| |
|
LANrev Webcast Q & A Transcript |
|
|
Written by MacEnterprise.org
|
|
Tuesday, 19 June 2007 |
|
The following is a complete transcript of the Question and Answer section to the April 17th 2007 webcast on LANrev. Answers were provided by LANrev.
Read on for more...
Q: What databases/ldap directories are used on the backend of the LANrev infrastructure?
A: LANrev uses an SQLite DB. We are looking to migrate the
product to PostreSQL in the near future. LANrev features a plug and
play integration with Microsoft's Active Directory. There's nothing you
have to configure. Your LANrev server and admin console simply have to
be bound to Active Directory for you to take advantage of the advanced
Active Directory support in LANrev.
Q: Does LANrev offer a patch management solution?
A: Yes, LANrev offers patch management for both 10.3+ Mac clients, as well as Windows 2000 Professional+ clients.
Q: How are client computers granted access, or prevented from accessing, LanRev? (How do you prevent spoofing?)
A: The agent will only accept commands/actions from a server it
has reported to before. It will remember this server so if you replace
a LANrev server at the same IP address, you will be denied access when
you attempt to manage the agent. LANrev also features other security
mechanisms to prevent agent spoofing and hijacking, including
encryption of all traffic.
Q: Can you compare/contrast with Lanovation's Prism?
A: As far as we can tell from New Boundary's web site, the Prism
line of products only supports the Windows platform; there is no Mac
support. LANrev is one of the few systems administration products that
treats both platforms equally well with regard to infrastructure and
feature support. All components including the LANrev server, admin
console, and agent can be installed on a Mac or PC. With very few
exceptions almost all features are fully cross-platform.
Q: Is InstallEase available for purchase separately?
A: Not at this time.
Q: When you deploy software, does the LanRev subsequent verification to verify that it has not changed or been tampered with?
A: During the deployment itself LANrev uses various
technologies, such as encryption and MD5 checksums, to maintain and
verify the integrity of software packages. LANrev will also monitor the
progress of your software installation in the installation status
reports in the Software Distribution Center window and report back the
results of the software distribution job including any error messages
if the installation fails. However, there is no active monitoring after
an application has been successfully installed to see if it is altered.
You would need a product such as Faronics Deep Freeze for that.
Q: Does LANrev agent send the entire inventory every 12 hours or only the changes since the last inventory?
A: After the initial inventory, the LANrev agent will compare
the current inventory with the once cached from last time and only send
in the changes/deltas to the LANrev server.
Q: Does your solution enable management both outside and inside an organization's firewall, and if so, are there differences?
A: Yes, you can manage computers even if they are outside of
your network. This does require that you install an additional LANrev
server outside of your firewall in the DMZ so that it is internet
accessible. This doesn't cost you anything extra since LANrev licensing
is by the number of client machines to be managed. Clients can be
configured to report in to multiple LANrev inventory servers. When a
user takes their laptop home and the machine obtains an internet
connection from their cable or DSL connection, their machine will send
in a heartbeat to both LANrev servers. For clients that are off your
LAN and behind a NAT router there can be up to a 15 minute delay
between when you issue a command and when it is actually executed. You
might want to reduce the heartbeat interval for the 2nd LANrev server
to something lower to improve responsiveness since command execution is
tied to the heartbeat interval when these machines are off your LAN
behind NAT routers.
Q: Will LANrev "crack the header" of each unregistered software
file to find information about the software or will it only display the
.EXE name?
A: LANrev can display the following pieces of information for
software found via a software audit with the Gather Installed Software
command - Inst. Software Name, Inst. Software Company, Inst. Software
Size, Inst. Software Installation Date, Inst. Software Info, Inst.
Software File Architecture, Uninstallable, Is Hotfix, Identification
Type, Install Location, Inst. Software Product ID, Registered Company,
Registered Owner, Installed By, Uninstall String, Installer Receipt ID.
Q: Is the remote software distribution and installation a
proprietary solution or does LanRev build on top of the existing OS
solutions (Windows .msi files and Mac .pkg/.mpkg files) ?
A: LANrev's software distribution natively supports the
deployment of PKG/MPKG and VISE installers, as well as DMG disk images.
You can also specify a shell script or any other executable. For
Windows LANrev can natively deploy MSI/MSP packages. For legacy
installers there is an Executable options field where you can specify
any option switches (typically /s or -s) to drive the legacy Windows
installation silently. You can also specify a BAT file. For natively
supported installer formats LANrev is able to fully automate and deploy
them silently. VISE installers will display a progress bar though. This
is built into the VISE installer itself and there is no way for us to
hide it.
Q: Where is the information collected by lanrev stored? How do
you backup this or transfert to another server? What is the recommended
setup for the management station? Is it a little bit like ARD (tasks
server vs management station)?
