N-central Deployment Best PracticesN-central Deployment Best Practices in a domain environment V4.0...
Transcript of N-central Deployment Best PracticesN-central Deployment Best Practices in a domain environment V4.0...
Sept 24 2014 N-central Author: Scott Parker
N-central Deployment Best Practices in a domain environment
V4.0
Deployment Best Practices in a domain environment .
2
Contents
Introduction - The Deployment Process ....................................................................................................... 3
Important Information regarding this document ......................................................................................... 3
Phase 1 – Customer Creation ........................................................................................................................ 4
Create the Customer in N-central ............................................................................................................. 4
Phase 2 – Readying the environment in a domain ....................................................................................... 4
Firewall Changes ....................................................................................................................................... 4
Group Policy Changes ............................................................................................................................... 4
DNS Server Changes .................................................................................................................................. 6
Network Equipment Changes ................................................................................................................... 6
Windows Server Preparation .................................................................................................................... 6
ESX and ESXi Host Preparation ................................................................................................................. 6
Preparing your OS X Workstations............................................................................................................ 7
Probe Admin Account Creation ................................................................................................................ 7
Phase 3 – Deploying your Probe ................................................................................................................... 7
Probe Hardware Requirements ................................................................................................................ 7
Downloading and Installing the Windows software Probe ...................................................................... 8
Phase 4 – Discovering the Environment in a Domain + Mac OSX ................................................................. 9
Discovery A - Workstations, Laptops, Servers, Printers, Switches/Routers + Mac OSX ........................... 9
“Other” Devices – Importing what was not auto-imported ................................................................... 11
Discovery B - ESX and ESXi Host Servers ................................................................................................. 12
Appendix A – Server SNMP configuration .................................................................................................. 13
Appendix B – Troubleshooting SNMP configuration .................................................................................. 15
Appendix C – What if I have a Workgroup environment or device? .......................................................... 16
Options for Workgroup environment deployment ................................................................................ 16
Management of a Windows Workgroup device ..................................................................................... 17
Appendix D – Mac OSX Device Onboarding (detailed) ............................................................................... 18
Automatic Onboarding Mac OSX Workstations with a local Windows Probe ........................................ 18
Manually Onboarding Mac OSX Workstations & Servers ....................................................................... 18
Troubleshooting the OSX Agent install ................................................................................................... 20
Appendix E – Probe troubleshooting and Admin password reset .............................................................. 21
Appendix F – Recommended process around deployment ........................................................................ 23
Deployment Best Practices in a domain environment .
3
Introduction - The Deployment Process N-central relies on Probes and agents to discover and manage your environments. We will be
downloading a software Probe from N-central, installing it on a server in the customer’s environment,
and then allowing it to discover your client’s IP based devices. Once discovered, Agents will be deployed
out to Windows based systems and we will be able to classify and import your non-windows based
hardware. Note that non-domain/workgroup environments require special steps detailed further on.
By following this document you will walk through the best practice process of:
Preparing your client’s domain based environment before deployment.
Deploying a software probe into your customer’s network.
Running environment discovery tasks using that probe.
Agent deployment for servers and workstations.
Application of probe based monitoring for network equipment.
Managing a Workgroup based environment.
Important Information regarding this document Section specific Warnings, Notes and Best Practices Tips should be understood before continuing with
your changes. Please be sure to read them carefully. This content is identified by the images below:
Deployment Best Practices in a domain environment .
4
Phase 1 – Customer Creation
Create the Customer in N-central
We will create a “Customer Level” in N-central to house the devices of your new customer.
From the Service Organization level (SO - the orange level) under the Actions menu, click on
“Add Customer/Site”.
Give the site a name (it must be different than the SO level and any other Customer).
Choose “Professional” as your license type (we can downgrade devices as needed later).
Choose the Ticketing system customer you wish to map to, if any (optional).
Put in your Domain credentials (domain\username) and Password (do not leave as “Inherit”).
Click “Save and Continue”. You will see the system switch to your new Customer level and a
Wizard tool as seen below. Continue to Phase 2, do not yet download the probe:
Phase 2 – Readying the environment in a domain Before deploying your first probe and running a discovery we will make the following changes to ensure
the client environment is ready for exploration. Best practices dictate making these changes more than
48 hours in advance of running your first discovery to allow them to propagate into the environment.
