Tivoli Endpoint Manager for Remote Control Version 8 Release 2 User s Guide
Tivoli Endpoint Manager for Remote Control Version 8 Release 2 User s Guide
Note Before using this information and the product it supports, read the information in Notices on page 89 This edition applies to version 8, release 2, modification 0 of IBM Tivoli Endpoint Manager for Remote Control and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2003, 2012. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents About this publication........ v What's new............... v Chapter 1. Overview......... 1 Chapter 2. System requirements.... 3 Server requirements............ 3 Controller requirements........... 3 Target requirements............ 4 Gateway requirements........... 4 Chapter 3. Server environment guidelines.............. 5 Small environment guidelines........ 5 Medium environment guidelines....... 6 Large environment guidelines........ 7 Chapter 4. Installing Tivoli Endpoint Manager for Remote Control...... 9 Installing the server component......... 9 Installing from the TEM console....... 9 Using the installation media........ 9 Passport Advantage: server installation files.. 10 Installing the target component........ 11 Installing from the TEM console...... 11 Installing using the installation media.... 11 Passport Advantage: target installation files.. 14 Installing the controller component...... 14 Installing from the TEM console...... 14 Installing using the installation media.... 14 Passport Advantage: controller installation files 15 Chapter 5. Definitions........ 17 Chapter 6. Using the new Tivoli Endpoint Manager console...... 19 Components.............. 19 Chapter 8. Using Tivoli Endpoint Manager for Remote Control..... 27 Deploying from the console......... 27 Windows deployment.......... 28 Linux deployment........... 36 Updating Tivoli Endpoint Manager for Remote Control components........... 45 Updating Windows components...... 46 Updating Linux components....... 48 Establishing a remote control session...... 50 Starting a peer to peer session....... 50 Starting a server initiated remote control session 53 Responding to warnings.......... 54 Managing target and server configurations.... 56 Creating Tivoli Endpoint Manager for Remote Control server installation tasks...... 56 Creating Tivoli Endpoint Manager for Remote Control target configuration tasks...... 63 Running Tivoli Endpoint Manager for Remote Control tasks............. 76 Analyses............... 77 Retrieving target installation and security data. 77 Retrieving audit events data........ 79 Retrieving user, session and performance data.. 80 Retrieving session connection data...... 81 Retrieving session activity data....... 82 Chapter 9. Viewing web reports.... 85 Appendix. Support......... 87 Frequently Asked Questions......... 87 Technical Support............ 88 Notices.............. 89 COPYRIGHT LICENSE.......... 90 TRADEMARKS............. 90 Index............... 93 Chapter 7. Dashboards overview... 23 Viewing deployment distribution data..... 23 Copyright IBM Corp. 2003, 2012 iii
iv Tivoli Endpoint Manager for Remote Control: User s Guide
About this publication What's new This section explains what has changed in this publication since the integration of TRC 5.1.2 with TEM 8.1. v v v v v v v v v A server component has been included as part of Tivoli Endpoint Manager for Remote Control. For an overview of this component see Chapter 1, Overview, on page 1 and for server requirements details see Chapter 2, System requirements, on page 3. For deployment details see Installing the server component. on page 9. To help with determining which type of Tivoli Endpoint Manager for Remote Control Server installation would be best suited to your environment a set of guidelines has been provided. See Chapter 3, Server environment guidelines, on page 5. You can deploy command line tools. These tools contain two utilities that you can use to start a remote control session with a target or run commands on a target system without target user interaction. For details see Deploying from the console on page 27. Gateway support can be installed and configured to establish connections between targets, controllers and severs on different networks. See Deploying from the console on page 27. You can now install the latest enhancements and fixes that have been applied to the Tivoli Endpoint Manager for Remote Control target and controller components by using the Updates node in the Tivoli Endpoint Manager console to update your target and controller component configurations to a newer version. For more details see Updating Tivoli Endpoint Manager for Remote Control components on page 45. Establishing a remote control session section has been updated to include sessions initiated from the Tivoli Endpoint Manager for Remote Control server and also updates to establishing peer to peer sessions. For server initiated remote control sessions see Starting a server initiated remote control session on page 53. For updated peer to peer session details see Starting a peer to peer session on page 50. You can create server installation configurations, using the Tivoli Endpoint Manager for Remote Control Server Installer Wizard that you can use to install the Tivoli Endpoint Manager for Remote Control server component. For more details see Creating Tivoli Endpoint Manager for Remote Control server installation tasks on page 56. The Tivoli Endpoint Manager for Remote Control Target Wizard has been updated to include additional target configuration properties. For more details see Creating Tivoli Endpoint Manager for Remote Control target configuration tasks on page 63. The Analyses section has been updated to include the analyses for gathering the new target installation, security, user, session and performance options. For more details see Analyses on page 77. Copyright IBM Corp. 2003, 2012 v
vi Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 1. Overview The Tivoli Endpoint Manager for Remote Control site masthead contains information about Tivoli Endpoint Manager for Remote Control content that performs certain tasks and analyses within your deployment. You must be subscribed to the Tivoli Remote Control "site" in order to collect data from the client. This data will be utilized for reporting and analysis. Using the Tivoli Endpoint Manager for Remote Control solution you can deploy and configure the components required for establishing remote control sessions with workstations and servers across your enterprise. This Users's Guide will describe some of the primary components of Tivoli Endpoint Manager for Remote Control, how to install and configure these from the TEM console and their use in establishing a remote control session. See the IBM Tivoli Remote Control User's Guide for details of the functions available within a remote control session. There are three infrastructure components available in your Tivoli Endpoint Manager for Remote Control solution whose features are listed below. Server v User Account Management. v Target Management. v Policy engine for users and target endpoints. v Centralised depot for session information relevant for audit purposes. v Authentication broker for each session. v Web interface for administrators and controller users. Controller v Participates in a remote control session. Target v v v v v v Records audit information which can be stored locally and in the Tivoli Endpoint Manager for Remote Control server, if running. Resides on the endpoint (client) to be controlled. Presents a Graphical User Interface to the endpoint user. Controls the policies set for the session. Records audit information locally. Additionally if you have the Tivoli Endpoint Manager for Remote Control server component Registers and maintains current state information on the Tivoli Endpoint Manager for Remote Control server about the endpoint. Receives connection requests and can authenticate them against the infrastructure server if the Tivoli Endpoint Manager for Remote Control server is running. Stores audit information on the server. Copyright IBM Corp. 2003, 2012 1
2 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 2. System requirements Server requirements The computer on which you install the Tivoli Endpoint Manager for Remote Control server must have the minimum following items or capability: 1. At least a 2GHz Intel or AMD processor. 2. A minimum of 1Gb of memory. 3. A minimum of 2Gb of storage or hard drive space to install, and an average of 2MB per client in the database. 4. A minimum screen resolution of 800 x 600 pixels is required when performing an automated server install. 5. Adequate space for storing session video recordings. Recordings are stored on the hard drive and their size can vary depending on the duration and screen activity of the session. On average a 5 minutes session (8 bits mode) would use about 2MB of space. 6. A network card that supports TCP/IP. 7. IE 6, 7, 8 and 9 (for local console administration ) or Firefox 3.6 to 7.0.1. 8. OS for server is Windows Servers, Linux RHEL 4/5/6, SUSE (SLES) 10, 11. 9. When using Oracle as the database you must use the 10.2g JDBC 4 drivers for Oracle. Alternatively, if you are using the Oracle 11g drivers the following property must be set in the trc.properties file, oracle.increment.keys.off=1. When this is done you will need to restart the server service. Platform Support Controller requirements The following platforms are supported when using the installation tasks 1. Windows 2000 Server and Windows 2000 Advanced Server. 2. Windows Server 2003 Standard R2 (32 and 64 bit) and Windows Server 2003 Enterprise (32 and 64 bit) 3. Windows 2008 Server (R1) Standard / Enterprise (32 and 64 bit ) and (R2) Standard / Enterprise / Datacenter (32 and 64 bit ). 4. Red Hat Enterprise Linux 4.0, 5.0 and 6.0 for Intel x86 (32 bit only) and 5.0 and 6.0 for AMD/eMT 64 bit. 5. SUSE Linux Enterprise Server 10 and 11 for Intel x86 and AMD/eMT 64 bit. The Controller is a Java based application that can run on any platform with the following prerequisites: v Java Run Time environment: Sun 1.5-1.6 or IBM 1.4, 1.5, 1.6. Note: The Sun Java JRE is not supported in FIPS mode, you should use the IBM Java JRE in this mode. v Web Browser: either Microsoft Internet Explorer 6, 7, 8, 9 or Mozilla Firefox 3.6 to 7.0.1. Copyright IBM Corp. 2003, 2012 3
Target requirements The computer on which you install the Tivoli Endpoint Manager for Remote Control target must have the minimum following items or specification: 1. At least a 166MHz Intel or AMD processor. 2. A minimum of 64Mb of memory. 3. A minimum of 50Mb hard disk space. Platform Support Gateway requirements The following Platforms are supported 1. Windows 2000 Pro, Server, Advanced Server. 2. Windows XP Pro (32 bits), (64 bits). 3. Windows Server 2003 Standard R2 (32 bit), Standard R2 (64 bit), Enterprise R2 (32 bit), Enterprise R2 (64 bit). 4. Windows Server 2003 R2 Datacenter Edition x86-32, x86-64. 5. Windows Vista (32 bit), (64 bit). 6. Windows Vista Enterprise x86-32 and x86-32 with FDCC 7. Windows 2008 Server (Standard, Enterprise and Datacenter editions). 8. Windows 7 Enterprise x86 ( 32 and 64 bit) and 32 bit with FDCC. 9. RHEL 4.0, 5.0 and 6.0 for Intel x86, 5.0 and 6.0 for AMD/eMT 64bit. 10. SLES9/ 10forIntel x86, AMD/eMT 64bit. 11. SLED 10, 11 for Intel x86, AMD/eMT 64bit. 12. SUSE (SLES) 10/11 - x86-32, x86-64 The computer on which you install the Tivoli Endpoint Manager for Remote Control gateway must have the minimum following items or specification: 1. At least a 1GHz Intel or AMD processor. 2. A minimum of 512Mb of memory. 3. A minimum of 50Mb hard disk space. Platform Support The following Platforms are supported 1. Windows Server 2003 Standard R2 (32 bit), Standard R2 (64 bit), Enterprise R2 (32 bit), Enterprise R2 (64 bit). 2. Windows Server 2003 R2 Datacenter Edition x86-32, x86-64. 3. Windows 2008 Server (R1) Standard / Enterprise (32 and 64 bit ) and (R2) Standard / Enterprise / Datacenter (32 and 64 bit ) 4. RHEL 4.0, 5.0 and 6.0 for Intel x86, 5.0 and 6.0 for AMD/eMT 64bit. 5. SLES9/ 10forIntel x86, AMD/eMT 64bit. 6. SUSE (SLES) 10/11 - x86-32, x86-64 4 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 3. Server environment guidelines As well as determining the system requirements for installing the Tivoli Endpoint Manager for Remote Control components you should also determine which type of server installation is best for your environment. This section provides information which can be used as a guide when making this decision. Table 1. Tivoli Endpoint Manager for Remote Control Server installation types Server installation type Components installed 1 embedded Websphere Application Server, embedded Derby database 2 embedded Websphere Application Server, using an already installed DB2, MSSQL or Oracle database 3 stand-alone Tivoli Endpoint Manager for Remote Control Server accessing Websphere Application Server, using an already installed DB2, MSSQL or Oracle database Install using the TEM console Yes Yes No Install using the installation files Yes Yes Yes Small environment guidelines Note: Server installation types 1&2 are only available when using Windows or Linux. For environments containing up to 5K targets you can use server installation types 1 or 2 in Table 1. The following additional requirements should also be taken into consideration. v Processors - 1 Quad core or 2 dual core processors - 2.40 Ghz (with supported OS) v Memory -4GBRAM v Storage see Server requirements on page 3. v Heartbeat configuration Table 2. heartbeat configuration properties: suggested values for a small environment property in trc.properties value heartbeat.timeout 60 Note: Can be changed to 1440 ( 24 hours) instead of the default 60 (1hour) if there are performance issues. For example: when there is heavy usage of reports, especially with derby. heartbeat.retry 10 heartbeat.delay 20 heartbeat.on.wake 0 heartbeat.on.user.change 1 heartbeat.on.change 0 Copyright IBM Corp. 2003, 2012 5
Table 2. heartbeat configuration properties: suggested values for a small environment (continued) property in trc.properties value heartbeat.on.stop 0 Note: Installation type 1 can be suitable for demos or pilot projects and installation type 2 can give better performance, which may be preferred for production systems in these environments. Medium environment guidelines For environments containing from 5K to 75K targets you can use server installation types 2 or 3 in Table 1 on page 5. In terms of performance, installation type 2 is suitable however with installation type 3 you can also use the admin capabilities of the installed WAS. The following additional requirements should also be taken into consideration. v Processors - 1 Quad core or 2 dual core processors - 2.40 Ghz Windows 2003 64 bit/32 bit v Memory -8GBRAM v Storage - RAID 5-6HDD(DB2, Oracle or MS SQL 64 bit/ 32 bit) v Heartbeat configuration - Table 3. heartbeat configuration properties: suggested values for a medium environment property in trc.properties value heartbeat.timeout 1440 Note: If there are specific group of machines where more regular updates are needed, a smaller heartbeat timeout setting can be applied as a group attribute for those specific groups of targets. See the chapter that explains how to create a target group in the IBM Tivoli Remote Control Administrator's Guide for details of setting this attribute at group level. heartbeat.retry 10 Note: In an environment containing target numbers nearer the top of the range, setting this value to 20 could help with performance. heartbeat.delay 20 Note: In an environment containing target numbers nearer the top of the range, setting this value to 40 could help with performance. heartbeat.on.wake 0 heartbeat.on.user.change 1 heartbeat.on.change 0 heartbeat.on.stop 0 Note: In this type of environment you should ensure that the target deployment is performed in stages to avoid overload in the server when the targets try to register with the server. The RegistrationDelay target property should be given a value that will distribute the target machine registration evenly through the staged deployment to avoid too many machines trying to register at the one time. 6 Tivoli Endpoint Manager for Remote Control: User s Guide
Large environment guidelines For environments containing from 75K to 225K targets you can use server installation type 3 in Table 1 on page 5. The following additional requirements should also be taken into consideration. To host Websphere Application Server v Processors - 2 Quad core processors - 2.40 Ghz (supported OS) v Memory - 16 GB RAM v Storage - RAID 5-6HDD v Heartbeat configuration - Table 4. heartbeat configuration properties: suggested values for a large environment property in trc.properties value heartbeat.timeout 1440 Note: If there are specific group of machines where more regular updates are needed, a smaller heartbeat timeout setting can be applied as a group attribute for those specific groups of targets. See the chapter that explains how to create a target group in the IBM Tivoli Remote Control Administrator's Guide for details of setting this attribute at group level. heartbeat.retry 60 Note: In an environment containing target numbers nearer the top of the range, setting this to a higher value could help with performance. heartbeat.delay 60 Note: In an environment containing target numbers nearer the top of the range, setting this to a higher value could help with performance. heartbeat.on.wake 0 heartbeat.on.user.change 1 heartbeat.on.change 0 heartbeat.on.stop 0 v Optional: 2 network cards, one for target communications and one for database communications which could aid in performance tuning. To host the database (DB2, Oracle or MS SQL supported) v Processors - 4 Quad core processors - 2.40 Ghz Windows 2003 64 bit/32 bit v Memory - As recommended by DB supplier v Storage - RAID 5-6HDD146GB Note: The database administrator should tune the database for performance as appropriate. The following guidelines should also be taken into consideration when using large reports as some performance degradation can be experienced. v Ensure that the All targets report is not the default home page report v Ensure staged deployment of the targets to avoid overload in the server when they try to register Chapter 3. Server environment guidelines 7
