ITOM Quick Start Guide
Home > Administration > ITOM > Quick Start Guide | Index |
IntroductionThis guide takes you through the steps required to get ITOM up and running, from installing your first Site Integration Server to Discovery and Package execution. To follow this guide, you must have access to an instance, and a user with the ITOM Administrator role added a suitable Windows computer on which to install the SIS. Minimum requirements
|
|
Site integration Service (SIS) Installation
The service's role is to monitor the ITOM Job Queue and download any Jobs targeted for it. It will also handle the discovery of devices, deploy and execute packages on those devices. The service is available for download via the Hornbill Instance and installed at any time; however, before you can use it, a Site connector will need to exist on the Hornbill Instance and the SIS paired with it.
The following set of steps will guide you through the process of getting your SIS up and running:
Adding an SIS Connector
First lets setup an SIS connector and generate the Authorisation key required for the pairing process.
- From the ITOM page select Site Integration Services
- Click the “Add SIS connector” button
- Enter your required details:
- Name - Unique identifer for the SIS Connector
- Group - The default group can be used
- Click the Create Site Integration Service button
- Make a note of the Authorisation Key, required for later use during the pairing process
- Return to the Site Integration Services list
- Select the Not Paired filter
- The Authorisation Key is temporary and will expire after 1 hour, AND the SIS record will need recreating.
Download and Installation of the SIS
The installation software is downloaded from the SIS list within the Admin Portal, and should be executed on the server nominated to host the SIS.
- From the Site Integration Services list, Click the Download Site Integration Server button
- Locate and Execute the Downloaded executable
- Click Install
- Click OK to Confirm the Installation
- Close the Install dialog
-
The service will not be started automatically you must manually start the process or configure it to be automatically started.
- Open the Services MMC Console
- Start the EspSisService
Server Pairing
Once the service has been started, the pairing process can be completed via the service web page, using the Authorisation Code generated when creating the SIS connector. If you do not have the code or have forgotten it, you can view it from the SIS Connector properties in the Admin Portal. If the code has expired, you will need to remove the existing connector and create a new one to generate a new code.
- Switch back to the Browser and refresh the page (http://localhost:11117)
- Enter the instance ID
- Enter the Authorization Code recorded earlier
- Click the Pair with Instance button
After a successful pairing, the status page appears displaying information related to the SIS service, with additional details available via the Show more button.
ITOM Admin Account Requirements
Before a successful Discovery or Automation can be actioned, one or more windows NT accounts will be required. It is recommended that you create a new domain account for Windows NT computers and an account with root privileges for use within Linux / Unix environments.
Windows NT Accounts
ITOM Admin Credentials will require a Windows NT Administrator account with the following additional rights to be applied:
- Replace a process-level token. (SeAssignPrimaryTokenPrivilege)
- Act as part of the operating system. (SeTcbPrivilege)
Additional user accounts may also require creation; these are dependent on the package used and the context of security needed; further information is available within the ITOM package library documentation for each Package under the section KeySafe Configuration. (https://wiki.hornbill.com/index.php/ITOM_Package_Library)
Linux / Unix
ITOM Admin Credentials will require an account with root user privileges; accounts that require the use of sudo cannot be used.
Creating a Hornbill KeySafe entry
Once you have created the NT Accounts with the required rights and permissions the account will need to be added to the Hornbill KeySafe in order for it to be used for discovery and IT Automations. The following will guide you through the process of creating a Keysafe entry on your Hornbill Instance:
- From the Hornbill Administration page navigate to (Home > System > Security > KeySafe)
- Click the Create New Key button
- Select Type as Username + Password
- Ensure that the KeySafe entry type is Username + Password and not Username + Password + Pre-Shared Key, as the entry will not be visible within ITOM
- Enter the following details:
- Title: Network Admin
- Domain Username: (example: DOMAIN\Username or username@domain)
- Password:
- Click Create Key
Configuring a Discover Job
Before the ability undertake IT Automations, or to view the properties of a device, an entry for it must exist within the ITOM inventory. This list is populated by the execution of one or more discovery jobs, in this example I will demonstrate a Windows Active Directory Discovery job using WinRM.
Navigate to the ITOM Job Queue (Home > ITOM > Job Queue)
Click the Create New button and select Discovery Job
Enter the following details:
Name: AD Discovery using WinRM
Site Target: SIS Demo
Protocol: WinRM
Discovery Mode: Active Directory
Container: <windows domain> (example:hornbill.edu)
Admin Credentials: <your keysearch entry>
Click Create button
You can monitor the progress of the job via the monitor, and once the job has completed, the Console Output and Debug log are displayed. These provide a view of the raw output from the process execution on the target device and the debug logging produced by the target device's running process.
Monitor:
Enumerating child OU
Scan found X computers for detailed discovery. Performing WMI discovery of X computersSummary
=======
Successful Discovery
All ComputersThe discovery was executed successfully. The results are now being imported.
