Installing and configuring Tivoli Endpoint Manager for Software Use Analysis

Tivoli Endpoint Manager for Software Use Analysis Installing and configuring Tivoli Endpoint Manager for Software Use Analysis Version 2.0 SC22-5473-00

Tivoli Endpoint Manager for Software Use Analysis Installing and configuring Tivoli Endpoint Manager for Software Use Analysis Version 2.0 SC22-5473-00

Installation Guide This edition applies to version 2.0 of IBM Tivoli Endpoint Manager for Software Use Analysis (product number...) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2002, 2012. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents Chapter 1. Installing IBM Tivoli Endpoint Manager for Software Use Analysis... 1 Introduction.............. 1 Software Use Analysis infrastructure..... 2 Installation checklist........... 3 Planning the installation.......... 4 Software requirements.......... 4 SQL Server requirements......... 5 Hardware requirements.......... 6 Hardware specifications......... 6 Deploying Software Use Analysis site content to your computers............... 7 Getting started with the Tivoli Endpoint Manager Console............... 7 Activating the analyses.......... 8 Deploying Common Inventory Technology scanner............... 9 Deploying the software inventory tool scanner.. 9 Running RPM scanner.......... 10 Performing other tasks on the Software Use Analysis site content.......... 10 Installing Software Knowledge Base Toolkit... 15 Component architecture of Software Knowledge Base Toolkit............. 15 Configuring IBM Tivoli Software Knowledge Base Toolkit............. 17 Installing the Software Use Analysis application server................ 17 Installing the server.......... 17 Performing postinstallation tasks....... 18 Configuring connections with databases.... 18 Setting up roles............ 19 Setting up users............ 19 Setting up computer properties....... 20 Setting up computer groups........ 20 Setting up analysis properties....... 21 Importing the software scan data...... 21 Scheduling scans........... 21 Configuring data uploads........ 22 Updating catalogs of the Common Inventory Technology scanner........... 23 Configuring secure communication..... 24 Configuring mail notifications....... 24 Chapter 2. Uninstalling........ 27 Uninstalling a scanner........... 27 Deactivating the analyses.......... 27 Uninstalling the Software Use Analysis server... 27 Notices.............. 29 Trademarks.............. 30 Index............... 31 Copyright IBM Corp. 2002, 2012 iii

iv

Chapter 1. Installing IBM Tivoli Endpoint Manager for Software Use Analysis This installation and configuration documentation is intended to be a setup guide for IT managers and system administrators who want to install and configure the Software Use Analysis application. Specifically, it includes step-by-step instructions for deploying inventory tasks with the IBM Tivoli Endpoint Manager console, installing and configuring Software Use Analysis, and populating its asset repository. Before you begin v Ensure that IBM Tivoli Endpoint Manager, its clients, and Software Knowledge Base Toolkit are installed and running in your infrastructure. v Update the Tivoli Endpoint Manager server if it is in an isolated network. The minimum supported version of Tivoli Endpoint Manager server is 8.0. About this task Click the steps in the diagram to view the selected topics (information center only) Start the installation Plan the installation Deploy Software Use Analysis site content to your computers Install Software Knowledge Base Toolkit Install the Software Use Analysis server Perform postinstallation tasks Start using the product 1. Plan the installation Verify that the computer on which you plan to install Software Use Analysis meets all the necessary hardware and software requirements. 2. Deploy Software Use Analysis site content to your computers 3. Install Software Knowledge Base Toolkit You can use Software Knowledge Base Toolkit to maintain data about software items and also discover these items. You can also use it to export the data to different types of catalogs, which can then be imported into Software Use Analysis. 4. Install Tivoli Endpoint Manager for Software Use Analysis Software Use Analysis server can be installed on the same computer as the Tivoli Endpoint Manager server or on a different computer. 5. Perform postinstallation tasks. After the installation, you are asked to open a web-browser and configure the connection to a database server, and point your Software Use Analysis server to the Tivoli Endpoint Manager database. Restriction: A user who installing Software Use Analysis must have write permission and must be able to create database in MS SQL Server. Introduction Familiarize yourself with the infrastructure of Software Use Analysis to better understand the relationships between the components of the product, the installation process, and implementation. You can use the printable checklist to ensure that you complete the installation process successfully. Copyright IBM Corp. 2002, 2012 1

Software Use Analysis infrastructure The typical deployment of IBM Tivoli Endpoint Manager for Software Use Analysis reuses the Tivoli Endpoint Manager infrastructure: the server, its clients, which are also called agents, the database, and the console. The Software Knowledge Base Toolkit application is used to manage the software catalog. The following diagram shows how the Software Use Analysis application interfaces with Tivoli Endpoint Manager server installation. Figure 1. Software Use Analysis infrastructure Web user interface Software Knowledge Base Toolkit server Database Web user interface Tivoli Endpoint Manager for Software Use Analysis server Database Console Tivoli Endpoint Manager server Database Tivoli Endpoint Manager client Tivoli Endpoint Manager client Tivoli Endpoint Manager client Tivoli Endpoint Manager infrastructure 2 Software Knowledge Base Toolkit The Software Knowledge Base Toolkit server manages the content of the software catalog. The Software Knowledge Base Toolkit database contains information about current knowledge base content such as manufacturers, software products, and signatures. It also contains license relationships between software products, and the history of changes that the user made in the knowledge base content. Software Knowledge Base Toolkit runs on Windows, Linux, Solaris, HP-UX, and AIX operating systems. Software Use Analysis server The Software Use Analysis server provides a reporting interface for the inventory and limited application usage data that is collected on the endpoints that are managed by Tivoli Endpoint Manager. Inventory data is extracted from the Tivoli Endpoint Manager server database and imported into the Software Use Analysis application database using an Extract, Transform, and Load (ETL) import process. Software Use Analysis users access the application server from their computers by using a web browser. The server can only be installed on the Windows platform.

