BMC Client Management Community Blog

BCM Tools (How to add Devices to Inventory Manually)

Posted by on Feb 21, 2017 in FPAC | Comments Off on BCM Tools (How to add Devices to Inventory Manually)

BCM Tools (How to add Devices to Inventory Manually)

Did you know that BMC Client Management has the ability to add devices running a Windows, Mac OS x or Linux OS as an “Unconnected” device? This feature allows the Enterprise to add devices in isolated environments such as “Sandboxed”, “No Network Connection”, “Highly Secured” among others. This is a sample use case:

Company A has a DEV environment which is totally isolated from the production network and due to security concerns they are not allowed to open the firewall up between these two networks. Company A needs to be able to account for their time, efforts and change control requests using their ITSM solution and CMDB. BCM can collect both Hardware and/or Software inventory of these computer objects using a batch file run locally on the device. Below are the instructions along with screen captures to better understand this concept.

Remote Inventory Collection via USB

Unconnected devices in BMC Client Management – Inventory are devices of your infrastructure that are never connected to the network. However, CM provides a possibility to inventory (hardware and software) these devices and include the generated inventories in the BCM database . The custom inventory for these devices can only be created directly in the CM console.

Unconnected devices are a specific type of unmanaged devices and are treated in the console as such, that is, in this topic the terms unmanaged and unconnected are treated as synonyms.

Step 1- Preparing for Inventorying Unconnected Devices

Before you can collect data from devices never connected to your organization’s network, you must prepare a USB key, via which the data collection is executed and which will transport the data to any other device of the network. For this, you need a USB key on which the tool provided by BMC Client Management – Inventory is installed. You can find it in the downloaded installation archive in the form of a .zip file under the directory tools/UnconnectedDevices .

  1. Go to directory tools/UnconnectedDevices of the downloaded installation archive.
  2. You will find one .zip file per operating system, that is, one for Mac OS, and one each for 32 and 64 bit Windows and 32 and 64-bit Linux. Select the zip file matching the operating system of the unconnected device.
  3. Copy the file to the USB key and extract it in its directory.
  4. You can put more than one version of the tool on your key, because you can collect the data of more than one unconnected device on a key. The number is only limited by the size of the key.
Source Files Required

Source Files Required

 

Step 2- Collecting Data on the Unconnected Device

The second step for inventorying an unconnected device is to locally collect the information. To do so, proceed as follows:

  1. Go to the unconnected device and connect the USB key.
  2. On the device select the key and the respective directory containing the appropriate tool for the device’s operating system.

Under the directory you can see three executable (.bat) files:

allinventories.bat : This file collects both types of inventories.

hardwareinventory.bat : collects only the hardware inventory of the device

softwareinventory.bat : collects only the software inventory of the device.

  1. Launch the file of the desired type(s) of inventory. A terminal window opens in which you can follow the progress of the data collection. As you can see in the window, in addition to the selected inventories the tool also collects the identity information of the device and further information such as the operating system version and hardware connected information, such as MAC address, disk serial number, and so on.
  2. When the terminal window asks you to, close the window. If you verify now under the tools directory you can see a newly generated file there, unconnected.xml .

The data collection on the unconnected device is now finished.

Batch File

Batch File

Step 3- Integrating the Unconnected Device Inventory into the Database

After all the data is on the USB key you must access any device which is connected to your network and has a CM agent installed. From there you can integrate the collected data via the agents browser interface to the master database.

  1. Insert the USB key in the device.
  2. Open the agent interface, connect as a user with admin rights and go to the Tools page.
  3. There select the Unconnected Devices option.
  4. In this page you must select the file to import the data. For this go to the tool’s directory on the key and select the unconnected.xml. file. This file is the initial file for the data integration process. If you manually modified the file or moved it to another location the process will no longer work.
  5. In the same window a new list box appears below displaying the names of all unconnected devices for which you collected data. You can select any number of devices to be integrated.
  6. Click Integrate to start the process. The collected data of the selected devices will now be copied by the agent from the USB key and sent to the master. After there all will be integrated in the CM database.
  7. To verify that the integration worked properly, a new browser window opens which lists all devices of which the collected data were correctly sent to the master and thus integrated. The inventories themselves cannot be displayed in the agent interface.

The data integration of unconnected devices is now complete and its results can be viewed in the console.

Select File to import

Select File to import

Select Devices

Select Devices

Displaying Unconnected Device Inventory

The identity and inventory data of unconnected devices, that is, devices without CM agent or unconnected devices, can only be displayed via the console.

