Client Management Suite

 View Only

  • 1.  ITMS CMS 8.1 Implementing Cloud Enable Management on existing CMS 8.1 HTTP environment

    Posted Mar 29, 2021 02:13 PM

    Hi All,

     

    Our environment is currently running CMS 8.1 (Upgraded from 7.1 > 7.6 > 8.1)  HTTP configured.

     

    We need to implement the Cloud Enabled Management feature and its main requirements is configuring Altiris to run on HTTPS. I have read thru the CEM whitepaper and did not find definitive steps on configuring current implementation of Altiris running on HTTP to HTTPs.

     

    Upgrading to 8.6 is currently not an option for us at this time.

     

    Any guides or docs that lays out the steps to implement this from the SMP, site servers and agents you can point me to? 

     

     

    Thanks!



    ------------------------------
    mklesa
    ------------------------------


  • 2.  RE: ITMS CMS 8.1 Implementing Cloud Enable Management on existing CMS 8.1 HTTP environment

    Broadcom Employee
    Posted May 14, 2021 05:51 AM
    Hi HXG!

    You can try to start from below information, just make sure that your managed client computers have Symantec Management Agent upgraded to 8.1.x version as NS has.

    1. CMS 8.1 must have HTTPs binding set in IIS for Web Site, where NS is installed (add there self-signed or 3rd party signed certificate and make sure that it will be issued for correct CN of NS (fqdn, hostname, etc)
    After setting HTTPs binding and required certificate applying for this binding, for now do not enable "Require SSL" option for Web Site where NS is running because all HTTP connected agents will not be able to communicate with NS because:
    - Their URL of NS in SMA settings is only http and there is no https else specified with required certificates 


    2. Open SMP Console -> open default NS Communication profile, enable HTTPs and specify your NS hostname, fqdn with correct HTTPs port.
    Open SSL settings and make sure that you have there correct certificate which is binded for HTTPs on NS machine (or import required certificates). Check that needed TLS versions are enabled then save changes.

    Now for test purpose, take one of the client Computers and refresh policy to receive updated NS communication profile with SSL settings, HTTPs NS URLs and certificates. Try to switch client SMA from http to https (You can enable diagnostics mode on client PC to manually change NS address https://knowledge.broadcom.com/external/article/150636/details-on-aexagentutilcom-and-aexnsagen.html) after this check whether SMA started to communicate with NS via HTTPs.

    Other steps how to create CEM Web Site, install/setup CEM Gateway etc, you can check old Article https://community.broadcom.com/groups/viewdocument/how-to-install-cem-functionality-in?CommunityKey=ec843fbd-bc71-48c5-bb12-c9d8042d7cb0&tab=librarydocuments

    Thanks,
    IP.

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------

    Original Message


  • 3.  RE: ITMS CMS 8.1 Implementing Cloud Enable Management on existing CMS 8.1 HTTP environment

    Posted May 17, 2021 01:41 PM
    Thank you Igor!

    Quick question: does each site server require its own certificate (we're using 3rd party)?

    ------------------------------
    mklesa
    ------------------------------

    Original Message


  • 4.  RE: ITMS CMS 8.1 Implementing Cloud Enable Management on existing CMS 8.1 HTTP environment

    Broadcom Employee
    Posted May 18, 2021 02:49 AM
    On Site Server Management page, there is a Global Site Server settings page where you can use NS CA as master certificate to generate HTTPs certificate on each Site Server or upload your 3rd party cert to use it as master for further Site Servers cert generation (you can override global Site server settings per single required Site Server)


    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------

    Original Message


  • 5.  RE: ITMS CMS 8.1 Implementing Cloud Enable Management on existing CMS 8.1 HTTP environment

    Posted May 25, 2021 03:41 AM
    I was going to post a new thread but since we're on the topic of CEM here I'll "borrow" yours!
    We have CEM working fine but there are a few machines that have a working agent but went off-site without being cloud-enabled so now they don't communicate. I know that I can reinstall the agent with the offline installer from the CEM setup pages but is there a way of adding CEM to a machine that's already got an agent?
    Thanks
    Martin

    ------------------------------
    Bangor University
    ------------------------------

    Original Message


  • 6.  RE: ITMS CMS 8.1 Implementing Cloud Enable Management on existing CMS 8.1 HTTP environment

    Broadcom Employee
    Posted May 25, 2021 04:16 AM
    Edited by Igor Perevozchikov May 25, 2021 11:56 PM
    Hi MrSoapsud!

    You can try to export NS Communication profile including CEM settings data into .xml file which will be password protected.
    Pay attention to set date for temp CEM certificate expiration there (by default it will be expired after 7 days)

    On client side, you can import this NS communication profile .xml with CEM data
    - If SMA has enabled diagnostics mode (To enable Diagnostics mode: "C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe" /diags),
    then you can manually import this .xml NS profile from SMA UI

    Or you can import NS communication profile .xml using command line on client side
    "C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe" /importprofile:"C:\NSwithCEMprofileDataaaa.xml" /profilepwd:sadasdsa

    Thanks,
    IP.

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------

    Original Message