10:11:26 Discovery import complete. Added:X Updated:X Skipped:X Missing:X Failed:X
Console Output:
Review Summary, confirming successful discovery, and noting any failures.
Debug:
If errors are identified during the process execution, the log details will provide additional information that can help diagnose the failure. success here implies that the Discovery process did not fail and not that all devices were detected and were able to be accessed.
Inventory Viewer
Discovered devices are initially not able to be used as a target for IT Automations and their properties are not accessible until they are categorised as Managed. The Inventory Viewer allows you to manage your discovered devices and from here you can categorise a device as Managed or Un-Managed.
Registering Devices as Managed
- Navigate to the ITOM Inventory (Home > ITOM > Inventory Viewer)
- Select All Un-Managed Inventory
- Click on the Name of an Un-Managed inventory Item
Initially all discovered devices will appear as Un-Managed devices with only basic properties visible.
Pressing the Set As Managed button links a subscription to the device, which is consumed for a minimum of 30 days; as stated in the message provided, once confirmed, the device's properties will become visible.- Use the Breadcrumbs to return to the Inventory Viewer Setting devices as Managed individually is not always desirable, a more efficient method is to set multiple devices at the same time.
- Click check next to the heading Name to select All Discovered Devices
Individual devices can be selected / deselected by clicking the check box adjacent to each entry.
- Click the The Set As Managed button on the toolbar
- Click Yes to confirm
- Select All Managed Inventory
Inventory Properties
Installed Packages
Package Library
Click Install on both the Active Directory Group and User Management packages
Click Install on Windows Disk Cleanup
Click Close
Uploading Packages
- Click the Package Upload button
- Select the provided package file: Demo.pkg
- Click Open
- Repeat for all other provided packages
IT Automation Job
Single Computer
- Navigate to (Home > ITOM > Job Queue)
- Click the Create New button, and select IT Automation
- Enter Name: Harry Hornbill on Single Computer
- Click the Installed Packages button
- Select Training > Demonstration > Harry Hornbill – The Bird, The Legend
- Click Apply
- Set Site Target to Server and select an Instance
- Set Target Device to Inventory and select a Device
- Set Admin Credentials to Network Admin
- Click Create
Monitor:
Confirm job executed Successfully
Console Output:
Displays the output as would be displayed if the package were manually executed from within a “cmd” console on the target device.
Debug Log:
Note any errors; success here implies that the package is executed successfully. The output will depend on the package being executed.
Multiple Computers
- Navigate to (Home > ITOM > Job Queue)
- Click the Create New button, and select IT Automation
- Enter Name: Harry Hornbill on Multiple Computers
- Click the Installed Packages button
- Select Training > Demonstration > Harry Hornbill – The Bird, The Legend
- Click Apply
- Set Site Target to Server and select an Instance
- Set Target Device to Inventory and select a Device
- Set Admin Credentials to Network Admin
- Click Create
Click on a Job Name to view the Individual Child Job
Click Parent Link in the Summary to Return to Parent Job
Job Scheduling
Discovery
- Navigate to (Home > ITOM > Job Scheduling)
- Click the Create New button, and Select Discovery Schedule
- Enter the following details:
- Name: AD Discover
- Schedule: Run Every Period
- Every (n) Minutes: 15
- Description: Scheduled AD Discovery
- Site Target: Server | SIS Instance
- Protocol: DCOM
- Discovery Mode: Active Directory
- Container: horbnbill.edu
- Admin Credentials: Network Admin
- Ensure Next Scheduled Date and Time is set to a couple of minutes in the future
- Click Enable Schedule
- Navigate to (Home > ITOM > Job Scheduling)
Wait for the Job schedule Time, and Click on the AD Discovery Job Name
Click the Job History
Click on the Scheduled AD Discover Name
IT Automation
Windows Disk cleanup
- Navigate to (Home > ITOM > Job Scheduling)
- Click the Create New button, and Select IT Automation Schedule
- Enter the following Schedule details:
- Name: Windows Disk Cleanup
- Schedule: Run daily
- Ent the following IT Automation Job Settings:
- Package: private:hornbill > Disk Cleanup > Windows Disk Cleanup
- Site Target: SIS Server
- Target Device: List| Test Servers
- Admin Credentials: Network Admin
- Reference: Demo Job
- Set the following Operation Parameters to True:
InternetCacheFiles, Recycle Bin, and Temporary Files
Ensure Next Scheduled Date and Time is set to a couple of minutes in the future
Click Enable Schedule
Navigate to (Home > ITOM > Job Scheduling)
Wait for the Job schedule Time, and Click on the Job Name: Windows Disk Cleanup
Click Job History
Click on the Job Name: Windows Disk Cleanup (with the highest Job Id)
Review the list of jobs, and confirm that all are successful
Click on the Name of any Job entry in the list and review the Details
To return to the parent Click the link shown in the Summary section