Using Audits

An audit collects software and hardware configuration information from the computers and network devices in your organization. The results from an audit can be viewed in the Discovery Manager workspace.

An initial full audit is performed immediately after you deploy the agent. Subsequent recurring delta audits are performed as defined by the Audit Frequency parameter in the Inventory Settings workspace. You can change the frequency of audits. For example, you may like to audit daily or weekly.

After the auditing is completed, the Audit Source field is populated, as shown:

The audit source is the result of deploying an agent and then auditing. Audit sources can also be manual, import, WMI (or agentless), LanProbe, and SCCM.

As you perform more audits, the results build up as an audit history, so that you have a picture of changes over a period of time.

An audit automatically runs when the agent is first deployed, and then by the schedule specified by the Audit Frequency parameter in the Inventory Settings workspace.

Perform the following steps to request an additional audit:

1.

Open the workspace for a configuration item, and select the device to audit.

You cannot perform an Audit Inventory quick action on a Mac client. For the Mac operating system, the audit data is retrieved when the agent is first deployed and when the default audit schedule runs.

2.

Click Audit Inventory.

3.

Click Yes to confirm that you want to proceed.

The system creates an audit task. It can take a while for the agent to receive the task and act on it (up to 30 minutes with the default settings), and then a while longer for the resulting data to be processed into the Configuration Management database. When the audit has finished, any changes since the last audit are recorded. If there are no changes since the last inventory, no additional information is recorded.

You can continue to work while the audit is being processed.

4.

To check the progress of the audit, click the Agent Task tab and view the Status field for the relevant task.

Agentless audits can be used where it is not feasible to install a client agent, for example on a mission critical server. Agentless auditing allows you to audit a computer and collect its inventory data without deploying an agent to that computer. Agentless audits use the Microsoft Windows Management Instrumentation (WMI) infrastructure to gather information.

For auditing software licenses running remotely on thin clients, see View Remote and Virtual Software Execution.

Choose the Agent Task tab to view a list of agent tasks.

Tasks that in a status of pending or in progress will be set to expired if not processed within the default expiration time (7 days).

HEAT obtains device details by a variety of means, including agent scan, WMI, SNMP, Netscan, and Active DirectoryMicrosoft's Active Directory is a service that stores and manages network-based entities such as applications, files, printers, and people..

Depending on the amount of detail that is obtained, the system can also identify the device class. When using SNMP and Active Directory, the system can usually identify workstations and server based on the operating system, but to identify virtual machines (and therefore virtual workstations and virtual servers) you must use an agent or WMI scan.

If the system does not find any relevant data, it classifies the devices as CI.UnknownDevice.

On the CI.UnknownDevice record, use the Change Device Type quick action to convert the CI.UnknownDevice to the correct one, as described View Unknown Devices and Change Their Type.

If a workstation or server record is not correctly identified, you can go to the workstation or server record and change the device type, as appropriate.

Only Discovery Managers can change a device type.

View Unknown Devices and Change Their Type

1.

Log in as a Discovery Manager.

2.

Click the Configuration Item tab to open the workspace.

3.

Sort by Type:UnknownDevice to view all of the unrecognized devices.

4.

Select one or more devices you want to change, then click Action Menu > Configuration Management > Change Device Type.

5.

From the Select Type menu, select the device type.

6.

Click OK to save your change.

Discovered servers and workstations as well as unknown devices can be further classified into its associated business objects after a remote scan or audit on the device.

FrontRange Desktop and Server Management 7 (DSM 7) aids IT organizations automate, regulate, and simplify how desktops and servers are managed.

DSM features are only available to those HEAT customers who have purchased the FrontRange Desktop and Server Management product. The DSM client must be installed on the client machine.

As an Discovery Manager, you can view the software deployed by NetInstall (DSM) so that you can quickly view the installed software that is managed by DSM, which might not be found in the Add/Remove Programs folder.

1.

Log in as a Discovery Manager and open the Software Inventory workspace. The software list appears.

2.

Expand a manufacturer name, then double-click a software record. The Software Identity page appears.

3.

Select the Installed On tab for a list of machines the software is installed on.

If the software has been installed by DSM, the DSM Installed column flag is set to Yes. Otherwise, the column is blank.

4.

Open the CI workspace. The list of configuration items appears.

5.

Double-click to open a server, virtual server, workstation, or virtual workstation record.

