Topic
  • 4 replies
  • Latest Post - ‏2013-09-17T05:11:20Z by Michael_Knauth
Michael_Knauth
Michael_Knauth
7 Posts

Pinned topic IEM Role decrepencies

‏2013-09-11T01:14:15Z |

Hi all,

Has anyone seen the situation where computer, actions or fixlets aren't visible to certain roles, when they should be?

I've created a new role and assigned all computers to it, yet it's missing about 15% of devices. I tried changing the role to match another pre-existing role, and they both report different computer counts.

Can anyone explain this?

Thanks,
Michael.

  • martinc
    martinc
    16 Posts

    Re: IEM Role decrepencies

    ‏2013-09-11T13:12:00Z  

    Check out the thread https://www.ibm.com/developerworks/community/forums/html/topic?id=fcbdfd30-8935-4697-b6e8-271f23bfd9b4. Vince does a great job explaining this :)

    Martin

  • Michael_Knauth
    Michael_Knauth
    7 Posts

    Re: IEM Role decrepencies

    ‏2013-09-16T03:52:40Z  
    • martinc
    • ‏2013-09-11T13:12:00Z

    Check out the thread https://www.ibm.com/developerworks/community/forums/html/topic?id=fcbdfd30-8935-4697-b6e8-271f23bfd9b4. Vince does a great job explaining this :)

    Martin

    Thanks Martin. Vince's explanation clears up my query.

    It's a shame it takes so long for some devices/baslines/fixes to evaluate as relevant. I wonder if there's a way to decrease the Gather interval down from one day.

    Michael.

  • martinc
    martinc
    16 Posts

    Re: IEM Role decrepencies

    ‏2013-09-16T13:30:39Z  

    Thanks Martin. Vince's explanation clears up my query.

    It's a shame it takes so long for some devices/baslines/fixes to evaluate as relevant. I wonder if there's a way to decrease the Gather interval down from one day.

    Michael.

    I am not sure where the "one day" came from in reference to the relevance to a role. When you create a new role/fixlet/action/etc, the UDP packet is sent right away telling the targets that there is something to do and they get the update and process it very quickly. If it is online, this should be < 15 minutes.

    Some things that impact that

    1. Size of baselines. If you have baselines with > 100 fixlets (max 250, but try to avoid that), you can see some real decreases in reporting.

    2. Large baseline actions. Same as having the large baselines

    3. Offline computers. Since they are offline, they will not receive the update until online 

    4. System not reachable with UDP. This could include devices that are internet connected. For this you need to look at the settings: "_BESClient_Comm_CommandPollEnable" and "_BESClient_Comm_CommandPollIntervalSeconds". Check out https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings and http://www-01.ibm.com/support/docview.wss?uid=swg21505846 for more information.

     

    Hope that helps.

     

    Martin

  • Michael_Knauth
    Michael_Knauth
    7 Posts

    Re: IEM Role decrepencies

    ‏2013-09-17T05:11:20Z  
    • martinc
    • ‏2013-09-16T13:30:39Z

    I am not sure where the "one day" came from in reference to the relevance to a role. When you create a new role/fixlet/action/etc, the UDP packet is sent right away telling the targets that there is something to do and they get the update and process it very quickly. If it is online, this should be < 15 minutes.

    Some things that impact that

    1. Size of baselines. If you have baselines with > 100 fixlets (max 250, but try to avoid that), you can see some real decreases in reporting.

    2. Large baseline actions. Same as having the large baselines

    3. Offline computers. Since they are offline, they will not receive the update until online 

    4. System not reachable with UDP. This could include devices that are internet connected. For this you need to look at the settings: "_BESClient_Comm_CommandPollEnable" and "_BESClient_Comm_CommandPollIntervalSeconds". Check out https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings and http://www-01.ibm.com/support/docview.wss?uid=swg21505846 for more information.

     

    Hope that helps.

     

    Martin

    The reference to 'one day' is not necessarily related to roles, but more so the default Gather interval for clients:

    "Gather: The TEM Clients will gather the latest Fixlet content or actions once a day OR whenever a new action or new Fixlets are available from the TEM Relay. Each gather is approximately 1 KB - 3 KB (only compressed differences are gathered). An active deployment will have this occur many times (up to many hundreds of times a day when the TEM Console operators are very active)" from https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Network%20Traffic%20Guide

    I'm working with devices that by default have their full firewall enabled, preventing delivery of the UDP packet. I will try enabling the two client settings mentioned above, but I'm not sure it will completely fix my issue.

    The comment strays from the topic of this thread, but I made it for the following reason: I have a manual computer group with two devices in it. I also have a very light baseline (5 components) whoes relevance rule is for the aforementioned computer group. This baseline contains IEM components suchs as the IEM console, TRC target and controller and some TRC settings. It takes an extraordinary amount of time (>2 days) for the baseline to populate with applicable computers.

    While I can manually action each component individually (as they are currently individually relevant to both devices in the group), it defies the point of having a baseline to apply the action as the group membership fluctuates.