Note: The RegistrationDelay target property should be given a value that will distribute the target machine registration evenly through the staged deployment to avoid too many machines trying to register at the one time. Note: If you have configured LDAP and LDAP synchronization is enabled, set a reasonable frequency for the synchronization, that is, every 24 hours particularly if your LDAP configuration is set up to import a large number of users and groups. 8 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 4. Installing Tivoli Endpoint Manager for Remote Control The Tivoli Endpoint Manager for Remote Control components can all be deployed by using the Tivoli Endpoint Manager console, using the installation DVD or by downloading the installation files from Passport Advantage. Installing the server component. When installing the Tivoli Endpoint Manager for Remote Control server component use the Server requirements on page 3 and Chapter 3, Server environment guidelines, on page 5 sections to determine which type of server installation is best suited for your environment. See the IBM Tivoli Remote Control Installation Guide for more details of the types of installations that can be carried out. When you have determined your installation type you can use the following options to install the component. When you have installed the server component use the IBM Tivoli Remote Control User's Guide, IBM Tivoli Remote Control Administrator's Guide and the Tivoli Endpoint Manager for Remote Control Release Notes for details of the server features and functionality. Installing from the TEM console You can use the TEM console to install the Tivoli Endpoint Manager for Remote Control Server with embedded Websphere Application Server by creating server installation tasks. See Creating Tivoli Endpoint Manager for Remote Control server installation tasks on page 56. Using the installation media You can use the installation DVD to install the Tivoli Endpoint Manager for Remote Control Server in two ways v v installed with embedded Websphere Application Server - see Installing a server with embedded components installed on a stand-alone Websphere Application Server - see Installing a stand-alone server on page 10 Installing a server with embedded components This type of server installation is only available when using Windows or Linux. To install the Tivoli Endpoint Manager for Remote Control Server with embedded components complete the following steps :- 1. Insert the installation DVD. Note: When mounting the Tivoli Endpoint Manager for Remote Control DVD on AIX, select the udfs file system and not the default cdfs file system. 2. Navigate to the trc\ [osdir] directory, where osdir is relevant to your operating system. For example \trc\windows. 3. Run the trc_server_setup.xxx file where XXX is relevant to your operating system. Copyright IBM Corp. 2003, 2012 9
Windows trc_server_setup.exe Linux trc_server_setup.bin Note: If you are using Red Hat 6.0 64-bit the following libraries along with their dependencies, need to be installed if they are not already installed, glibc.i686, libgcc.i686, libxft.i686, libxmu.i686, libxp.i686, libxtst.i686. 4. For the remainder of the installation follow from step 4 in Running an automated server install in the IBM Tivoli Remote Control Installation Guide Note: If you are using an MSSQL 2008 database select the MSSQL 2005 option on the select database server installer screen. Installing a stand-alone server To install a stand-alone server component complete the following steps :- 1. Follow the steps in the following sections of the chapter in the IBM Tivoli Remote Control Installation Guide which deals with running a manual server installation v Setting up the database v Setting up the application server 2. Insert the Tivoli Endpoint Manager for Remote Control installation DVD and follow from step 1 in the chapter that explains how to deploy the IBM Tivoli Remote Control application in the IBM Tivoli Remote Control Installation Guide. 3. Navigate to the Disk1\InstData directory and then relevant operating system directory on the DVD. Note: If you are using Red Hat 6.0 64-bit the following libraries along with their dependencies, need to be installed if they are not already installed, glibc.i686, libgcc.i686, libxmu.i686, libxtst.i686, libxp.i686. Passport Advantage: server installation files To install the server component you will require the following e-images from Passport Advantage depending on your operating system. Table 5. Parts required for installing the Tivoli Endpoint Manager for Remote Control Server Installation type Part Number File name server with embedded Websphere Application Server. See Installing a server with embedded components on page 9 for the installation steps when using these e-images. Windows CI3N8ML - IBM Tivoli Endpoint Manager for Remote Control V8.2.0 Image 1. Linux CI3N9ML - IBM Tivoli Endpoint Manager for Remote Control V8.2.0 Image 2. TEM_Rem_Cntrl_V820_Image_1.zip TEM_Rem_Cntrl_V820_Image_2.tar 10 Tivoli Endpoint Manager for Remote Control: User s Guide
Table 5. Parts required for installing the Tivoli Endpoint Manager for Remote Control Server (continued) Installation type Part Number File name stand-alone server. See Installing a stand-alone server on page 10 for the installation steps when using this e-image. Windows, Linux, AIX, Solaris CI3NAML - IBM Tivoli Endpoint Manager for Remote Control V8.2.0 Image 3. TEM_Rem_Cntrl_V820_Image_3.tar When you have downloaded the required files and unpacked them take note of the following directory references when carrying out the installation steps. v v Installing the target component If you are using TEM_Rem_Cntrl_V820_Image_1.zip or TEM_Rem_Cntrl_V820_Image_2.tar to install the server with embedded components replace any references to the \trc directory with \TEM_Rem_Cntrl_V820_Image_X, where X is 1 or 2 depending on the file that you have downloaded. If you are using TEM_Rem_Cntrl_V820_Image_3.tar to install a stand-alone server replace any references to Disk3 with \TEM_Rem_Cntrl_V820_Image_3. When you have installed the target component use the IBM Tivoli Remote Control User's Guide, IBM Tivoli Remote Control Administrator's Guide and the Tivoli Endpoint Manager for Remote Control Release Notes for details of the target features and functionality. Installing from the TEM console You can use the TEM console to install the Tivoli Endpoint Manager for Remote Control target using the fixlets contained in the deployment node. See Deploying from the console on page 27. Installing using the installation media Windows target installation Carrying out an attended target installation: During an attended target installation you will navigate through installer screens to configure or accept default values for various target property values. To carry out an attended target installation complete the following steps :- 1. Insert the installation DVD. 2. Navigate to the trc\windows directory. 3. Start the trc_target_setup..exe file. 4. For the remainder of the installation follow from step 12 in Running an automated target install in the IBM Tivoli Remote Control Installation Guide. Note: If you select an option to peer to peer on the Peer to Peer Failover screen and click Peer to Peer Policies, see step 2 on page 63, Selecting configuration values for definitions of the peer to peer policies that can be set. Carrying out a custom installation: Chapter 4. Installing Remote Control 11
You can carry out a target custom installation to install the target software using parameters by carrying out one of the following types of installation. unattended and silent No interaction is required by the user and no UI windows or progress bars are displayed to the user. unattended No interaction is required by the user and an installation progress bar is displayed to the user. attended The full installation UI is displayed and requires user interaction. You can customise installation settings and also assign the target to a specific group at install time. To carry out a target custom installation complete the following steps :-. 1. Insert the installation DVD. 2. Navigate to the trc\windows directory. 3. For the remainder of the installation follow the steps in Performing a target custom install on Windows in the IBM Tivoli Remote Control Installation Guide Note: a. The trc_target_setup.exe file should be copied from the DVD to the IBMTRC directory. b. See step 2 on page 63 for definitions of the target properties that can be set. Linux target installation Installing the target using the RPM file: The installation DVD contains a default target RPM file which you can install and then configure the target after the installation. To extract and install the RPM file complete the following steps :- 1. Navigate to the \Disk1\InstData\VM\ [osdir] directory, where [osdir] is the operating system that you will use to run the additional setup file on. For example: you can run the additional setup file on a windows machine to extract the target installation files and then copy the relevant files to the machine that you want to install the target component on. 2. Start the additional setup file. Windows trc_additional_setup.exe Linux, Solaris, AIX trc_additional_setup.bin Note: If you are using Red Hat 6.0 64-bit the following libraries along with their dependencies, need to be installed if they are not already installed, glibc.i686, libgcc.i686, libxmu.i686, libxtst.i686,libxp.i686,libxi.i686. 3. Follow from step 2 in Using the additional setup utility for installation in the IBM Tivoli Remote Control Installation Guide to extract the target installation files. 4. Navigate to the RCTarget directory and you will see the ibm-trc-target- 8.2.0.i386.rpm file. If required copy this file to the machine that you want to install the Linux target on. 12 Tivoli Endpoint Manager for Remote Control: User s Guide
5. To install the Linux target type the following command rpm -ivh ibm-trc-target-8.2.0.i386.rpm When the target is installed you can configure the target properties by editing the etc/ibmtrc.conf file. See Selecting Configuration values in step 2 on page 63 for details of target properties and their definitions. Note: To create a customised rpm file see the chapter that explains how to install and configure the target using the RPM file in the IBM Tivoli Remote Control Installation Guide Installing the target using the SPB file: You can install the Tivoli Endpoint Manager for Remote Control Windows and Linux target components using the Software Package Block (SPB) installation method which requires IBM Tivoli Provisioning Manager. The files required for this installation are extracted using the additional setup utility. To install the target using the SPB installation method complete the following steps :- 1. Extract and run the additional setup utility files. Extracting the additional setup utility from the installation media a. To extract the additional setup files using the installation DVD follow from step 1 on page 12 to step 4 on page 12. b. In step 4 on page 12 when you navigate to the RCTarget directory you will see the spb files Windows trc_target_win.spb Linux trc_target_linux.spb Note: If you are using Red Hat 6.0 64-bit the following libraries along with their dependencies, need to be installed if they are not already installed, glibc.i686, libgcc.i686, libxmu.i686, libxp.i686, libxtst.i686. Extracting the additional setup utility from the Passport Advantage e-image a. To extract the additional setup files using Passport Advantage you need to download e-image TEM_ Rem_Cntrl_V820_3.tar. See Table 6 on page 14 for the part number required. b. Unpack this file and follow from step 1 on page 12 to step 4 on page 12. c. In step 4 on page 12 when you navigate to the RCTarget directory you will see the spb files Windows trc_target_win.spb Linux trc_target_linux.spb Note: If you are using Red Hat 6.0 64-bit the following libraries along with their dependencies, need to be installed if they are not already installed, glibc.i686, libgcc.i686, libxft.i686, libxmu.i686, libxp.i686, libxtst.i686. 2. For details of installing the software package block file please refer to the IBM Tivoli Provisioning Manager information center at : http:// publib.boulder.ibm.com/infocenter/tivihelp/v28r1/index.jsp and the chapter that explains installing software products. Chapter 4. Installing Remote Control 13
Note: Tivoli Common Agent (TCA) needs to be installed on the computers before the target can be installed using the SPB method. Passport Advantage: target installation files To install the target component you will require the following e-images from Passport Advantage depending on your operating system. Table 6. Parts required for installing the Tivoli Endpoint Manager for Remote Control target Operating system Part Number File name Windows. See Windows target installation on page 11 for installation steps. Linux. See Linux target installation on page 12 for installation steps. CI3N8ML - IBM Tivoli Endpoint Manager for Remote Control V8.2.0 Image 1. CI3NAML - IBM Tivoli Endpoint Manager for Remote Control V8.2.0 Image 3. TEM_Rem_Cntrl_V820_Image_1.zip TEM_Rem_Cntrl_V820_Image_3.tar When you have downloaded the required files and unpacked them, take note of the following directory references when carrying out the steps. v v For TEM_Rem_Cntrl_V820_Image_1.zip - when installing a Windows target replace any references to the \trc directory with \TEM_Rem_Cntrl_V820_Image_1. For TEM_Rem_Cntrl_V820_Image_3.tar - when installing a Linux target replace any references to Disk3 with \TEM_Rem_Cntrl_V820_Image_3. Installing the controller component When you have installed the controller component use the IBM Tivoli Remote Control User's Guide, IBM Tivoli Remote Control Administrator's Guide and the Tivoli Endpoint Manager for Remote Control Release Notes for details of the controller features and functionality. Installing from the TEM console You can use the TEM console to install the Tivoli Endpoint Manager for Remote Control controller using the fixlets, relevant to you operating system, contained in the deployment node. See Deploying from the console on page 27. Installing using the installation media To install the TEM for Remote Control controller component using the installation DVD complete the following steps :- 1. Insert the installation DVD. 2. The operating system that you are using will determine which installation files are required. Windows To install the controller in Windows see Installing the controller in Windows in the IBM Tivoli Remote Control Installation Guide using the \trc and \Disk1 directories on the DVD during the installation steps. AIX, Linux, Solaric (SPARC) To install the controller in AIX, Linux or Solaris (SPARC) see Installing the controller in Linux in the IBM Tivoli Remote Control Installation Guide using the \Disk1 directory on the DVD during the installation steps. 14 Tivoli Endpoint Manager for Remote Control: User s Guide
Note: The controller command line package that will be installed will be ibm-trc-controller-8.2.0.noarch.rpm. Other supported operating systems To install the controller on a system that is running another supported operating system (with the correct version of Java) that is not WIndows, Linux, AIX or Solaris (SPARC) you can use the files in the \Disk1 directory of the installation DVD. To install the controller see Installing the controller on other supported operating systems in the IBM Tivoli Remote Control Installation Guide. Passport Advantage: controller installation files To install the controller component you will require the following e-images from Passport Advantage depending on your operating system. Table 7. Parts required for installing the Tivoli Endpoint Manager for Remote Control controller Operating system Part Number File name Windows Windows, Linux, AIX, Solaris (SPARC) or any other supported operating system which is running the correct version of Java. CI3N8ML - IBM Tivoli Endpoint Manager for Remote Control V8.2.0 Image 1. CI3NAML - IBM Tivoli Endpoint Manager for Remote Control V8.2.0 Image 3. TEM_Rem_Cntrl_V820_Image_1.zip TEM_Rem_Cntrl_V820_Image_3.tar When you have downloaded the required files and unpacked them you can use the steps in Installing using the installation media on page 14 taking note of the following references v v When using TEM_Rem_Cntrl_V820_Image_1.zip - replace any references to the \trc directory with \TEM_Rem_Cntrl_V820_Image_1. When using TEM_Rem_Cntrl_V820_Image_3.tar - replace any references to Disk3 with \TEM_Rem_Cntrl_V820_Image_3. Chapter 4. Installing Remote Control 15
16 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 5. Definitions This section defines some common terms used when using Tivoli Endpoint Manager for Remote Control. Remote control session Establishing a connection to a computer in your environment to observe or actively control the computer remotely. In the session the controller user's keyboard and mouse become the primary keyboard and mouse for the remote system. Functionality such as chat, guidance, reboot, and file transfer are some of the options available for use in a remote control session. See the IBM Tivoli Remote Control User's Guide for more details of the types of session that can be established, the functionality of the controller GUI and the features available within these sessions. Peer to peer session A remote control session that is established directly between the controller and the target. The controller user starts the controller component locally and specifies the target that they want to takeover remotely. The local properties that have been set on the target will be used for the session. See Managing target and server configurations on page 56 for more information. For details about using the controller GUI once the session is established see the IBM Tivoli Remote Control User's Guide. Managed remote control session A remote control session in which the controller user initiates the session from the Tivoli Endpoint Manager for Remote Control server. From here the controller component is initiated and contacts the target to send the session request. The target then contacts the server to authenticate the request and obtain the policies and permissions that will be set for the session. See the IBM Tivoli Remote Control Administrators Guide for more information on policies and permissions for a managed remote control session. If the target cannot reach the server then the session will be refused. Session policies Session policies define the actions that can be carried out by the controller user and the features available on the target system during a remote control session. In a peer to peer session these are determined by the local properties defined on the target and in a managed session they are determined by policies and permissions resolved from user and target group relationships. See The Policy Engine section in the IBM Tivoli Remote Control Administrators Guide for more information on how policies and permissions are derived for a managed remote control session. Copyright IBM Corp. 2003, 2012 17
