Deploying your IBM Endpoint Manager Agents

IBM Endpoint Manager Clients, also called Agents, are installed on every computer that you want to manage. They access a collection of Fixlet messages that detects security holes, improper configurations, and other vulnerabilities.   These intelligent but small agents are typically less than 10MB in size.   IBM offers a range of agents for Windows, Mac OSX, IBM AIX, HP-UX,  Solaris , VMware ESX Server (4.x and 7 versions of Linux…. phew.

Windows computers

There’s a number of ways to easily deploy these agents across your environment.   Page 30 of the Administrator’s Guide details a number of different techniques.

For all of your Windows endpoints, you can utilise the ‘built in’ Client Deployment Tool.   This allows you to easily select your Windows computers and install the agent across your the network without any user interaction.  I’ve found it typically takes less than 30 seconds to install/test the agent for each system across a LAN.

You can also distribute the client via a login script or Active Directory (Group Policy) Software Distribution.   Via AD Software Distribution, simply select an appropriate GPO in which the agent will be deployed.  In my test environment, I created a new Organisational Unit (OU) in which appropriate computers would have the agent deployed.   I did this because in my lab, I have several Endpoint Manager servers and didn’t want any clashes, however you might simply select an entire AD domain.

I then copied the BESClient.MSI (which the embeded masthead info to self register the agent with the Endpoint Manager server) to my AD’s NetLogon share   (which was  \\myad.lab.ibm\NETLOGON\).    This MSI was found on my Endpoint Manager server’s  <drive>:\Program Files (x86)\BigFix Enterprise\BES Installers\ClientMSIs\ directory.    Then via the Group Policy Management Tool,  I created a new software package and browsed to the DFS share for the BESClient.MSI)

The details for the MSI are shown below:

The agent isn’t distributed immediately to your computers,  but according to the current Group Policy update interval.   If the computer is restarted, the agent will be installed and automatically registered in the Endpoint Manager console within a few minutes.

 

Non-Windows computers

All non-Windows agent software,  including installation instructions is provided here.   You can also utilise the BigFix Unix/Linux/Mac Client Deploy Tool available from the BigFix labs download  (at the bottom of the page).  This tool provides a similar function to the Windows tool, to locate/install the appropriate agent via the network.   I’ve included some example screen captures of the tool in action, installing an agent for a RHEL 5.x server.

 

OK, so there you have it.  Pretty easy hey!    Any queries, feel free to contact me or check out the IBM TEM Deployment and Configuration developerWorks forum.

Darryl

Advertisements
  1. #1 by Jim on October 15, 2013 - 11:25 am

    Hi Darryl,

    Thanks for the informative posts! We are using IEM in multitenant mode and want to roll it out across our customers using group policy or login scripts. I can see from your post above where to get the .msi file with the embedded masthead, but for multitenancy to work I need to run the installer from a folder containing the clientsettings.cfg file.

    What would be the best way to do that?

    Thanks!

    Jim

  1. Manage Amazon (AWS) or Softlayer Instances with IBM Endpoint Manager | Many Miles Away

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: