Getting Started with LongLasso

[admin]

PDF version available with inline graphics: http://www.longlasso.com/LongLasso_Q...artv2_0_v1.pdf

Introduction

LongLasso is a strategic system that ties together the most needed aspects of the top-tier Altiris management framework in a common interface which can be routinely accessed during the incident resolution process. The system itself consists of three main parts:
1. LongLasso Admin—Includes management type functionality used by administrators or helpdesk workers and is installed on the workstations of these personnel. Allows initiation of IM conversations.
2. LongLasso Client—Application that is deployed to “end-user” workstations (desktops or laptops). Can be ran silently or with a system tray icons and only allows participation in conversations that have already been initiated. Allows reception of specialized management instructions as sent by LongLasso Admin.
3. XMPP Server—Open standard framework utilizes an open source XMPP server. Openfire 3.3.0 by Jive Software is recommended, and LongLasso Plugins (LongLasso Security, LongLasso Search, and LongLasso Connector) are provided for Openfire only and are automatically installed when Openfire is installed using LLServerInstaller.exe.





**Note that the LongLasso XMPP server is not required to be on the same server as Altiris Notification Server. Typically, cohabitation of these two server architectures is not recommended, depending on NS load. The diagram consolidates for simplification sake.



Requirements

Altiris Notification Server 6.0

Altiris Agent 6.0.2348 or above (installed on managed nodes)

Functionality depends upon installed solutions:
· Altiris Software Delivery Solution for Windows (6.1 or above)--used with LongLasso Run Task functionality.
· Inventory Solution for Windows (6.1 SP1 or above)--used with LongLasso Run Task functionality.
· Manage Links are customizable, but optionally include support for Asset Control Solution, Helpdesk Solution, Real-Time System Manager, and Carbon Copy Solution.

LongLasso Admin

• Windows 2000 or XP
• 128 MB RAM or greater recommended

LongLasso Client

• Windows 2000 or XP
• 128 MB RAM or greater recommended

XMPP Server

• Windows Server 2000 or 2003 recommended
• 512 MB RAM or greater recommended
• Microsoft SQL 2000 recommended but not required

Getting Started Overview

Fully implementing the LongLasso system to realize its significant benefits to helpdesk workstream processes typically involves the following steps:

1) Install and Configure XMPP Server—This is the central hub for this real-time communication system. Step by step instructions are provided in the next pages of this document.
2) Install LongLasso Admin—Select key helpdesk or IT administrator personnel and install LLAdmin on their workstations. Just after the install, the users can select a username and password.
3) Add LLAdmin Users to Whitelist—add the selected usernames to the whitelist, allowing them to initiate conversations. Optionally add usernames who can send corporate wide announcements (it is advised to carefully select these users).
4) Configure Altiris Software Delivery and Deploy LongLasso Client—The upcoming sections describe how to use Altiris Software Delivery Solution to deploy the LLClient to your enterprise using a silent installation routine.


Server Installation

Of the product components, it is recommended to first begin by installing the XMPP server. While XMPP is an industry standard protocol for real-time communications, it is recommended that Openfire 3.3.0 by Jive Software be used. Openfire is bundled with the LongLasso Server installation package. This installer is especially recommended since it assists with database setup and includes all LongLasso Plugins necessary for proper functionality.

The server that you choose to install Openfire does not have to be the same as your Altiris Notification Server installation. It is likely that a different server would be a better choice, depending on the activity load of your Notification Server.

To learn more about Openfire scalability, search the forums available at http://www.igniterealtime.org/forum/index.jspa

To install Openfire using the LongLasso specific installer (required for specific LongLasso functionality), run LLServerInstaller.exe

NOTICE: The installer contains instructions. It is important to read each dialog very carefully to insure a successful installation.

1.) Select a database system. Use the first radio button to prepare your system to use locally installed Microsoft SQL Server 2000 or 2005. To use the included flat file embedded database, use the second radio selection (not recommended for more than 500 users). To use any other supported system (MySQL, Oracle, PostgreSQL, or IBM DB2) or to configure the database manually, use the last (3rd) radio button selection.

a. If using LL Server Installer’s local Microsoft SQL Server option, you must designate an account with full administrative rights to SQL (to create a new database, tables, etc.). Note that the account must be a SQL Server account (SQL Server Authentication, SA or equivalent) NOT a Windows account. This means that MS SQL must be running in Mixed Mode (both SQL Server and Windows Authentication).
b. Verify Database Creation Dialog. If configuring Microsoft SQL Server you should manually check to insure that the “LongLasso” database has been successfully created

2.) SetPort Number for Openfire Admin Console. Openfire is managed through a web accessible Admin Console. So as not to interfere with IIS-served webpages on the same server, the console operates using a configurable port. This installation defaults to 9092. If the port supplied is already in use, the Admin Console will not properly open at a later installation step.

3.) Openfire Setup is launched. Select desired language and installation path for Openfire.

4.) Openfire installation completed dialog. Leave the “Run Openfire” selection checked, and click “Finished”.

5.) Instruction dialog opens. LLServerInstaller will then open an instructional window depending on which database selection that you made earlier. Very carefully follow the instructions provided on this dialog. Clicking “Next” during this dialog opens a web browser window to continue Openfire Setup. The instructional window stays open for reference as you complete the Openfire configuration steps. Once finished, simply click “Finish” to close the window and quit LLServerInstaller.

Important: At the end of the installation, it is highly recommended that you reboot. Openfire begins to run as a service after the reboot. Thus, if you do not reboot, logging off of the computer will exit Openfire.


Server Configuration

Log into the Openfire console by browsing to http://localhost:9092 from the server (or whatever port you designated during the installation).

Log in using admin as the username, and the password that you set previously during setup.

Next, configure System Properties by navigating to the Server tab (top) and then to the System Properties in the left and list (second from top).

At the bottom of the page, note the following Add New Property interface:


Add the following new properties:

Property Name: plugin.broadcast.allowedusers
Property Value: <comma separated list of users allowed to send broadcast messages to All Users>
Example: smith,lrichardson,jtucker
Note: If this is a new installation you probably do not have any usernames yet. These will be usernames of LongLasso Admin users. The first time that LLAdmin runs, it will allow the user to select an account username. Add the username of anyone that you wish to allow sending of announcements to ALL computers with the LongLasso Client or LongLasso Admin agents installed.

Property Name: plugin.longlasso.enabled
Property Value: true
Note: This enables additional security which restricts which users are authorized to initiate conversations.

Property Name: plugin.longlasso.rejectionMessage
Property Value: <the message that you wish to send if an end-user tries to send a message to an administrator after the time window has expired>
Example: The session has now ended. If you need additional help, please contact support again. Thank you.
Note: This message is not required, but is recommended so that end-users are aware that their message has been blocked and will not be received.


Property Name: plugin.longlasso.expiration
Property Value: <numeric in minutes>
Example: 15
Note: If this property is not defined, the default is 30 minutes.


Property Name: plugin.longlasso.whiteList
Property Value: <list of users allowed to initiate conversations separated by commas>
Example: smith,lrichardson,jtucker
Note: If this property is not defined and plugin.longlasso.enabled is set to ‘true’, then no messages can be sent. Only accounts specifically added to this list can proactively start conversations, others can only participate in conversations started by those listed here. This is usually a list of user accounts created by LongLasso Admin. You may need to install LLAdmin on your helpdesk or administrator workstations prior to configuring the whitelist, since the app allows the users to select their username.





Additional Server Configuration to Increase Security

The following are left-hand menu options, under the Server tab:
Server to Server—Disable the ability for remote servers to exchange packets with this server—unless this feature is needed.


