ITOM Quick Start Guide: Difference between revisions
No edit summary |
|||
Line 506: | Line 506: | ||
<li><p>Site Target: '''Server | <SIS Server>'''</p></li> | <li><p>Site Target: '''Server | <SIS Server>'''</p></li> | ||
<li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | <li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | ||
<li><p>'''Admin | <li><p>Admin Credentials: '''Network Admin'''</p></li></ol> | ||
</li> | </li> | ||
<li><p>Click '''Create'''</p></li></ol> | <li><p>Click '''Create'''</p></li></ol> | ||
Line 562: | Line 562: | ||
<li><p>Site Target: '''Server | <SIS Server>'''</p></li> | <li><p>Site Target: '''Server | <SIS Server>'''</p></li> | ||
<li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | <li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | ||
<li><p>Admin Credentials: ''' | <li><p>Admin Credentials: ''''Network Admin'''</p></li></ol> | ||
</li> | </li> | ||
<li><p>Click '''Create'''</p></li> | <li><p>Click '''Create'''</p></li> | ||
Line 587: | Line 587: | ||
<li><p>Site Target: '''Server | <SIS Server>'''</p></li> | <li><p>Site Target: '''Server | <SIS Server>'''</p></li> | ||
<li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | <li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | ||
<li><p>Admin Credentials: ''' | <li><p>Admin Credentials: '''Network Admin'''</p></li></ol> | ||
</li> | </li> | ||
<li><p>Click '''Create'''</p></li> | <li><p>Click '''Create'''</p></li> | ||
Line 636: | Line 636: | ||
<li><p>Site Target: '''Server | <SIS Server>'''</p></li> | <li><p>Site Target: '''Server | <SIS Server>'''</p></li> | ||
<li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | <li><p>Target Machine: '''Inventory |<target computer>'''</p></li> | ||
<li><p>Admin Credentials: ''' | <li><p>Admin Credentials: '''Network Admin'''</p></li></ol> | ||
</li> | </li> | ||
<li><p>'''Click Create'''</p></li></ol> | <li><p>'''Click Create'''</p></li></ol> |
Revision as of 16:16, 27 April 2020
Hornbills ITOM offering provides the tools required for you to efficiently manage your computing devices with the following features:
- Device Discovery and Inventory management
- Packaged Job deployment and Scheduling
- Orchestration provided via the use of Runbooks
- Dynamic Package Library, Custom Package Creation
Site integration Service (SIS) Installation
The service is required to be installed on premise and must have access to all devices that you wish to be managed. The role of SIS server service is to monitor the ITOM Job Queue and downloading any Jobs targeted for it. It will also handle the deploying of packages to remote devices and executing the payload.
Minimum requirements
OS: Windows Server 2012, 2012 R2, 2016 or 2019
RAM: 4GB
Free Disk: 10GB
Where to Install
You can install the service on any existing Windows computer running one of the supported OS’s. The SIS is not processor intensive and will not require significant disk usage.
We would recommend that the SIS is not installed on a Domain Controller or Desktop OS.
Create a Default SIS Group (Required)
- Select the Group Drop Down
- Select +Create Group
- Enter a name for the group
- Click Apply
Register a Site Integration Server
SIS Instances are grouped together to provide redundancy and performance benefits, at least one default group must be created.
From the ITOM page select Site Integration Services
Click the “Add SIS connector” (+) button
Enter your required details:
Name - name used to identify the SIS server to the Hornbill Instance
Group - Should be a least one default group, others can be selected via drop down if created previously
Click the Create Site Integration Service button
The Authorisation Key is displayed, and should be recorded for later use
Return to the Site Integration Services list
Select the Not Paired filter
HORNBILL HINT: The Authorisation Key is temporary and will expire after 1 hour AND the SIS record is removed and will need recreating.
Download SIS and install on a server
From the Site Integration Services list, Click the Download Site Integration Server
Locate and Execute the Downloaded executable
Click Install
Click Ok to Confirm the Installation
Close the Install dialog
Open the Services MMC Console
Start the EspSisService
Server Pairing
Switch back to the Browser and refresh the page (http://localhost :11117)
Enter the instance ID
Enter the Authorization Code recorded earlier
Click the Pair with Instance button
Hornbill ITOM Account Requirements
Windows NT Accounts
NT Accounts used for the ITOM Admin Credentials will require the following additional rights to a be applied:
- Replace a process-level token. (SeAssignPrimaryTokenPrivilege)
- Act as part of the operating system. (SeTcbPrivilege)
You should create a new account solely be used to deploy and execute ITOM packages. Along with the above additional privileges, the account will require relevant rights/permissions to access computers over the network.
