Using Inventory Discovery and Auditing

All main inventory audit tasks are restricted to HEAT Discovery Managers.

Download and install a gateway. See Installing a Gateway.

Run an Active DirectoryMicrosoft's Active Directory is a service that stores and manages network-based entities such as applications, files, printers, and people. scan, which shows all computers that are not being audited.

Deploy agents to the computers that are not being audited, which allows you to manage them.

--or--

Install clients on the computers that are remote or not in the intranet.

In some cases, you can choose to run an agentless audit on some computers. For example, where a client agent cannot be installed on a computer.

Perform audits. See Using Audits.

When you deploy an agent, it runs an audit. You can run additional audits, either by using the Audit Inventory quick action or by scheduling an audit.

Standard Gateway System Prerequisites

The following operating systems can be used to install HEAT standard gateways:

Windows 7 and later operating systems.
Open ports to facilitate network access. Before performing the Inventory Management activities, open the appropriate network ports for the gateway to communicate effectively with the domain controller. In your firewall settings for the service, enter the appropriate port and select the protocol option (see the following table).

The following requirements are for set up, discovery, and audit activities in Inventory Management:

Application	Process	Activity	Port	Protocol	Endpoint
Gateway and client installation	setup.exe	Installation	80	http	SaaS web server
SaaS IM Gateway	Active directory scan	Discovery	389	LDAP	Active directory server in the local domain
SaaS IM Client	LanProbe	Discovery	161	SNMP	Devices on the network
SaaS IM Client	Audit message transport	Audit	443	SOAP messages over https	SaaS IM service
SaaS IM Gateway	WMI Scan	Audit	135	RPC	Selected computer
SaaS IM Client	Proxy	Audit	8097	http	Proxy

The ADScan function does the following:

Calls the Windows ADsOpenObject API with the credentials specified during installation to get an IDirectorySearch COM object for the active directory domain (for example, LDAP://DC=EMEA, DC=FRS).

Calls IDirectorySearch.ExecuteSearch with the filter “(objectCategory = computer)”. This uses LDAP to return all computer objects in the domain.

To perform the search, the user must be assigned “list contents” permission.

To install the gateway on a server that does not belong to a domain, you must specify a valid local administrator user and “.” for the domain name. If you are using that gateway to deploy an agent to another computer in the same workgroup, the active directory scan does not work. It works only if the administrator user is common for the domain; however, in a workgroup, although the users might have the same login credentials, they are still considered two different users. To deploy an agent in this instance, use the client agent installer.

See HEAT Discovery Asset Management for installation options.

Installing the Gateway From a Command Line

Domain administrator credentials are needed for accessing active directory and performing remote computer administration.

Installing the Standard Gateway

Open the command prompt window and enter the following command:

msiexec/i<tenant url>/IM/GatewayInstaller/SaaSgateway_1.9.msi FRS_ACCESSKEY=<client authentication key> FRS_SERVERBASE=<Cloud IM web service base address> FRS_OU<Default organizational unit name>

--or--

Download the MSI locally and install it:

msiexec /i <\windows\temporary internet files>SaaSGateway_1.9.msi FRS_ACCESSKEY=<client authentication key> FRS_SERVERBASE=<Cloud IM web service base address> FRS_OU<Default organizational unit name>

The ClientInstallation.msi and ClientInstallation.cmd files are downloaded by default to the FrontRange Solutions > SaaSIM > ClientShare folder.

Installing the Data Center Gateway

msiexec/i<tenant url>/IM/GatewayInstaller/SaaSgatewayDC_1.9.msi FRS_ACCESSKEY=<client authentication key> FRS_SERVERBASE=<SaaS IM web service base address> FRS_OU<default organizational unit name>

--or--

Download the MSI locally and install it:

msiexec /i <\windows\temporary internet files>SaaSGatewayDC_1.9.msi FRS_ACCESSKEY=<client authentication key> FRS_SERVERBASE=<Cloud IM web service base address> FRS_OU<Default organizational unit name>

where:

<tenant url> is the URL for the HEAT instance.
<client authentication key> is the unique key for every tenant; obtain this key from your HEAT administrator.
<Cloud IM web service base address> is the base portion of the address for the web service endpoint.
<Default organizational unit name> is the organizational unit to which the gateway is associated.

The ClientInstallation.msi and ClientInstallation.cmd files are downloaded by default to the FrontRange Solutions > SaaSIM > ClientShare folder.

Installing the Client from a Command Line

When you install the gateway, the ClientInstallation.msi and ClientInstallation.cmd files containing the command line parameters are downloaded by default to the FrontRange Solutions > SaaSIM > ClientShare folder.

To deploy the client agent to communicate with the HEAT data center, run the following command:

MsiExec.exe /i "%temp%\ClientInstallation.msi" /qn /norestart CLNTCFGBASEURL="https://<saas IM server>" CLNTCFGCAK="<client access key>" CLNTCFGDEFOU=”<default organizational unit name>”.

To deploy the client agent to communicate with another proxy server, modify and run the following command:

MsiExec.exe /i "%temp%\ClientInstallation.msi" /qn /norestart CLNTCFGBASEURL="http://<Gateway_Proxy_Server:portnumber>" CLNTCFGCAK="<client access key>" CLNTCFGDEFOU=”<default organizational unit name>”

To use a third-party proxy to install the client, you must point to this base address for connecting to the gateway data center edition and include the port number.

The protocol for the HEAT IM server is HTTPS, but the protocol for the local gateway proxy is HTTP.