server management
TRANSCRIPT
Dell World 2014
Server Management
Carl Keller, Jamie Cerra, ESM Sales Engineers, November 5th 2014
Dell WorldUser Forum
Dell World 2014
Agenda• Server Management - Defined• Agent Installation– “New” GPO tool• Server Inventory• Server ITAM• Labeling Best Practices• Server Patching strategies• Patching Clustered Servers• Driver Updates
Dell World 2014
Server Management Defined
• IT admins are responsible for keeping track of Servers
• They need to track specific information about the shared system
• Dell K1000 routinely updates Inventory via an Agent or Agentless
• Software Compliance is critical as Server Software packages can be very expensive – i.e: Visual Studio, SQL Server, Project Server; etc
• Securing the Server through effective Patch Management reduces risk to an enterprise– K1000 patches Windows and Mac, we can deliver updates to Linux
• Tracking firmware and driver updates (Dell Updates)
• Test against Standard baseline security templates ( OVAL or SCAP) to identify vulnerabilities
• Reporting on all these capabilities
Dell World 2014
GPO Provisioning Tool• Free utility allows Administrators to provision the KACE agent via GPO
• http://www.kace.com/support/resources/kb/solutiondetail?sol=133776
• Will create a GPO that can be linked to OUs or can modify an existing GPO to add the KACE Agent installer
Dell World 2014
GPO Provisioning Tool
Dell World 2014
GPO Provisioning Tool
Dell World 2014
GPO Provisioning Tool
Dell World 2014
GPO Provisioning Tool
Dell World 2014
GPO Provisioning Tool
Dell World 2014
GPO Provisioning Tool
Dell World 2014
GPO Provisioning Tool
Dell World 2014
Server Inventory
• Inventory of the server works the same as other managed computing devices (scheduled scans)
• Hardware and Software inventories captured at same intervals• Running processes inventoried
• Can utilize agentless inventory for Non-Windows based servers
• “New”… Agentless inventory works best with SNMP
• Agentless Inventory of Linux based systems will count against KACE license count but other servers would not
Dell World 2014
Labeling Servers
• Logically grouping similar systems (collections)• Ideally servers should be broken out into Smart Labels (dynamic)• Can be grouped by any category (OS, IP Subnet, Software
installed, free space)• Create labels thinking about how the machines need to be
targeted with patches, scripts, software installs• Smart Labels can use inventory data to group machines• LDAP labels utilize AD structure to group machines• Manual Labels can also be used if LDAP and Inventory records
cannot accurately group machines• Nested labels can also be useful… “label of labels”
Dell World 2014
Labeling Servers
• Example Smart Label - Inventory
Dell World 2014
Labeling Servers
• Example LDAP Label
Dell World 2014
Labeling Servers
• Example Manual Label
Dell World 2014
Labeling Patches
• Using Patch Smart labels allows for smaller more controlled patch deployments
• Server patches can be split up from desktop patches• Vendor and Impact fields very useful in developing groupings for
patches• Any known patches that cannot be deployed can be excluded
from the label or marked as inactive
Dell World 2014
Labeling Patches
Dell World 2014
Developing a Patching Strategy
• Every organization has a different approach to patching• Using patch and machine labels, patch targeting should be
simple• IT Staff should sit down and map out patching strategies on a
whiteboard • Setting patch schedules to be automatic for a test group and
then manually enabled for production would help iron out any issues with patches before they hit production machines
Dell World 2014
Developing a Patching Strategy
Dell World 2014
Patching Clustered Servers
• Server clusters present a unique challenge• All servers cannot be patched and rebooted in the same cycle• Developing labels for clustered servers can control patching to
server clusters effectively
Cluster Server Schedule
Exchange EXCH-01 Thursday
Exchange EXCH-02 Friday
Exchange EXCH-03 Saturday
SQL MSSQL-01 Thursday
SQL MSSQL-02 Friday
SQL MSSQL-03 Saturday
Dell World 2014
Dell Updates
• Driver updates are only for Dell servers running Windows• Dell Open Manage can help manage patching for ESX and other
hosts• Similar to patching, Dell server updates can be grouped
(labelled)• Driver and BIOS updates included in the Dell Updates can be
scheduled• Make sure these updates do not conflict with patch deployments• Develop a schedule to deploy Dell updates and test functionality
before pushing to all production servers
Dell World User Forum
Thank you.