Additional accounts requiring creation, are dependent on the package(s) used and the context to run as; further information is available within the ITOM package library documented for each package under the section KeySafe Configuration. (https://wiki.hornbill.com/index.php/ITOM_Package_Library)
Creating a Hornbill KeySafe entry
From the Hornbill Administration page Select System > Security > KeySafe
Click the “Create New Key” (+) button
Select Type as Username + Password
Enter the following details:
Title: Network Admin
Domain Username (example: DOMAIN\Username or username@domain)
Password
Click Create Key
Configuring a Discover Job
Navigate to the ITOM Job Queue (Home > ITOM > Job Queue)
Click the Create New button and select Discovery Job
Enter the following details:
Name: AD Discovery using DCOM
Site Target: [Server] SIS Demo
Protocol: DCOM
Discovery Mode: Active Directory
Container: train1. hornbill.edu
Admin Credentials: Network Admin
Use Default Ping Check Settings
Click Create button
Review the Console output locate and confirm the following:
Monitor:
Enumerating child OU
Scan found X computers for detailed discovery
Performing WMI discovery of X computers
Summary
=======
Successful Discovery
All ComputersThe discovery was executed successfully. The results are now being imported.
10:11:26 Discovery import complete. Added:X Updated:X Skipped:X Missing:X Failed:X
Console Output:
Review Summary, confirming successful discovery, and noting any failures.
Debug:
Note any errors, success here implies that the Discovery process did not fail, and not that all devices where detected and where able to be accessed.
Inventory Viewer
Navigate to the ITOM Inventory (Home > ITOM > Inventory Viewer)
Select All Un-Managed Inventory
Click check next to the heading Name to select All Discovered Devices
Click the Register button
Click Yes to confirm
Select All Managed Inventory
Inventory Properties
- Click on the Name of a Managed inventory Item
- Review the properties
Managed Lists
- Navigate to (Home > ITOM > Inventory Viewer)
- From the Show filter Select + Create List
- Enter a name for the List: Test Servers
- From the Inventory Viewer select two or more Windows Servers
- Click the Add to Managed List button
Select the Test Servers list and Click Apply button
Installed Packages
Navigate to (Home > ITOM > Installed Packages)
File:Media/image12.pngPackage Library
- Click the Package Library button
Click Install on both the Active Directory Group and User Management packages
Click Install on Windows Disk Cleanup
Click Close
File:Media/image14.pngUploading Packages
- Click the Package Upload button
- Select the provided package file: Demo.pkg
- Click Open
- Repeat for all other provided packages
IT Automation Job
Single Computer
- Navigate to (Home > ITOM > Job Queue)
- Click the Create New button, and select IT Automation
- Enter Name: Harry Hornbill on Single Computer
- Click the Installed Packages button
- Select Training > Demonstration > Harry Hornbill – The Bird, The Legend
- Click Apply
- Set Site Target to Server and select an Instance
- Set Target Device to Inventory and select a Device
- Set Admin Credentials to Network Admin
- Click Create
Monitor:
Confirm job executed Successfully
Console Output:
Displays the package output as would be displayed if package were manually executed within a “cmd” console on the target device.
Debug Log:
Note any errors, success here implies that the package executed successfully, the output will be dependant on the package being executed.