Firewall Changes There should be no changes necessary to your client’s firewall to allow for monitoring. The N-central
agents and probes will be sending minimal traffic over ports 443 (HTTPS), 80 (HTTP) and 22 (SSH). These
ports are usually readily available for outbound traffic in most environments.
Group Policy Changes
Without these changes, you will often find many devices are discovered as unclassified or “Other”.
Create a new GPO object, add the following changes, and deploy them to your environment. Note that
some of these paths may be slightly different in your own environment; use them as a guide to make
the necessary changes:
PATH – Windows Firewall: Computer Configuration \ Policies\ Administrative Templates \ Network \
Network Connections \ Windows Firewall
Deployment Best Practices in a domain environment .
5
Enable File/Print Sharing
Enable ICMP inbound echo requests
Enable Inbound Remote Administration
Example of the Windows Firewall location in Group Policy:
Examples of each Firewall setting to modify:
File and Print Sharing ICMP Inbound Echo Requests Inbound Remote Administration
If you require additional assistance with these GPO changes, please refer to this video which will walk
you through the process: https://www.dropbox.com/s/l434n4ibyc0ljvp/__Gpo-configuration-for-best-
practice-deployment-DNS-scavenging.mp4.
Please skip the section on DCOM permissions as they are no longer necessary.
Deployment Best Practices in a domain environment .
6
DNS Server Changes
Configure DNS Scavenging for stale records.
This setting will help ensure that environments using DHCP do
not detect duplicate devices based on multiple DNS entries for
the same device.
No-refresh and Refresh combined should be equal to or less
than your DHCP lease. For example, with an 8 day DHCP lease
set the No-refresh to 4, and the Refresh to 4.
While in your DNS server, choose to “Scavenge Now” to get the
process moving.
Network Equipment Changes
Ensure SNMP is enabled on all network devices and servers with community string of "public".
For devices, refer to your device documentation on how to accomplish this as it will be different
on each. Some devices require SNMP to be turned on in multiple locations such as
Administration and the LAN interface.
Note that you do not need to use “public”, however most devices will already default to that
string as will N-central. If you choose to change this you will need to be diligent in changing this
string when running your discoveries and on the individual devices in N-central on their
respective Properties tabs.
If you are planning to monitor SYSLOG you will want to point the Syslog output of your device at
the IP of the server that houses the local N-central Probe.
Windows Server Preparation
Install server management software on physical servers (Dell Open Manage, HP Insight Manager etc.)
Refer to your server documentation for details. You must be sure to install full suites; The Dell
Open Manage “Essentials” package, for instance, is not adequate.
Enable SNMP with a community get (or Read) string of “public”.
Refer to Appendix A – Server SNMP Configuration
Note that you do not need to use “public”, however most devices will already default to that
string as will N-central. If you choose to change this you will need to be diligent in changing this
string when running your discoveries and on the individual devices in N-central on their
respective Properties tabs.
ESX and ESXi Host Preparation You may wish to install the “offline bundle” for your ESX server. These bundles are available from your
server hardware vendor and will allow you to monitor items such as physical drives and RAID status on
Deployment Best Practices in a domain environment .
7
your ESX/I host. Assistance with this install including picking the correct bundle and loading the “vib”
files into your system may require you to approach your vendor for assistance.
Preparing your OS X Workstations
N-central 9.3 and above is capable of deploying Agents to your Mac OSX Workstations. In order to
accomplish this you will need to have a universal administrative account on every OSX device to
facilitate the Agent installation. You may want one account for your workstations and a separate
account for Servers.
You will want to choose a universal Admin account to add to all of one customer’s Mac OSX devices. If you
run a discovery with too many accounts included, each will be tried against all OS X devices, and will lock
the system because of too many failed access attempts.
Probe Admin Account Creation Create an account in the clients Active Directory that has full domain administrative privileges and a
password that never expires. We will give this account to the Windows Probe during installation to
allow for Agent install and a host of other functions.
The account name cannot be longer than 20 alphanumeric characters.
You may need to log into the server you wish to put your probe on with these credentials to allow the correct access for
probe setup.
If you need to reset this probe password you will typically choose to simply re-install the probe. The password cannot be
reset from within the N-central UI.