Tivoli Endpoint Manager server The Tivoli Endpoint Manager server offers a collection of services, including application services, a web server, and a database server, forming the heart of the Tivoli Endpoint Manager system. The server coordinates the flow of information to and from individual computers and stores the results in the Tivoli Endpoint Manager database. Tivoli Endpoint Manager console The Tivoli Endpoint Manager console ties several components together to provide administrators with a system-wide view of all computers in a network, together with their configurations. An authorized user can quickly distribute fixlets to each computer and a task to be executed, such as scheduling or starting a software scan. Tivoli Endpoint Manager clients Tivoli Endpoint Manager clients, also called agents, are installed on every computer that is to be managed under Tivoli Endpoint Manager. They collect information about the software that is installed on the computers in your infrastructure and send this data to the Tivoli Endpoint Manager server. You can then import the data to the Software Use Analysis server by using a function on the Software Use Analysis web user interface. The client software runs on Windows, Linux, Solaris, HP-UX, AIX, and Macintosh operating systems. Installation checklist You can print the checklist and use it during the installation to ensure that you complete all the necessary steps. Table 1. The checklist for installing Software Use Analysis Number Installation step 1. Plan the installation - ensure that the computer on which you plan to install Tivoli Endpoint Manager for Software Use Analysis meets all the software and hardware requirements. Before you install Software Use Analysis, ensure that the computer: v fulfills the minimum hardware requirements v has sufficient disk space v has the required software installed 2. Deploy Software Use Analysis site content to your computers v Activate the required analyses in the Tivoli Endpoint Manager console v Deploy Common Inventory Technology scanner v Deploy the software inventory tool scanner v Linux Run the RPM scanner v Add Software Use Analysis fixlet to the Tivoli Endpoint Manager server and gather the content of the server 3. v Install Software Knowledge Base Toolkit 4. Install the Tivoli Endpoint Manager for Software Use Analysis application server v Install Microsoft SQL server if the required components are not already available in your infrastructure v Install Software Use Analysis server Chapter 1. Installing Software Use Analysis 3

Table 1. The checklist for installing Software Use Analysis (continued) Number Installation step 5. Perform postinstallation tasks - to ensure the efficiency of Software Use Analysis, perform the following tasks: v Configure the connection to the Tivoli Endpoint Manager database v Set up roles v Set up users v Set up computer properties v Set up computer groups v Set up analysis properties v Import the software scan data v Schedule scans v Configure data uploads v Optional: Configure secure communication v Optional: Configure mail notifications Planning the installation Before you start the installation, review this information on hardware and software requirements and other considerations. Software requirements Ensure that all required prerequisite software is installed on the computers in your infrastructure. IBM Tivoli Endpoint Manager components Table 2. Supported Tivoli Endpoint Manager components Component Version Required libraries BigFix (BES) 8.0 and higher server Windows client 8.0 8.1 8.2 UNIX client 8.2 HP-UX Linux compat-libstdc++-33 and compat-libstdc++-295 (32 and 64-bit) Main software requirements Your deployment must be configured according to the following requirements: Table 3. Supported operating systems and databases for Tivoli Endpoint Manager for Software Use Analysis Operating systems for the v Microsoft Windows Server 2003, 32 and 64-bit server and database v Microsoft Windows Server 2008, 32 and 64-bit v Microsoft Windows Server 2008 R2, 64-bit 4

Table 3. Supported operating systems and databases for Tivoli Endpoint Manager for Software Use Analysis (continued) Database server requirements v Microsoft SQL Server 2005 v Microsoft SQL Server 2008 Server, database, and Tivoli Endpoint Manager database user permissions To install and configure the Tivoli Endpoint Manager for Software Use Analysis server, you must have: v v v Administrator privileges on the target Software Use Analysis server, dbcreator permissions on the target Software Use Analysis database server, and db_owner permissions on the associated Tivoli Endpoint Manager database. Other software requirements Your deployment must be configured according to the following requirements: Table 4. Hardware and software requirements for Tivoli Endpoint Manager for Software Use Analysis Supported browser versions v Internet Explorer 8.0 or higher v Firefox 3.5/3.6 and 10 or higher Data compressor bzip2 version 1.0.5, released 10 December 2007 or higher SQL Server requirements Microsoft SQL Server 2005 or 2008 (32-bit or 64-bit) with TCP/IP must be available in your environment. This server can be on the same computer as the IBM Tivoli Endpoint Manager for Software Use Analysis application or on a separate computer. You can use the same database server as the one on which the IBM Tivoli Endpoint Manager is installed, or a separate database server, depending on the size of your deployment and available hardware resources. You need SQL Server Browser if you are using a named instance rather than the default instance of SQL Server. It is also needed by the configurator to enumerate named instances in the server drop-down list on the SQL credentials panel. Table 5. SQL Server Required Components Software Use Analysis Component Required by Software Use Analysis SQL Server 2005 or 2008 Yes SQL Server Active Directory No SQL Server Agent No SQL Server Browser Yes SQL Server Full Text Search No Chapter 1. Installing Software Use Analysis 5

Table 5. SQL Server Required Components Software Use Analysis (continued) SQL Server VSS Writer No Hardware requirements During setup, match your optimum deployment size to your hardware specifications. Use the recommendations as a general guidance. Processor and RAM requirements Table 6. Processor and RAM requirements Size of the environment Processor RAM Small environments: several hundred clients 2-3 GHz 4 GB Large environments: up to 250,000 computers 16 cores 64 GB Add 3-GB free disk space for the Tivoli Endpoint Manager for Software Use Analysis database server for every 1000 additional clients. Disk space Table 7. Disk space requirements for Software Use Analysis and database severs Server RAM Software Use A minimum of 2 GB of free disk space Analysis server Database server The required disk space depends on the size of your environment and is calculated according to the following formula: the number of endpoints x3mb + 3GBofinitial disk space. For example: v In an environment with 10,000 endpoints, you must provide 33 GB of free disk space: 10,000 x3mb+3gb=33gb v In an environment with 100,000 endpoints, you must provide 296 GB of free disk space: 100,000 x3mb+3gb=296gb v In an environment with 250,000 endpoints, you must provide 736 GB of free disk space: 250,000 x3mb+3gb=736gb Hardware specifications Hardware specifications provide optimum performance for similar sized deployments of the IBM Tivoli Endpoint Manager for Software Use Analysis application. If your deployment includes more than 20 Software Use Analysis application users, consider augmenting your hardware specifications to the next higher scale. For best performance, consider the following specifications: Deployment Processor Memory Hard disks Size 1,000 2-3 GHz - 2 Cores 3 GB 1 RAID Array (RAID 10, 5) 10,000 2-3 GHz - 2-4 Cores 15 GB 1-2 RAID Arrays (RAID 10) 6