A: LANrev data is stored in a backend SQLite DB on a central
server. Direct access to information is only available locally on the
server machine itself or via the admin console. Note that multiple
admin consoles can connect to the same LANrev server at the same time,
regardless of the platform of either. If you want direct access this
information over the network outside of the admin console you should
set up LANrev's MySQL ODBC export. All tables are exported on according
to an interval chosen by you. The server can be configured to run
maintenance and backup tasks on the DB according to a configurable
schedule. You can also set a plist/registry setting to change the path
for the backup directory so that it points to a mounted network share.
If the network share is not persistently mapped/mounted you would need
to schedule a cron job or AT command to mount it and to copy these
backups there. LANrev has a true client server architecture. Both the
LANrev server and agent run as either a daemon or service. If the
system goes down for any reason, the server and agent will
automatically come back up again when the system starts up.
Q: How does LanRev help maintain the security of a system? Does
it assist in managing the permissions of files installed or deployed?
Does it help track down insecure permissions or ownership on Mac OS X?
A: Both the Transfer File/Folder command and LANrev's
repackaging utility InstallEase allow you to customize file/folder
user/group ownerships and permissions. If there are some system files
whose permissions are critical the Find File command can report that
information so that you can issue a shell script with the Execute Shell
Script command to fix them. If you want to do this in general you can
issue a shell script to invoke Disk Utility with the
'repairPermissions' option.
Q: When you require admin privileges for deployment, is the local logged-in user of a client prompted for authentication?
A: This is handled for you automatically. Because the LANrev
agent runs as a daemon or service you can tell it to impersonate
anybody from the local user to the root/system account. By default
packages are installed under the current logged in user's account.
Check the 'Requires admin privileges' checkbox if the installer
requires admin privileges. If no user is currently logged in LANrev
will impersonate the root or system account.
Q: Is there a software package creation tool available with
LANrev that creates a package based upon the snapshotted differences
between a "gold system" and the system after specific software has been
installed? Is this available for Macs as well as Windows machines?
A: LANrev Engineering has taken great pains to make sure that
LANrev supports the most popular installer formats natively, including
PKG/MPKG, VISE, DMG, and MSI/MSP. We strongly believe that repackaging
should only be considered as a last resort. The InstallEase utility
will let you take a before and after snapshot of a Mac and generate a
list of file changes that form the basis of your software
installation/package. You then have the opportunity to validate these
changes by deleting any extraneous entries, as well as modifying
user/group ownerships and permissions. It's able to output packages in
PKG, Iceberg project, and DMG formats. InstallEase is currently only
available for Macs but we are actively looking at a way to implement
this for the PC also.
Q: How does the LANrev agent determine the presence of installed
patches? Does it use the presence of patch files? Software inventory?
Or does it use file dates and versions to indicate the installation
status of specific patches?
A: LANrev will check both installer receipts (Add/Remove
Programs for PCs) and the presence of actual application packages and
executables on all specified volumes. LANrev's missing OS patches
reports are based upon the data returned from the OS's built-in
software updating utilities so you would get exactly the same list from
Apple's Software Update or Windows Automatic Updates utility.
Q: Is the OS imaging capability available for Windows clients?
A: ImageLive disk imaging is currently a Mac only feature.
LANrev Engineering is currently researching ways of implementing a
similar feature for PCs.
Q: LANrev compatible with Windows Vista? Is any functionality lost when using LANrev with Vista?
A: LANrev Engineering is currently making the required changes
in the product as we speak (especially the agent) to accommodate the
many security changes and restrictions in Vista. Once the Vista
compatible client is released there should be no functionality lost.
Q: What kind of visual notifications of when updates are
complete are available for the admin to display for the users? For
instance - provide a note on loginwindow when latest updates have been
successfully applied.
A: By default patch packages are installed silently. However, if
you want to inform users of the installation and when it's done you can
manually edit the installation options for automatically generated
patch packages to "Inform user before installation" and "Notify user"
after the installation. LANrev admins can check the installation status
reports in the Software Distribution Center for the success for failure
any and all patches.
Q: Does LANrev provide any Windows Installer application packagers? (MSI)?
A: The InstallEase repackaging utility currently does not
support Windows. However, we are actively looking at ways to implement
a similar feature for Windows.
Q: Any plans to support Oracle DB's in the future?
A: Not at this time due to lack of customer requests. Please
send your request directly to
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
or feel free to post
your request on the LANrev support forums so we can take it under
consideration for future release if enough demand develops. Posting in
the forum allows others to second your suggestions. Please put your
request in the LANrev Wishlist section of the forum here
http://www.lanrev.com/forum/index.php.