Phase 3 – Deploying your Probe We will download a software probe from N-central to a windows based server or VM in the client
environment and install it. The probe will give you the following abilities in the host network:
Facilitate discovery of IP based devices including workstations, servers, switches, printers etc.
Push software Agents out to Windows based workstations and servers.
Monitor devices that cannot have an agent installed (network gear, printers, etc.).
Assist in some forms of remote control.
Cache Patch data to the UNC path of your choice.
Collect log data from devices.
Probe Hardware Requirements There are no set requirements for the software probe aside from needing a Windows OS. It is highly
dependent on how many devices you plan to monitor and what type of monitoring will be performed.
Deployment Best Practices in a domain environment .
8
The probe itself is not a significant drain on resources, it is simply a Windows Service. Best practice
would dictate that you will be deploying to a piece of server hardware or a virtual machine that will not
be shut down, and that is not already overburdened with traffic and processing requirements. It is
recommended you avoid SQL or Exchange servers in favor of File or Print type servers which will likely
have more resources available on a consistent basis. If the environment is smaller in size and the only
option is an SBS server, this will be more than adequate for your probe.
Downloading and Installing the Windows software Probe
To download the probe, drop down to the appropriate Customer level in N-central and select
“Download Agent/Probe Software” from the Actions menu (see below). It is critical that you take
software from the Customer/Site Specific Software section only. This applies for all Windows based
devices.
You will be able to tell you have taken the proper file if it is prefixed with the client’s ID number from N-
central. Ex: 101WindowsAgent.exe (good) vs WindowsAgent.exe (bad).
Run through the install on the client’s server with the following configuration which will be applicable in
most cases:
Do not configure a proxy unless required, click Next
Do not enable the AMT data store, click Next
Provide the previously created Admin credentials when requested.
o The domain field should not typically contain “.com”, “.local” etc. You should only need
to provide the domain name (ie: ESABanking)
o If the system requests to grant “Login as a Service” please allow this access.
Do not provide a Discovery IP Range. We will do this from within N-central after the probe is
installed. Click Next.
The installation will continue. You will observe a progress bar that will pause at 0% for several seconds
before progressing rapidly to completion. Once the probe is installed you can exit the server and return
Deployment Best Practices in a domain environment .
9
to N-central to continue. You will see under All Devices that the Probe has appeared and it has begun
the process of installing an Agent on itself. This process will take a few minutes and should not prevent
you from now running a discovery.
If your probe is unable to communicate back with your N-central server you may not have adjusted your
NETWORK SETTINGS in the back end (port 10000) of your on-premises installation.
Phase 4 – Discovering the Environment in a Domain + Mac OSX Once phase 3 is completed we will begin to run a few discovery jobs that target specific types of devices.
Discovery A - Workstations, Laptops, Servers, Printers, Switches/Routers + Mac OSX
All of the Windows based devices, OSX Workstations and SNMP based devices that can be identified will
be pulled in automatically and agents will be deployed to them if applicable. The GPO and SNMP
changes we executed in Phase 2 will assist in making this process a smooth one for you. Discovery can
take anywhere between 15 minutes and several hours depending on the size of the environment and
the IP range(s) chosen.
1. We will start on the Devices to Discover tab.
2. Give the Discovery a Name you will recognize such as “First Discovery”.
3. Add an IP Range to scan following the example format (192.168.1.1-254).
4. Add the admin credentials you may have for your Mac OS X devices so that we have access to
deploy Agents to them:
Deployment Best Practices in a domain environment .
10
5. On the Auto Import tab we will choose to import Servers-Windows, Servers-Generic,
Workstations-Windows, Workstations-OS X, Laptop-Windows, Printers and Switch/Routers if all
of those types apply to your needs. For now we will exclude the other types as they often
include things you will not want to import such as VOIP phones, security cameras, and anything
on your wireless infrastructure etc.
6. On the Advanced Settings tab we will turn on SNMP with the Community (Read Only) string you
have chosen for that environment (typically “public” is default). Only one String per discovery is
possible.
7. We do not need to adjust the Virtualization Settings or Schedule at this time.
Deployment Best Practices in a domain environment .
11
8. Click FINISH at the bottom of the page to run your discovery. Anything that can be identified
through WMI or SNMP will be imported to your ALL DEVICES view in N-central.
