Appendix. IriScene Remote Manager Version 4.8 FRACTALIA Software

Appendix IriScene Remote Manager Version 4.8 FRACTALIA Software

2 1. SYNCHRONIZER WITH ACTIVE DIRECTORY (AD)...3 1. SyncAD2IRM.exe.config...3 2. Installation...4 2. REPEATERS...5 1. Normal...5 3. CONFIGURATION OF SQL REPORTING SERVICES...8 B. CLIENT TOOLS...13 1. IRM CONFIGURATION FILES...13 1. Config.xml...13 2. Updates.xml...15 3. PatchClientModule.config...17 4. SelfServiceTool.exe.config...17 5. Registering terminals by command line...17 C. UTILITIES...19 1. INSTANT RECOVERY SYSTEM UNATTENDED INSTALACION...19 1. Normal installation...19 2. Unattended Installation...19 3. Update...20 2. INSTANT RECOVERY SYSTEM COMMAND LINES...20 1. VirtualDiskControl.exe...26

3 A. Server Tools 1. Synchronizer with Active Directory (AD) The synchronizer of the Active Directory (AD) with IRM takes care of dumping the information necessary to integrate IRM with AD. The information is only transferred from AD to the IRM database so that it never modifies the information in the AD. On synchronizing the AD data against the IRM, the unit organisational structure is copied converting them into IRM groups and positioning the machines in the same place as in the AD. 1. SyncAD2IRM.exe.config The configuration file is used to introduce the synchronization characteristics. <syncad2irm> <domains> <domain server="eccweb48" aduser="administrator" adpass="p@ssw0rd" nbdomain="" adroot="dc=irm48,dc=ecc" syncpart="0" descriptiontoalias="true" /> </syncad2irm> Server: introduces the domain server against which the replica will be made. You can specify the complete domain name with which it will search for the closest domain server. aduser: introduces the AD user name that is used to connect to it. If the machine belongs to the AD then this field can be omitted, indicating the synchroniser to use the user that is functioning already. adpass: introduces the user password with which you access the AD. If the user is omitted then this field will not be valid. nbdomain: introduces the domain name. This parameter is only necessary if the machine in which the synchroniser is running does not have access to the DNS server associated with the active directory. If you omit this parameter and specify the user you must specify in the form: user@domain (for example administrator@fractalia.es) adroot: introduces the AD root partition that you want to synchronise. It must have the form DC=fractalia, DC=biz. Sync Part: introduces partial synchronisation instead of a total one. The synchroniser will only take into account those elements that have been modified since the last synchronisation. If various domain servers are used, the synchroniser cannot detect changes made in a domain server other than the one indicated, so it is not recommendable to put a very high value for this parameter. <sync2irm connectionstring = "Data Source=ECCWEB48\SQL2005;Initial Catalog=IRM48;User ID=sa;pwd=P@ssw0rd;Application Name=SyncAD2IRM" idclient = "3" timesleep="0" defaultrollbackmode="manual"

4 timepoll="1" timeretry="1" numretry="1" connectiontype="1" /> Connection String: configures the connection string to the IRM database. Pressing on Check, you can verify that the connection string to the IRM database is correct. IdClient: when you are using multiple clients identify the IRM client to which the synchronisation data is assigned. Time Sleep: to configure the delay, in milliseconds, between the synchronisation of the AD elements. This field is used to slow the service so as not to consume all the machine s resources. Default Rollback Mode: configures the Rollback mode as manual or automatic, with which new machines detected in AD will be configured. Time Poll: configures the time, in seconds, of the call to check the inventory with which the new groups detected in AD will be configured. Time Retry: configures the time, in seconds, of the call to check the updates with which the new groups detected in AD will be configured. numretry: configures the time, in seconds, of the call to check the state of the Rollback with which the new groups detected in AD will be configured. This call time is different from the one in the IRM platform group properties tab. 2. Installation The synchronizer can be installed in any machine, even if it is not registered in the AD, although it is recommendable to install it in a domain server for security and performance. It is necessary to create a service using the executable of ADSync, and initiate it, so that it functions correctly. For this, execute from the command line: sc create Servicename binpath= path where the SyncAD2IRM.exe is to be found start= auto Every time a change is made in the configuration file the service must be rebooted. Configuration example:

5 Figure 1. Example of synchroniser configuration <syncad2irm> <domains> <domain server="172.16.0.64" aduser="administrator" adpass="pass" nbdomain="" adroot="dc=tests,dc=fractalia" syncpart="0" descriptiontoalias="true" /> </syncad2irm> <sync2irm connectionstring = "Data Source=172.16.0.64;Initial Catalog=IRM48;User Name=SyncAD2IRM" idclient = "3" timesleep="0" defaultrollbackmode="manual" timepoll="1" timeretry="1" numretry="1" connectiontype="1" /> ID=sa;pwd=pwd;Application 2. Repeaters 1. Normal You need to mount a server, outside the LAN, with the IRM Repeater vx.x, Setup.exe application. This application acts as a Bypass for the user petitions to take remote control of other terminals, if this application is deactivated the connections die, and it will not be possible to establish remote connections in accordance with petitions. On installing the application, the notification area will show that the Repeater is executing. you press on it with the right hand button of the mouse (Figure 2), you can access the Repeater adjustments (Figure 3). Figure 2. Icon in the notification area

6 To configure the Normal mode introduce the Viewer and Server port. The Viewer port must be mapped in the router input and with the terminal over which you want to take remote control. Figure 3. Repeater Adjustments For the client it is necessary to configure the Remoting fields so that it connects correctly. The configuration can be made with the local client configurator or by modifying the client configuration file. If you do it through the local configurator, you have to execute the application (Figure 4), click on Proxy and configure the part corresponding to the Remoting channel (Figure 5)

7 Figure 4. Opening local client configurator Figure 5. Local client configurator Server: introduces the server name or IP where the Remoting module is installed. Directory: introduces the path to the Remoting module folder. Port: introduces the port through will go to Remoting. Resource: introduces the Remoting resource name. If you do it through the configuration file, you must edit the Config.xml file in the path %PROGRAMFILES%\4.8\Iriscene Remote Manager\" and reboot the IRM service. <remotingchannel>

8 <Enabled>true</Enabled> Enables Remoting. <ReconnectionTime>15</ReconnectionTime> Reconnection time for Remoting. <HttpSleepRetryConnectionTime>500</HttpSleepRetryConnectionTime> <UrlGenuineChannelLog>D:\IRM\log\</UrlGenuineChannelLog> <Url> <Protocol>ghttp</Protocol> <Host>ECCWEB48</Host> Public IP or DNS of the server where you find the Remoting module. <Port>80</Port> Remoting port <Dir>Fractalia/IRM/IRMRemotingServiceHost</Dir> Path to the IRMRemotingServiceHost folder in the Server <Resource>IrmRemotingService.rem</Resource> </Url> </remotingchannel> Figure 6. Normal 3. Configuration of SQL Reporting Services Report Server is a complete server solution to allow you to create, administrate and deliver Web reports.

9 Figure 7. Reporting Services Configuration Execute the Reporting Services Configuration (Figure 7) and connect with the database server (Figure 8). Figure 8. Connection with database server Next, you have to create the Report Server virtual directory, to do this, click on Report Server Virtual Directory, press the New button and select the WebSite where you want to create it. (Figure 9 and Figure 10)

10 Figure 9. Create a Report Server virtual directory Figure 10. Virtual directory successfully created

11 Then you have to create a Report Manager virtual directory, to do this, click on the Report Manager Virtual Directory, press the New button and select the WebSite where you are going to create it. (Figure 11 and Figure 12) Figure 11. Create a Report Manager virtual directory Figure 12. Virtual directory successfully created

12 Lastly, you have to connect with the Report Server database, to do this, you have to introduce the credentials to connect you with the database, click on the Connect button and apply the changes by pressing the Apply button. (Figure 13 and Figure 14) Figure 13. Connect to the Report Server database Figure 14. Connection to the database successful