Manage Updates—Disable automatic checking for server or plugin updates, Disable administrator notifications (unless desired)


Registration and Login—Insure that Inband Account Registration is Enabled, as this is essential to LongLasso core functionality. Disable users ability to change their password and also disable Anonymous Login.



File Transfer Settings—Disable using the server as a file transfer proxy




Search Service Properties—Insure that the Search Service is enabled




Installing and Using LongLasso Admin

It is recommended that LongLasso Admin (LLAdmin) be installed in a manual manner, as opposed to LongLasso Client which is better suited for mass deployment using Altiris Software Delivery Solution. LLAdminInstall.exe should be ran for each user who is desired to have access to the functionality, even if multiple users utilize the same physical computer.

Run the following installation package: LLAdminInstall2_0.exe

When presented with the list of Altiris products, select those that are being used within your environment. Note that an option field exists to set a static server for Altiris Asset Control and/or Altiris Helpdesk. If your environment has multiple Notification Servers and your managed nodes do not directly report to the server with either of these two products installed, then you need to set a static server. If you only have one Notification Server which all managed computers report to, or if you do not use Altiris Asset Control or Altiris Helpdesk, then it is not necessary to use these values. If you leave the static server fields blank but leave the product checkbox marked, LongLasso will automatically use the Notification Server that the managed computer is reporting to when generating Manage links. If using static server/s, it is recommended that you use the server name in Fully Qualified Domain Name (FQDN) form. Example: server005.mydomain.com.



After these settings are completed, LLAdmin will now install. Once installation is completed, the application will run. If LLAdmin is running for the first time, the Account Management interface will appear.



To create a new LLAdmin account, select the “Create a new account” radial, select a username and password. Next, enter the name of the XMPP server that you built. This should match the Domain value that you selected during XMPP server installation and is often the server hostname. Next enter the server address, this may be the same as the server hostname, but could be different if reaching the server across the network requires a different value. To remember the account and automatically login during system startup, select the “Remember this account and login automatically” option.


Using LongLasso Admin (LLAdmin)

LongLasso Admin functionality is accessible from a system tray icon that is available while the application is running (the app is configured to run during startup).

Right-clicking on this system tray icon reveals a menu with the following options.

Main Console…—Search for users using Windows Username and view their current presence status. Once users are found, double-click or click “Start Conversation” button to initiate a conversation with the user OR perform other management tasks by clicking on the action button on the right-hand side of the search results (while the user is highlighted). During searches, use % as a wildcard character.
Announcement…—Send real-time announcements to the entire enterprise, or to specific groups.
Account Management…—Configure which user account and server to connect to. Also, create a new account.
Edit Manage List…—Edit the list of dynamic links accessible from the Manage button on in a conversation window.


Main Console


Note that % is a wildcard and returns all users, but be aware that the result set may take several minutes in environments with a large number of users.

Utilize the Search interface to quickly find users based on Windows Username. Notice that the Username column results will have the Windows Username, then an underscore “_” and then either the domain name (if logged in using a domain account) or a computer hostname (if logged in with a local machine account).

Double-clicking on a user reveals a conversation window in a recognizable instant messaging format.
The Altiris Agent indicator light reveals if the Altiris Agent service is currently running on the manage node that the user is currently logged on to.

Resource Manager button opens a web browser window and navigates to the Resource Manager interface on the Notification Server that manages the computer. This interface is useful to gather information about a workstation during support calls.



The Run Task button opens a window that loads a list of currently available Tasks including Altiris Software Delivery Tasks and Inventory Solution Tasks. For more information about setting up Software Delivery Task to use with LongLasso, see the “Using LongLasso with Altiris Software Delivery Solution” section of this document.





The Manage interface is a listing of dynamically created links which allows quick navigation into the Altiris Notification Server to prepare various day-to-day activities such as Carbon Copy control, editing the asset record, etc. This list is editable using the “Edit List” menu option. Editing the list is necessary if new links are desired, including links to specific Altiris Notification Server Tasks, Collections, or other web-accessible components.