18 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 6. Using the new Tivoli Endpoint Manager console Components Tivoli Endpoint Manager for Remote Control encompasses a host of new features that provide the components required for remote takeover and monitoring of workstations and servers in your deployment. In addition, the TEM Console changed after version 7.2 which resulted in several new navigation updates for accessing your data. This section will address how to get around in the new Console. The navigation tree in the TEM Console, which is available for all Tivoli Endpoint Manager products, will serve as your central command for all Tivoli Endpoint Manager for Remote Control functionality. The navigation tree gives you easy access to all reports, wizards, Fixlet messages, analyses and tasks related to controlling and managing the target machines in your network. The TEM Console organizes content into four parts: v Domain Panel Includes navigation tree and list of all domains. v Navigation Tree Includes list of nodes and sub-nodes containing site content. v List Panel Contains listing of tasks and Fixlets. v Work Area Work window where Fixlet and dialogs display. In the context of the TEM Console, products or sites are grouped by categories or domains. For example, Tivoli Endpoint Manager for Remote Control is one of the sites contained within the Systems Lifecycle domain, as part of the Remote Control Configuration node. Copyright IBM Corp. 2003, 2012 19
The Domain Panel is the area on the left side of the Console that includes a navigation tree and a list of all domains. The Navigation Tree includes a list of nodes and sub-nodes containing site content. In the image below, you will see a navigation tree at the top with expandable and collapsible nodes, and a list of domains at the bottom. By clicking the Systems Lifecycle domain at the bottom of the domain panel, a list of sites associated with that particular domain will display in the navigation tree at the top. The red outlined area represents the entire Domain Panel (including the navigation tree and list of domains), and the blue outlined area contains just the Navigation Tree for the Tivoli Endpoint Manager for Remote Control site. 20 Tivoli Endpoint Manager for Remote Control: User s Guide
Tivoli Endpoint Manager for Remote Control tasks are sorted through upper and lower task windows, which are located on the right side of the Console. The upper panel (blue), called the List Panel, contains columns that sort data according to type, for example, Status, Name, Site, Applicable Computer Count. The lower panel or Work Area (red) presents the fixlet, task screen from which you will be directed to take specific actions to customise the content in your deployment. Chapter 6. Using the TEM console 21
22 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 7. Dashboards overview Tivoli Endpoint Manager for Remote Control offers a convenient dashboard for viewing the deployment distribution of the Tivoli Endpoint Manager for Remote Control components in your environment and the distribution of the type of target deployment carried out. You can access this dashboard from the top of the Tivoli Endpoint Manager for Remote Control navigation tree by selecting Tivoli Endpoint Manager for Remote Control Overview. Viewing deployment distribution data The Tivoli Endpoint Manager for Remote Control Overview dashboard includes two separate sections showing the deployment distribution of Tivoli Endpoint Manager for Remote Control and the target deployment type, distribution. Each section is explained below: The Tivoli Endpoint Manager for Remote Control Overview Deployment section displays the number of computers in your environment having the various Tivoli Endpoint Manager for Remote Control components installed. You can view different representations of the data by clicking on the buttons at the top right of the section to display a graphical version or data table version. Copyright IBM Corp. 2003, 2012 23
You can also view both representations of the data by clicking the button on the bottom left of the graph. 24 Tivoli Endpoint Manager for Remote Control: User s Guide
The Target Deployment Mode section shows the distribution of the type of target deployment that was carried out, on the computers in your environment which have the Tivoli Endpoint Manager for Remote Control agent software running. See Deploying from the console on page 27 for details of the different target deployment types.you can view different representations of the data by clicking on the buttons at the top right of the section to display a graphical version or data table version. Both representations of the data can be viewed using the same instructions as in the previous section. There are two icons on the top right of the dashboard that you can use for displaying the latest graphical data or for printing the data. The refresh icon distribution data. can be used to display the latest deployment The print icon can be used to print the dashboard data. The data will be printed to a pdf file that you can save to a specified location for future printing. Chapter 7. Dashboards overview 25
26 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 8. Using Tivoli Endpoint Manager for Remote Control Deploying from the console The Tivoli Endpoint Manager for Remote Control navigation tree provides a suite of fixlets, tasks and wizards that you can use for deploying, updating and gathering data from the components required to configure, monitor and control the computers in your environment. The Deployment node in the Tivoli Endpoint Manager for Remote Control navigation tree provides two sub-nodes which are operating system specific. These sub-nodes provide the components you need to establish a remote control session as well as other utilities that you can use, to connect to targets by using the command line and for installing support for accessing machines on different networks. Select the node which is relevant to your operating system to view a list of tasks that you can use to deploy or remove the required Tivoli Endpoint Manager for Remote Control components and utilities. Note: The Tivoli Endpoint Manager for Remote Control can also be deployed using the installation media, see Chapter 4, Installing Tivoli Endpoint Manager for Remote Control, on page 9. Controller The controller component should be deployed on the computer(s) that will initiate the remote control session when you do not have access to a Tivoli Endpoint Manager for Remote Control server. Target The target component should be deployed on the computer(s) that will be controlled during a remote control session. Tivoli Endpoint Manager for Remote Control offers two ways of deploying the target component depending on how you will establish a connection with the target. Both of these session types are explained in the Chapter 5, Definitions, on page 17 section and in more detail in the IBM Tivoli Remote Control Users Guide. Note: It should be noted that the 'Using the Tivoli Endpoint Manager for Remote Control server' method requires a Tivoli Endpoint Manager for Remote Control server to have already been installed in your environment. CLI tools The command line tools contain two utilities that can be run from the command line. You can use these utilities to start a remote control session with a target or run commands on a target system without target user interaction. Once installed, these tools can be useful if you want to connect to a target without accessing the Tivoli Endpoint Manager for Remote Control Server interface or for using as part of a script to run multiple commands in an automated fashion. Note: In order to deploy the CLI Tools you need to have the URL of a Tivoli Endpoint Manager for Remote Control server that you have access to. Gateway If you have targets, controllers and severs on different networks that cannot directly contact each other you can install and configure gateway Copyright IBM Corp. 2003, 2012 27
support. With the gateway support you can configure your network to allow these connections to be established. Windows deployment The Windows deployment node provides a set of tasks that you can use to install or remove the following components in a Windows environment. v v v target and controller software CLI tools gateway support Deploying the Windows target You can use the Deploy Tivoli Endpoint Manager for Remote Control Target for Windows task to install the target software onto a Windows computer. To initiate this task complete the following steps: 1. Click on Deployment > Windows in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control target for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. There are two actions available for this task. Determine your required installation method and follow the instructions given. 28 Tivoli Endpoint Manager for Remote Control: User s Guide
Deploy the TRC target in Peer2Peer mode With this installation method you can establish remote control sessions directly between the controller and the target without the need for a Tivoli Endpoint Manager for Remote Control server. This deployment method will install the target without requiring a Tivoli Endpoint Manager for Remote Control server URL to be specified and the local target policies set by this installation method will be used when a remote control session is established. See Managing target and server configurations on page 56 for details of the target installation properties. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the Tivoli Endpoint Manager for Remote Control target on. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Note: If you want the target to register with the Tivoli Endpoint Manager for Remote Control server in the future you can use the Tivoli Endpoint Manager for Remote Control Target Wizard to create a configuration task and specify the server URL of the required server. Running this task on the selected target will reconfigure it and it will then be able to contact the server. See Creating Tivoli Endpoint Manager for Remote Control target configuration tasks on page 63. Deploy the TRC target and specify the Tivoli Endpoint Manager for Remote Control Server Chose this installation option for target(s) to register with the Tivoli Chapter 8. Using Tivoli Endpoint Manager for Remote Control 29
Endpoint Manager for Remote Control server and take part in remote control sessions initiated from the server. This deployment method will require a Tivoli Endpoint Manager for Remote Control server URL to be specified. If a remote control session, initiated from the Remote Control server, is requested with this target the specified server will be contacted to authenticate the request. When the request is authenticated, the policies set for the session will be passed from the Remote Control server to the target and the session will be established. See Managing target and server configurations on page 56 for details of the target installation properties. Enter the URL of your Tivoli Endpoint Manager for Remote Control server and click OK. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the Tivoli Endpoint Manager for Remote Control target on. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Note: This installation option should only be chosen if you have the Tivoli Endpoint Manager for Remote Control server component installed and running. Removing the Windows target You can use the Uninstall Tivoli Endpoint Manager for Remote Control Target for Windows task to remove the target software from a Windows computer which has the target software already installed. To initiate this task complete the following steps: 1. Click on Deployment > Windows in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control target for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 30 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window, on the Target tab, select the required option for determining which target(s) to remove the Tivoli Endpoint Manager for Remote Control target from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Note: It should be noted that after the removal of the target there might be some files, which were created as part of the normal execution of the target program, that are not deleted automatically. These files are located in Documents and Settings\All Users\Application Data\IBM\Tivoli\Remote Control. Deploying the Windows controller You can use the Deploy Tivoli Endpoint Manager for Remote Control Controller for Windows task to install the controller software onto a Windows computer. Note: If you want to be able to start a remote control session with targets from the TEM console ( see Starting a peer to peer session from the TEM console on page 50 ) you should deploy the controller to the same machine as the console is installed on. However it should be noted that when the controller is deployed it is only the current user who is logged on to the machine that you are deploying to that will have the rights to see the menu item that allows you to start a session, it will not be visible to other users. To initiate this task complete the following steps: 1. Click on Deployment > Windows in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control Controller for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 31
4. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the controller on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Removing the Windows controller You can use the Uninstall Tivoli Endpoint Manager for Remote Control Controller for Windows task to remove the controller software from a Windows computer which has the controller software already installed. To initiate this task complete the following steps: 1. Click on Deployment > Windows in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control Controller for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 32 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window, in the Target tab, select the required option for determining which target(s) to remove the Tivoli Endpoint Manager for Remote Control controller from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Deploying the Windows CLI tools You can use the Deploy Tivoli Endpoint Manager for Remote Control CLI Tools for Windows task to install the CLI tools onto a Windows computer. To initiate this task complete the following steps: Note: 1. You do not need to deploy the CLI tools on any computers that you have deployed the target on as these computers will already have the CLI tools installed along with the target. 2. In order to deploy this task you need the URL for a Tivoli Endpoint Manager for Remote Control server that you have access to. 1. Click on Deployment > Windows in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control CLI Tools for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 33
4. Enter the URL of the Tivoli Endpoint Manager for Remote Control server and click OK. 5. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the CLI tools on. 6. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. You should now have the following two CLI utilities installed in the \Program Files\IBM\tivoli\Remote Control\Target directory on the target(s) that were selected when you ran the deployment task. wrc.exe You can use this tool to start a remote control session with a target. wrcmdpcr.exe You can use this tool to run a command on a target and see the output from the command on the machine that you issued the command from. For more details on how to use the command line tools see Using remote control commands from the command line in the IBM Tivoli Remote Control User's Guide. Removing the Windows CLI tools You can use the Uninstall Tivoli Endpoint Manager for Remote Control CLI Tools for Windows task to remove the CLI tools from a Windows computer which has the CLI tools already installed. To initiate this task complete the following steps: 1. Click on Deployment > Windows in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control CLI Tools for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 34 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window, in the Target tab, select the required option for determining which target(s) to remove the CLI tools from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. The CLI tools should no longer be present on the selected target(s). Note: It should be noted that after the removal of the cli tools there could be some files, which were created as part of the normal execution of the cli installation program, that are not deleted automatically. These files are located in Documents and Settings\All Users\Application Data\IBM\Tivoli\Remote Control. Deploying the Windows gateway support You can use the Deploy Tivoli Endpoint Manager for Remote Control Gateway for Windows task to install gateway support onto a Windows computer. To initiate this task complete the following steps: 1. Click on Deployment > Windows in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control Gateway for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 4. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the gateway support on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. You should now have gateway support installed on the target(s) that were selected when you ran the deployment task. The files for this will have been installed in the \Program Files\IBM\tivoli\Remote Control\Gateway directory on the selected target(s). Chapter 8. Using Tivoli Endpoint Manager for Remote Control 35
