Difference between revisions of "ITOM Quick Start Guide"

Site integration Service (SIS) Installation

The service's role is to monitor the ITOM Job Queue and download any Jobs targeted for it. It will also handle the discovery of devices, deploy and execute packages on those devices. The service is available for download via the Hornbill Instance and installed at any time; however, before you can use it, a Site connector will need to exist on the Hornbill Instance and the SIS paired with it.

The following set of steps will guide you through the process of getting your SIS up and running:

Adding an SIS Connector

First lets setup an SIS connector and generate the Authorisation key required for the pairing process.

1. From the ITOM page select Site Integration Services
2. Click the “Add SIS connector” button
3. Enter your required details:
   1. Name - Unique identifer for the SIS Connector
   2. Group - The default group can be used
4. Click the Create Site Integration Service button

1. Make a note of the Authorisation Key, required for later use during the pairing process

5. Return to the Site Integration Services list
6. Select the Not Paired filter

Download and Installation of the SIS

The installation software is downloaded from the SIS list within the Admin Portal, and should be executed on the server nominated to host the SIS.

1. From the Site Integration Services list, Click the Download Site Integration Server button
2. Locate and Execute the Downloaded executable

3. Click Install
4. Click OK to Confirm the Installation
5. Close the Install dialog

The service will not be started automatically you must manually start the process or configure it to be automatically started.

6. Open the Services MMC Console
7. Start the EspSisService

Server Pairing

Once the service has been started, the pairing process can be completed via the service web page, using the Authorisation Code generated when creating the SIS connector. If you do not have the code or have forgotten it, you can view it from the SIS Connector properties in the Admin Portal. If the code has expired, you will need to remove the existing connector and create a new one to generate a new code.

1. Switch back to the Browser and refresh the page (http://localhost:11117)

2. Enter the instance ID
3. Enter the Authorization Code recorded earlier
4. Click the Pair with Instance button

After a successful pairing, the status page appears displaying information related to the SIS service, with additional details available via the Show more button.

ITOM Admin Account Requirements

Before a successful Discovery or Automation can be actioned, one or more windows NT accounts will be required. It is recommended that you create a new domain account for Windows NT computers and an account with root privileges for use within Linux / Unix environments.

Windows NT Accounts

ITOM Admin Credentials will require a Windows NT Administrator account with the following additional rights to be applied:

• Replace a process-level token. (SeAssignPrimaryTokenPrivilege)
• Act as part of the operating system. (SeTcbPrivilege)

Additional user accounts may also require creation; these are dependent on the package used and the context of security needed; further information is available within the ITOM package library documentation for each Package under the section KeySafe Configuration. (https://wiki.hornbill.com/index.php/ITOM_Package_Library)

Linux / Unix

ITOM Admin Credentials will require an account with root user privileges; accounts that require the use of sudo cannot be used.

Creating a Hornbill KeySafe entry

Once you have created the OS Accounts with the required rights and permissions the account will need to be added to the Hornbill KeySafe in order for it to be used for discovery and IT Automations. The following will guide you through the process of creating a Keysafe entry on your Hornbill Instance, and can be used for adding both Windows and Linux accounts that require username and password entry:

1. From the Hornbill Administration page navigate to (Home > System > Security > KeySafe)
2. Click the Create New Key button
3. Select Type as Username + Password

4. Enter the following details:

1. Title: Network Admin
2. Domain Username: (example: DOMAIN\Username or username@domain)
3. Password:

5. Click Create Key

Configuring a Discover Job

Before the ability undertake IT Automations, or to view the properties of a device, an entry for it must exist within the ITOM inventory. This list is populated by the execution of one or more discovery jobs, in this example I will demonstrate a Windows Active Directory Discovery job using WinRM.

1. Navigate to the ITOM Job Queue (Home > ITOM > Job Queue)

2. Click the Create New button and select Discovery Job

3. Enter the following details:

   1. Name: AD Discovery using WinRM

   2. Site Target: SIS Demo

   3. Protocol: WinRM

   4. Discovery Mode: Active Directory

   5. Container: <windows domain> (example:hornbill.edu)

   6. Admin Credentials: <your keysearch entry>

   7. Click Create button

   

   You can monitor the progress of the job via the monitor, and once the job has completed, the Console Output and Debug log are displayed. These provide a view of the raw output from the process execution on the target device and the debug logging produced by the target device's running process.

   Monitor:

   Enumerating child OU
   Scan found X computers for detailed discovery. Performing WMI discovery of X computers

   Summary
   =======
   Successful Discovery
   All Computers

   The discovery was executed successfully. The results are now being imported.

   10:11:26 Discovery import complete. Added:X Updated:X Skipped:X Missing:X Failed:X

   Console Output:
   
   Review Summary, confirming successful discovery, and noting any failures.
   
   Debug:
   If errors are identified during the process execution, the log details will provide additional information that can help diagnose the failure. success here implies that the Discovery process did not fail and not that all devices were detected and were able to be accessed.
   