RAID arrays must support the use of disk cache for both reading and writing. Set the disk cache to 50/50 read/write. Deploying Software Use Analysis site content to your computers As part of the setup process, you must deploy and configure both software inventory tool scanner and Common Inventory Technology scanner on the endpoints in your infrastructure. Both scanners are required. The scans must run on a regular basis, and the default frequency is once a week. About this task You can use the Tivoli Endpoint Manager console to activate and deactivate scanners and to activate analyses. Log on to the Tivoli Endpoint Manager Console before beginning the installation of Software Use Analysis to become familiar with the main panels of the console and the content that is displayed in these panels. Activate analyses Deploy Common Inventory Technology scanner Deploy software inventory tool scanner Run RPM scanner periodically Activate analyses An Analysis is a collection of property expressions that a console operator uses to view and summarize various properties of client computers across a network. Deploy Common Inventory Technology scanner Deploy Common Inventory Technology scanner on the computers on which you want to detect complex software signatures. This type of signature is not detected by the software inventory tool scanner. Deploy the software inventory tool scanner The software inventory tool scanner is a component that is deployed from the Tivoli Endpoint Manager console. It collects information about file signatures that are present on endpoints. Run RPM scanner periodically You must run the RPM scanner on a weekly basis to have up-to-date information about installed packages on the AIX and Linux computers in your infrastructure. You might want to perform additional tasks on the Software Use Analysis site content. Getting started with the Tivoli Endpoint Manager Console You can use the Tivoli Endpoint Manager console to activate and deactivate scanners and to activate analyses. Log on to the Tivoli Endpoint Manager Console before beginning the installation of Software Use Analysis to become familiar with the main panels of the console and the content that is displayed in these panels. The main window of the Tivoli Endpoint Manager console consists of three panels: List Panel, Domain Panel, and Work Area. The following figure presents the location of the panels within the main console window. See the description of the panels to become familiar with their content and functions. Chapter 1. Installing Software Use Analysis 7

1 2 3 List Panel Lists items, such as tasks or fixlets, that are specified by the content filters and the navigation trees in the Domain Panel. You can sort and rearrange the contents of the List Panel by clicking the column headers and dragging them left or right. In addition, you can right-click each header to see a pop-up menu that contains a list of all the possible fields that you can use as headers. Domain Panel Groups content into collections that are pertinent to specific operator domains and provides a high-level view of the domains. Within each domain, the panel presents navigation trees that make it easy to zoom in on fixlet messages, reports, analyses, and other content. The Domain Panel might be subdivided into sections that depend on the style of the domain. Some of the sections available include: v v Content Filters - provides various content filters and reports that are a part of the selected domain. Click the disclosure icon to the left (either a triangle or a plus sign) to produce a navigation tree to refine your choices. General Content - enables navigating all content within the domain. The content might include fixlet messages, tasks, actions, analyses, and computers, all collected from various sites. Click the disclosure icon to the left (either a triangle or a plus sign) to expand the tree. Work Area Displays detailed information about the items from the List Panel. A toolbar that is at the top of the Work Area contains context-sensitive buttons that can run various actions based on the content of the current work area. The toolbar also contains two icons that you can use maximize or detach a specific document. Detaching a document makes it possible to examine more than one document at a time. Activating the analyses An Analysis is a collection of property expressions a console operator uses to view and summarize various properties of client computers across a network. 1. On the left navigation bar of the Tivoli Endpoint Manager console, click Sites > External > IBM Software Inventory > Analyses. 2. In the upper-right pane, select each analysis individually or select the entire list of analyses. Right-click to display a list of options, and select Activate. The following analyses must be activated: v Installed Windows Applications 8

v Installed UNIX Packages Tip: To learn how each analysis affects your deployment, click the analysis and view a description in the work area that opens. Results When an analysis is activated, its status changes in the List Panel. Now you can view and analyze the computers you targeted. Deploying Common Inventory Technology scanner Deploy Common Inventory Technology scanner on the computers on which you want to detect complex software signatures. This type of signatures is not detected by the software inventory tool scanner. About this task Important: v IBM Tivoli Endpoint Manager client must be installed and running on the target endpoint. v You must deploy Common Inventory Technology scanner even though Common Inventory Technology is deployed on the target endpoint. Software Use Analysis must be added as Common Inventory Technology exploiter. 1. In the navigation bar of the Tivoli Endpoint Manager console, click Sites > External > IBM Software Inventory > Fixlets and Tasks. 2. In the right upper pane, select Install CIT Scanner. 3. In the lower pane, click Take Action. A new window opens. 4. Click the name of the computer on which you want to deploy the Common Inventory Technology scanner, and click OK. Important: You can click the Action Script tab to view or modify the script. The Common Inventory Technology scanner has several configurations that define its operation. The default configuration specifies, for example, which files and directories are examined during software scans. Deploying the software inventory tool scanner Software inventory tool scanner is a component that is deployed from the Tivoli Endpoint Manager console. It collects information about file signatures that are present on endpoints. Before you begin Linux Ensure that the compat-libstdc++-33 and compat-libstdc++-295 (32 and 64-bit) libraries are installed on the computer on which you want to run the software inventory tool scanner. IBM Tivoli Endpoint Manager client must be installed and running on the target endpoint. Chapter 1. Installing Software Use Analysis 9