To make use of the gateway support you will need to setup a gateway configuration for your environment. See Configuring the gateway support in the IBM Tivoli Remote Control Administrator's Guide for details. Removing the Windows gateway support You can use the Uninstall Tivoli Endpoint Manager for Remote Control Gateway support for Windows task to remove the gateway support files from a Windows computer which has these files already installed. To initiate this task complete the following steps: 1. Click on Deployment > Windows in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control Gateway for Windows. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 4. In the Take Action window, in the Target tab, select the required option for determining which target(s) to remove the gateway support from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. The gateway support files should no longer be present on the selected target(s). Linux deployment The Linux deployment node provides a set of tasks that you can use to install or remove the following components in a Linux environment. v v v target and controller software CLI tools gateway support Note: If you are installing the target, cli and gateway components on a Red Hat 6.0 64 bit machine the following libraries along with their dependencies, need to be installed if they are not already installed. For all: glibc.i686 and additionally for the target component: libxmu.i686, libxi.i686, libxtst.i686. 36 Tivoli Endpoint Manager for Remote Control: User s Guide
Deploying the Linux target You can use the Deploy Tivoli Endpoint Manager for Remote Control Target for Linux task to install the target software onto a Linux computer. To initiate this task complete the following steps: 1. Click on Deployment > Linux in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control target for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. There are two actions available for this task. Determine your required installation method and follow the instructions given. Deploy the TRC target in Peer2Peer mode With this installation method you can establish remote control sessions directly between the controller and the target without the need for a Tivoli Endpoint Manager for Remote Control server. This deployment method will install the target without requiring a Tivoli Endpoint Manager for Remote Control server URL to be specified and the local target policies set by this installation method will be used when a remote control session is established. See Managing target and server configurations on page 56 for details of the target installation properties. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the Tivoli Endpoint Manager for Remote Control target on. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Note: If you want the target to register with the Tivoli Endpoint Manager for Remote Control server in the future you can use the Tivoli Chapter 8. Using Tivoli Endpoint Manager for Remote Control 37
Endpoint Manager for Remote Control Target Wizard to create a configuration task and specify the server URL of the required server. Running this task on the selected target will reconfigure it and it will then be able to contact the server. See Creating Tivoli Endpoint Manager for Remote Control target configuration tasks on page 63. Deploy the TRC target and specify the Tivoli Endpoint Manager for Remote Control Server Choose this installation option for target(s) to register with the Tivoli Endpoint Manager for Remote Control server and take part in remote control sessions initiated from the server. This deployment method will require a Tivoli Endpoint Manager for Remote Control server URL to be specified. If a remote control session, initiated from the Remote Control server, is requested with this target the specified server will be contacted to authenticate the request. When the request is authenticated, the policies set for the session will be passed from the Remote Control server to the target and the session will be established. See Managing target and server configurations on page 56 for details of the target installation properties. Enter the URL of your Tivoli Endpoint Manager for Remote Control server and click OK. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the Tivoli Endpoint Manager for Remote Control target on. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Note: This installation option should only be chosen if you have the Tivoli Endpoint Manager for Remote Control server component installed and running. Removing the Linux target You can use the Uninstall Tivoli Endpoint Manager for Remote Control Target for Linux task to remove the target software from a Linux computer which has the target software already installed. To initiate this task complete the following steps: 1. Click on Deployment > Linux > in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control target for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 38 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window, on the Target tab, select the required option for determining which target(s) to remove the Tivoli Endpoint Manager for Remote Control target from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Note: It should be noted that after the removal of the target there might be some files, which were created as part of the normal execution of the target program, that are not deleted automatically. These files are located in the following directories /opt/ibm and /var/opt/ibm/trc/target. Deploying the Linux controller You can use the Deploy Tivoli Endpoint Manager for Remote Control Controller for Linux task to install the controller software onto a Linux computer. Note: If you are installing the controller on a Red Hat 6.0 64 bit machine you require the following additional libraries, along with all their dependencies, to be installed: libxft.i686 libxmu.i686 libxp.i686 libxtst.i686. To initiate this task complete the following steps: 1. Click on Deployment > Linux in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control Controller for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 39
4. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the controller on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Removing the Linux controller You can use the Uninstall Tivoli Endpoint Manager for Remote Control Controller for Linux task to remove the controller software from a Linux computer which has the controller software already installed. To initiate this task complete the following steps: 1. Click Deployment > Linux in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control Controller for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 40 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window, in the Target tab, select the required option for determining which target(s) to remove the Tivoli Endpoint Manager for Remote Control controller from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Deploying the Linux CLI tools You can use the Deploy Tivoli Endpoint Manager for Remote Control CLI Tools for Linux task to install the CLI tools onto a Linux computer. Note: 1. You do not need to deploy the CLI tools on any computers that you have deployed the target on as these computers will already have the CLI tools installed along with the target. 2. In order to deploy this task you need the URL for a Tivoli Endpoint Manager for Remote Control server that you have access to. To initiate this task complete the following steps: 1. Click on Deployment > Linux in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control CLI Tools for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 41
4. Enter the URL of the Tivoli Endpoint Manager for Remote Control server and click OK 5. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the CLI tools on. 6. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. You should now have the following two CLI utilities installed in the /opt/ibm/trc/target directory on the target(s) that were selected when you ran the deployment task. wrc You can use this tool to start a remote control session with a target. wrcmdpcr You can use this tool to run a command on a target and see the output from the command on the machine that you issued the command from. For more details on how to use the command line tools see Using remote control commands from the command line in the IBM Tivoli Remote Control User's Guide. Removing the Linux CLI tools You can use the Uninstall Tivoli Endpoint Manager for Remote Control CLI Tools for Linux task to remove the CLI tools from a Linux computer which has the CLI tools already installed. To initiate this task complete the following steps: 1. Click on Deployment > Linux in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control CLI Tools for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 42 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window, in the Target tab, select the required option for determining which target(s) to remove the CLI tools from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. The CLI tools should no longer be present on the selected target(s). Note: It should be noted that after the removal of the CLI tools there might be some files, which were created as part of the normal execution of the CLI tools program, that are not deleted automatically. These files are located in the following directories /etc, /opt/ibm, /var/opt/ibm/trc/cli and /var/opt/ibm/trc/target. Deploying the Linux gateway support You can use the Deploy Tivoli Endpoint Manager for Remote Control Gateway for Linux task to install gateway support onto a Linux computer. To initiate this task complete the following steps: 1. Click on Deployment > Linux in the navigation tree. 2. Click Deploy Tivoli Endpoint Manager for Remote Control Gateway for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 43
4. In the Take Action window on the Target tab, select the required option for determining which target(s) to deploy the gateway support on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. You should now have gateway support installed on the target(s) that were selected when you ran the deployment task. The files for this will have been installed to the /opt/ibm/trc/gateway directory on the selected target(s). To make use of the gateway support you will need to setup a gateway configuration for your environment. See Configuring the gateway support in the IBM Tivoli Remote Control Administrator's Guide for details. Removing the Linux gateway support You can use the Uninstall Tivoli Endpoint Manager for Remote Control Gateway support for Linux task to remove the gateway support files from a Linux computer which has these files already installed. To initiate this task complete the following steps: 1. Click on Deployment > Linux in the navigation tree. 2. Click Uninstall Tivoli Endpoint Manager for Remote Control Gateway for Linux. 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 44 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window, in the Target tab, select the required option for determining which target(s) to remove the gateway support from. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. The gateway support should no longer be present on the selected target(s). Note: It should be noted that after the removal of the gateway support there might be some files, which were created as part of the normal execution of the gateway support program, that are not deleted automatically. These files are located in /opt/ibm and /var/opt/ibm/trc/gateway. Updating Tivoli Endpoint Manager for Remote Control components The Update node in the Tivoli Endpoint Manager for Remote Control navigation tree provides two sub-nodes which are operating system specific. These sub-nodes provide the latest levels of the target and controller components. If you have an older version of the Tivoli Endpoint Manager for Remote Control target and controller components already installed in your environment you can use the Update node to upgrade these components to a newer version. Select the relevant operating system then under each node to view a list of tasks that you can use to upgrade the relevant Tivoli Endpoint Manager for Remote Control components. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 45
Updating Windows components The Windows sub-node provides the latest level(s) of Tivoli Endpoint Manager for Remote Control target and controller software for use in a windows environment. These components will contain the latest enhancements and fixes that have been applied to Tivoli Endpoint Manager for Remote Control. Updating the Windows target You can use the windows tasks to update the target software, on a Windows computer. These tasks will install any new enhancements and fixes that have been applied to the chosen version whilst keeping the same target configuration currently installed. For example: choosing the version 8.2.0 task will keep your current target configuration and apply any new enhancements or fixes contained in version 8.2.0, to that. To initiate this task complete the following steps: 1. Click on Updates > Windows in the navigation tree. 2. Select the required windows target update. For example: Updated Tivoli Endpoint Manager for Remote Control Target for Windows is now available! (Version 8.2.0). 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 46 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window on the Target tab, select the required option for determining which target(s) to install the target update on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. The selected target(s) will now be upgraded to the version of target software applicable to the chosen update. Updating the Windows controller You can use the windows tasks to update the controller software, on a Windows computer. These tasks will upgrade your currently installed controller to the version that the task applies to. For example: choosing the version 8.2.0 task will apply any new enhancements or fixes, contained in the version 8.2.0 controller to your current controller. To initiate this task complete the following steps: 1. Click on Updates > Windows in the navigation tree. 2. Select the required windows controller update. For example: Updated Tivoli Endpoint Manager for Remote Control Controller for Windows is now available! (Version 8.2.0). 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 47
4. In the Take Action window on the Target tab, select the required option for determining which target(s) to install the controller update on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. The selected target(s) will now be upgraded to the version of controller software applicable to the chosen update. Updating Linux components The Linux sub-node provides the latest level(s) of Tivoli Endpoint Manager for Remote Control target and controller software for use in a Linux environment. These components will contain the latest enhancements and fixes that have been applied to Tivoli Endpoint Manager for Remote Control. Updating the Linux target You can use the linux tasks to update the target software, on a Linux computer. These tasks will install any new enhancements and fixes that have been applied to the chosen version whilst keeping the same target configuration currently installed. For example: choosing the version 8.2.0 task will keep your current target configuration and apply any new enhancements or fixes, contained in version 8.2.0, to that. To initiate this task complete the following steps: 1. Click on Updates > Linux in the navigation tree. 2. Select the required linux target update. For example: Updated Tivoli Endpoint Manager for Remote Control Target for Linux is now available! (Version 8.2.0). 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. 48 Tivoli Endpoint Manager for Remote Control: User s Guide
4. In the Take Action window on the Target tab, select the required option for determining which target(s) to install the target update on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. Updating the Linux controller You can use the linux tasks to update the controller software, on a Linux computer. These tasks will upgrade your currently installed controller to the version that the task applies to. For example: choosing the version 8.2.0 task will apply any new enhancements or fixes, contained in the version 8.2.0 controller to your current controller. To initiate this task complete the following steps: 1. Click on Updates > Linux in the navigation tree. 2. Select the required linux controller update. For example: Updated Tivoli Endpoint Manager for Remote Control Controller for Linux is now available! (Version 8.2.0). 3. In the Task window, review the description and follow the instructions in the Actions box to initiate the task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 49
4. In the Take Action window on the Target tab, select the required option for determining which target(s) to install the controller update on. 5. Click OK and enter your Private Key Password. The summary screen will show the progress of the task and will show status complete when it is finished. The selected target(s) will now be upgraded to the version of controller software applicable to the chosen update. Establishing a remote control session The Tivoli Endpoint Manager for Remote Control controller and target components can be used to establish remote connections between each other to monitor or control the target system. There are two modes of establishing a remote control session: a peer to peer session made directly between the target and controller and a managed session initiated from the Tivoli Endpoint Manager for Remote Control server, as explained in Chapter 5, Definitions, on page 17. For details of how to end a remote control session see Ending a session in the Tivoli Remote Control Users's Guide. Starting a peer to peer session There are two ways to establish a peer to peer remote control session between a controller and a target. v v From the TEM console - See Starting a peer to peer session from the TEM console By using the controller component - See Starting a peer to peer session using the controller on page 52 Starting a peer to peer session from the TEM console The TEM console provides a method for establishing a peer to peer session directly from the console in the form of a menu option which appears when you right-click on the target machine that you want to start a session with. 50 Tivoli Endpoint Manager for Remote Control: User s Guide
