would just be added. You will have to install the agents later.

You have added computers to manage using Endpoint Central.

Configure Remote Offices

There are two types of remote offices that you can create to manage using Endpoint Central. They are as follows:

  • Remote office with a distribution server
  • Remote office with WAN agents only

To add the details of the remote offices, follow the steps below:

    1. Login as probe administrator and choose to probe for which remote office is to be configured.
    2. Click the Admin tab.
    3. Under SoM Settings, click on Scope of Management.
    4. Click the Remote offices tab.
    5. Note: You will see a remote office called Local Office in the list of remote offices. This refers to the computer in the Local Area Network (LAN) where Endpoint Central server is installed.
    6. Click Add Remote Officeand enter the following details:
      1. Name of the remote office.
      2. Note: The IP address is already entered. If there is a secondary IP address which the remote office will use to communicate with the Endpoint Central server, enter this IP address in the IP address field.
      3. Communication Details:
        1. Type of communication: Through a distribution server or directly through WAN agents.
        2. Details of the distribution server, if required:
          • Name of the domain NetBios: This refers to the domain name of the computer where the distribution server will be installed. For example, if the computer where you are going to install the distribution server belongs to the companyname.com domain, specify the domain NetBios name as companyname.
          • Name of the computer in which the distribution server will be installed.
          • IP address of the computer in which the distribution server will be installed.
          • HTTP and HTTPS ports for communication: The default ports are already specified. If you want to use ports that are different from the default ports, change the existing port numbers.
        3. Replication policy: Replication policy contains details of Data Transfer Rate and details of Replication interval which is the interval at which the distribution server synchronizes its repositories with those in the Endpoint Central server.
          • An existing replication policy can be selected and modified, or a new policy can be created. Using replication policy, bandwidth consumption can be controlled.
        4. Details required for the distribution server or the WAN agents to communicate with the Endpoint Central server:
          • Communication through a secure connection
          • Proxy information
        5. Remote Control Settings: The Compression and Color Quality can be specified for better UI rendering and optimizing bandwidth consumption.
        6. OS Deployment Settings can be enabled to deploy OS in remote office.
        7. Remote Agent Installation: Domain credentials are given and automatic agent installation can be specified.
        8. Managed Computers: Click Add Computers to select the computer you want to manage.

You have added a remote office. Follow steps 4 and 5 to add more remote offices.

Configure IP Scope

Configure IP scope to assign the remote office that will handle the roaming user automatically. When a roaming user enters the network of a certain remote office, the remote office begins managing the user. This is accomplished by changing the IP address. You can configure a default remote office to handle a roaming user if the person moves around the world.

Steps to define IP Scope:

  1. Login as probe administrator and choose to probe for which IP Scope is to be configured.
  2. Click the Admin tab.
  3. Under SoM Settings, click on Scope of Management.
  4. Under SoM, Click the IP Scope tab.
  5. Click Add Scope.
  6. In the Select Remote Office list, select the required remote office name.
  7. Select either of the following types of IP Scope:
    1. IP Address Range: Enter the start and end IP addresses.
    2. Subnet: Enter the subnet mask and subnet IP address.
  8. Click Save.

Agent Management

Endpoint Central Agents have to be installed in the probe administrator view and Endpoint Central has the flexibility to install agents through several ways:

  • Installing Agents from Endpoint Central Console
  • Installing Agents Using Windows GPO (only for Windows)
  • Installing Agents Manually
  • Installing Agents using SOM Policy
  • Installing Agents using SCCM
  • Retry Agent Installation
  • Uninstalling Agents

 

for further information, refer this link