1. On the navigation bar of the Tivoli Endpoint Manager console, click Sites > External > IBM Software Inventory > Fixlets and Tasks. 2. In the upper-right pane, select Install Scanner. 3. In the lower pane, click Take Action. A new window opens. 4. Click the name of the computer on which you want to deploy the software inventory tool scanner, and click OK. Important: You can click the Action Script tab to view or modify the script. The software inventory tool scanner has several configurations that define its operation. The default configuration specifies, for example, which files and directories are examined during software scans. You can: v Exclude directories from being scanned v Add new files to software scans v Set scanner log level v Change the location of scan file Running RPM scanner You must run the RPM scanner on a regular basis to have up-to-date information about installed packages on the AIX and Linux computers in your infrastructure. 1. On the navigation bar of the Tivoli Endpoint Manager server console, click Sites > External > IBM Software Inventory > Fixlets and Tasks. 2. In the upper-right pane, click RPM Scanner, and in the lower-right pane, click Take Action. 3. In the right pane of the window that opens, holding the Ctrl key, click the computers on which you want to activate the scanner, and click OK. 4. To verify the status of the scanner, in the navigation bar, click Actions, and in the upper-right pane click the scanner action you started. The details of the action are displayed in the lower-right pane. You can also check the status of the RPM scanner. Performing other tasks on the Software Use Analysis site content You might want to perform additional tasks to manage the Software Use Analysis site content. For example, to exclude directories from being scanned. Excluding directories from being scanned You can exclude directories on a target endpoint so that they are not scanned. Excluding some directories from scan is useful if the directories are large and do not contain information that is important to the software inventory. By excluding them, you can speed up the scanning process. About this task Create a fixlet that overwrites the default configuration file exclude_path_external.txt on an endpoint. A Scan action needs to be stopped and reissued once a new configuration file is pushed to the end point. 10

1. On the top navigation bar of the Tivoli Endpoint Manager console, click Tools > Take Custom Action... 2. In the right pane of the window that opens, click the name of the computer whose software inventory tool scanner settings you want to change, and click the Action Script tab. 3. In the Action Script text area, paste the script with the names of the directories that are to be excluded from your target platform. Each item must be on a separate line. Use a regular expression enclosed by two forward slashes in the format m/regular_expression/. You can also use a DOS-style expression on Windows. Important: The Windows regular expression path must contain double back slashes, for example m/.:\\windows\\microsoft\\.net/. Examples of expressions: v UNIX Examples: m/\tmp/ Excludes the \tmp directory. m/\home/ Excludes the \home directory. v Windows Examples of regular expressions: m/.:\\windows\\microsoft\.net/ This regular expression excludes directories from any drive with the path \\Windows\Microsoft.NET. m/c:\\install\\/ This regular expression excludes directories from the \\INSTALL directory on drive C. Examples of DOS-style expressions: C:\Documents and Settings\Administrator\ This expression excludes all the directories under the directory C:\Documents and Settings\Administrator\.?:\Windows\System32\ This expression excludes directories from any drive with the path \\Windows\System32. The resulting block of code might look like the following one: Chapter 1. Installing Software Use Analysis 11

// WINDOWS if {((name of operating system) as lowercase) contains "win"} parameter "homefolder" = "{pathname of parent folder of regapp "besclient.exe" & "\LMT\ITSIT"}" // create default exclude file delete "{parameter "homefolder" as string & "/" & "exclude_path_external.txt"}" delete appendfile appendfile *:\System Volume Information appendfile *:\$Recycle.Bin appendfile *:\RECYCLER appendfile {(name of it & "\" & "%0D%0A") of drives whose (type of it does not contain "FIXED")} move appendfile "{parameter "homefolder" as string & "\" & "exclude_path_external.txt"}" continue if {exists file (parameter "homefolder" as string & "\itsit.exe")} // UNIX else parameter "agentfolder" = "{pathname of parent folder of parent folder of client folder of site "actionsite"}" parameter "lmtfolder" = "{(parameter "agentfolder" as string) & "/LMT"}" parameter "homefolder" = "{(parameter "lmtfolder" as string) & "/ITSIT"}" // create default exclude file delete "{parameter "homefolder" as string & "/" & "exclude_path_external.txt"}" delete appendfile appendfile m//tmp/ appendfile m//home/test appendfile {("m/^" & concatenation "\/" of substrings separated by "/" of name of it & "/" & "%0A") of drives whose (type of it does not contain "FIXED")} move appendfile "{parameter "homefolder" as string & "/" & "exclude_path_external.txt"}" continue if {exists file (parameter "homefolder" as string & "/itsit")} endif 12 4. Click OK. 5. Optional: Click Refresh Console to view the status of the task. Adding new files to software scans You can add new files, paths, or file types to be included in software scans. About this task Create a fixlet that overwrites the default configuration file include_files_default.txt on an endpoint. A Scan action needs to be stopped and reissued once a new configuration file is pushed to the end point. 1. In the top navigation bar of the Tivoli Endpoint Manager console, click Tools > Take Custom Action... 2. In the right pane of the window that opens, click the name of the computer whose software inventory tool scanner settings you want to change, and click the Action Script tab. 3. In the Action Script text area, paste the following script with the names of files that are to be added or modified on your target platform. Use a regular expression enclosed by two forward slashes in the format m/regular_expression/. Each item must be on a separate line. Example: // WINDOWS if {((name of operating system) as lowercase) contains "win"} parameter "homefolder" = "{pathname of parent folder of regapp "besclient.exe" & "\LMT\ITSIT"}" // recreate default include file delete "{parameter "homefolder" as string}\include_files_default.txt"