Note: 1. If you want to be able to start a remote control session with targets from the TEM console you should deploy the controller to the same machine as the TEM console is installed on. However it should be noted that when the controller is deployed it is only the current user who is logged on to the machine that you are deploying to that will have the rights to see the menu item that allows you to start a session, it will not be visible to other users. See Frequently Asked Questions on page 87 for more information. 2. The Remote Control Installation and Security Options Analysis needs to be active for the selected computer (and reporting that the Tivoli Endpoint Manager for Remote Control target is active) to be able to see the menu item enabled. To establish a peer to peer session complete the following steps: 1. From the list of target computers right-click on the target you want to establish a remote control session with. 2. Select Tivoli Endpoint Manager for Remote Control Note: a. This action can be carried out on any section of the console in which the list of computers is displayed. b. If you have an older version of the controller installed on the target system you may see Tivoli Remote Control as the menu item instead. 3. The Open connection window is displayed with the IP address or URL of the target that you want to connect to. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 51
4. Select Use proxy if you will be using a proxy, select the required protocol and enter the relevant information. Server Type in here the hostname or IP address of the proxy server Port Type in here the port required for the proxy server Proxy requires authentication Select this option if you are required to authenticate with the proxy server. Provide the username and password that is required for authentication. 5. Select the session type required. See the IBM Tivoli Remote Control User's Guide for more information on the session types that can be established. Note: a. If a login window appears enter a valid windows id and password to continue. b. A user acceptance window may be presented to the target user in which they can accept or reject the session, depending on the policies set on the target. When the session is accepted, it will be established and the policies set locally on the target will determine what actions can be carried out during the session. See the IBM Tivoli Remote Control User's Guide for more information on peer to peer sessions and the functionality available in the controller GUI. Starting a peer to peer session using the controller You can start a peer to peer session from any computer(s) that you have deployed the controller component on. To start a peer to peer session using the controller component complete the following steps: 1. Start the controller Windows a. Click Start > All Programs 52 Tivoli Endpoint Manager for Remote Control: User s Guide
b. Click Tivoli Endpoint Manager for Remote Control > Controller Linux To start the controller locate the Tivoli Endpoint Manager for Remote Control controller application from the operating system application interface or issue the following command java jar /opt/ibm/trc/controller/trcconsole.jar 2. Follow from step 3 on page 51 to start the session. When the session is accepted, it will be established and the policies set locally on the target will determine what actions can be carried out during the session. See the IBM Tivoli Remote Control User's Guide for more information on peer to peer sessions and the functionality available in the controller GUI. Starting a server initiated remote control session To start a remote control session initiated from the Tivoli Endpoint Manager for Remote Control server GUI you require the server component to be installed and running. See Creating Tivoli Endpoint Manager for Remote Control server installation tasks on page 56 for details of creating and running server installation configurations tasks or Installing the server component. on page 9 for using the installation media to install the Tivoli Endpoint Manager for Remote Control Server. Once the server component is installed use the IBM Tivoli Remote Control User's Guide for details of how to access and logon to the server GUI. Remote control sessions initiated from the Tivoli Endpoint Manager for Remote Control server require that permissions links have been set up, between the groups that the controller user and the targets are members of, to determine what policies are effective for the session. See the IBM Tivoli Remote Control Administrators Guide for creating user and target groups, creating permissions links and how policies are resolved for a remote control session using the policy engine. When you have installed the server component and created the relevant groups and permissions links you can start a remote control session using the Tivoli Endpoint Manager for Remote Control server GUI. Starting a remote control session When you are logged on to the Tivoli Endpoint Manager for Remote Control Server you can start a remote control session with a target by completing the following steps :- Note: This section uses the All targets report as an example but any report which generates a list of targets can be used, for example using the search feature or by running a custom report. See the IBM Tivoli Remote Control User's Guide and IBM Tivoli Remote Control Administrator's Guide for more details of creating and running reports. 1. Select Targets > All Targets. 2. Select the required target. 3. Click Start session. The start session screen is displayed. This screen gives the details for the selected target including the version of target software installed and the policies and permissions that will be assigned for the session. 4. Click the session mode button corresponding to the session type that you want to start. 5. When the Open or Save window is displayed, select open. The controller will start to run and the session will either be accepted or refused. If the session is accepted, the connection to the target is established and the controller window will be displayed showing the target screen. You will also see the IP address of Chapter 8. Using Tivoli Endpoint Manager for Remote Control 53
Responding to warnings the target that you are connected to in the heading of the controller window. This is helpful for keeping track of who you are connected to if you have multiple sessions running at the one time. If the session is refused, a message will be displayed. Session refusal can occur for a number of reasons v v v The target user has clicked refuse on the acceptance window, if user acceptance was required for the session. The target user has not accepted the session within the given time, determined by the acceptance grace time policy and if the acceptance timeout policy was set to abort. See the IBM Tivoli Remote Control Server Administrator's Guide for details of policies. The target is already in a remote control session, in which case a message will be displayed showing who is connected to the target. Note: If the Session mode buttons are not displayed on the Start Session screen and an error message is displayed, the following conditions may be the reason for this The user or target are not a member of any groups. No permissions links were defined for any of the groups that the user and target belong to. The target is offline. None of the session mode policies have been set to Yes. See the IBM Tivoli Remote Control Server Administrator's Guide for details of groups, policies and permissions. See Starting a remote control session in the IBM Tivoli Remote Control User's Guide for more details of starting a remote control session. During the discovery process if there are any issues found which interfere with the normal operation of the Tivoli Endpoint Manager for Remote Control components, a Warnings node will be displayed in the Tivoli Endpoint Manager for Remote Control navigation tree. Note: If there are no issues found during the discovery process this node will not appear in the navigation panel. 54 Tivoli Endpoint Manager for Remote Control: User s Guide
This node will display relevant fixlets that you can use to take action and resolve the issues on any applicable computers. When the Tivoli Endpoint Manager for Remote Control target software is installed a default firewall rule is created to open the inbound Tivoli Endpoint Manager for Remote Control port. If the target operating system is blocking this port you will see a set of fixlets that you can use to add a rule to enable inbound TCP connections for Tivoli Endpoint Manager for Remote Control. Note: The SUSE firewall fixlet is not relevant when the firewall is started manually it is only relevant when the firewall is in automatic mode. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 55
Managing target and server configurations Tivoli Endpoint Manager for Remote Control provides two wizards that you can use to create tasks to install Tivoli Endpoint Manager for Remote Control server or target configurations. These tasks can be performed on all, or specific, servers or targets. Creating Tivoli Endpoint Manager for Remote Control server installation tasks With the Tivoli Endpoint Manager for Remote Control Server Installer Wizard you can create a Tivoli Endpoint Manager for Remote Control Server installation task that can be used on Windows and Linux (Redhat and SUSE) to install a fully functional self contained Tivoli Endpoint Manager for Remote Control Server with either of the following component setup. 56 Tivoli Endpoint Manager for Remote Control: User s Guide
v v Tivoli Endpoint Manager for Remote Control Server with embedded Websphere Application server 7.0 and a Derby database. Tivoli Endpoint Manager for Remote Control Server with embedded Websphere Application server 7.0 and IBM DB2 8.2 or 9.1 /.5 /.7, IBM DB2 8.2 FP3, Oracle 9i / 10g / 11g or MSSQL 2005 / 2008. Note: 1. If you choose the DB2, MSSQL or Oracle database options you should have already installed the database and created a database instance before running the server installation task. 2. If you are using DB2 9.7 GA version you should upgrade to DB2 9.7 fixpack 1 due to a DB2 issue where NULL values are returned in generated key values. 3. The server tasks will deploy the Tivoli Endpoint Manager for Remote Control Server with embedded WAS, it is also possible to use the Tivoli Endpoint Manager for Remote Control Server installer to point to Websphere Application Server 7.0 server and a database other than Derby. See Chapter 3, Server environment guidelines, on page 5 for more details of when this environment can be used. To access the Tivoli Endpoint Manager for Remote Control Server Installer Wizard complete the following steps: 1. In the Tivoli Endpoint Manager for Remote Control navigation tree select Manage Configurations > Tivoli Endpoint Manager for Remote Control Server Installer Wizard. 2. Set your configuration values. Load Settings from Existing Task The wizard initially displays server configuration default values which you can change to your own requirements. If you have already created Chapter 8. Using Tivoli Endpoint Manager for Remote Control 57
and saved server configurations you can chose to display the saved values by clicking Load Settings from Existing Task. a. Click Load Settings from Existing Task. b. On the Wizard Fixlets screen select the required task. c. Click Load Wizard with Fixlet. The configuration values will be loaded into the wizard. Reset to default values You can use this feature to clear any selections made and return the values in the wizard to the default configuration values. Create a configuration task Select the database and set your required values v Derby installation - See Creating a default server configuration v DB2 - See Creating a DB2 server configuration on page 60 v MSSQL - See Creating an MSSQL server configuration on page 61 v Oracle - See Creating an Oracle server configuration on page 62 3. Once you have set your required values, you can save the installation task. See step 5 on page 59 Creating a default server configuration A default server configuration will install and use the embedded Derby database which is included as part of the Tivoli Endpoint Manager for Remote Control Server installation. The database will be installed locally. To create a default installation task complete the following steps:- 1. Select the required operating system. 2. Enter the installation directory for the Tivoli Endpoint Manager for Remote Control server to be installed to or accept the default that is given. Note: There is a limitation that Websphere Application Server cannot be installed in a directory whose name contains Non English characters. This installation will install an embedded version of Websphere Application Server therefore you should not choose a destination for the installation files which contains Non English characters. 3. Select Derby and enter the relevant database parameters. 58 Tivoli Endpoint Manager for Remote Control: User s Guide
Name of the Database to use Specify the name for the database that will be used with Tivoli Endpoint Manager for Remote Control server or accept the default that is given. 4. Enter the required server installation parameters HTTPS as Default for Target URL Select whether the server will tell the target software to communicate via http or https. If selected, https will be used. Note: If using https you must use a fully qualified domain name in the Address of the Websphere server field. Address of the Websphere server The fully qualified name for the Tivoli Endpoint Manager for Remote Control server. For example trcserver.example.com Note: You must make sure that you enter the fully qualified name here as this is used for creating the URL in the trc.properties file that will be passed to the target when it contacts the server for the first time. If the fully qualified name is incorrect it may result in the target not being able to contact the server successfully when it is next due to contact it. You can use the nslookup command to see if your server name resolves correctly to an IP address. Web path of URL Specify the web path for the server URL (http://webserver/webpath). For example trc HTTP port Specify a port for the server. Default is 80. HTTPS port Specify a port if using SSL. Default is 443. Administrator email Specify an administrator email address. For example admin@company.com Note: In order to use the email functionality within the Tivoli Endpoint Manager for Remote Control server you must have a mail server installed. See Setting up email in the IBM Tivoli Remote Control Administrator's Guide FIPS Select this to enable FIPS compliancy on the server. See Enabling FIPS compliancy on an automated install with ewas in the IBM Tivoli Remote Control Installation Guide for more details. Adjust some advanced web parameters Select this option to set additional port values. 5. Save this configuration by completing the following steps :- a. Click Create Server Installation Task b. Fill in the required information for your task and click OK. c. Enter your private key password and click OK. Your task will now be displayed in the list panel of the Remote Control Server Installer Tasks sub- node. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 59
Creating a DB2 server configuration You can create a server installation configuration which will use a DB2 database. This database must be installed, either locally or remotely and a database instance created prior to installing the Tivoli Endpoint Manager for Remote Control server. To create a DB2 server configuration task complete the following steps:- 1. Select the required operating system. 2. Enter the installation directory for the Tivoli Endpoint Manager for Remote Control server to be installed to or accept the default that is given. 3. Select the relevant DB2 version and enter the relevant database parameters. Database server address The IP address or hostname of your database server. Note: 127.0.0.1 can be used when DB2 is installed locally. If you have installed DB2 on a remote system, type in the IP address of the remote system. Port on which to connect to the database Port on which DB2 is installed Note: a. DB2 Windows default port is 50000, Linux is 50001 b. A remote DB2 installation is limited to type 4 connections. A local installation can use type 2 or 4. For type 2 connections set the port value to 0. Name of the Database to use Specify the name for the database that will be used with the Tivoli Endpoint Manager for Remote Control server or accept the default that is given. Database Administrator Userid Specify the Administrator userid used for logging on to the database. The userid needs to have admin access to the database. Database Administrator Password Specify the Administrator password for connecting to the database. Path to the JDBC drivers Specify the path to the DB2 jar files, db2jcc.jar and db2jcc_license.jar 60 Tivoli Endpoint Manager for Remote Control: User s Guide