13 B. CLIENT TOOLS 1. IRM configuration files 1. Config.xml This file is to configure the internal parameters of the client. It is to be found in the directory: %PROGRAMFILES%\Iriscene Remote Manager\4.8" The code lines that are configured in this file will appear in bold. Normally this file is modified with the IRM configurator program; nevertheless, it is always possible to do it manually. <general> <GuidTerminal>SOFTWARE\Fractalia\Irm\</GuidTerminal> In this line, the part of the register where the terminal identifier is kept is configured. <LogFile>D:\IRM\log\IriSceneRemoteManager.log</LogFile> Configures the path where the log of calls between client and platform is stored. <CentralPlatform> http://www.fractaliasoftware.com/applications/irm_ws.asmx </CentralPlatform> Configures the address in the IRM server where the Web Service connection with the client can be found. <Client>ECC</Client> Shows the company where the client is registered. <ServiceStartTime>30</ServiceStartTime> Configures the delay, in seconds, which the IRM service takes before initiating after starting the machine. <ReconnectionTime>1</ReconnectionTime> Configures the time, in minutes, of reconnection with the Web Service, in case this is interrupted. <RestartInterval>60</RestartInterval> Configures the time, in seconds, that is displayed in the countdown window when the computer has to reboot for some action taken in the platform. <User>Fractalia</User> Configures the administrator s user name. <Password>82ZuX+E=</Password> Shows the coded password of IRM. <Language>es</Language> Configures the default language for IRM tools in the client. <EnableInstallLog>true</EnableInstallLog> Enables the IRM logs in the client. </general> <proxy> <IpProxy> </IpProxy> Configures the Proxy IP.

14 <PortProxy> </PortProxy> Configures the Proxy port. <UserProxy> </UserProxy> Configures the user for Proxy authentication. <PasswordProxy> </PasswordProxy> Configures the password for Proxy authentication. <DomainProxy> </DomainProxy> Configures the Proxy domain. </proxy> <inventory> <InventoryPath>D:\IRM\Datos</InventoryPath> Configures the address where the client inventory is going to be stored. </inventory> <upload> <UploadTime>1</UploadTime> Configures the time frequency, in minutes, the data found in the send data path is sent. <UploadPath>D:\IRM\Datos\Envio</UploadPath> Configures the address to upload data. Any file placed in this folder will be sent in UploadTime seconds to the platform. <NumberRetry>2</NumberRetry> Configures the number of attempts to upload to the server. <Icon> <Path>Images\Subida.gif</Path> Configures the address of the upload icon. This icon is displayed in the notification area. <Message>Uploading file to Central Platform</Message> Configures the message that will be displayed in platform events when uploading data. </Icon> </upload> <rollback> <password>82zux+e=</password> Shows the coded password of rollback. </ rollback > The IRM Windows applications (IRS console and configuration) have different types of security: Authentication integrated with Windows. Only those users that are system administrators can access the applications. Authentication IRM. The applications will request authentication on initiation, (as defined in the general section of the present file). Authentication ODP. The applications will request authentication on initiation. This will be a key obtained through the ODP/OTP tools. <security> <authentication> <Windows>1</Windows> Authentication of Windows, if it is 1 the value is true and if it is 0, false. <IRM>1</IRM>

15 Authentication of Iriscene Remote Manager, if it is 1 the value is true and if it is 0, false. <ODP>1</ODP> Authentication of Instant Recovery System One Day Password, if it is 1 the value is true and if it is 0, false. </authentication> </security> <remotingchannel> <Enabled>true</Enabled> Enables Remoting. <ReconnectionTime>15</ReconnectionTime> Remoting reconnection time. <HttpSleepRetryConnectionTime>500</HttpSleepRetryConnectionTime> <UrlGenuineChannelLog>D:\IRM\log\</UrlGenuineChannelLog> <Url> <Protocol>ghttp</Protocol> <Host>ECCWEB48</Host> Public IP or DNS of the server where the Remoting module is to be found. <Port>80</Port> Remoting Port <Dir>Fractalia/IRM/IRMRemotingServiceHost</Dir> Path to find the RemotingServiceHost folder in the Server <Resource>IrmRemotingService.rem</Resource> </Url> </remotingchannel> <TerminalControlServer> <Enabled>true</Enabled> Enable or disable the Callback Port. <CallBackPort>27027</CallBackPort> Inserts the port that is going to function as callback. </TerminalControlServer> <information> <CallInterval>15</CallInterval> </information> This is the time interval, in minutes, with which the information module calls the platform. <remoteconfig> <CallInterval>15</CallInterval> </remoteconfig> This is the time interval, in minutes, with which the configuration module calls the platform. <remotecontrol> <Password>82ZuX+E=</Password> Shows the remote control codified password. <Port>5900</Port> Configures the remote control port. <MSSecurity>0</MSSecurity> Security is integrated with Windows, if it is 1 the value is true and if it is 0, false. </remotecontrol> </remoteconfig> <actualizacion> <Password>82ZuX+E=</Password> </actualizacion> 2. Updates.xml

