Using Inventory Discovery and Auditing
All main inventory audit tasks are restricted to HEAT Discovery Managers.
1. | Download and install a gateway. See Installing a Gateway. |
2. | Run an Active DirectoryMicrosoft's Active Directory is a service that stores and manages network-based entities such as applications, files, printers, and people. scan, which shows all computers that are not being audited. |
3. | Deploy agents to the computers that are not being audited, which allows you to manage them. |
--or--
Install clients on the computers that are remote or not in the intranet.
In some cases, you can choose to run an agentless audit on some computers. For example, where a client agent cannot be installed on a computer.
4. | Perform audits. See Using Audits. |
When you deploy an agent, it runs an audit. You can run additional audits, either by using the Audit Inventory quick action or by scheduling an audit.
The HEAT gateway can be installed with a minimum specification of Windows 7. See Standard Gateway System Prerequisites for the other requirements for the gateway computer.
Before starting the installation, you can specify a default organizational unit to associate with your gateway. All clients deployed by a gateway, where you specified the default organizational unit in the installation, are by default associated with that organizational unit.
When you specify a default organizational unit during installation, ensure that the computer you are using to install the gateway does not already have a configuration item record in HEAT.
After installation, the gateway runs the HEAT Discovery client to generate a unique client ID. A registration message is then sent to the HEAT server.
When the registration message has been received and processed by the server, the gateway computer appears in the Gateway workspace.
The following operating systems can be used to install HEAT standard gateways:
- Windows 7 and later operating systems.
- Open ports to facilitate network access. Before performing the Inventory Management activities, open the appropriate network ports for the gateway to communicate effectively with the domain controller. In your firewall settings for the service, enter the appropriate port and select the protocol option (see the following table).
The following requirements are for set up, discovery, and audit activities in Inventory Management:
Application |
Process |
Activity |
Port |
Protocol |
Endpoint |
Gateway and client installation |
setup.exe |
Installation |
80 |
http |
SaaS web server |
SaaS IM Gateway |
Active directory scan |
Discovery |
389 |
LDAP |
Active directory server in the local domain |
SaaS IM Client |
LanProbe |
Discovery |
161 |
SNMP |
Devices on the network |
SaaS IM Client |
Audit message transport |
Audit |
443 |
SOAP messages over https |
SaaS IM service |
SaaS IM Gateway |
WMI Scan |
Audit |
135 |
RPC |
Selected computer |
SaaS IM Client |
Proxy |
Audit |
8097 |
http |
Proxy |
The ADScan function does the following:
1. | Calls the Windows ADsOpenObject API with the credentials specified during installation to get an IDirectorySearch COM object for the active directory domain (for example, LDAP://DC=EMEA, DC=FRS). |
2. | Calls IDirectorySearch.ExecuteSearch with the filter “(objectCategory = computer)”. This uses LDAP to return all computer objects in the domain. |
To perform the search, the user must be assigned “list contents” permission.
To install the gateway on a server that does not belong to a domain, you must specify a valid local administrator user and “.” for the domain name. If you are using that gateway to deploy an agent to another computer in the same workgroup, the active directory scan does not work. It works only if the administrator user is common for the domain; however, in a workgroup, although the users might have the same login credentials, they are still considered two different users. To deploy an agent in this instance, use the client agent installer.
See HEAT Discovery Asset Management for installation options.
Domain administrator credentials are needed for accessing active directory and performing remote computer administration. |
Installing the Standard Gateway
- Open the command prompt window and enter the following command:
msiexec/i<tenant url>/IM/GatewayInstaller/SaaSgateway_1.9.msi FRS_ACCESSKEY=<client authentication key> FRS_SERVERBASE=<Cloud IM web service base address> FRS_OU<Default organizational unit name>
--or--
- Download the MSI locally and install it:
The ClientInstallation.msi and ClientInstallation.cmd files are downloaded by default to the FrontRange Solutions > SaaSIM > ClientShare folder.
Installing the Data Center Gateway
msiexec/i<tenant url>/IM/GatewayInstaller/SaaSgatewayDC_1.9.msi FRS_ACCESSKEY=<client authentication key> FRS_SERVERBASE=<SaaS IM web service base address> FRS_OU<default organizational unit name>
--or--
- Download the MSI locally and install it:
where:
- <tenant url> is the URL for the HEAT instance.
- <client authentication key> is the unique key for every tenant; obtain this key from your HEAT administrator.
- <Cloud IM web service base address> is the base portion of the address for the web service endpoint.
- <Default organizational unit name> is the organizational unit to which the gateway is associated.
The ClientInstallation.msi and ClientInstallation.cmd files are downloaded by default to the FrontRange Solutions > SaaSIM > ClientShare folder.
Installing the Client from a Command Line
When you install the gateway, the ClientInstallation.msi and ClientInstallation.cmd files containing the command line parameters are downloaded by default to the FrontRange Solutions > SaaSIM > ClientShare folder.
To deploy the client agent to communicate with the HEAT data center, run the following command:
MsiExec.exe /i "%temp%\ClientInstallation.msi" /qn /norestart CLNTCFGBASEURL="https://<saas IM server>" CLNTCFGCAK="<client access key>" CLNTCFGDEFOU=”<default organizational unit name>”.
To deploy the client agent to communicate with another proxy server, modify and run the following command:
MsiExec.exe /i "%temp%\ClientInstallation.msi" /qn /norestart CLNTCFGBASEURL="http://<Gateway_Proxy_Server:portnumber>" CLNTCFGCAK="<client access key>" CLNTCFGDEFOU=”<default organizational unit name>”
To use a third-party proxy to install the client, you must point to this base address for connecting to the gateway data center edition and include the port number.
The protocol for the HEAT IM server is HTTPS, but the protocol for the local gateway proxy is HTTP. |
To uninstall the gateway:
- Rerun the gateway installer, following the wizard instructions to uninstall.
--or--
- From the Windows control panel, select Uninstall.
When you uninstall, both the Cloud gateway and the HEAT agent are removed from the local computer. The Cloud gateway is unable to inform the HEAT server that it has been uninstalled.