Edit Manage List
The Manage List is flexible and can be edited to provide for dynamic or stationary linking to Notification Server or any website and can be configured to execute command lines on the LLAdmin user’s computer.

The Edit List interface provides two columns: Name and URL. To add a new Manage menu item, add the name to the first text field (in the area just below the list), and then add the URL starting with http:// or https:// for websites, or any command line starting with an executable followed by parameters.

To make a dynamic link where certain values are inserted for the computer being used by the user being communicated with via LLadmin, note the following variables:


Variable
Description
#ns#
Uses the server path that the managed node uses to communicate with its Notification Server.
#resourceguid#
Inserts the ResourceGuid that was assigned to the managed node when the Altiris Agent registered with its Notification Server.
#computername#
Uses the Computer’s hostname


To edit any item in the list, simply select the row, notice that the Name and List values are shown below the box. Make changes to the item and use the Replace button to save the changes.







Announcement Interface

The Announcement functionality allows sending of either scrollbar or window-based announcements to users. The Send to portion of the window allows the sender to designate if the announcement goes to All Users, or specific groups which have been created on the XMPP server. Note that group sending functionality is only supported if Openfire XMPP server is used.



Note that the Scroll Timeout is in minutes.

Configuration

In order for a LongLasso Admin user to see the list of available groups, their username must be added to the Openfire.xml file on the Openfire server. This configuration file is located in Program Files\Openfire\conf. Right-click on the file and open with WordPad. Find the block of text starting with <Admin>. Remove the comment notation <!-- before <authorizedUsernames></authorizedUsernames> in this block. Then, insert the Openfire usernames which should have access to load the group list when viewing the LongLasso Admin Announcement interface. Be sure to add the “admin” account if you wish this account to have access to the administrative console.

The configuration should look like this (with your specified users):

<admin>
<!-- Use this section to define users that will have admin privileges. Below,
you will find two ways to specify which users are admins. Admins will
have access to the admin console (only local users) and may have also access
to other functionalities like ad-hoc commands. -->
<!-- By default, only the user with the username "admin" can login
to the admin console. Alternatively, you can specify a comma-delimitted
list usernames that should be authorized to login to the admin console
by setting the <authorizedUsernames> field below. -->
<authorizedUsernames>admin,ssmith,exampleuser</authorizedUsernames> --&gt;
<!-- Comma-delimitted list of bare JIDs. The JIDs may belong to local
or remote users. -->
<!-- <authorizedJIDs></authorizedJIDs> -->
</admin>


Example of a Scrollbar Announcement:







Remote Screenshot Capture

The LongLasso 2.0 system allows remote capture and saving of end-user’s desktops. A capture can be initiated from either LLAdmin’s Main Console—Capture Screen button or from a conversation window--Manage menu. Once the capture is initiated, the end-user is presented with a dialog indicating the username of the LLAdmin user who is attempting the capture and asking if the capture should proceed. If the user were to deny the request, this decision is communicated back to the LLAdmin user. If the request is approved, the capture proceeds and the LLAdmin user is given the option of where to save the resulting file.



Deploying LongLasso Client

LongLasso Client (LLClient) is easily deployed using any software distribution system. The instructions provided below are for using Altiris Software Delivery Solution.

NOTE: When installing LLClient silently using a command line, the computer must be either rebooted or the user must log-off and log back on in order for the client to automatically run for the first time. After that time, it will run automatically.

• Create a Package
  • Copy LLClient folder into the NSCAP share of your Notification Server.
  • In the Altiris Console, navigate to Resources Tab > Resources > Software Management > Software Delivery Packages > Windows. Right-click on windows and Select New Package. Title the package and set the Package Location to your NSCAP share. Usually <X>:\Program Files\Altiris\Notification Server\NSCap\Bin\Win32\X86\LongLasso\LLClient or wherever you placed the LLClient folder.