6.

From the Software tab, view a list of software that is installed on the CI.

If the software has been installed by DSM, the column flag is set to Yes.

 

You can use Inventory Management to audit virtual machines as well as physical machines.

A virtual machine contains virtual hardware and, typically, an operating system and software, in exactly the same way that a physical machine contains physical hardware, an operating system and software.

Virtual machines, or guests, must be connected to the network in order to be discovered. The computer on which the virtual machines is installed is called the host. See View Guest-Host Relationships.

HEAT does not discover virtual machines with a network adapter configured as host only.

To view software that has been discovered by audit, do the following:

1.

Click the Software Inventory tab.

This workspace displays a list of software applications discovered, including attributes such as manufacturer, name, version, language/locale, and so on.

2.

View the Installations column for the number of installations of the software.

3.

Select and open the software application record to view further details, including the names of machines on which the software is installed.

4.

Check License Required or Unauthorized as appropriate.

5.

Click the Installed On tab to see the computers on which the software is installed.

The number of computer records that appear in the Installed On tab match the number of installations shown in the Installations column in the list view.

As the Discovery Manager, you can view a list of computers that have had hardware or software changes.

You can view the hardware and software changes of a configuration item from the record itself, as described in the procedure View Hardware and Software Changes from a Configuration Item Record.

• To view a complete list of hardware changes, open the Hardware Changes workspace directly. Click the down arrow and select Hardware Changes.
• To view a complete list of software changes, open the Software Changes workspace directly. Click the down arrow and select Software Changes.

Software usage changes and disk free space changes are not tracked. Only the addition, removal, or update of a software or hardware item is tracked.

You can also view hardware and software changes related to a CI on the Discovery Manager dashboards.

View Hardware and Software Changes from a Configuration Item Record

1.

Log in as a Discovery Manager and open the Configuration Item workspace.

2.

Select any of the following CI types and open a record.

3.

From the Hardware Changes tab, view any hardware changes.

4.

Click the Software Changes tab to view any software changes.

Each audited computer has a number of properties that describe the hardware and software of the computer. These properties are collected when the computer is audited and are displayed.

To view the details of hardware and software that has been audited, do the following:

1.

Click the Configuration Item tab.

2.

Sort and select any of the following CI types:

3.

To view detailed information, double click the name of the computer that you want to view, then click on the Hardware or Software tab to view the relevant details.

The primary source for HEAT software inventory is the software items in the Add/Remove Programs or Programs and Features windows in the control panel for the client computer. The client agent also captures audit data of all running applications.

If the system does not find a running application in the control panel, the client agent captures the associated executable file name (such as *.exe) from the file system. The Discovery Manager Software Inventory workspace entries show the executable file names in the Software Files tab in the Configuration Items workspace.

We recommend that you capture the file system-based software items from all computers, regardless of whether they are running. You can do this by including the executable file names in the Inventory Settings Software Files tab via the Include/Exclude from Inventory quick action.

When the Inventory Settings is deployed to target computers, it instructs client agents to look for those executable file names from the file system and, if found, includes them in the software audit data.

Update Inventory Settings from Software Inventory

1.

Log in as a Discovery Manager.

2.

Open the Configuration Item workspace.

3.

Sort and select any of the following CI types:

4.

Select any of the records from the specified CI types that have a status of installed, and open the record.

5.

Click the Software tab and view the Discovery Method column. The file system-based software appears as File.

6.

Open the Software Inventory workspace.

7.

Search for the software records in which the Discovery method appeared as file (see Click the Software tab and view the Discovery Method column. The file system-based software appears as File.).

8.

Open the software record to audit.

9.

Click the Software Files tab. The list of executable file names appears.

10.

Click Include/Exclude from Inventory. The Included in Inventory column is set to Yes.

The Include/Exclude from Inventory quick action toggles to include and exclude the software files. If you click this quick action again, the system removes the software file from auditing.

11.

Open the Inventory Settings workspace.

12.

Open the default record, then click the Software Files tab. The list of software files that you associated in the Software Inventory workspace appear in this tab.

13.

Click the Deploy Settings quick action.

All client machines running the software are audited.

Software usage is shown on the Software Child tab of the workstation, server, virtual workstation, and virtual server forms.

The system automatically removes remote applications if they have not been used for more than 90 days. This also removes the associated terminal clients from the guest/host relationship. See View Remote and Virtual Software Execution for more information about terminal clients and guest/host relationships.