delete createfile createfile until _END_ //List all extensions here m/.*\.exe$/ m/.*\.sys$/ m/.*\.sys2$/ m/.*\.jar$/ m/.*\.com$/ m/.*\.class$/ m/.*\.ear$/ m/.*\.so$/ m/.*\.bat$/ m/.*\.cmd$/ m/.*\.signature$/ m/.*\.swtag$/ _END_ move createfile "{parameter "homefolder" as string & "\" & "include_files_default.txt"}" continue if {exists file (parameter "homefolder" as string & "\itsit.exe")} // UNIX else parameter "agentfolder" = "{pathname of parent folder of parent folder of client folder of site "actionsite"}" parameter "lmtfolder" = "{(parameter "agentfolder" as string) & "/LMT"}" parameter "homefolder" = "{(parameter "lmtfolder" as string) & "/ITSIT"}" // recreate default include file delete "{parameter "homefolder" as string & "/" & "include_files_default.txt"}" delete createfile createfile until _END_ //List all extensions here m/.*\.sys$/ m/.*\.sys2$/ m/.*\.exe$/ m/.*\.so$/ m/.*\/oninit$/ m/.*\.sig$/ m/.*\/lcfd$/ m/.*\.jar$/ m/.*\.sh$/ m/.*\/besclient$/ _END_ move createfile "{parameter "homefolder" as string & "/" & "include_files_default.txt"}" continue if {exists file (parameter "homefolder" as string & "/itsit")} endif 4. Click OK. 5. Optional: Click Refresh Console to view the status of the task. Setting scanner log level You can turn logging on or off by setting the scanner log level. 1. On the top navigation bar of the Tivoli Endpoint Manager console, click Tools > Take Custom Action... Chapter 1. Installing Software Use Analysis 13

2. In the right pane of the window that opens, click the name of the computer whose software inventory tool scanner settings you want to change, and click the Action Script tab. 3. In the Action Script text area, paste the following script with the level of logging specified in it. setting "ITSIT_Scanner_Debug"="1" on "{parameter "action issue date" of action}" for client The following levels are available: 0 Debugging is disabled. 1 Debugging is enabled. 4. Click OK. 5. Optional: Click Refresh Console to view the status of the task. Changing the location of scan file You can modify the default location of the scan file in the file system where the software inventory tool scanner runs. 1. On the top navigation bar of the Tivoli Endpoint Manager console, click Tools > Take Custom Action... 2. In the right pane of the window that opens, click the name of the computer whose software inventory tool scanner settings you want to change, and click the Action Script tab. 3. In the Action Script text area, paste the following script with the path to the log file specified in it: setting "ITSIT_Scanner_OutDir"="C:\new_output_location" on "{parameter "action issue date" of action}" for client 4. Click OK. 5. Optional: Click Refresh Console to view the status of the task. What to do next Verify that the setting is modified: 1. In the navigation tree in the Domain Panel, click Computers > computer_name. 2. In the right lower pane, click Edit settings, and scroll to find the parameter ITSIT_Scanner_OutDir. Verify that the path in the Value column is the one you specified in the Action Script that you just ran. Excluding computers from being scanned You can exclude the computers in your environment from being targeted by the software inventory tool scanner or Common Inventory Technology scanner actions. 1. On the navigation bar of the Tivoli Endpoint Manager console, click Sites > External > IBM Software Inventory > Fixlets and Tasks. 2. In the upper-right pane, select Add Targeting Exception. 3. In the lower pane, click Take Action. A new window opens. 4. Hold the Ctrl key and click the names of the computers for which you want to add an exception. Note: You can click the Action Script tab to view the default script. 14

v v The script for disabling the software inventory tool scanner: setting "ITSIT_Deny"="1" on "{parameter "action issue date" of action}" for client The script for disabling the Common Inventory Technology scanner: setting "CIT_Deny"="1" on "{parameter "action issue date" of action}" for client 5. Click OK to exclude the target endpoint. Installing Software Knowledge Base Toolkit You can use Software Knowledge Base Toolkit to maintain data about software items and the means to discover these items. You can also use it to export the data to different types of catalogs which can be then imported into Software Use Analysis. Software Knowledge Base Toolkit is a repository of knowledge that supports the automated discovery of software items that are installed within your IT infrastructure. It stores information about the software titles that can be potentially in use in your organization, their manufacturers, and license relationships between the products. Each software item that is stored in the repository conforms to one of the standardized signature formats that is supported by the discovery infrastructure. The software knowledge base provides a link between the identity of a software item including its name and version, and the signatures with which an installed instance of that software item can be detected. The knowledge base data, gathered through research and automated data analysis, is shared with Software Use Analysis in the form of software catalogs. The import of these catalogs facilitates the asset management processes in your organization and reduces the risk of license noncompliance. Component architecture of Software Knowledge Base Toolkit You can use the summary of Software Knowledge Base Toolkit architecture to become familiar with the infrastructure of the application and the relationships between its components. IBM Tivoli Software Knowledge Base Toolkit on embedded WebSphere Application Server User interaction GUI layer Data exporter Catalogs External database Data editor Data importer Exchange format Knowledge Base Content Management Server Knowledge Base Content Management Server is a web-based interface that works with a centralized repository and manages the content of the knowledge base. Access to the server is role-based. The KB Content Chapter 1. Installing Software Use Analysis 15