   Inventory Viewer

   Discovered devices are initially not able to be used as a target for IT Automations and their properties are not accessible until they are categorised as Managed. The Inventory Viewer allows you to manage your discovered devices and from here you can categorise a device as Managed or Un-Managed.

   Registering Devices as Managed

   1. Navigate to the ITOM Inventory (Home > ITOM > Inventory Viewer)
   2. Select All Un-Managed Inventory

   

   3. Click on the Name of an Un-Managed inventory Item

   Initially all discovered devices will appear as Un-Managed devices with only basic properties visible.
   
   Pressing the Set As Managed button links a subscription to the device, which is consumed for a minimum of 30 days; as stated in the message provided, once confirmed, the device's properties will become visible.

   4. Use the Breadcrumbs to return to the Inventory Viewer
   Setting devices as Managed individually is not always desirable, a more efficient method is to set multiple devices at the same time.
   5. Click check next to the heading Name to select All Discovered Devices

   
   

   Individual devices can be selected / deselected by clicking the check box adjacent to each entry.

   5. Click the The Set As Managed button on the toolbar
   6. Click Yes to confirm
   7. Select All Managed Inventory

   Inventory Properties

   1. Click on the Name of a Managed inventory Item

      

   Installed Packages

   Package Library

   1. Navigate to (Home > ITOM > Installed Packages)
   2. Click the Package Library button

   

   2. Click Install on both the Active Directory Group and User Management packages

   3. Click Install on Windows Disk Cleanup

   4. Click Close

   Uploading Packages

   1. Click the Package Upload button
   2. Select the provided package file: Demo.pkg
   3. Click Open
   4. Repeat for all other provided packages

   

   IT Automation Job

   Single Computer

   1. Navigate to (Home > ITOM > Job Queue)
   2. Click the Create New button, and select IT Automation
   3. Enter Name: Harry Hornbill on Single Computer
   4. Click the Installed Packages button
   5. Select Training > Demonstration > Harry Hornbill – The Bird, The Legend
   6. Click Apply
   7. Set Site Target to Server and select an Instance
   8. Set Target Device to Inventory and select a Device
   9. Set Admin Credentials to Network Admin
   10. Click Create

   Monitor:

   

   Confirm job executed Successfully

   Console Output:
   

   Displays the output as would be displayed if the package were manually executed from within a “cmd” console on the target device.

   Debug Log:

   Note any errors; success here implies that the package is executed successfully. The output will depend on the package being executed.

   Multiple Computers

   1. Navigate to (Home > ITOM > Job Queue)
   2. Click the Create New button, and select IT Automation
   3. Enter Name: Harry Hornbill on Multiple Computers
   4. Click the Installed Packages button
   5. Select Training > Demonstration > Harry Hornbill – The Bird, The Legend
   6. Click Apply
   7. Set Site Target to Server and select an Instance
   8. Set Target Device to Inventory and select a Device
   9. Set Admin Credentials to Network Admin
   10. Click Create

   

   11. Click on a Job Name to view the Individual Child Job

   12. Click Parent Link in the Summary to Return to Parent Job

   

   Job Scheduling

   Discovery

   1. Navigate to (Home > ITOM > Job Scheduling)
   2. Click the Create New button, and Select Discovery Schedule
   3. Enter the following details:
      • Name: AD Discover
      • Schedule: Run Every Period
      • Every (n) Minutes: 15
      • Description: Scheduled AD Discovery
      • Site Target: Server | SIS Instance
      • Protocol: DCOM
      • Discovery Mode: Active Directory
      • Container: horbnbill.edu
      • Admin Credentials: Network Admin
   4. Ensure Next Scheduled Date and Time is set to a couple of minutes in the future
   5. Click Enable Schedule
   6. Navigate to (Home > ITOM > Job Scheduling)

   

   7. Wait for the Job schedule Time, and Click on the AD Discovery Job Name

   8. Click the Job History

   9. Click on the Scheduled AD Discover Name

   IT Automation

   Windows Disk cleanup

   1. Navigate to (Home > ITOM > Job Scheduling)
   2. Click the Create New button, and Select IT Automation Schedule
   3. Enter the following Schedule details:
      • Name: Windows Disk Cleanup
      • Schedule: Run daily
   4. Ent the following IT Automation Job Settings:
      • Package: private:hornbill > Disk Cleanup > Windows Disk Cleanup
      • Site Target: SIS Server
      • Target Device: List| Test Servers
      • Admin Credentials: Network Admin
      • Reference: Demo Job
      • Set the following Operation Parameters to True:

   InternetCacheFiles, Recycle Bin, and Temporary Files

   5. Ensure Next Scheduled Date and Time is set to a couple of minutes in the future

   6. Click Enable Schedule

   7. Navigate to (Home > ITOM > Job Scheduling)

   8. Wait for the Job schedule Time, and Click on the Job Name: Windows Disk Cleanup

   9. Click Job History

   

   10. Click on the Job Name: Windows Disk Cleanup (with the highest Job Id)

   

   11. Review the list of jobs, and confirm that all are successful

   12. Click on the Name of any Job entry in the list and review the Details

   13. To return to the parent Click the link shown in the Summary section