Path to db2profile script Specify the path to the db2profile for the DB2 instance. For example : /home/db2inst1/sqllib/db2profile Note: This field is only available when installing on Linux and if you are selecting to create the database. Path to the DB2 libraries Specify the path to the DB2 libraries. For example : /home/db2inst1/sqllib/lib32 Note: This field is only available when installing on Linux and if you are selecting to create the database. If Local, create the database If DB2 is installed locally (127.0.0.1) you can select to have the server installation create a blank database; you can also select to drop an existing local database and create a new database. Note: Do not select create database if you are using a remote database If Local, drop an existing database If DB2 is installed locally (127.0.0.1) you can select to drop the database and create a new one. Note: Do not select drop the database if you are using a remote database New database location ( Drive name) / (Path name) Specify the path where the database can be installed. If the install is local and you selected to create the database the Admin user specified above must have appropriate authority to do so. When using DB2 in windows the user should be db2admin, and in Linux they should be a member of db2grp1. Note: Linux This should be a directory which the admin User ID has read/write permissions for. Windows This should be a drive letter. 4. Enter the required server installation parameters as in step 4 on page 59 5. Save your server installation task by following the steps in step 5 on page 59 Creating an MSSQL server configuration You can create a server installation configuration which will use an MSSQL database. This database must be installed, either locally or remotely and a database instance created prior to installing the Tivoli Endpoint Manager for Remote Control server. To create an MSSQL server configuration task complete the following steps:- 1. Select the required operating system. 2. Enter the installation directory for the Tivoli Endpoint Manager for Remote Control server to be installed to or accept the default that is given. 3. Select the relevant MSSQL version and enter the relevant database parameters. Database server address The IP address or hostname of your database server. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 61
Note: 127.0.0.1 can be used when MSSQL is installed locally on Windows only. Port on which to connect to the database Port on which MSSQL is installed. Name of the Database to use Specify the name for the database that will be used with the Tivoli Endpoint Manager for Remote Control server or accept the default that is given. Database Administrator Userid Specify the Administrator userid used for logging on to the database. The userid needs to have admin access to the database. Database Administrator Password Specify the Administrator password for connecting to the database. Path to the JDBC drivers Specify the path to the MS JDBC java files. For example c:\mssql\jdbc2005\sqljdbc.jar If Local, create the database If MSSQL is installed locally (127.0.0.1) you can select to have the server installation to create a blank database, you can also select to drop an existing local database and create a new database. Note: Do not select create database if you are using a remote database If Local, drop an existing database If MSSQL is installed locally (127.0.0.1) you can select to drop the database and create a new one. Note: Do not select drop the database if you are using a remote database New database location (existing directory required) Specify the path where the database can be installed. If the install is local and you selected to create the database the Admin used specified above must have appropriate authority to do so. Note: Linux This should be a directory which the admin User ID has read/write permissions for. Windows This should be an existing directory. 4. Enter the required server installation parameters as in step 4 on page 59 5. Save your server installation task by following the steps in step 5 on page 59 Creating an Oracle server configuration You can create a server installation configuration which will use an Oracle database. This database must be installed, either locally or remotely and a database instance created prior to installing the Tivoli Endpoint Manager for Remote Control server. To create an Oracle server configuration task complete the following steps:- 1. Select the required operating system. 2. Enter the installation directory for the Tivoli Endpoint Manager for Remote Control server to be installed to or accept the default that is given. 62 Tivoli Endpoint Manager for Remote Control: User s Guide
3. Select the relevant Oracle version and enter the relevant database parameters. Database server address The IP address or hostname of your database server. Note: 127.0.0.1 can be used when Oracle is installed locally. If you have installed Oracle on a remote system, type in the IP address of the remote system. Port on which to connect to the database Port on which Oracle is installed. Name of the Database to use Specify a name for the database. This is the SID name on the server ( not in tnsnames.ora). For example TRCDB. Database Administrator Userid Specify the Administrator userid used for logging on to the database. The userid needs to have admin access to the database. Note: For an Oracle installation a user called asset needs to exist. Database Administrator Password Specify the Administrator password for connecting to the database. Path to the JDBC drivers Specify the path to the oracle java JDBC library. This can be obtained from the Oracle server installation or downloaded from the Oracle website. For example c:\oracle\ora92\jdbc\lib\ojdbc14.jar 4. Enter the required server installation parameters as in step 4 on page 59 5. Save your server installation task by following the steps in step 5 on page 59 Creating Tivoli Endpoint Manager for Remote Control target configuration tasks Using the Tivoli Endpoint Manager for Remote Control Target Wizard you can create a set of target configuration parameters which can then be run as tasks against all or selected targets which have the Tivoli Endpoint Manager for Remote Control target software already installed. These configurations will determine what types of session the target(s) can take part in (that is, peer to peer or initiated from the server) and also what actions can be carried out by the controller user during a remote control session. For more details about these options see the IBM Tivoli Remote Control Installation Guide. To create a configuration task complete the following steps: Note: It should be noted that the configuration values set here will only be in effect when a peer to peer session is requested with a target. If a remote control session is initiated from the Tivoli Endpoint Manager for Remote Control server, the session policies will be passed to the target from the server. 1. Select the required operating system. 2. Set your configuration values. Load settings from an existing task You can use this feature to load configuration settings which you have previously created and saved. a. Click Load settings from an existing task. b. On the Wizard Fixlets screen select the required task. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 63
Table 8. Installation option descriptions c. Click Load Wizard with Fixlet. The configuration values will be loaded into the wizard. Reset to default values You can use this feature to clear any selections made and return the values in the wizard to the default configuration values. Selecting configuration values The wizard is loaded with default configuration values which you can change to your own requirements by selecting or deselecting the relevant options. Installation Options Installation option Target property Default Value Description Server URL ServerURL blank If you have a Tivoli Endpoint Manager for Remote Control server running and you want the target to register with the Tivoli Endpoint Manager for Remote Control server and take part in remote control sessions initiated from the server, provide the Tivoli Endpoint Manager for Remote Control server url. Note: If you provide a server url and want the target(s) that this task is performed on to only take part in remote control sessions initiated from the server, select never for Allow peer to peer mode. Proxy URL ProxyURL blank Hostname or IP address for a proxy server, if required. Register target in group GroupLabel blank Enter a target group name that you want the target to be made a member of. This target group must already exist in the Tivoli Endpoint Manager for Remote Control database. Remote Control port PortToListen 888 Specify the TCP port that you want the target to listen on. 64 Tivoli Endpoint Manager for Remote Control: User s Guide
Table 8. Installation option descriptions (continued) Installation option Allow peer to peer mode Target property Default Value Description AllowP2P Never Used to enable peer to peer mode. Never A peer to peer session cannot be established between a controller and this target. If a serverurl has been provided the target(s) can only take part in remote control sessions initiated from the server. Only if server is unreachable A peer to peer session can only be established between a controller user and this target when the Tivoli Endpoint Manager for Remote Control server is down or unreachable. Always A peer to peer session can be established between a controller user and this target. Note: If this option is selected and a server url has also been provided the target(s) can take part in both peer to peer sessions and those initiated from the server. FIPS compliance FIPSCompliance not selected Select this option to enable the use of a FIPS certified cryptographic provider for all cryptographic functions. See the IBM Tivoli Remote Control Installation Guide for more information on enabling FIPS compliancy. Note: If you enable FIPS compliance on the target you will also have to enable FIPS compliance on the controller components that you have installed. Only the IBM Java Run-time Environment (JRE) is supported in FIPS compliant mode and this is installed when you install the controller software. To enable FIPS compliance on the controller complete the following steps: 1. Edit the trc_controller.properties file on the system that the controller is installed on. Windows [controller install dir]\trc_controller.properties where [controller install dir] is the installation directory chosen when installing the controller. Linux opt/ibm/trc/controller/trc_controller.properties 2. Set the fips.compliance property to true and save the file. Accessibility Accessibility not selected Select this option to enable the accessibility GUI. Available when Windows is selected as the operating system. Session Options Chapter 8. Using Tivoli Endpoint Manager for Remote Control 65
Table 9. Session option descriptions User options Target property Default Value Description Allow monitor mode AllowMonitor selected Determines whether the target can take part in monitor peer to peer sessions. See the IBM Tivoli Remote Control Users's Guide for details of the different types of remote control session that can be established. selected The target can take part in monitor peer to peer sessions and the Monitor option will be available for selection in the session type pulldown in the controller window. The Open connection window will also display a Monitor option. Allow guidance mode not selected The target cannot take part in monitor peer to peer sessions and the Monitor option will not be available for selection in the session type pulldown in the controller window. AllowGuidance selected Determines whether the target can take part in guidance peer to peer sessions. See the IBM Tivoli Remote Control Users's Guide for details of the different types of remote control session that can be established. selected The target can take part in guidance peer to peer sessions and the Guidance option will be available for selection in the session type pulldown in the controller window. The Open connection window will also display a Guidance option. not selected The target cannot take part in guidance peer to peer sessions and the Guidance option will not be available for selection in the session type pulldown in the controller window. Allow active mode AllowActive selected Determines whether the target can take part in active peer to peer sessions. See the IBM Tivoli Remote Control Users's Guide for details of the different types of remote control session that can be established. selected The target can take part in active peer to peer sessions and the Active option will be available for selection in the session type pulldown in the controller window. The Open connection window will also display an Active option. not selected The target cannot take part in active peer to peer sessions and the Active option will not be available for selection in the session type pulldown in the controller window. Disable chat DisableChat not selected Determines the ability to start a chat session with the target and also chat to the controller user during a peer to peer session. selected If ChatOnly is chosen as the connection type on the open connection screen the session will be refused. During the session the chat icon is not available for selection in the controller window. Disable file transfer to Controller not selected A Chat Only session can be initiated from the open connection window. During the session the chat icon is available for selection in the controller window. DisableFilePull not selected Determines the ability to transfer files from the target to the controller during the session. selected Files can be transferred from the target to the controller. not selected Files cannot be transferred from the target to the controller. 66 Tivoli Endpoint Manager for Remote Control: User s Guide
Table 9. Session option descriptions (continued) User options Disable file transfer to target Target property Default Value Description DisableFilePush not selected Determines the ability to transfer files from the controller to the target during the session. selected Files can be transferred from the controller to the target. Disable clipboard transfer Allow local recording not selected Files cannot be transferred from the controller to the target. DisableClipboard not selected Determines the availability of the clipboard transfer menu which gives you the ability to transfer the clipboard content between the controller and target during a remote control session. selected The clipboard transfer menu is available during the session to you to transfer the clipboard content to and from the target. not selected The clipboard transfer menu is not available during the session. AllowRecording selected The controller user can make and save a local recording of the session in the controlling system. Determines the availability of the record button on the controller window. See Recording a session locally the IBM Tivoli Remote Control User's Guide for details of recording sessions. selected The record button is available for selection in the controller window. not selected The record button is greyed out in the controller window. Allow collaboration AllowCollaboration selected Use this property to allow more than one controller to join a session. Determines the availability of the collaboration icon on the controller window. See the Tivoli Endpoint Manager for Remote Control Release Notes for details of collaboration sessions. selected The collaboration icon is available for selection in the controller window. not selected The collaboration icon is greyed out in the controller window. Allow handover AllowHandover selected The master controller, in a collaboration session, can hand over control of the session to a new controller. Determines the availability of the Handover button on the collaboration control panel. See the Tivoli Endpoint Manager for Remote Control Release Notes for details of collaboration sessions. selected The handover button appears in the collaboration control panel not selected The handover button does not appear in the collaboration control panel Connect at logon AutoWinLogon selected Determines the appearance of the user acceptance window on a target where the target user is not logged on. selected The acceptance window will not appear on the target and the session will be established. not selected The session will be refused as there is no user logged on at the target to accept the session. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 67
Table 9. Session option descriptions (continued) User options Run pre-session script Target property Default Value Description RunPreScript not selected Determines whether a user defined script, to perform operations on the target, should be run before the remote control session starts, that is, just after the session is allowed but before the controller user has access to the target. The outcome of running the script and the continuation of the session is determined by the value set for Proceed on pre/post-script failure. selected When a remote control session is requested the defined script will be run before the controller user has access to the target. Run post-session script Proceed on pre/post-script failure Reset console after RDP console session not selected No script will be run before the session See Creating target groups in the IBM Tivoli Remote Control Administrator's Guide for details of setting up pre and post session scripts. RunPostScript not selected Determines whether a user defined script should be run after the remote control session finishes. selected When a remote control session is ended the user defined script will be run. not selected No script will be run after the session. See Creating target groups in the IBM Tivoli Remote Control Administrator's Guide for details of setting up pre and post session scripts. ProceedOnScriptFail not selected Action to take if the pre or post script execution fails. A positive value or 0 will be considered a successful run of the pre or post session script. A negative value, script not found or not finished running within 3 minutes will be considered a failure. selected If the pre or post script run is a fail, the session will continue. not selected If the pre or post script run is a fail, the session will not continue and will be aborted. WorkaroundW2K3RDP Not selected Automatically reset the console after a Remote Desktop console session. When a Remote Desktop user uses the /admin or /console option to start a Remote Desktop session with a Windows Server 2003 system and a user starts a remote control session with this target before, during or after the Remote Desktop session, remote control is unable to capture the display resulting in a grey screen being shown in the controller. As this is a limitation in Windows Server 2003, this property introduces a workaround that will reset the Windows session either after each Remote Desktop session terminates, or before a remote control session starts, depending on the value selected. 0 The workaround is disabled. This is the default value. 1 Reset the session automatically when a remote control session is started. Note: The Windows sessions takes a couple of minutes to initialize and the controller will see a blank desktop until the initialisation is complete. A message will inform the controller user that the session is being reset and it may take a few minutes. 2 Reset the session automatically when the Remote Desktop user logs out. See the Tivoli Endpoint Manager for Remote Control Release Notes for more details of this feature. 68 Tivoli Endpoint Manager for Remote Control: User s Guide