Management Server is deployed and runs in an embedded WebSphere Application Server, which is accessible through the HTTP server. The KB Content Management Server can be reached through a web browser such as: v Internet Explorer 7 and 8 v Mozilla Firefox 3.6 and Extended Support Release (ESR) 10 The server runs on Windows, Linux, AIX, and Solaris. Knowledge Base Content Management Server consists of the following components, all of which run in embedded WebSphere Application Server V 6.1: GUI layer The GUI layer presents information to the user, and manages target computers and scans. The user interface is described in the Abstract User Interface Markup Language (AUIML). However, because the KB Content Management Server is a web-based application, AUIML components are rendered to HTML and JavaScript so that they can be displayed in a web browser. Raw data analyzer The analyzer navigates, manipulates, merges, and preprocesses raw data that is obtained through scans performed on computer systems in a distributed software environment. The analyst uses the component to derive an accurate definition of the software product from the available data and construct a signature for that product. The analyzer also supports conflict and uncertainty resolution for newly generated signatures and products. The source data for the raw data analyzer are raw data, Tivoli License Compliance Manager unknown data, and expectation lists. Data exporter The exporter supports the web user interface interactions through which catalogs are generated from the current KB content. Data importer The importer supports the web user interface interactions through which the content of the knowledge base is imported. The importer processes input documents to update the knowledge base content, resolves conflicts between new data and the current KB content, and generates import summaries. Data editor The editor is responsible for manual data management and content changes. It applies business rules to perform the tasks and validates the information that is committed to the knowledge base. External database The database stores the content of the application. Logically, raw data and the content of the knowledge base are stored separately, but physically it is the same database. The database contains information about the current KB content: manufacturers, software products and their signatures, license relations between software products, and the history of changes in the KB content. The database also stores imported raw data files. The content of the database can be imported from external sources and exported as catalogs or canonical XML files. The source of KB content can also comprise signatures and products that are generated by the raw data analyzer. 16

Configuring IBM Tivoli Software Knowledge Base Toolkit You must perform a few important tasks to configure Software Knowledge Base Toolkit to work with Software Use Analysis. Before you begin Tivoli Software Knowledge Base Toolkit must be installed in your infrastructure. 1. Log on to the Tivoli Endpoint Manager console and download monthly catalog updates by using the content in the IBM Software Inventory content site. Important: You can find instructions for accessing the content of the catalog in the release notes that are provided with the catalog release. 2. Import the catalog in the quick mode. 3. Publish the catalog in the canonical XML 2.0 format so that it is available to Software Use Analysis. Installing the Software Use Analysis application server You can use the Software Use Analysis installer to install the application on the Windows computer. Installing the server You can use the installation wizard to specify all parameters as the installation proceeds. Before you begin Microsoft SQL server is a prerequisite for Tivoli Endpoint Manager for Software Use Analysis. Install and configure the database software before starting this procedure. 1. Copy the tema.msi file to a temporary directory on the computer hard disk and double-click to begin installation. A welcome pane opens. 2. Read carefully the terms of the license agreement, and if you accept them all, select I accept the terms of the license agreement, and click Next. Otherwise click Cancel to quit the installation. 3. Accept or modify the default installation path, accept, or change the port that is to be used by the HTTP server running on the server computer. Click Next. 4. Specify the user account that runs the Software Use Analysis service. If you configure Software Use Analysis to connect to the SQL Server through a user that is authenticated by Windows authentication, the Software Use Analysis service must be configured to run as that same user. Select This account, and provide the user name and the password of the user account. Click Next. A summary panel opens. 5. Click Install. The installation of the Software Use Analysis server begins. 6. When the process finishes, select Launch browser to complete configuration, and click Finish to exit the installer. The final panel prompts you to start a web browser to complete the setup. Chapter 1. Installing Software Use Analysis 17

What to do next After the installation, use the server web interface to complete the server setup. If you configure the system at a later time, you must start a supported web browser on the Software Use Analysis server and go to http://localhost:port, replacing port with the port that you configured during the installation. Important: You can do the initial setup only from the localhost. Performing postinstallation tasks To ensure that you take full advantage of the functions that are provided by Tivoli Endpoint Manager for Software Use Analysis, you must perform a set of tasks after the installation of the application. The tasks include, among others, configuring the connection to the Tivoli Endpoint Manager database, setting up user accounts, and creating computer groups. About this task The postinstallation tasks are performed either on the Tivoli Endpoint Manager console or in Software Use Analysis. Task 1. Configure the connection to the Tivoli Endpoint Manager database Application used Tivoli Endpoint Manager 2. Set up roles Software Use Analysis 3. Set up users Software Use Analysis 4. Set up computer properties Software Use Analysis 5. Set up computer groups Software Use Analysis 6. Set up analysis properties Software Use Analysis 7. Import the software scan data into Software Use Analysis Software Use Analysis 8. Schedule scans Tivoli Endpoint Manager 9. Configure data uploads Tivoli Endpoint Manager 10. Update catalogs of the Common Inventory Technology scanner Software Use Analysis and Tivoli Endpoint Manager 11. Optional: Configure secure communication Software Use Analysis 12. Optional: Configure mail notifications Software Use Analysis Configuring connections with databases You must set up the database connections after installing the server, and before performing other postinstallation tasks. 1. On the main configuration page of the Tivoli Endpoint Manager console, set up the connection to the Tivoli Endpoint Manager for Software Use Analysis database: a. Enter the host and database name. b. Select one of the types of authentication: v Windows Authentication v SQL Server Authentication 18

In this scenario, the SQL Server Authentication option is described. c. Enter the Username, and Password. d. Click Create to connect to the Software Use Analysis database. A new pane opens. 2. Click Skip migration if you do not want to migrate the database. 3. Create the administrator account: provide the user name and password, confirm the password, and click Create. The last pane opens. 4. Connect to the IBM Tivoli Endpoint Manager database: a. Enter the host and database name. b. Select one of the types of authentication: v Windows Authentication v SQL Server Authentication In this scenario, the SQL Server Authentication option is described. c. Enter the User name, and Password. d. Click Create to connect to the Tivoli Endpoint Manager database. Note: You can also set up the web reports database by providing the same information on the right side of the pane. Setting up roles You can set up roles that you assign to the users of Software Use Analysis. Each role is a collection of permissions that correlates to a list of privileges. The administrator assigns roles to each user according to the privileges the user needs to efficiently operate the application. Before you begin You must be an administrator to perform this task. Important: The Administrator role is set by default and cannot be modified. 1. In the top navigation bar of Software Use Analysis, click Management > Roles. 2. To add a role, click New. 3. Specify the name and permissions that you want the new role to have and click Create. 4. Optional: To modify the role, double-click its name in the top pane of the Roles window. Results You have set up a user role. You can now create users and assign them with suitable roles. Setting up users You must set up users before you can grant access to Software Use Analysis. Each user can be assigned a role that determines the permissions that the user has. Chapter 1. Installing Software Use Analysis 19