Mac OSX Workstations: These devices should automatically receive an Agent and import along
with your Windows devices if they are detected by the probe and you have credentials in place.
If they do not import, see Appendix D – Mac OSX Device Onboarding (detailed).
Max OSX Servers: These will not auto import with a Mac agent installed. They will be classified
as Servers – Generic. See Appendix D – Max OSX Device Onboarding (detailed) to install the
Agent and apply monitoring.
“Other” Devices – Importing what was not auto-imported
Under Actions > Add/Import Devices you will see a list of “Other" devices growing. We will deal with
them in the following fashion:
a. Some ESX boxes may be discovered as “Other”, so be sure to avoid importing them for
now. At this point you can check them off and Delete them. We will re-discover them
properly soon.
b. The remainders are devices that couldn't be identified such as Linux/Unix boxes without
SNMP turned on, Macintosh systems where your credentials did not work, Workgroup
PC’s and miscellaneous devices that you may have no intention of monitoring such as
VOIP handsets. By default these devices will get the Connectivity service only (a ping
test from the probe to the device to ensure it is still active) and will have no Asset
details.
You will need to work through these unknown “Other” devices to identify and classify them properly if
they are needed, as well as applying the appropriate Service Templates for monitoring in some cases.
Hint: Trying to remote control one of these devices via the Web option (try both HTTP and
HTTPS) and see if a web based front end comes up that may indicate the device type. Web
remote control can be found under the device once it’s imported, under the REMOTE CONTROL
tab.
Workgroup PC’s: You will need to manually apply an Agent to these devices. Take the agent file
from the Customer level, under “Download Agent/Probe Software” under the section titled
“Customer/Site Specific Software. (See Appendix B – What if I have a Workgroup environment
or device?)
Devices without SNMP enabled properly may also come in as “Other”: You will commonly see
this issue on switches and routers which will appear with no asset information etc. and nothing
more than Connectivity applied. Many of these devices need SNMP turned on in the
Administration section AND the local LAN settings. To troubleshoot these issues please refer to
Appendix B – Troubleshooting SNMP.
Deployment Best Practices in a domain environment .
12
Discovery B - ESX and ESXi Host Servers
We will run a second discovery task to specifically target ESX and ESXi boxes and perform a full
virtualization discovery on those with an included root credential.
Do the discovery by pointing directly at the IP of the ESX(i) box and enabling a “Virtualization discovery”
by checking the appropriate box under the Virtualization Settings box. Your root account will be
required. Import these devices one by one and ensure the ESX(i) templates are (re)applied.
Note that the account the system will ask you to include should be your ROOT account and password.
We will communicate through your VMware CIM ports to pull ESX status and information during the
discovery. See the next image for an example:
Your discovery is now completed! You should proceed to review and clean up any residual services etc.
that need attention including any Active issues or Misconfigured items.
Deployment Best Practices in a domain environment .
13
Appendix A – Server SNMP configuration Included with N-central are various hardware monitoring templates for Dell, HP, IBM and Intel servers.
In order to leverage these templates there are a number of steps that must be performed on the
servers:
1. Add the SNMP Features on the windows server.
2. Configure the windows SNMP service.
3. Install third-party server management software (Dell Openmanage, HP Insite manager).
4. Discover the server using a Windows Probe.
5. Apply hardware specific Service Templates in N-central to the device (Dell Server etc.).
Step 1: Add the Windows SNMP feature on the server
1. In Windows, click Start > Control Panel.
2. Click one of the following:
Add or Remove Programs - for Windows XP or Windows 2003
Programs and Features - for Windows 7, Windows Vista, or Windows 2008+
3. Click one of the following:
Add/Remove Windows Components - for Windows XP or Windows 2003
Turn Windows features on or off - for Windows 7, Windows Vista, or Windows 2008+
4. Select Simple Network Management Protocol (SNMP).
Note: For Windows XP and Windows 2003, this is a sub-component of the Management and
Monitoring Tools component.
5. Click one of the following:
Next - for Windows XP or Windows 2003
OK - for Windows 7, Windows Vista, or Windows 2008+
The Windows SNMP software will be installed.
Step 2: Configure the SNMP Windows service
1. In Windows, click Start > Control Panel > Administrative Tools > Computer Management.
2. In the Computer Management application, click Services and Applications > Services.
3. Double-click SNMP Service.
Deployment Best Practices in a domain environment .