User Acceptance Options Table 10. User acceptance option descriptions User options Target property Default Value Description Confirm incoming connections ConfirmTakeOver selected Determines the appearance of the user acceptance window when a remote control session is requested. selected The user acceptance window will appear to the target user who can accept or refuse the session. not selected The user acceptance window does not appear and the session is established. Confirm mode changes ConfirmModeChange selected Determines the appearance of the user acceptance window when the controller user selects a different session mode from the session mode list on the controller window. selected The user acceptance window is displayed each time a session mode change is requested and the target user must accept or refuse the request. not selected The user acceptance window is not displayed and the session mode is changed automatically. Confirm file transfers ConfirmFileTransfer selected Determines the appearance of the user acceptance window when the controller user wants to transfer files between the target and the controller. selected The acceptance window is displayed in the following two cases forcing the target user to accept or refuse the file transfer. v If the controller user selects pull file from the file transfer menu on the controller window Note: The target user must select the file, that is to be transferred, after they have accepted the request. v If the controller user selects send file to controller from the Actions menu in the target window Confirm system information Not selected The acceptance window is not displayed and files are transferred automatically from the target to the controller system when requested. ConfirmSysInfo selected Determines the appearance of the user acceptance window when the controller user requests to view the target system information selected When the controller user clicks on the system information icon in the controller window, the user acceptance window is displayed. The target user must now accept or refuse the request to view the target system information. If the target user clicks accept, the target system information is displayed in a separate window on the controller system. If they click refuse, a message is displayed on the controller and the system information is not displayed. not selected The target system information is displayed automatically when the controller user clicks on the system information icon. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 69
Table 10. User acceptance option descriptions (continued) User options Target property Default Value Description Confirm recording ConfirmRecording selected Determines the appearance of the user acceptance window when the controller user clicks the record icon on the controller window. selected When the controller user clicks the record icon on the controller window a message window is displayed. If the target user clicks Accept, the controller user is able to select where to save the recording to locally. If the controller user clicks Refuse, a message is displayed to the controller user saying that permission to record has been refused. Note: It should be noted that once the target user has accepted the request for recording, the acceptance window will not be re displayed if the controller user stops and then proceeds to restart local recording in the same session. Please also note that the message will be displayed in English and will not be translated. not selected When the controller user clicks the record icon on the controller window no message window is displayed and the controller user can then select where to save the recording to locally. Confirm collaboration ConfirmCollaboration selected Determines the appearance of the user acceptance window when an additional controller user requests to join a collaboration session with a target. selected When the controller user tries to join the collaboration session, that the target is currently part of, the user acceptance window is displayed. The target user must accept or refuse the request to allow the additional controller to join the session. If the target user clicks accept, the additional controller joins the collaboration session. If they click refuse, a message is displayed on the controller and the additional controller is not able to join the collaboration session. not selected The additional controller automatically joins the collaboration session when they try to connect to the master controller of the session. Acceptance grace time AcceptanceGraceTime 45 Sets the number of seconds to wait for the target user to respond before a session starts or times out, used in conjunction with Confirm incoming connections. v Acceptable values 0 to 60 - If set to 0 the activity starts without displaying the message box for user acceptance on the target. Proceed on acceptance timeout Note: If Confirm incoming connections is selected, meaning that the target user will be prompted to accept or refuse the session, Acceptance grace time MUST be set to a value >0 to provide the target user with enough time to respond. AcceptanceProceed not selected Action to take if the user acceptance window timeout lapses that is, the target user has not clicked accept or refuse within the number of seconds defined for Acceptance grace time. selected Session is established. not selected Session is not established. Hide windows HideWindows not selected Determines the appearance of the Hide windows checkbox on the user acceptance window when Confirm incoming connections is also selected. selected The Hide windows checkbox appears on the user acceptance window. not selected The Hide windows checkbox does not appear on the user acceptance window. Security options 70 Tivoli Endpoint Manager for Remote Control: User s Guide
Table 11. security option descriptions Security options Authenticate using system logon Target property Default Value Description CheckUserLogin selected Determines the appearance of a login window when the session type button is clicked on the Open Connection window Yes The login window will appear to the controller user who must login using a valid windows id and password. If the logon credentials are invalid the target will refuse the session. No The user acceptance window does not appear and the peer to peer session is established. Authorized user group CheckUserGroup see description Default value is Windows BUILTIN\Administrators Linux wheel When Authorized user group has a value set, the username used for authentication must be a member of one of the groups listed, otherwise, the session will be refused. Multiple groups should be separated with a semicolon. For example: wheel;trcusers Note: By default, on Windows, only the Administrator user is granted access. On Linux, by default no users are granted access. To resolve this you can complete one of the following steps 1. If the user(s) you want to grant access to should also be granted administrator rights, add them as members of the Administrators group on Windows or the wheel group on Linux. 2. If the user(s) you want to grant access to should not have administrator rights you can complete the following steps a. Create a new group or use an existing group. For example the following command could be executed as root: groupadd trcusers. b. Add the user(s) to this group. For example, the following command could be executed as root to add bsmith to trcusers: usermod -a -G trcusers <bsmith> c. Add the group to the list in the Authorized user group field. Audit to system log AuditToSystem selected Determines the ability to log the actions that are carried out during remote control sessions to the application event log on the target, which can then be used for audit purposes selected Entries will appear in the application event log of the target corresponding to the each action carried out during the session. not selected No entries will be logged to the application event log. Save chat messages AutoSaveChat not selected Determines the ability to save the chat dialogue entered during a chat session. selected The chat dialogue is saved as an html file with name starting 'chat', in the working directory of the target whose location is defined by the target property WorkingDir. For example in Windows a file named chat-m15.html saved to the following location c:\documents and Settings\All Users\Application Data\IBM\Tivoli\Remote Control not selected The chat dialogue will not be saved to a file. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 71
Table 11. security option descriptions (continued) Security options Lock target on disconnect Target property Default Value Description SessionDisconnect not selected Determines whether the target machine will be automatically locked once the remote control session with it ends. selected The target machine will be automatically locked at the termination of a remote control session with it. not selected The target machine will not be automatically locked at the termination of a remote control session with it. Allow privacy AllowPrivacy selected Determines whether a controller user can lock the local input and display of the target when in a remote control session. Determines the visibility of the Enable Privacy option on the controller window. selected The Enable Privacy option is available in the Perform Action in target menu in the controller window. not selected The Enable Privacy option is not available in the Perform Action in target menu in the controller window. Allow input lock AllowInputLock selected This property works in conjunction with Allow privacy and on its own. You can use Allow input lock to lock the target user's mouse and keyboard during a remote control session. selected The lock target input menu item will be enabled, in the Perform action in target menu in the controller window. You can select lock target input to lock the target user's mouse and keyboard during a remote control session. The target screen will still be visible to the target user. not selected The lock target input menu item will not be enabled in the Perform action in target menu in the controller window. Note: It should be noted that if, during a session, the option to Enable Privacy is selected, the remote user input is automatically locked. It is not possible to enable privacy without also locking the input. Enable privacy EnablePrivacy not selected Determines whether the local input and display will be locked for all sessions and therefore the target user will not be able to input or do anything on the target while in a remote control session. selected The target screen will be blanked out by the privacy bitmap when the session is established, preventing the target user from interacting with the screen while in the session. The target desktop will still be visible to the controller user in the controller window. not selected The target screen will not be blanked out when the session is established and the target user is able to interact with the screen. 72 Tivoli Endpoint Manager for Remote Control: User s Guide
Table 11. security option descriptions (continued) Security options Target property Default Value Description Enable input lock EnableInputLock not selected This property works in conjunction with Enable privacy. With Enable input lock you can determine whether the target user can view their screen or not during a remote control session when privacy mode is enabled. selected The target screen will be visible to the target user during the session, while in privacy mode but their mouse and keyboard control will be locked. not selected The target screen will not be visible to the target user and the privacy bitmap will be displayed on the target during the session. The target user's mouse and keyboard input will also be disabled. Note: Enable privacy should be selected for Enable input lock to take effect. DisablePanicKey DisablePanicKey not selected Determines whether the Pause / Break key can be used by the target user to automatically end the remote control session. selected The target user will not be able to use the Pause / Break key to automatically end the remote control session. Enable on-screen session notification not selected The target user will be able to use the Pause / Break key to automatically end the remote control session. EnableOSSN not selected Determines whether a semi transparent overlay is placed onto the target machine indicating that a remote control session is in progress. You can use this property when privacy is a concern, so that the user is clearly notified when somebody can remotely view or control his machine. selected The semi transparent overlay will appear on the target screen displaying the text Tivoli Endpoint Manager for Remote Control and what type of remote control session is in progress. For example : Tivoli Endpoint Manager for Remote Control - Active Mode. The overlay does not intercept keyboard or mouse actions, therefore the user is still able to interact with their screen. not selected There will be no overlay displayed on the target machine. Note: This policy is only supported on targets that have a Windows operating system installed. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 73
Table 11. security option descriptions (continued) Security options Target property Default Value Description Disable GUI DisableGUI not selected Determines the appearance of the target GUI when the remote control session is starting and also during the session. Note: This option only works when the target(s) that it will be applied to has been installed in peer to peer mode and have the target property, Managed set to No. This option will be ignored when applied to any target(s) that were installed using the Tivoli Endpoint Manager for Remote Control server mode when a server URL was supplied. selected The GUI will not appear on the target and the session will be established without the target user being aware of the action. The In the Tivoli Endpoint Manager for Remote Control navigation tree select Manage Configurations > Tivoli Endpoint Manager for Remote Control Target Wizard. Tivoli Endpoint Manager for Remote Control target icon will not be visible in the Windows system tray. not selected The GUI will appear on the target as the session is starting and will be available to the target user during the remote control session. Table 12. performance option descriptions Performance options Security options Target property Default Value Description Inactivity timeout IdleTimeout 360 Specify the number of seconds to wait before stopping the connection automatically if there is no remote control session activity. Setting this value to 0 effectively disables the timer and the session will not timeout. The minimum timeout value is 60 seconds so a value >0 and <60 will timeout about 60 seconds and values >60 will timeout when value is reached. The default value is 360. Note: This value should be set to 0 for sessions which don't involve sending or receiving information from the controller to the target. For example in Monitor sessions. 74 Tivoli Endpoint Manager for Remote Control: User s Guide
Table 12. performance option descriptions (continued) Security options Target property Default Value Description Enable true color EnableTrueColor not selected Determines the availability of the Enable/Disable true color icon in the controller window. Used in conjunction with Lock color depth. selected The Enable/Disable true color icon is available for selection on the controller window. Use the icon to true colors on the controller windows view of the target desktop if the Lock color depth property is not selected. not selected The Enable/Disable true color icon is not available for selection on the controller window. Lock color depth LockColorDepth not selected Used in conjunction with true color to determine the colour depth when a remote control session is established. selected Whatever colour depth is chosen for the remote control session cannot be changed during the session. not selected The colour depth that was chosen for the remote control session can be changed during the session if the true color property has also been selected. Remove desktop RemoveBackground not selected If the target has a desktop background image set, this property can be used to remove the background from view during a remote control session. selected The desktop background image on the target will not be visible during a remote control session. not selected The desktop background image on the target will be visible during a remote control session. Stop screen saver updates NoScreenSaver not selected Stops the target from sending screen updates when it detects that the screen saver is active. selected While the screen saver is active on the target system, the target will stop transmitting screen updates and the controller will display a simulated screen saver, so that the controller user is aware that a screen saver is active on the remote display. The controller user can dismiss the screen saver by pressing a key or moving the mouse. not selected There will be no simulated screen saver displayed in the session window. The target screen will be displayed as normal and the target will continue to transmit screen updates. 3. Click Create Configuration Task. Fill in the required information for your task and click OK 4. Enter your private key password and click OK. Your task will now be displayed in the list panel of the Remote Control Settings Tasks sub- node. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 75