Since unconnected devices, as their name implies, are not connected to the network, they will not appear under the Device Topology node. They are available in either of the following ways:

  1. Lost and Found If no device groups collecting the unmanaged device topology type, the integrated devices will appear under the Lost and Found node.
  2. Search You can also specifically search for unmanaged devices under the Search node.
  3. Device Groups If you have a device group collecting ALL devices, or any type of group which includes the unmanaged device type, the unconnected devices of which the data was integrated into the master database will appear among its members.

Unconnected devices are represented by different icons than the other devices in the console, because they are neither unknown, nor is their connection established or lost. Unconnected devices are represented by an orange icon , which, same as for the other connected devices indicate the operating system of the respective device, if known , , and . As such devices are not necessarily simple desktop devices, but also other network devices such as routers, switches, printers, and so on, they are represented by their specific icons.

Device added to Client Management

Device added to Client Management

BMC Adds MDM to Client Management

Posted by on Feb 6, 2017 in FPAC | Comments Off on BMC Adds MDM to Client Management

The development team for BMC’s Client Management added Mobile Device Management (MDM) with the release of v12.5 last October. This has been a highly requested feature to be included with this very powerful ITIL compliant ITAM solution. This module comes with the core feature and is not an add-on like Patch or Deploy. When a customer upgrades or installs a fresh instance the module and all of it features are readily available. Licensing is counted just like installing an agent on a device running Windows, Linux or MAC OS. If a customer adds a mobile device through enrollment then the “Agent”, “Inventory”, and “Compliance” will be decremented against the total available.

This release is limited to iPhones and iPads only. BMC has stated that it is their intention to add Android devices with a later version but not v12.6. During BMC Engage they did mention that it could be within a 1-2 year time frame but with no promises.

I recently had  available time to set up an instance of Client Management in our lab and enrolled an iPhone for both testing and demos. Below are screen captures from an iPhone 5s during the enrollment process. There were about 6 screens the user clicks through but the three screens below will provide you the idea of how the screens can be branded for your organization. (Click on image to see in new window at full resolution)

3 iOS Screen Shots from an iPhone

3 iOS Screen Shots from an iPhone

The CM console to configure and manage mobile devices is straight forward and allows for doing what one would expect a MDM solution to offer. The screen shot below will provide a glimpse into the various menus and the data provided.

MDM Console

MDM Console

This post is not intended to be a whitepaper on “How to Configure MDM” but a notification to our customers about this new and exciting feature added to Client Management.

BMC has added integration paths for their ITSM solutions –  Footprints, RemedyForce, Atrium CMDB, and now MyIT and SmartIT for Remedy further proving their commitment and appreciation for Client Management.

To see more documentation and videos on MDM visit MDM on BMC Website.

CYBER SECURITY (HOT TOPIC)

Posted by on Jan 10, 2017 in FPAC | Comments Off on CYBER SECURITY (HOT TOPIC)

In the news as of late, we are made more aware of how efficient various countries have become at harvesting data, inserting malware, ransomware, or other various types of gaining access into systems. BMC Client Management is NOT intended to act as an Anti-Virus solution but it has the ability to validate that software tools are current and properly configured. In addition to validation, BCM can also use the native scripts to perform actions such as updating the DAT file, scheduling regular scans or on demand as a one off, and enabling REAL-TIME protection.

Op Rules Available

Op Rules Available

 

Not only does BCM provide the functions mentioned above but it also has the ability to verify hardening standards provided by DISA and USGCB, among others, using OOTB SCAP compliance objects. These validation checks can be run on demand or on a regular schedule and runs in tandem with normal security patching cycles as a means to verify that no settings were changed by way of these updates. This improves awareness and reduces overall costs from other techniques available today. In fact, some organizations do not perform these checks after updates due to personnel limitations due to the complexity involved.

 

Finally, BCM provides a secure method of transporting data both over the WAN or Internet and provides confidence that its use would not be considered vulnerability but a total solution in protecting data both in transport and in rest. Using role based groups and Active Directory, security customers can feel confident that both the underlying data and the ability to manage endpoints using Client Management is very secure and has not been found to create any opening that would jeopardize any customer.

Steven R. Gibbs
Sr. Systems Consultant
Steve.Gibbs@RightStar.com

 

Show Buttons
Share On Facebook
Share On Twitter
Share On Google Plus
Share On Linkdin
Hide Buttons