14
4. Select the Security tab (if you have just installed SNMP this may not be visible until a reboot occurs).
5. Under Accepted community names, click Add.
6. In the Community rights drop-down list, select READ ONLY.
7. Type a Community Name (for example, “public”).
8. Click Add.
9. Select Accept SNMP Packets from any host and click OK
10. Quit the Computer Management application.
Step 3: Install third-party server management software Refer to your product documentation to install your management software such as Dell Open Manage,
HP Insite Manager etc. Vendors we support with regards to monitoring in this fashion are Dell, HP, IBM
and Intel.
Best Practices Tip: Restart the SNMP service on the server to ensure a proper handshake with the management software.
Step 4: Discover the server using a Windows Probe
Refer to Phase 4 – Discovering the environment in a domain for running a probe discovery. If you are
turning on SNMP as part of your pre-deployment steps, these servers can be discovered as part of that
process. If you had missed this step, and are looking to enable SNMP server monitoring for one device,
simply run a discovery against this one device once it is properly configured. The device should now
appear in the ALL DEVICES view. If not, find it under Actions > ADD/IMPORT DEVICES and import it
(Note: do not click “map” during the import process).
Step 5: Apply Service Templates in N-central to the device
1. On the device in N-central, click on the Service Templates tab.
2. Click on the template you want to Re-apply (for example Dell Servers) or if it is not visible, click
APPLY NEW SERVICE TEMPLATE and locate the template for your server manufacturer and apply it.
3. Check under the Status tab and watch as the newly added services appear, gather data (grey circle)
and then ultimately check in (green checkmark).
Deployment Best Practices in a domain environment .
15
Appendix B – Troubleshooting SNMP configuration To troubleshoot SNMP monitoring that is misconfigured or otherwise non-functional, try these steps:
1. Verify you have enabled SNMP on the hardware with a “GET” / “READ ONLY” community string of 'public'.
a. Note that some hardware has multiple places to enable this. 2. Verify that the devices are able to accept SNMP requests from "ALL" sources rather than specific
IPs. (for troubleshooting purposes. If you want to lock it down later, you can). 3. Ensure you have enabled SNMP on the Properties tab of the device in N-central with the above
community string populated. This is case sensitive. 4. Make sure the appropriate device class is chosen on the Properties tab. Server - Windows or
Switch/Router etc. 5. Re-discover the device by running a discovery with the SNMP string populated with the
community string. 6. Re-apply the Service Templates that may include:
a. NETWORK for switches for Network Devices. b. Network and CISCO ASA/PIX for Cisco Firewalls, SonicWall for Sonicwalls etc for
Routers/Firewalls. c. Dell, IBM or Intel Server hardware monitoring.
If that doesn't pull the data you need then you probably have typically not got SNMP configured on the device quite right, or the probe can't reach the device properly. If this is the case get an application like the free MIB BROWSER from iReasoning, install it on the probe server, point it at the SNMP enabled network device by IP and choose to 'walk' the device. It should show a collection of OIDs. If it does not, SNMP is not properly configured. It's also possible this is not a device that supports much in the way of detail when it comes to SNMP. A search in google for its "MIB" file or "OID" list will confirm that, as well will other peoples experience with monitoring it. Tier 1 devices such as Cisco or Sonicwall, Procurve switches etc. should work without issue.
Deployment Best Practices in a domain environment .
16
Appendix C – What if I have a Workgroup environment or device? Without the advantage of an administrator password and an environment governed by group policy we
will not have success with a discovery and auto-deployment of Software Agents. We will need to
employ some manual tactics for Agent deployment.
Options for Workgroup environment deployment Best practice in these environments is to simply take the customer specific Agent file from the Customer
level under “Download Agent and Probe Software” and install it manually on the end users system.
This includes windows workstations, laptops and servers.
You will be able to tell you have taken the proper file if it is prefixed with the client’s Customer Number
from N-central. Ex: 101WindowsAgent.exe (good) vs WindowsAgent.exe (bad)
You WILL need .NET4 installed on your systems prior to your agent install. We have provided links to the
64 and 32 bit installers in the Download Agent/Probe Software section of N-central for your convenience.