Before you begin v v You must be an administrator to perform this task. You must set up the roles that you want to assign to the specific users. 1. In the top navigation bar of Software Use Analysis, click Managemant > Users. 2. To add a user, click New. 3. Specify the name of the user and the role that you want to assign to that user. Select the computer group to which the user is to have access and the authentication method. Click Create. 4. Optional: To modify the user, double-click its name in the top pane of the Users window. Setting up computer properties You can set up computer properties to specify the type of information about the computers that is displayed in Software Use Analysis. It gives you the ability to add computer attributes that can be used for filtering, sorting, and grouping information in reports. Before you begin You must be an administrator to perform this task. About this task The properties that you set up for computers can be used as attributes for filtering, sorting, and grouping information in reports. The list of properties available contains predefined items and properties that you can define on the Tivoli Endpoint Manager server. 1. To view the properties specified for the computers in your infrastructure, click Management > Computer Properties in the top navigation bar of Software Use Analysis. 2. To add more properties, click New. In the Create Computer Property pane, specify the name of the property to be displayed in the Software Use Analysis. Select the properties from the Datasource Property list and click Create. Setting up computer groups You can set up computer groups to sort and filter inventory reports. You can also assign contracts to specific computer groups to indicate which computers are entitled to use particular software. Before you begin You must be an administrator to perform this task. 1. To set up a new computer group, click Management > Computer Groups and then, click New. 20

2. Enter the name and description of a new group in the Create Computer Grouppane. 3. Create filters for your group parameters in the Definition section and click Create. 4. Optional: You can view the new group in the left pane of the Computer Groups window. You can also drag one group into another to make it a child or a subgroup. 5. To make new groups available in the component, click Reports > Import Now. Setting up analysis properties Analysis properties are used to recognize software and gather information about its usage. By default, two properties are set in Software Use Analysis: Windows Application Usage and Windows Installed Packages. You can also set up your own properties that you want to use to gather information from the endpoints. 1. To create a property that gathers information about the software that is installed in your infrastructure perform the following steps: a. In the top navigation bar of Software Use Analysis, click Managament > Registry Properties. b. To add a registry property, click the plus sign key (+). c. In the Create Registry Property pane, specify the name of the property. From the list of available properties, choose the data source property that you want to use to discover software that is installed in your infrastructure and click Create. 2. To create a property that gathers information about software usage, perform the following steps: a. In the top navigation bar of Software Use Analysis, click Management > Application Usage Properties. b. To add an application usage property, click the plus sign key (+). c. In the Create Application Usage Property pane, specify the name of the property. From the list of available properties, choose the data source property that you want to use to gathering information from the endpoints and click Create. Importing the software scan data The inventory results are stored on your IBM Tivoli Endpoint Manager server. You must extract that data and load it into the Tivoli Endpoint Manager for Software Use Analysis application database for use by the Software Use Analysis application. 1. Start the Software Use Analysis web user interface. 2. In the top navigation bar, click Management > Imports. 3. Click Import Now. Scheduling scans You can change how often each Tivoli Endpoint Manager for Software Use Analysis scan is run on specified endpoints. You can either choose the exact days and times on which the scan is to be run, or modify its start and end dates. Scan settings can be applied to one computer or a group of computers. Chapter 1. Installing Software Use Analysis 21

Before you begin You must be a master operator to perform this task. 1. Log on to the Tivoli Endpoint Manager console. 2. In the Domain navigation tree, expand Sites > External > IBM Software Inventory. 3. Select a subset of Fixlets and Tasks. 4. Optional: If the scanner is not installed on any of your computers you must install it. a. In the List panel, click Install scanner and in the Work Area toolbar, click Take Action. b. Click the Target tab to select a subset of computers on which you want to install the scanner and click OK. c. When the action status changes into Completed, select a subset of Fixlets and Tasks in the Domain navigation tree. 5. In the List panel, click Initiate scan and then in the Work Area toolbar, click Take Action. 6. Click the Target tab, to select a subset of computers on which you want to initiate the scanner, and then click the computer that you want to scan. 7. Click the Execution tab to specify the dates and frequency of your scans. Tip: It is best to run the scan every week. In large deployments, it is better to target individual subsets of computers at different times. 8. Click OK. 9. When the scan completes successfully, it automatically uploads the scan results to the server. Configuring data uploads You can create a policy action that uploads the software inventory data to your Tivoli Endpoint Manager server. 1. Start the Tivoli Endpoint Manager console. 2. On the navigation bar of the Tivoli Endpoint Manager console, click Sites > External > IBM Software Inventory > Fixlets and Tasks. 3. In the upper-right pane, click Upload Scan Results. Note: A single compressed scan result cannot exceed 1 MB. 4. In the lower pane, click Take Action. A new window opens. 5. Click the name of the computer whose settings you want to configure. 6. Click the Execution tab. 7. In the Behavior area, select Reapply this action, and then whenever it becomes relevant again. 22