In the Programs tab of the Package, create the following Programs:

Name: LongLasso Client Install-Icon always shown
Command line:
LLClientInstall.exe /S -Server: longlasso.dnsalias.com -ServerAddress: longlasso.dnsalias.com –Port: 5222 -Icon: permanent

Name: LongLasso Client Install-Icon shown during messaging only
Command line:
LLClientInstall.exe /S -Server: longlasso.dnsalias.com -ServerAddress: longlasso.dnsalias.com –Port: 5222 -Icon: true

Name: LongLasso Client Install-Icon never shown
Command line:
LLClientInstall.exe /S -Server: longlasso.dnsalias.com -ServerAddress: longlasso.dnsalias.com –Port: 5222 -Icon: false

Name: LongLasso Client Uninstall
Commandline: UnLLClient.EXE

The “Port” switch should reflect the client connection port specified in Openfire. The default is 5222.

For all LongLasso Client Programs, set the following including “Run with rights” as “Specified user”, using an account with administrative rights on the managed computer.

• Create a Task
  • Navigate to Tasks Tab > Software Management > Software Delivery > Windows > Software Delivery Tasks. Right-click on Software Delivery Tasks, and select New > Folder. Name the folder LongLasso Rollout.
  • Right-click on LongLasso Rollout and select New > Software Delivery Task
  • Create a new task for each of the Programs that you previously created as part the LongLasso Client Package; select the Package and Program accordingly.
  • Use these Tasks by pointing them to appropriate Collections and enabling.

LongLasso Connector

LongLasso Connector is an Openfire Plugin that is used to automatically create and maintain Groups in Openfire. Since Groups can be utilized during the sending of Announcements to target specific users, it is important that Groups be created and maintained in an automated way.

LongLasso Connector uses a CSV datasource to match up existing users to those defined in the CSV.

Important: As part of the routine, LongLasso Connector deletes all existing groups prior to importing those in the CSV. Thus, the CSV datasource should be the single authoritative source of user to group assignments.

The CSV datasource can have multiple columns, since the connector allows selection of which data field represents the user and which contains the group.

LongLasso automatically creates users based on the following scheme:

WindowsUsername_DomainName

If your datasource contains the Windows username and the Domain name in separate columns (fields), LongLasso Connector can be configured to automatically combine fields and insert the underscore allowing proper matching with existing users in the database.


Altiris Integration

LongLasso Connector can be used with Altiris Connector Solution to allow automated grouping of users based on Altiris associated Departments, Locations, or any other entity defined for Users in Altiris.

Altiris Connector Solution can be configured to export the results of any existing or custom Report to a CSV file at a scheduled time. While any report containing Windows Usernames, Domain Name, and group name can be used, there are several out-of-the-box reports that are often used for this purpose. To use the User to Department association, the “Users By Department and Company” report will work.

Users By Department and Company is found at: Reports Tab > Organizational Types Reports > User


General Steps:
1.) Create a Data Source that points to a CSV file that will be used for the export. (Use Altiris Notification Server Console)

2.) Create an Export Rule that uses the previously created CSV Data Source to export the results of a custom or pre-made report. Set a schedule for future exports. (Use Altiris Notification Server Console)

3.) Configure LongLasso Connector to import the CSV file previously exported. Define the columns and select a schedule which runs the task AFTER the CSV file is re-exported by the Notification Server Connector Solution Export Rule. (Use Openfire Admin Console, User/Group Tab > Groups > Connector Properties)














Troubleshooting






Support




Support for LongLasso for Altiris can be accessed by visiting the forums located at http://www.longlasso.com or emailing helpdesk@longlasso.com. Gratis email support is available at this address, but is provided on an availability basis. Gratis email support may incur a 72 hr or more delay in live response.

Organizations wishing to access phone fee based support may purchase support incident packages from their LongLasso reseller. For more information contact sales@longlasso.com.