16 This file allows the configuration of the download parameters of the client. It is to be found in the directory: %PROGRAMFILES%\Iriscene Remote Manager\4.8" <P2P_Temp>d:\IRM\p2p\temporal</P2P_Temp> Configures the path where the temporary files are going to be stored. <Shared_Path>d:\IRM\p2p\shared</Shared_Path> Configures the path where the downloaded updates are going to be stored. <Shared_Mb>2048</Shared_Mb> Configures the maximum folder size where the updates are going to be downloaded. <Share_Files>1</Share_Files> Indicates the number of updates that have been downloaded from the platform. <Path_ini>d:\IRM\p2p\ini</Path_ini> Configures the path where the download configuration files are going to be stored. The download configuration files are stored in the server with the extension.ini. <Shared_HTTPServerPort>8182</Shared_HTTPServerPort> Configures the server port for TCP protocol petitions. It is the port for sharing the P2P files. <Mirror>0</Mirror> Shows if the client is in Mirror mode. If it is in Mirror mode it will show a 1 and, if not, a 0. <WAN>1</WAN> Shows if the client is in WAN mode. If it is in WAN mode it will show a 1 and, if not, a 0. <LAN>1</LAN> Shows if the client is in LAN mode. If it is in LAN mode it will show a 1 and, if not, a 0. <BroadcastPort>20082</BroadcastPort> Configures the server port for UDP protocol petitions. It is necessary to be able to share P2P files. <Icons> <Icon Name="Download"> <Path>Images\Descarga.gif</Path> <Message>Downloading updates</message> </Icon> <Icon Name="Installation"> <Path>Images\Instalando.gif</Path> <Message>Installing updates</message> </Icon> </Icons> Configures the images and messages that will be shown during and after the download of updates. Configures the path where the contents for Iriscene Public Media are left when they are received from Iriscene Remote Manager. <SpeedLimit> <! -- Speed limit is in Bytes per second (BPS) --> <Download>-1</Download> <Upload>-1</Upload> </SpeedLimit> Configures the bandwidth, in bytes per second, of uploading and downloading updates. If the value is -1 bandwidth control is inactive.

17 3. PatchClientModule.config This file allows you to configure the path of the FPDServiceSetup service that is installed as part of Patch Management in the client. It is found in the directory: %PROGRAMFILES%\Iriscene Remote Manager\4.8" <setting name="patchmanagerwebservicereferences_fpcservice_service" serializeas="string"> <value>http://10.110.0.89/fpcservicesetup/service.asmx</value> </setting> It is necessary to reboot the IRMService.exe service to make the changes correctly. 4. SelfServiceTool.exe.config This file allows you to configure the path for the platform web service if you have installed the Self Service part in the client. It is in the directory: %PROGRAMFILES%\Iriscene Remote Manager\4.8" <setting name="proxywrapper_irm_platform_irm_service" serializeas="string"> <value>http://10.110.0.89/fractalia/irm/ws_platform/service.asmx</value> </setting> To make the changes correctly you must restart the IRMService.exe service. 5. Registering terminals by command line Iriscene Remote Manager gives you the possibility to register a terminal by command line instead of having to run the configurator. To do this you have to access the path by the Windows terminal: %PROGRAMFILES%/Iriscene Remote Manager/ and execute the instruction RegisterTerminal.exe. The format for this instruction is: RegisterTerminal.exe <WebService> <License> <WebService>: inserts the URL of the platform WebService. <License>: inserts the group serial number where you will register the terminal. To obtain the serial number of the terminal you must access the platform and you get it by clicking, with the right-hand button of the mouse, on the group where you wish to register the terminal, and looking at the properties of the group in the Generic tab (Figure 15).