The Usage Frequency column shows the following:

Usage frequency	Calculated based on
never been used	The client agent reports usage for software on audited machines only. The never frequency is implied by the fact that usage is not being reported.
used occasionally (or used within the last 30, 60, or 90 days)	The client agent only reports if the application has been used at least once (Occasionally within the last 30, 60, or 90 days) or used more frequently (Monthly, Weekly, or Daily).
daily	If the application has been used on any 3 of the last 7 days, it is categorized as daily.
weekly	If the application has been used in any 2 or the last 4 weeks, it is categorized as weekly.
monthly	If the application has been used in any 2 of the last 4 months, it is categorized as monthly.

If the value is occasionally (or within the last 30, 60, or 90 days), The Last Used Date column shows the date the software was last used.

You must select the Collect Software Usage option on the Inventory Settings form if you want software usage on the client machines audited. See How Discovery and Inventory Auditing Work.

View Software Usage

1.

Click the Configuration Item tab.

2.

Sort and select any of the following CI types:

3.

Double-click the name of the computer whose software usage you want to view.

4.

Click the Software tab.

5.

View the Usage Frequency column, and the corresponding column Last Used.

To view remote and virtual software execution and terminal server guest-host relationships, make sure that the Collect Software Usage checkbox and the Collect Thin Client Sessions checkbox are selected in Inventory Settings. See How Discovery and Inventory Auditing Work.

Select these settings to show the guest-host relationships and the software execution environments in the guest or host machines.

Terminal Servers and Remote Software Execution

A software application run remotely on a terminal server will be detected if the HEAT agent is installed on the terminal server. Software applications that are run remotely are associated with the client computer or terminal.

The system creates a CI record for the client computer or terminal if one does not exist, with the CI type set to workstation. The client computer or terminal CI shows the terminal server CI as a host. The terminal server CI shows the client computer or terminal as a guest.

The system displays any software applications run remotely on the Software tab of the CI record for the client computer with execution environment set to remote.

Software applications run remotely from a client computer are included in the installation counts shown in the Software Inventory workspace. For example, if an application is installed on a terminal server and is run remotely from two clients, the installation count is three.

The system detects and shows remote applications in the same way as local applications (such as occasionally, monthly, weekly, and daily).

About Virtual Applications

Virtual applications run in a self-contained virtual environment rather than being installed on the host computer.

Virtual applications count towards installation counts. Virtual application usage is detected in the same way as local applications.

When the HEAT agent detects a virtual application, the system displays the software application on the Software tab of the CI record with execution environment set to virtual.

View Guest-Host Relationships

1.

Click the Configuration Item tab.

2.

Sort and select any of the following CI types:

3.

Click the Guest tab to view all of the clients of the current computer. If the machine you are on is a server, the Guest tab might be populated.

4.

View the Relationship Type field.

5.

Click the Host tab to view all of the host machines of the current computer.

If the machine you are on connects to a host, the Host tab is populated.

6.

View the Relationship Type field.

HEAT manages inserts and updates by auditing the host computer. Remote applications and guest relationships do not disappear after a full audit is received by a computer. However, the system removes any remote applications that have not been used for more than 90 days. After all the remote applications are removed from the guest computer and if remote applications are not run in a host, their associated guest-host relationship is also removed. See View Audited Computer Hardware and Software Details.

Examples of Guest-Host Relationships

The following is the Host tab for the virtual server, which shows its hosts and indicates that they are virtual machines:

Guest-Host Relationship

The following is one of the Guests tab for the host server, which shows its clients (notice that the machine PL-WEB-SERVER is now shown as the guest:

Host Server Guest Tab

View Software Execution Environments

1.

Click the Configuration Item tab.

2.

Sort and select any of the following CI types:

3.

Click the Software tab to view all the execution environments.

The execution environments can be as follows:

The following shows locally installed software on a terminal server:

Software Execution Environment for a Host

• Remote software is installed and run on a remote machine. Note that desktop software run remotely on a terminal server still requires a license.
• Virtual The software is contained in its own virtual execution environment. This virtual environment can be stored locally or remotely.

Defined configuration management reports are published to the Configuration Manager role and possibly to the License Manager role.

1.

Within the Report workspace, click the Category column to sort by category.

2.