8. Click OK. Updating catalogs of the Common Inventory Technology scanner During every import that involves changes to the software catalog, Tivoli Endpoint Manager for Software Use Analysis automatically generates catalogs for the Common Inventory Technology scanner. You must download the Common Inventory Technology catalogs to all endpoints that require Common Inventory Technology functionality. You can download a custom fixlet that sends the catalogs to the endpoints. The fixlet is updated every time the Common Inventory Technology catalog files are updated during the import. Before you begin Ensure that your Software Use Analysis server is visible to your Tivoli Endpoint Manager server. Important: If Secure Socket Layer (SSL) is enabled in your Software Use Analysis, all updates are also downloaded through SSL. The Tivoli Endpoint Manager server must recognize SSL certificates of Software Use Analysis as valid. 1. Import the software catalog. 2. In the top navigation bar, click Management > Catalog Updates. 3. To download the fixlet file to your computer, click CIT Catalog Download Fixlet. Choose the location where you want to save the catalog_download.bes file and click Save. 4. Copy the file to the computer where the Tivoli Endpoint Manager console is installed. 5. Log on to the Tivoli Endpoint Manager console. 6. To import the fixlet, click File > Import. A new dialog window opens. 7. Open the directory where you are storing the catalog_download.bes file, select the file and click Open. The file is imported. 8. In the left pane, click Sites > Master Action Site > Fixlets and Tasks. A list of available fixlets opens in the upper right pane. 9. To run the fixlet on the endpoints, select Get Common Inventory Technology Catalog, and click Take Action. Select the computers on which you want to run the fixlet, and click OK. Chapter 1. Installing Software Use Analysis 23

Results You enabled the fixlet that imports the Common Inventory Technology catalog to the endpoints in your infrastructure. Configuring secure communication Tivoli Endpoint Manager for Software Use Analysis administrators can configure SSL and the TCP ports from the Server Settings section of the web interface. When you turn on SSL, you can provide a pre-existing private key and certificate or have the system automatically generate a certificate. If you change the port or SSL settings, you must restart the service for the changes to take effect. 1. In the top navigation bar of Software Use Analysis, click Management > Server Settings. 2. On the Server Settings pane, select Use SSL. The Certificate subsection opens. 3. Provide information about security certificate: v If you have a certificate provided by an external certificate authority (CA): a. Select Import a PEM encoded private key and certificate. b. Click Browse to locate the certificate in the computer file system. c. Click Browse to locate the private key in the computer file system. d. In the Private key password field, provide the password for the key. e. Click Save. Note: The certificate and the key must be PEM-encoded. v If you generated a self-signed certificate: a. Specify the certificate subject common name. The common name must correspond to the DNS name of the Software Use Analysis server. b. In the Expiration Date field, enter the date when the certificate expires. c. Click Save. 4. Click Restart service to make the server operate with the new settings enabled. Configuring mail notifications You can configure mail settings so that reports are automatically sent to the specified recipients. The option is especially useful if a person does not work with Software Use Analysis or is not familiar with the application, but needs to have access to the reports. Before you begin You must be an administrator to perform this task. 1. In the top navigation bar of Software Use Analysis, click Management > Mail Settings. 2. In the Outbound Email Configuration pane, specify the SMTP server to which you want to have the email notifications sent. 3. Choose the port through which you want to have the email notifications sent: v To send email notifications through the default port, click default. v To send email notifications through the customized port, click custom. 24

4. Optional: To have the email encrypted, select Use STARTTLS. 5. In the TEMA Server Domain, specify the domain through which you access the Tivoli Endpoint Manager server. 6. Choose the authentication method: v To use no authentication, click None. v To use simple authentication, click Plain. v To use login authentication, click Login. v To use a challenge-response authentication mechanism, click CRAM-MD5. 7. In the From address field, specify the address that is displayed as the sender of the email. To save the mail configuration, click Save. 8. Optional: To check whether you correctly configured mail settings, send a test email by clicking Send Test Email. What to do next You can now schedule reports that you want to have sent to the specified email accounts. Chapter 1. Installing Software Use Analysis 25

26

Chapter 2. Uninstalling Uninstalling a scanner Deactivating the analyses You can uninstall the Tivoli Endpoint Manager for Software Use Analysis server, and scanners. Uninstall software inventory tool scanner or Common Inventory Technology scanner from a designated endpoint if you no longer want to monitor the software that is installed on this computer. 1. Log on to the Tivoli Endpoint Manager console. 2. In the Domain navigation tree, expand Sites > External > IBM Software Inventory. 3. Select a subset of Fixlets and Tasks. 4. In the upper-right panel, click the name of the scanner that you want to uninstall, and then in the Work Area toolbar, click Take Action. 5. Select the computer from which you want to uninstall the scanner, and click OK. You must deactivate all analyses when you uninstall IBM Tivoli Endpoint Manager for Software Use Analysis. Before you begin You must uninstall the RPM scanner before you deactivate the analyses. 1. On the left navigation bar of the Tivoli Endpoint Manager console, click Sites > External > IBM Software Inventory > Analyses. 2. In the upper right pane, select all of the activated analyses, and click Deactivate. Results When deactivated, the status of each analysis is changed in the List Panel. Uninstalling the Software Use Analysis server You can use the uninstallation wizard to specify the parameters for the uninstallation of the Software Use Analysis application. 1. Windows From the Control Panel, select the Add/Remove Programs option from the Control Panel. 2. Select Tivoli Endpoint Manager for Software Use Analysis, and click Remove. The uninstallation takes a few minutes, depending on the system configuration. Copyright IBM Corp. 2002, 2012 27

Results You uninstalled the Software Use Analysis server. The database, user logins, and passwords are preserved. What to do next The wizard does not uninstall Microsoft SQL server database. You must uninstall it separately. 28

Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan, Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. Copyright IBM Corp. 2002, 2012 29

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 79758 U.S.A Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. 30

Index C catalog importing 17 publishing 17 catalog updates downloading 17 content management server architecture 15 I installation requirements 6 specifications hardware 6 R requirements hardware disk space 6 processor 6 ram 6 S Software Knowledge Base Toolkit configuration 17 installation 15 physical architecture 15 software use analysis scans 22 scheduling frequency 22 sua scans 22 scheduling 22 specifications hardware deployment size 6 hard disks 6 memory 6 processor 6 swkb configuration 17 installation 15 Copyright IBM Corp. 2002, 2012 31

32

Printed in USA SC22-5473-00