18 Figure 15. Getting the serial number of a group in the platform

19 C. UTILITIES 1. Instant Recovery System unattended installation 1. Normal installation Execution of the Instant Recovery System can be done in two ways: Clicking directly on the IRS32.msi icon Executing the instruction msiexec /i %rutadelirs%irs32.msi from the command line, where %rutadelirs% is the path where the msi is to be found. 2. Unattended Installation The basic syntax for unattended installations is the following: <IRS_OPTION= value > msiexec /i IRS32.msi /qn <Other options msi> > <IRS_OPTION= value > This table contains the options to personalise the IRS default installation options. Option Description Values By default TARGETDIR Installation Any valid C:\%program files%\iriscene Directory directory. If Remote no directory Manager\4.8 4.8\IRS exists, it will be created. PASSWORD IRS Any Admin password alphanumeric chain. MAXSNAPSHOTS Maximum From 2 to 10 number of Recovery Points 10. DRIVES Disks to Any valid Active disk protect disk (normally C:) BOOTMENU Show or On Off On hide the load start menu OTP Enable or On Off On disable one time Password ODP Enable or On Off On disable Password for one day PROTECT Protect or not the disks 0 1 1 ROR Specifies the disk to configure the restore on restarting /none any valid disk /none

20 CONFIGLOG Specifies the log file path for the configuration phase /none any valid file (If exists it will be overwritten) /none <Other msi option tions > Option /norestart /l* log_file /lx log_file Description No restart after installation (NOT RECOMMENDED) Normal installer log (NOT of the IRS protection) Detailed installer log (NOT of the IRS protection) Note: If the User Access Control (UAC), a Windows Vista improvement, is active the installation process must have high administrator permissions or the installation will be cancelled, as the Windows Installer does not allow silent installation without said permissions. Examples To Install IRS in C:\IRS and the results of the detailed log in C:\irs_install.log msiexec /i IRS32.msi /qn /lx c:\irs_install.log TARGETDIR= c:\irs IRS To Install IRS, protected disks C: and D: and without rebooting: msiexec /i IRS32.msi /qn DRIVES= c: d: /norestart To Install IRS but not protect any disk: msiexec /i IRS32.msi /qn PROTECT= 0 To Install IRS without the boot menu msiexec /i IRS32.msi /qn BOOTMENU= Off 3. Update Execution of the update in normal mode: msiexec /i IRS32.msi REINSTALL=ALL REINSTALLMODE= vomus Execution of the update in silent mode: msiexec /i IRS32.msi REINSTALL=ALL REINSTALLMODE= vomus /qn 2. Instant Recovery System Command lines In the path %PROGRAMFILES%\Fractalia\iRollback various applications exist that can be run by a terminal. The syntax is obtained keying in the name of the application without adding any type of parameter: ActionOnRestart.exe obtains information of the actions programmed after the reboot or cancels the planned actions. ActionOnRestart.exe [ <disk-letter> <password> ] get disable AutoRollback.exe activates or deactivates the automatic mode. If it is in automatic mode, each time the machine is rebooted, it returns to a previous Recovery Point. AutoRollback.exe [ <disk-letter> <password> ] on off

21 BootMenu.exe activates the start menu and the One Time Password/One Day Password (ODP/OTP). BootMenu.exe [ <password> ] <menu> <OTP> <ODP> specify on turn on off turn off - leave unchanged Config.exe launches the graphic application (Figure 16) that allows you to protect more than one partition. Config.exe To protect a disk you must press (Figure 16) and that will show all the unprotected disks in the equipment (Figure 17). To continue the process you must mark the disks that you want to protect, if you want to restore the previous state each time you reboot the machine and insert the IRS password (Figure 18, Figure 19 and Figure 20). Figure 16. Protect a disk from the IRS configurator Figure 17. Select the disk to protect

22 Figure 18. Insert the IRS password Figure 19. Protected disk I

23 Figure 20. Protected disk II To unprotect a disk press on (Figure 21) and all the disks in the machine that are protected will be displayed (Figure 22). To continue the process you have to mark the disk that you want to unprotect, select the recovery point you want to restore or leave in its present state and insert the IRS password. (Figure 22 and Figure 23). To unprotect a disk you have to reboot the equipment. (Figure 24 and Figure 25) Figure 21. Unprotect a disk from IRS Configurator

24 Figure 22. Selection of disk and recovery point to restore inserting the IRS password Figure 23. Unprotect disk I Figure 24. Reboot to finalise unprotection of the disk