Best Practices Tip: It is recommended every client environment have an N-central probe. In a small workgroup this may mean adding a dedicated Windows OS based appliance to host it or designating one workstation to remain on and run the probe service 24x7.
Many customers remote into each PC individually to install or put the Agent on a website, USB stick or
network share for their IT staff to draw from and install. You may also log in to N-central and pull the
Agent directly from the UI. Another option is to RIGHT-CLICK the Agent link and send that directly to
your clients; the link will download the correct customer Agent and start the install when clicked
without the need of an account on the N-central server.
Once the agent has run its installation it will appear in the All DEVICES view and will now be checking in
directly with N-central. If it does not, check under the ADD/IMPORT DEVICES section from the N-central
ACTIONS menu for the device and import it.
Deployment Best Practices in a domain environment .
17
Management of a Windows Workgroup device
Best practice on a device that is not part of a domain is to create a local administrator account and to
add those credentials on to the Properties tab of the device in N-central. This will allow you to execute
scripts and other management tasks.
If this action is not taken, the N-central Agent will attempt to execute scripts and software pushes as the
locally logged in account which may offer mixed results.
If you decide to create a universal admin account for all Workgroup PC’s you can propagate this too all
devices in a Customer environment by doing the following:
1. Head under the Customer Level (green by default) under Administration > Defaults > Appliance
Details.
2. Choose the Credentials tab.
3. Enter the admin credentials you have added to all PCs and check the options to Propagate.
4. Save to push these credentials to all devices in this customer.
Deployment Best Practices in a domain environment .
18
Appendix D – Mac OSX Device Onboarding (detailed) Mac OSX Workstations and Servers can be monitored with N-central for CPU, Disk, Memory, Agent Status, Processes and Logs. In this Appendix we will detail OSX Workstation automated onboarding, as well as the manual onboarding process for an OSX Server. The manual process can be used for workstations as well if the automatic Agent deployment is not applicable/successful.
Mac OSX Workstations alone can be auto-imported and on-boarded. Servers MUST be done using be manual process.
Automatic Onboarding Mac OSX Workstations with a local Windows Probe
If you have the ability to install a Windows Probe in the Customer environment you should be able to
automatically detect and onboard the Mac OSX Workstations that it discovers.
1. Run the Discovery Job as explained in Phase 4 - Discovering the Environment in a Domain + Mac OSX, and be sure to include your Mac admin credentials.
2. Mac OSX Workstations should automatically receive Agents and appear in the All Devices View with proper monitoring.
You may need to adjust the DISK monitoring service to include the appropriate Logical Drive name (found under the Asset tab, typically / for the main drive). Once adjusted, Disable and Enable the service to pull new data based on your change or wait for the monitor to right itself (up to 4 hours).
Manually Onboarding Mac OSX Workstations & Servers
If you do not have a Windows Probe available in the Customer environment, or lack Admin accounts on your Mac devices you will need to install your Agents manually.
1. From the Service Organization level (orange by default) in N-central under Download Agent/Probe Software > System Software, download the generic Mac OS X Agent or right-click and send the link to your end user.
2. Install the Agent on the destination device. It will ask for you to populate one of several things
that can identify what N-central Customer the Agent should communicate with. We will provide the CUSTOMER ID (known as Access Code in N-central under the SO Level (orange by default) > Administration > Customers/Sites). See below:
Deployment Best Practices in a domain environment .
19
3. We will also populate the Server address of our N-central server. No other fields should be
adjusted or filled in to complete the install:
4. When the Agent installation completes the device will either appear under your Customer’s All Devices view, or will be awaiting import from the Customer’s Actions > Add/Import Devices section waiting for you to Import it to the All Devices view.
Workstations will be classified as Workstations – OS X, Servers however will be classified as Server – Generic. You also may need to set the Operating System on Servers to an Apple Mac OS X version on the Properties tab of the device OR in the Import screen as you see fit.
5. A workstation should import and have its Workstation – OS X Service Template apply
automatically, providing the proper monitoring. Servers however do not have a pre-built template so you may wish to manually apply CPU, DISK, Memory, Process or Log monitoring as you see fit.
Best Practices Tip: It is recommended you create a Service Template of these manually added items for future use on OSX “Servers-Generic” devices. Check off the Services you have added (with the exception of Agent Status, it is not required) and click “Create Service Template”. On future OSX Servers-Generic classified devices you can
Deployment Best Practices in a domain environment .
