Introducing the Endpoint Manager Custom Fixlet Contest is a great, creative idea. We need to do more things like this to build the community, connect people, and to uncover new and innovative ideas. I'm looking forward to seeing some of the submissions and winning ideas!
IBM Endpoint Manager Custom Fixlet Contest
MattBerry 06000025AM 1,087 Views
Challenge: a Corporate wants to deploy SW or patches based on the attributes in Users of Active Directory, say physical office location and user grade. For example, they want to rollout patches from the lowest grade of users first to evaluate end user experience. Then, rollout to higher grade of users and senior management user will be the last.
Done by Fixlet: The agent (local computer) will query all required AD user info and store in local repository, using registry here. Then, we can leverage IEM analysis to collect those info from registry to IEM server for management and reporting
We have a lot of old Windows servers that were starting to run low on disk space after years of operation. The system drives (usually C:) were particularly problematic since prior to Windows 2008 they could not be easily expanded without 3rd party utilities and/or downtime. The solution was a fixlet that becomes relevant when the free space falls below a certain threshold. The fixlet creates and runs a script that deletes temp files, clears caches, and removes old log files from various locations. Because 90% of our servers are virtual machines on a SAN, this has saved us a lot of expensive SAN space as well as saving a few hours every week on cleaning up temp/log files or expanding virtual disks.
Local windows servers and clients DNS/DHCP configurations are out of sync and unmanaged across over 1300 geographical located service centers. To add it is unknown how out of sync they are and a Business critical application deployment is dependent on consistency and requires specific DNS/DHCP changes across the various locations.
Two BigFix Analysis was created to determine configurations across the various locations. These Analysis showed how bad the issue really was and provided vital configuration information to the application teams. Most if not all of the DHCP/ DNS configurations where not in sync with the corporate standard, several hundred “fat finger” mistakes and less than 10% of the required configuration changes had been applied appropriately in preparation for the critical application deployment.
Two task where created to remediate the issues, make the required DNS/DHCP configuration changes and standardize across the various locations and remediate if changed in the future.
Task one was used for DHCP configuration management. This task allowed for admin level support staff to change the DHCP configuration on all DHCP server across various locations. The changes required little to know user input and where based on user input (parameters) or automatic remediation based on relevance.
Task two was used for DNS configuration management. This task allowed for admin level support staff to change the DNS configuration on all DHCP severs and static DNS configuration . The changes required little to know user input and where based on user input (parameters) or automatic remediation based on relevance.
Time to Complete:
Based on the initial analysis (pre BigFix Analysis) it would have taken the support teams months to discover and even more time to remediate the deficiencies; manually or via scripts. The BigFix approach took less than two days for the creation of the analysis and task. It took approximately three days to remediate the deficiencies across over 1300 locations and approximately 12,500 endpoint (DHCP servers and DNS clients) Another critical advantage to the BigFix approach is the “closed loop validation”; this gives the validation that the executed remediation was truly remediated and is consistent across the environment. A policy action has been created to remediate DHCP/DNS changes to comply to the established configuration; for new systems or missconfiguration.
Several scheduled webreports were created to show the leadership remediation progress/status and ongoing reporting on deviations from the established configuration.
Future Use Case:
Additional DHCP/DNS configuration features; add new scopes, DHCP ranges, etc… Work also has begun (slowly) on a dashboard for over all local DNS/DHCP configuration and management.
Self-Service Remote Desktop Configuration: Leveraging IEM for Scalable and Secure Solutions in Your Environment
The Business Challenge:
The Results that were Achieved by the Fixlet:
Combining Power Management fixlets, action script, relevance, offers, and web reporting, we were able to deliver an exceptional solution to a wide-scale problem with IEM being the sole source. RD configuration requests were a manual process with inconsistent and insecure results and ranged from 15 minutes to multiple business days for completion. However, due to IEM and the click of an offer, an automated process taking less than 30 seconds to complete and ensuring a secure and audited configuration resolved this issue. Along with a separate Analysis and Fixlets not listed here, we could also audit usage and deactivate RD for those who have not used it for a long period of time. The time savings on the support side, productivity on the customer side, and overall security of our environment drastically improved because of this Fixlet.
jgstew 270004VDPE 2,319 Views
This fixlet / task installs Prey using IEM/BigFix. Prey is a service that can be used to locate devices using WiFi triangulation. This was a proof of concept to show how IEM/BigFix could be leveraged to locate missing devices. I shared this work with the IEM/BigFix community so that anyone could leverage it here: https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014758117
Read more about Prey here: http://preyproject.com/
Find the task shared here: http://bigfix.me/fixlet/details/683
File also shared here: https://www.ibm.com/developerworks/community/groups/service/html/communityview?communityUuid=0a7e7178-0310-485d-bd39-4a1a25254e5b#fullpageWidgetId=W07e7e8ddd36a_4e1b_9b7e_ff320fbf4422&file=d57f7800-4c82-4c54-8cd4-e52a93be14e3