Q: is there any integration with Open Directory for agent discovery or admin accounts?
A: LANrev chose to do an Active Directory integration first
because that was what the majorirty of our customers requested. We
found that most of them that were using Open Directory were also
running Active Directory in a magic triangle configuration. The current
4.0.1 release of LANrev does not integrate with Open Directory but it
is very high on our priority list for inclusion in a future version of
LANrev.
Q: How much does it cost?
A: Please call LANrev Sales at (214) 459-0136 or email
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
for a quote.
Q: Can you manage different clients sites from one command center?
A: Yes. If your clients are bound to Active Directory you can
create smart computer groups that mirror your AD sites and OUs. You can
also manually group computers in standard computer groups. There are
also 10 client info fields that can be customized and renamed to
whatever you want. You could certainly use one of these for buildings
or for departments and then build smart groups based on them. In fact
we have many clients that have to manage client machines in different
countries all over the globe from the same server.
Q: Can you specify agents to report at given times so that if
you have multiple buildings, you don’t hammer your server with
thousands of clients attempting to connect?
A: By default, the agent starts counting from time 0 when the
agent first starts up at boot time. Unless you reboot all of your agent
machines at the exactly the same time every day this should not be an
issue. If an agent is unable to contact the LANrev server it will
simply try again at the next available opportunity. LANrev also
features various provisions to prevent server overloading. There are a
lot of parameters that can be fine-tuned for the specific needs of your
environment.
Q: Do you provide guidance for provisioning and scaling the
LANrev server -- such as bandwidth required, database size, package
repository size, etc?
A: It's difficult to give any generic guidelines because
customers have so many different environments and configurations.
Please contact us via
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
and include a phone number so
we can call you back to discuss your specific environment.
Q: Does the security tracking feature work with third party USB webcams on Windows machines...?
A: We are using some standard Windows API to access the cameras
so if the drivers for your specific camera allow it to be used in other
non-customized Windows applications then it will most likely work.
However, your mileage may vary and we would recommend that you test
this out for yourself with an evaluation copy of LANrev. A fully
functioning evaluation copy of LANrev can be obtained at
http://www.lanrev.com/product/download.shtml.
Q: can you describe client deployment method? Thanks
A: LANrev's Agent Deployment Center supports Bonjour, Active
Directory, Windows Networking, and custom IP zones for client
discovery. For Macs you will need remote login/SSH access and for PCs
you will need domain or local admin privileges to be able to do the
initial push install of the client to the remote target. These can be
entered by Ctrl or right-clicking and picking Install Agent. The
'Access Status' information item in the Agent Deployment Center will
likely be able to tell you why LANrev was unable to access the target
machine. The Agent Deployment Center also features an auto deployment
feature for custom IP zones. When you define a custom IP zone you have
the opportunity to tell the admin console to automatically scan this
zone at a set interval and then automatically deploy the LANrev client
using the specified set of SSH or admin credentials on any machines
that don't already have the LANrev client installed. Machines that
already have the LANrev client installed, regardless of version, will
be ignored. Note that you can specify a different set of credentials
for each custom IP zone.
Q: How are Smart Lists stored -- on the server, or locally? Are
they shared between administrator users by default, or must they be
redefined for each?
A: Smart lists are currently stored in the local user's profile
with the exception of those defined in the Software Distribution,
License Monitoring, and Administrator Centers. Keep in mind though that
smart computer groups are fully transferable between these windows and
the Computers window.
Q: Can I specify that software installs only happen internally, and not over the internet, unless it is a specific OS update?
A: That shouldn't be a problem because while you can specify
multiple inventory servers you can only specify a single software
distribution server (presumably the one that is on your LAN) that the
clients should check for pending software distribution jobs. When your
client machines are off your LAN they will be unable to contact the
software distribution server that is internal to your LAN, so no
software distributions will occur then. You can also prevent software
packages from installing over the internet by assigning them to smart
distribution groups that, for example, only include machines whose IP
address are part of your corporate LAN's IP address ranges.
Q: Does LANrev have the ability to roll back updates it applies (to both Windows and Mac OS X)?
A: Because LANrev does not use its own proprietary file format
it has no inherent ability to roll back packages. However, InstallEase
is able to generate an uninstaller PKG that will remove all files added
by the installer PKG that you give it. The danger of rolling back a
package is that you may delete a system critical file that was modified
during the course of the installation. Creating an uninstaller PKG
ensures that you only remove files that were added and not those that
were modified. For Windows clients, you might be able to do this with a
batch script in a software package definition. You can typically find
an uninstall string for applications in Add/Remove Programs. This
information can be found in LANrev by adding the 'Uninstall String'
info item to the PC Installer Receipts report in the Installed Software
window.
Q: Are there currently or will there be in the future any LANrev administrator certifications?
A: There are currently no LANrev administrator certifications.
However, onsite trainings are available if you need them. Please
contact us at (214) 459-0136 or email
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
if you are
interested in training.
Q: Is there an InstallEase type product for windows?
A: InstallEase is currently only available for Macs but we are actively looking at a way to implement this for the PC also.
Q: Do you provide system imaging capabilities for Windows, as well as Mac OS X?
A: ImageLive disk imaging is currently a Mac only feature.
LANrev Engineering is currently researching ways of implementing a
similar feature for PCs.
Q: Can the LANrev database(s) be hosted on a separate database server?
A: Not in the current version of LANrev. This may be possible once we switch over to PostgreSQL from SQLite.
Q: How is screen sharing established...does it use already available apps like ARD, VNC, Remote Desktop etc?
A: For remote control LANrev will integrate with the majority of
industry leaving RC applications including ARD, Timbuktu, VNC, MS
Remote Desktop, and PC Anywhere (PC only). You can configure which RC
application to use in the admin console preferences, including saving
default credentials for the RC connection and setting the order of the
RC applications you would like LANrev to try first. LANrev knows which
RC applications are installed on both the admin console and target
machine so if more than one is available it will preferentially open an
RC connection using the application that is higher up on your list. To
trigger an RC session Ctrl or right-click a computer entry in the
Computers window and pick Remote Control.
Q: How does LANrev manage concurrent (floating) licenses for software that does not come with it's own license management?
A: LANrev can give you a running history every hour of how many
copies of a particular application is installed and how many copies are
running (active processes) if you specify to identify that application
by application package for file. Applications that have exceeded their
licensing will show up in the Licenses Exceeded license status report.
LANrev will inform you when you have exceeded your licensing but does
not prevent you from doing so.
Q: Are there any advantages in running the LANrev server on an OSX Server as opposed to a Windows server?
A: No. However, there are certain Active Directory restrictions
you might run into if your LANrev server is on a Mac. Please consult
the following article http://www.lanrev.com/forum/viewtopic.php?t=227.
Q: In an environment where you have mostly laptops....computers
can be restarted based on class periods...so at the beginning of a
given class period sever hundred laptops may be restarted.
A: All of LANrev's commands can be scheduled on a one time or
recurring basis, including the Change Operating State command that lets
to reboot a target machine.
Q: Can the LANrev server be run within a virtual machine with something like VMware?
A: Yes. In fact we would recommend it if you want to try out
various things in a LANrev test environment before applying it to your
production environment. LANrev's QA department always tests LANrev with
VMware and other virtual machines.
Q: If a client does not have the latest patches or software
deployments, can you automatically have it updated to comply with the
latest updates you've defined? Or, must you manually apply patches or
deployments to clients or groups of them?
A: Yes, if you assign your patches to either the All Macs or All
PCs smart groups. Before downloading and installing any patches the
LANrev agents will check with whatever update server they're pointing
at to make sure they actually still need the patch. This will prevent
an older patch from installing if a newer patch has superceded it. In
addition to that it also prevents an assigned patch from installing if
the local user has already installed it manually. This intelligent
patch management allows you to indiscriminately assign a patch to a
group of computers and it will only install on the ones that actually
need it.
Q: Agent deployment?
A: LANrev's Agent Deployment Center features an auto deployment
feature for custom IP zones. When you define a custom zone you have the
opportunity to tell the admin console to automatically scan this zone
at a set interval and then automatically deploy the version of the
LANrev client that you've specified using the specified set of SSH or
admin credentials on any machines that don't already have the LANrev
client already installed. Machines that already have the LANrev client
installed, regardless of version, will be ignored. Note that you can
specify a different set of credentials for each custom IP zone. When
you upgrade the LANrev server it automatically generates two agent
updater packages in the Software Distribution Center. Assigning them to
the All Macs or All PCs distribution groups will ensure that your
agents are updated automatically to the latest version.
Q: Can LANrev integrate with a product like KeyServer?
A: LANrev currently does not integrate with Sassafras Software's KeyServer.
Q: So within an hour, a site could be out of compliance with concurrent use licensing?
A: Yes, that is possible. While LANrev will inform you when you
have exceeded your licensing it does not prevent you from doing so. The
License Monitoring Center's goal is to inform you when you have
exceeded your licensing so that you can purchase more and not to
restrict the usage of your applications. If your corporate policy is
that you cannot exceed your concurrent licensing at any time and need
to prevent the launching of applications when this happens we would
recommend you consider a solution like Sassafras Software's KeyServer.
|
|
Last Updated ( Wednesday, 12 September 2007 )
|
|
|
|
| |
|
|