Click a report name. The system displays the report in a Report Viewer window.

3.

Select a date and time from the Start Date and End Date menus.

4.

Click the navigation arrow to view the reports if you have selected multiple reports.

5.

To export the report to another application, do the following:

6.

To print the report, do any of the following:

• If you are using Internet Explorer, click Print.

When printing from Internet Explorer, make sure to add the website to your trusted sites; otherwise, the application might unexpectedly close. From the Tools menu > Internet Options, click the Security tab, click Trusted Sites, click Sites, and click Add to add the current website to your trusted site.

• If you are using Firefox, select a format and click Print.

You can create user-defined locations and assign these locations to networked devices by specifying IP address ranges that are applicable to the location. After assigning an IP address range to a location, you can autofill this location to associated devices and computers. The HEAT server uses these ranges to identify which configuration items should be automatically mapped to the given location. You can provide multiple ranges for a location.

If you provide multiple ranges, the asset processor tries to find the smallest IP range that matches. If there is more than one match, then it takes the one with the lowest start address. If there is still more than one match, for example, if two locations have the same range specified, then the location is picked randomly.

You can also specify a range to exclude within a given IP range.

You also have the ability to override default locations for specific devices and disable automatic location updates for them.

The process for automatically updating the location of a configuration item is as follows:

• Create locations and assign IP addresses to them. See Create Locations and Assign IP Address Ranges.
• During an audit, the network or IP addresses are populated, which allows the devices to be automatically linked to locations. Or you can run a quick action to apply new IP ranges to the configuration items in the location, as described in Apply the IP Ranges to the CIs.
• If appropriate, override the defined subnet location for a configuration item and choose another location to assign to it, as described in Override a Specified IP Range Location.

Create Locations and Assign IP Address Ranges

1.

Log into HEAT as an administrator, Configuration Manager, or Discovery Manager.

2.

Click the down arrow and select CI Location. The existing location records appear in the list view.

3.

Click New CI Location.

4.

In the Location field, enter a location name.

5.

Click IP Range Mapping.

6.

Click New Device Subnet.

In the window that appears, do the following:

For example, if you specify a range from 192.172.0 to 192.172.255, but you want to exclude a range within the specified range, you can create another location mapping from 192.172.200 to 192.172.250 and check Exclude.

Next, see Apply the IP Ranges to the CIs.

Apply the IP Ranges to the CIs

1.

Create locations and map IP ranges to them, as described in Create Locations and Assign IP Address Ranges.

2.

From the action menu, select Location Mapping and then select Apply Now.

If you open a CI record to which this subnet is associated, the CI Location field is populated with the location you assigned. Check Override IP Range Location to override the assigned location, then select another CI location, as described in Override a Specified IP Range Location.

Override a Specified IP Range Location

1.

Log into HEAT in the Discovery Manager role.

2.

Click Configuration Item to open the workspace.

3.

Search for the CI whose CI location you want to override.

4.

Select the record and double-click to open it.

5.

Check Override IP Range Location.

6.

Click Save.

From the Organizational Unit Management workspace you can view organizational units and their hierarchies in a graphical tree view and see, at a glance, the configuration items that are associated with each organizational unit. The right-pane shows unassigned (not associated with any organizational unit) configuration items.

You can open each configuration item record and associate an organizational unit with it, or you can view and drag and drop configuration items from one organizational unit to another using the organizational unit tree. When you are installing the gateway, all configuration items are automatically associated with the parent or root organizational unit unless specified otherwise, as when you are doing a custom installation of the gateway. However, the configuration items that were not audited or that were added to the network after the gateway installation might not be associated with organizational units.

The Organizational Unit Management workspace lets you do the following:

• View the configuration items that are not associated with organizational units and quickly assign them to an organizational unit.
• Drag and drop configuration items from one organizational unit to another.
• View the operating system information, location, and owner of each configuration item.
• Open the configuration item record from a configuration item that is listed.
• Search from within the listed configuration items by the configuration item name, operating system, owner name, or location.

The Organizational Unit Management workspace is not configurable. It is available only to administrators and Discovery Managers.

1.

Log into the Service Desk Console as an administrator or Discovery Manager and open the Organizational Unit Management workspace.

2.

You can do the following from this workspace:

You can search by entering the entire string or a few letters of the configuration item name, operating system, owner name, or location. Click Refresh to clear the search criteria.