Multiple Computers
- Navigate to (Home > ITOM > Job Queue)
- Click the Create New button, and select IT Automation
- Enter Name: Harry Hornbill on Multiple Computers
- Click the Installed Packages button
- Select Training > Demonstration > Harry Hornbill – The Bird, The Legend
- Click Apply
- Set Site Target to Server and select an Instance
- Set Target Device to Inventory and select a Device
- Set Admin Credentials to Network Admin
- Click Create
Click on a Job Name to view the Individual Child Job
Click Parent Link in the Summary to Return to Parent Job
Job Scheduling
Discovery
- Navigate to (Home > ITOM > Job Scheduling)
- Click the Create New button, and Select Discovery Schedule
- Enter the following details:
- Name: AD Discover
- Schedule: Run Every Period
- Every (n) Minutes: 15
- Description: Scheduled AD Discovery
- Site Target: Server | SIS Instance
- Protocol: DCOM
- Discovery Mode: Active Directory
- Container: horbnbill.edu
- Admin Credentials: Network Admin
- Ensure Next Scheduled Date and Time is set to a couple of minutes in the future
- Click Enable Schedule
- Navigate to (Home > ITOM > Job Scheduling)
Wait for the Job schedule Time, and Click on the AD Discovery Job Name
Click the Job History
Click on the Scheduled AD Discover Name
IT Automation
- Navigate to (Home > ITOM > Job Scheduling)
- Click the Create New button, and Select IT Automation Schedule
- Enter the following Schedule details:
- Name: Windows Disk Cleanup
- Schedule: Run daily
- Ent the following IT Automation Job Settings:
- Package: private:hornbill > Disk Cleanup > Windows Disk Cleanup
- Site Target: SIS Server
- Target Device: List| Test Servers
- Admin Credentials: Network Admin
- Reference: Demo Job
- Set the following Operation Parameters to True:
InternetCacheFiles, Recycle Bin, and Temporary Files
Ensure Next Scheduled Date and Time is set to a couple of minutes in the future
Click Enable Schedule
Navigate to (Home > ITOM > Job Scheduling)
Wait for the Job schedule Time, and Click on the Job Name: Windows Disk Cleanup
Click Job History
Click on the Job Name: Windows Disk Cleanup (with the highest Job Id)
Review the list of jobs, and confirm that all are successful
Click on the Name of any Job entry in the list and review the Details
To return to the parent Click the link shown in the Summary section
Runbooks
Create a Runbook Process
- From the ITOM page, select Runbooks
- Click the And New Runbook(+) button
- Enter a Name
Build a Runbook Process
- Select the connection line between the Start and End nodes
- Right click on the selected line and select “Add node between connected nodes”
Select IT Automation
File:Media/image24.pngFile:Media/image25.png
Hover over the IT Automation node, and click on the Settings icon
Enter Run Harry as the Display name
Click the Add Package button
Select Harry Hornbill
Confirm the Run Operation is set to Show Harry
Set Target Machine type to Machine, and select a Computer
File:Media/image28.pngClick Save draft button
File:Media/image29.pngPublish a Runbook Process
- Click the Publishing Manager button
Click the Publish button
Click Runbooks from the breadcrumbs at the top of the page
Manually Execute a Runbook Process
- Locate the Runbook Entry on the Runbooks list
- File:Media/image31.pngClick the Invoke action button
- Click Invoke
Schedule a Runbook Process
Navigate to (Home > ITOM > Job Scheduling)
Click the Create New button, and Select Runbook Schedule
Enter the following Schedule details:
Name: Harry Hornbill
Schedule: Run Once
Runbook: Run Harry
Set the following Operation Parameters to True:
Click Enable Schedule
Navigate to (Home > ITOM > Job Scheduling)
Wait for the Job schedule Time, and Click on the Job Name: Harry Hornbill
Click Job History
Confirm the Status of the Job
Service Manager Interaction
Hornbill Business Process Manager
Runbook Process
- Navigate to (Home > Applications > Hornbill Service Manager > Business Processes)
- Locate EXAMPLE Hornbill Incident Process and click the Copy Process action button
- Enter the name Demo Business Process, and click Apply
- Select the Connector between the Start and Set Status to New nodes
- Right Click and Select Runbook Process
- Double click on the new node
- Select Run Harry from the Runbook drop down
- Click Save
- Publish the Business Process ** Needs work ***
- Assign the new process to an Incident ** Needs work ***
- Raise an Incident
IT Automation
- Navigate to (Home > Applications > Hornbill Service Manager > Business Processes)
- Locate Demo Business Process and click the link under Workflow
- Right Click the Runbook Process node, and select Delete
- Add a new node by dragging the Arrow underneath the Start node to a blank area and releasing
- Select IT Automation
- Double click on the new node
- Select Run Package as Demonstration > Harry Hornbill ...
- Click Apply
- Set Target Machine type to Machine, and select a Computer
- Connect the New IT Automation node to the Set status to New node
- Click Save
- Publish the Business Process ** Needs work ***
- Raise an Incident
Package Creator
Create a Simple Package
File:Media/image32.pngFrom the ITOM page select Package Creator
Click button
Enter a Package name: TCP Utilities
Set Target OS to Windows Universal
Click Add Operation button
Enter the following details:
Operation: Ping
Description: Ping a device using the parameters -n, host
Command Type: Run Command
Command: cmd /c ping.exe
Timeout(secs): 60
Options/Args: -n {param.count} {param.host}
Click Add Parameter button
Set the following attributes:
Required
Number
Parameter Name: count
Default value: 3
Hint: Number of echo requests to send.