Running Tivoli Endpoint Manager for Remote Control tasks When you have used the server and target configuration wizards to create configuration tasks you can run these tasks to install the Tivoli Endpoint Manager for Remote Control server software on selected targets or change the configuration of already installed targets. Running server installer tasks You can use the Remote Control Server Installer Tasks sub-node to execute the tasks that you created using the Tivoli Endpoint Manager for Remote Control Server Installer Wizard. Select the required task then in the Task window, review the description and follow the instructions in the Actions box to initiate the task. These tasks will install the Tivoli Endpoint Manager for Remote Control server software on to your selected computer(s). Note: The server component that is installed from running these tasks is installed with embedded Websphere Application Server and either an embedded Derby database or an already installed DB2, MSSQL or Oracle database. See Table 1 on page 5 for details of other server installation types that are available. Running target configuration tasks You can use the Remote Control Settings Tasks sub-node to execute the configuration tasks that you created using the Tivoli Endpoint Manager for Remote Control Target Wizard. Select the required task then in the Task window, review 76 Tivoli Endpoint Manager for Remote Control: User s Guide
the description and follow the instructions in the Actions box to initiate the task. Analyses The Analyses sub-node provides a set of analyses which gather installation, user and audit information. This data will provide you with a history of remote control connection events which have taken place on the computers in your environment that have the controller or target components installed. These analyses are activated globally therefore any computer(s) in your environment, for whom the analysis is relevant, will report their values. Retrieving target installation and security data The Remote Control Installation and Security Options analysis is used for gathering information about the installation and security property values from targets in your environment that have the Tivoli Endpoint Manager for Remote Control target software running. You can use the values returned for these properties to determine various things about the targets, for example if they are allowed to take part in peer to peer sessions and if they can take part in remote control sessions initiated from a Tivoli Endpoint Manager for Remote Control server. See step 2 on page 63 property value definitions. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 77
If the analysis is active, the Results tab will list the computers that this analysis was relevant for and the values of the installation and security options will be displayed. You can expand the Applicable Computers entry and filter the data further by Retrieved Properties. This can be useful in many ways, for example, for determining which targets can take part in peer to peer remote control sessions or viewing the version of target software installed on the various Tivoli Endpoint Manager for Remote Control targets. For example, to determine which targets are running a specific version of Tivoli Endpoint Manager for Remote Control target, expand Applicable Computers > By Retrieved Properties > By Remote Control Target Version and select a specific 78 Tivoli Endpoint Manager for Remote Control: User s Guide
version from the list. The list of targets having the selected version of software installed is now listed on the right. Retrieving audit events data The Remote Control Controller Logs analysis is used for gathering the audit events from any computers in your environment that have the Tivoli Endpoint Manager for Remote Control controller component installed. The information is retrieved and updated once every 6 hours. This information can be used for auditing purposes and also for monitoring session activity carried out by the controller user. If the analysis is active, the Results tab will list the computers that this analysis was relevant for. If you double click on a computer you will see summary data for the selected computer which includes a section for the controller log entries retrieved by the Remote Control Controller Logs analysis. You can also expand the Applicable Computers entry and filter the data further by specific retrieved properties. Note: If the controller component is actively in a remote control session while the analysis tries to gather data from it, an error stating that the file is in use may be Chapter 8. Using Tivoli Endpoint Manager for Remote Control 79
reported in the analysis results. Retrieving user, session and performance data The Remote Control User, Session and Performance Options analysis is used for gathering user interaction, session behaviour and performance property values from targets in your environment that have the Tivoli Endpoint Manager for Remote Control target software running. These properties can be used to determine what actions the controller user can carry out during a remote control session with this target. See step 2 on page 63 for property value definitions. 80 Tivoli Endpoint Manager for Remote Control: User s Guide
If the analysis is active, the Results tab will list the computers that this analysis was relevant for and the values of the user interaction properties will be displayed. You can expand the Applicable Computers entry and filter the data further by specific retrieved properties. Retrieving session connection data The Remote Control Target Log (Start/Stop) analysis is used for gathering the audit events from any computers in your environment that have the Tivoli Endpoint Manager for Remote Control target component installed. The information is retrieved and updated once every 6 hours. The information returned by this analysis is useful for viewing remote control session usage activity on specific targets as it is only the session connection, start and stop events that are returned for each session. If you require information about the remote control session activity, use the Remote Control Target Log analysis. Note: This analysis is only valid for windows targets. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 81
If the analysis is active, the Results tab will list the computers that this analysis was relevant for. If you double click on a computer you will see summary data for the selected computer which includes a section for the target log start/stop entries retrieved by the TRC Target Logs analysis. You can also expand the Applicable Computers entry and filter the data further by specific retrieved properties. Retrieving session activity data The TRC Target Logs analysis is used for gathering the audit events from any computers in your environment that have the Tivoli Endpoint Manager for Remote Control target component installed. The information is retrieved and updated once every 6 hours. This information is useful for auditing purposes, providing details of actions carried out during a remote control session, for example, a change in session type or a file transfer. The controller user who was carrying out the session is also displayed. 82 Tivoli Endpoint Manager for Remote Control: User s Guide
If the analysis is active, the Results tab will list the computers that this analysis was relevant for. If you double click on a computer you will see summary data for the selected computer which includes a section for the target log entries retrieved by the TRC Target Logs analysis. You can also expand the Applicable Computers entry and filter the data further by specific retrieved properties. Note: The reason codes returned in this data can be viewed completely by using the web reports to display the output. See Chapter 9, Viewing web reports, on page 85 for more details. Chapter 8. Using Tivoli Endpoint Manager for Remote Control 83
84 Tivoli Endpoint Manager for Remote Control: User s Guide
Chapter 9. Viewing web reports Tivoli Endpoint Manager for Remote Control offers a report available in the Web Reports component of the application. This web report was formulated to provide log data gathered from the controller and target logs relevant to specific targets. This data can be used for auditing purposes and for monitoring remote control activity on specific machines in your environment. To access the Tivoli Endpoint Manager for Remote Control web report complete the following steps : 1. Click Tools > Launch Web Reports 2. Enter your Web Reports username and password. If you do not know your username or password, check with your Administrator. After login, you will see the main Web Reports page open in a new browser. 3. Select Systems Lifecycle to see a list of reports including the Tivoli Endpoint Manager for Remote Control report. Copyright IBM Corp. 2003, 2012 85
You will see the Tivoli Endpoint Manager for Remote Control Events entry in the reports list displayed under the Report List menu: 4. Click on Tivoli Endpoint Manager for Remote Control Events. 5. Enter the computername of the target whose information you want to view and click View Events. Any log data that has been gathered from the controller and target logs, for the specified target will be displayed in the relevant sections, showing the remote control events. 86 Tivoli Endpoint Manager for Remote Control: User s Guide
Appendix. Support Frequently Asked Questions 1. I have installed the target software on a target in my environment, but I do not have an option to start a remote control session when I right click on the computer in the TEM console? To start a remote control session using this method you need to make sure that the following conditions are met. v v The controller component is also installed on the system that the TEM console is installed on. The Remote Control Installation and Security Options analysis needs to be active for the selected computer (and reporting that the Tivoli Endpoint Manager for Remote Control target is active) to be able to see the menu item v When the controller is deployed it is only the current user who is logged on to the machine that you are deploying to that will have the rights to see the menu item that allows you to start a session, it will not be visible to other users. The following registry key can also be created. Key name: HKEY_CURRENT_USER\Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\TivoliRC With the following values ComputerApplicabilityRelevance = value of results (current computer, property 1 of fixlet 4 of bes site whose (name of it starts with "Tivoli Remote Control")) = "True" MaxComputerSetSize =1 MenuDisplayName = &Tivoli Endpoint Manager for Remote Control ShellCommandRelevance = "%22C:\Program Files\IBM\Tivoli\Remote Control\Controller\jre\bin\javaw.exe%22 -jar %22C:\Program Files\IBM\Tivoli\Remote Control\Controller\TRCConsole.jar%22 --host " & hostname of current computer 2. I have deployed the target software in peer to peer mode but would now like this target to register with my Tivoli Endpoint Manager for Remote Control Server how can I get it to connect to the server? You can use the Tivoli Endpoint Manager for Remote Control Target Wizard to create a configuration task and specify the server URL of the required server. Running this task on the selected target will reconfigure it and it will then be able to contact the server. See Creating Tivoli Endpoint Manager for Remote Control target configuration tasks on page 63. 3. Where can I find more information on using Tivoli Endpoint Manager for Remote Control? Information on installing, using and administering Tivoli Endpoint Manager for Remote Control can be found in the Tivoli Endpoint Manager for Remote Control infocenter. 4. Additional Tivoli Endpoint Manager for Remote Control functionality is available when you have the Tivoli Endpoint Manager for Remote Control server component installed, where can I obtain the server component from? You can create a server installation task using the Tivoli Endpoint Manager for Remote Control Server Installer Wizard to create a Tivoli Endpoint Manager for Remote Control server configuration which will install the following Copyright IBM Corp. 2003, 2012 87
Technical Support component setup, embedded Websphere Application server and an embedded Derby database or already installed DB2, MSSQL or Oracle database. See Creating Tivoli Endpoint Manager for Remote Control server installation tasks on page 56. You can also install a server which points to an already installed Websphere Application server instance using an already installed DB2, MSSQL or Oracle database. See Installing the server component. on page 9. 5. How can I determine which type of server installation would be suit my environment? See Chapter 3, Server environment guidelines, on page 5 for some guidelines for consideration when planning your installation. 6. Where can I find out more information on the functionality of the Tivoli Endpoint Manager for Remote Control Server? See the guides in the Tivoli Remote Control 5.1.2 info center and also the Tivoli Endpoint Manager for Remote Control Release Notes. TEM technical support site offers a number of specialized support options to help you learn, understand, and optimize your use of this product: v TEM Support Site v v v Documentation Knowledge Base Forums and Communities 88 Tivoli Endpoint Manager for Remote Control: User s Guide
Notices IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you Copyright IBM Corp. 2003, 2012 89
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 USA COPYRIGHT LICENSE TRADEMARKS Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at http://www.ibm.com/legal/ copytrade.shtml. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries 90 Tivoli Endpoint Manager for Remote Control: User s Guide
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, and service names may be trademarks or service marks of others. Notices 91
92 Tivoli Endpoint Manager for Remote Control: User s Guide
Index A about this publication v analyses 77 remote control controller logs 79 remote control installation and security options 77 remote control target log (start/stop) 81 remote control user, session and performance options 80 TRC log 82 audit events retrieving data 79 C cli tools deployment linux 41 windows 33 uninstallation linux 42 windows 34 controller deployment linux 39 windows 31 installation 14 installation media based 14 passport advantage 15 TEM console based 14 uninstallation linux 40 windows 32 updates linux 49 windows 47 controller logs retrieving data 79 D dashboards 23 Tivoli Endpoint Manager for Remote Control overview 23 data gathering 77 db2 server installation configurations 56, 60 definitions 17 deployment cli tools linux 41 windows 33 controller linux 39 windows 31 gateway support linux 43 deployment (continued) gateway support (continued) windows 35 linux 36 overview 27 target linux 37 windows 28 windows 28 deployment data viewing 23 derby server installation configurations 56, 58 E environment guidelines large environment 7 medium environment 6 server 5 small environment 5 establishing a remote control session 50 F firewall rules 54 frequently asked questions 87 G gateway support deployment linux 43 windows 35 uninstallation linux 44 windows 36 I installation 9 controller 14 server 9 server with embedded components 9 stand-alone server 10 target 11 installing target rpm file 12 target spb file 13 installing Tivoli Endpoint Manager for Remote Control 9 L legal notices Tivoli Endpoint Manager for Remote Control 89 M managed mode session starting 53 managing target and server configurations 56 mssql server installation configurations 56, 61 O oracle server installation configurations 56, 62 overview 1 P passport advantage controller installation files 15 server installation files 10 target installation files 14 peer to peer session controller initiated 52 TEM console initiated 50 R remote control server installer tasks executing 76 remote control session establishing 50 peer to peer 50 starting 53 TEM console initiated 50 using the Tivoli Endpoint Manager for Remote Control server 53 Remote Control settings tasks 76 response warnings 54 S server installation installation media based 9 passport advantage 10 stand-alone 10 TEM console based 9 with embedded components 9 installing 9 server environment guidelines 5 server installation configurations creating 56 db2 56, 58, 60 derby 56 mssql 56, 61 oracle 56, 62 Copyright IBM Corp. 2003, 2012 93
server installation tasks creating 56 running 76 server installation types 5 session activity data retrieving 82 session connection data retrieving 81 support FAQs 87 system requirements 3 controller 3 gateway 4 server 3 target 4 T target deployment linux 37 windows 28 installation 11 installation media based 11 Linux 12 passport advantage 14 TEM console based 11 Windows 11 uninstallation linux 38 windows 30 updates linux 48 windows 46 target configuration task creating 63 executing 76 target data installation 77 properties 77 security 77 target installation attended 11 custom 11 rpm file 12 spb file 13 target installation data retrieving 77 target properties configuring 63 retrieving data 77 target security data retrieving 77 target user data retrieving 80 tasks executing 76 technical support 88 TEM console components 19 dashboards 23 overview 19 Tivoli Endpoint Manager for Remote Control using 27 Tivoli Endpoint Manager for Remote Control overview 23 Tivoli Endpoint Manager for Remote Control Server installing 9 U uninstallation cli tools linux 42 windows 34 controller linux 40 windows 32 gateway support linux 44 windows 36 target linux 38 windows 30 updates component 45 controller linux 49 windows 47 linux 48 target linux 48 windows 46 windows 46 using Tivoli Endpoint Manager for Remote Control 27 V viewing web reports 85 W warnings 54 web reports viewing 85 what's new v wizard server installation configuration 56 target configuration 63 94 Tivoli Endpoint Manager for Remote Control: User s Guide
Printed in USA