20
Troubleshooting the OSX Agent install
To confirm the Agent is up and running you can run the following command on the Macintosh workstation: launchctl list | grep com.n-able.agent.macos10_4ppc If agent is running it will show it’s PID (left hand side of the output), otherwise it will show “-”. In following screenshot you can see that agent is running while agent log rotate service is not:
Deployment Best Practices in a domain environment .
21
Appendix E – Probe troubleshooting and Admin password reset If you encounter issues with your probe, or need to change the hard coded credentials that were
deployed with it, please review the following:
o Ensure the Windows Software Probe service is installed and running. It may simply need to
be restarted.
o As discussed, it is recommended you create a Domain Administrator account for the probe
to use, with a complex password that will not expire. If however the password does expire,
or an upgrade does not complete successfully you will see the probe fail due to credential
issues. You can reset the password and account the probe is using by following these steps:
Log on to the server or device that hosts your probe. Run the Windows application services.msc on the probe device to view system
services. Stop the N-central Probe services:
- Windows Software Probe Maintenance service. - Windows Software Probe service. - Windows Software Probe Syslog service.
Open the Properties of the Windows Software Probe service by right clicking the service.
Select the Log On tab. Enter the new Domain Administrator credentials. Click Apply. Select the General tab. Enter the following in the Start Parameters field:
username=yourDomain\User Password=Yourpa$$word
Select the Start button. Re-start the other Windows Software Probe services.
Deployment Best Practices in a domain environment .
22
o If you decide to re-install the probe, you may simply manually install the appropriate
customer specific Probe directly over top of the existing one on the customer’s server. The
first time you launch the installer it will remove the existing probe. You will commonly need
to run it a second time to install a new probe service.
o If you choose to install the probe on a different system, DO NOT DELETE THE EXISTING
PROBE IN N-CENTRAL until you have performed a Task Transfer in the Administration >
Probes section of the N-central UI to move the requirements of the one probe to the new
device.
Best Practices Tip: Every environment (including workgroups) should have an N-central Probe. They facilitate agent deployment, patch management, device discovery and act as a source for the monitoring of network devices. If you have an environment without a server, consider building a small box running Windows 7 to place into the environment to run your probe. Alternatively, designate a PC in the environment to stay on permanently and run the probe.
Deployment Best Practices in a domain environment .
23
Appendix F – Recommended process around deployment You should plan to develop process around deployment within your own organization to ensure continued conformity and to maintain a clean manageable monitoring environment. Below is a framework of suggested process for your consideration and adoption.
1. Follow Discovery Best Practices, and do the pre-deployment steps fully including the suggested 3 group policy changes (Enable ICMP, Remote Administration and File/Print Sharing) as well as DNS scavenging set up.
a) An ounce of prevention saves a pound of cure later on. Even if the environment doesn’t need these changes, they won't hurt. For the environment that does, it can considerable time.
2. Do deploy a probe whenever possible. It has value with regards to continued scanning of the environment for new devices, it provides the ability to push agents, and it gives the ability to monitor syslog and SNMP and will soon be needed for patching.
3. Fully complete your onboardings. Be sure to check if you have brought in all devices you are contractually obligated to manage. Be sure that you have applied Dell/HP/IBM/Intel templates as needed for servers with hardware management software installed.
4. Ignore all extra devices from ADD/IMPORT devices (excluding DHCP ranges, we can’t ignore those as the devices may change, simply delete these found items.)
a) This will avoid you having to sort through them later as new things are discovered. 5. Set up a Recurring Discovery for the Customer environment that does not auto-import. Review
weekly from the Service Organization level (orange) under ADD/IMPORT DEVICES and Import, Ignore or Delete items as needed. Be sure to clear this list weekly.
6. Check all servers that were imported, be sure that items that do not need to be monitored for Exchange, AD, DNS etc. are DISABLED (not deleted).
7. Ensure Credentials are populated for all devices (Administration > Defaults > Appliance Settings > Credentials) and Propagated.
8. Clear Active Issues of Failed/Warning that are not relevant by adjusting thresholds or disabling services.
9. Clear Active Issues of Misconfigured/Stale alerts. Engage N-able if you are unable to resolve.