25 Figure 25. Unprotect disk II Current Status.exe obtains the latest SnapShot made in the machine and its status. CurrentStatus.exe ChangeMode.exe changes the IRS mode, automatic or manual, on the selected protected disk. ChangeMode.exe [ <disk-letter> ] AUTOMATIC MANUAL <password> DeleteRecoveryPoint.exe deletes a Recovery Point. DeleteRecoveryPoint RecoveryPoint.exe [ <disk-letter> <password> ] <recovery-point point-number> number> Disable.exe returns to the true disk on the next reboot. This action has to be before uninstalling the Instant Recovery System. Disable.exe [ <disk-letter> <password> ] <recovery-point point-number> number> [ /u ] For <recovery-point point-number> number> 1 is the baseline and 0 the present status /u uninstall IRS after rebooting the machine, this option is only valid for <recovery-point point-number> number> = 0 FixedSnapshot.exe deactivates the Fixed Recovery Point. FixedSnapshot.exe [ <disk-letter> ] status FixedSnapshot.exe [ <disk-letter> <password> ] disable GetInfo.exe displays basic information of protected disks. GetInfo.exe Getversion.exe verifies the dll and driver versions of the installation. GetVersion.exe dll driver [ <disk-letter> ] LockRecoveryPoint.exe blocks or unblocks the recovery point given as an argument. LockRecoveryPoint.exe [ <disk-letter> <password> ] <rec-point point-number> number> [unlock]

26 MaxSnapshot.exe used to establish the maximum number of snapshots. MaxSnapshots.exe [ <disk-letter> <password> ] <max-rec rec-point point-count> MaxSnapshots.exe [ <disk-letter> ] get NextRecoveryPoint.exe creates a new Recovery Point. NextRecoveryPoint.exe NextRecoveryPointReboot.exe programs the creation of a Recovery Point after a reboot of the machine. NextRecoveryPointReboot.exe Password.exe verifies or changes the password. Password.exe check <password> Password.exe change <old-password> <new-password> RestoreToSnapshot.exe restores the Recovery Point indicated as an argument. RestoreToSnapshot.exe [ <disk-letter> <password> ] <rec-point point-number> last number> last Rollback.exe programs the restoration of a prior Recovery Point for the next reboot. Rollback.exe SetBaseline.exe changes the baseline image to the image corresponding to the number introduced as the argument. SetBaseline.exe [ <disk-letter> <password> ] <recovery-point point-number> number> SnapshotNumber.exe displays the number of recovery points currently existing in the machine. SnapshotNumber.exe VirtualDiskControl.exe mounts and unmounts a virtual unit with the Recovery Point indicated as an argument. 1. VirtualDiskControl.exe VirtualDiskControl mount <virtual-disk disk-letter> <protected-disk disk-letter> <RP> VirtualDiskControl unmount <virtual irtual-disk disk-letter> where <RP> = <recovery-point point-number> number> fixed This is a command of the Instant Recovery System that allows you to recover the contents of a disk with a damaged Recovery Point. To do this, before loading the operating system, select in the menu, if you wish to use the preloading console of the IRS operating system in graphic mode (F3 or D) or in text mode (F4 or F). Graphic mode Select the protected disk that you want to act on (Figure 26), mark the checkbox Use Fixed Recovery Point and select the Recovery Point from which you want to obtain the information from the disk (Figure 27) and press the escape key.

27 Figure 26. Protected disk selection Figure 27. Use fixed This action creates a fixed Recovery Point, not visible for the user, with the disk contents of the damaged Recovery Point. Text mode Select the protected disk that you want to act on (Figure 28), press the F4 or F key to enable the option Fixed Recovery Point is enabled, introduce the Recovery Point number that you want recover the information from (Figure 29) and press the escape button.

28 Figure 28. Protected disk selection Figure 29. Use fixed This action creates a fixed Recovery Point, not visible for the user, with the disk contents of the damaged Recovery Point. There are two possibilities to recover the contents of the disk: From the command line. You must execute the instruction VirtualDiskControl.exe mount <Disk unit to mount> <Protected disk unit> fixed to mount the disk contents from the damaged Recovery Point in a virtual disk. From the IRS console. Press the button and this will display Figure 30, where you select the disk you want to mount the disk contents of the damaged Recovery Point. Figure 30. Mount the Fixed Recovery Point