Click Add Parameter button
Set the following attributes:
Required
string
Parameter Name: host
Hint: Target device hostname.
Click Apply
Click Baseline button
Select Version 1 via the Drop Down Adjacent to the Baseline button
Click Package and Install drop down, and select Package and Install
Navigate to (Home > ITOM > Job Queue)
Click Create New button, and select IT Automation Job
Select Run Package: private:{instance-name} > General Purpose > TCP Utilities (Version 1)
Click Apply
Enter the following details:
Name: Ping Computer
Run Operation: ping
Site Target: Server | <SIS Server>
Target Machine: Inventory |<target computer>
Admin Credentials: Network Admin
Click Create
Windows Installer Package
- File:Media/image32.pngFrom the ITOM page select Package Creator
- Click button
- Enter a Package name: Software Installer
- File:Media/image33.pngSet Target OS to Windows Universal
- Click Upload File button
- Select the following file:
C:\ Documents\ITOM\Packages\Demo.msi
Click on Package Info
Click Add Operation button
Enter the following details:
Operation: Install
Description: Install Windows application
Command Type: Windows Installer
Package: Demo.msi
Action: Install Software
Click Add
Click Add Operation button
Enter the following details:
Operation: Uninstall
Description: Uninstall Windows application
Command Type: Windows Installer
Package: Demo.msi
Action: Uninstall Software
Click Add
Click Baseline button
Select Version 1 via the Drop Down Adjacent to the Baseline button
Click Package and Install drop down, and select Package and Install
Execute Installation Job
- Navigate to (Home > ITOM > Job Queue)
- Click Create New (+) button, and select IT Automation Job
- Select Package:
private:{instance-name} > General Purpose > Software Installer (Version 1)
Click Apply
Enter the following details:
Name: Software Installation
Run Operation: Install
Site Target: Server | <SIS Server>
Target Machine: Inventory |<target computer>
Admin Credentials: 'Network Admin
Click Create
Verify that the following software exists on the target:
Name: Generic Business Application
Publisher: Acme Software Ltd
Execute Uninstallation Job
- Navigate to (Home > ITOM > Job Queue)
- Click Create New button, and select IT Automation Job
- Select Package:
private:{instance-name} > General Purpose > Software Installer (Version 1)
Click Apply
Enter the following details:
Name: Software Uninstallation
Run Operation: UniInstall
Site Target: Server | <SIS Server>
Target Machine: Inventory |<target computer>
Admin Credentials: Network Admin
Click Create
Verify that the following the software no longer exists on the target:
Name: Generic Business Application
Publisher: Acme Software Ltd
Windows Executable
- File:Media/image32.pngFrom the ITOM page select Package Creator
- Click button
- Enter a Package name: Windows Executable
- Set Target OS to Windows Universal
- Click Upload File button
- Select the following file:
C:\ Documents\ITOM\Packages\ShowHarry.exe
Click on Package Info
Click Add Operation button
Enter the following details:
Operation: Show Harry
Description: Windows Executable - Show Harry.exe
Command Type: Windows Executable
Run File: ShowHarry.exe
Click Add
Click Baseline button
Select Version 1 via the Drop Down Adjacent to the Baseline button
Click Package and Install drop down, and select Package and Install
Execute Windows Executable Job
Navigate to (Home > ITOM > Job Queue)
Click Create New (+) button, and select IT Automation Job
Select Run Package: private:{instance-name} > General Purpose > Windows Executable (Version 1)
Click Apply
Enter the following details:
Name: Windows Executable
Run Operation: Show Harry
Site Target: Server | <SIS Server>
Target Machine: Inventory |<target computer>
Admin Credentials: Network Admin
Click Create
Batch Script
PowerShell Script
Trouble Shooting
Removing the SIS
- Open Windows Powershell console
- Enter Stop-Service ESPSisService
- Enter Sc delete EspSisService
- Delete folder: C:\Program Files\Hornbill\Site Integration Server
- Delete folder: %PROGRAMDATA%\Hornbill\ Site Integration Server
Site Integration Server
Rename server
==
==
Appendix A
Required User Rights
Add these two rights to be able to Run AS
Missing privilege: Replace a process-level token. (SeAssignPrimaryTokenPrivilege)
Missing privilege: Act as part of the operating system. (SeTcbPrivilege)