ISM EPM Integration...EPM Install Drive Letter One which Drive letter is Ivanti Endpoint Manager...

www.ivanti.com | 801.208.1500

SETUP GUIDE

ISM EPM Integration

Ivanti OOTB ISM EPM Integration Setup Guide v.1.5.5

ISM EPM Integration – Ivanti Document


Document Revision History Date Author Revision Change Reference

1/18/2019 Andreas Schmid 1.0 Initial Release

2/15/2019 Andreas Schmid 1.5.4 Final Release

2/18/2019 Andreas Schmid 1.5.5 Add ISM Project

Reviewer Date Author Revision

2/15/2019

Distribution List Name Role Email Organization



Contents

Document Revision History ................................................................................................................... 2

Reviewer .................................................................................................................................................. 2

Distribution List ........................................................................................................................................ 2

1. Overview .............................................................................................................................................. 5

1.1. Roles, Features, and Packages ................................................................................................ 5

1.2. Roles ............................................................................................................................................. 5

1.3. Features ........................................................................................................................................ 5

2. Prerequisites ....................................................................................................................................... 6

2.1. Minimum Supported versions: ................................................................................................... 6

2.1.1. EPM Connector .................................................................................................................... 6

2.1.2. EPM Integration .................................................................................................................... 6

2.2. Requierments ............................................................................................................................... 6

3. Server Configuration .......................................................................................................................... 7

3.1. Identity Server Configuration ..................................................................................................... 7

3.2. EPM Server configuration .......................................................................................................... 8

3.3. IA Server Configuration .............................................................................................................. 9

3.4. ISM Server Configuration ......................................................................................................... 14

4. General Configuration ..................................................................................................................... 15

4.1. Importing ISM Development Package ................................................................................... 15

4.2. Importing the EPM CI’s into the ISM ...................................................................................... 16

4.3. Import IA Runbooks into ISM ................................................................................................... 21

4.4. Creating Request Offering ....................................................................................................... 22

5. Uninstall Software from ISM Perspective ..................................................................................... 26

6. Additonal Information ....................................................................................................................... 30



About

This document has been created with the intent to provide necessary steps to install and make it ISM-EPM integration operational.

Term Definitions

ISM Ivanti Service Manager

EPM Ivanti Endpoint Manager

IA Ivanti Automation

SDA Service Desk Analyst



1. Overview EPM Integration enables the Self-Service user to request for a software installation on a device. Through the integration, an ISM administrator can configure, manage approval process for software packages, monitoring the software installation requests. Installation of this integration is supported and compatible in the ISM 2018.x.

1.1. Roles, Features, and Packages

1.2. Roles Administrator Self Service Mobile Service Desk Analyst

1.3. Features Software Package Management Software Installation Request Approval Process for Software Installation Request



2. Prerequisites

2.1. Minimum Supported versions:

2.1.1. EPM Connector ISM – 2018.x onwards EPM - 2018.x onwards

2.1.2. EPM Integration ISM – 2018.x onwards EPM 2018.x onwards.

2.2. Requierments The Discovery Services from Ivanti Service & Asset Manager must be installed.



3. Server Configuration

3.1. Identity Server Configuration EPM references the popular identity provider Identity Server 3 (IS3).

IS3 is used for authentication and authorization. To call an EPM API, you must first obtain a token, and then use that token in subsequent API calls.

EPM can be configured to use multiple OpenID Connect clients. Updating this file, %programdata%\landesk\ServiceDesk\My.IdentityServer\IdentityServer3.Core.Models.Client.json will cause the identity server to reload the clients.

As an example, if you wanted to add another flow of the resource only password flow, you would add a JSON representation of the IS3 client object, to the configuration file. The following creates a client named “roclient” with a secret “secret”. These configured client values are used in EPM configuration workspace in ISM application. see below



3.2. EPM Server configuration 1. Close all Ivanti Management Console 2. Copy Ivanti-ISM EPM Integration.exe to \ManagementSuite folder and start the executable.

Important: This executable add the ISM EPM Integration table to the EPM database and restart immediate the Inventory services.

3. Add a Prefix to the Packages in EPM who will use over ISM Software Request

For each package with the Prefix we will create automatically the Task and Queries with the IA Runbook.



3.3. IA Server Configuration 1. Copy the files and Import the Building Blocks

a. runbooks_ivanti ism epm integration.xbb b. runbooks_ivanti ism epm integration.xml

c.

d.



e.

f.



2. Review the variables who are added and change to the environment configuration

Variable Description

EPM Install Drive Letter One which Drive letter is Ivanti Endpoint Manager installed at the Core Server

EPM Package Pre Suffix Which is you prefix choice for packages

EPM Server Name NetBIOS oder FQDN Name of the Core Server

EPM Service User Service User who has access to the Core Server as Administrator

EPM Service User Name Service User who has access to the Core Server as Administrator

EPM Service User Password Service User Password

EPM SQL Database Name SQL Database Name

EPM SQL DBO User SQL User with DBO rights

EPM SQL DBS User Password SQL User password

EPM SQL DBO Username SQL User with DBO rights

EPM SQL Server Sqlserver where database for EPM is running

Ivanti Service Manager Password Password for the ISM User

Ivanti Service Manager Role Role of the User (Must be Admin)

Ivanti Service Manager Tenant Tenant of ISM Instance

Ivanti Service Manager UserName ISM Username



3. Open all needed RunBooks and set the ”Who“ Servers a. Set to the Server where the IA Agent is running.

Important: The Job ”Run the Query Resolution“ has to set on the Core Server

4. Start / Schedule the Runbook to create Query’s and Task on the EPM Site, take your choice for Portal, Policy or Policy supported Push. You can also use all three of them as it depends on how you configure the ISM Request Offering.



3.3.1.1. Description of RunBooks and Modules Runbook Name Description

Set-DesiredState-Portal

Set the Desired State in the EPM table for a Portal Task. Endusers have to open the EPM Portal from the local Client and can then install the Software

Set-DesiredState-Policy

Set the Desired State in the EPM table for a Policy Task. Enduser gets the software when the policysync from the local agent runs

Set-DesiredState-PolicyPush

Set the Desired State in the EPM table for a Portal Task. Enduser gets the software immediately when the client is on, otherwise when the policysync from the local agent runs

Delete DesiredState per Device

Delete the Desired State for a specific package in the EPM table. That will cleanup your desired state table. That a uninstall runs for this package you can work with the uninstall association on the package.

Important: When you work with uninstall association you can’t use the “isProcessed” mechanism.

When you work with the “isProcessed” mechanism you have to set desired state as a uninstall package.

Build-Query and Policy Task

Create the query and task for the policy mechanism.

Build-Query and Policy Task with isProcessed

Create the query and task for the policy with isProcessed mechanism.

Build-Query and Policy-Supported Push Task

Create the query and task for the policypush mechanism.

Build-Query and Policy-Supported Push Task with isProcessed

Create the query and task for the policypush with isProcessed mechanism.

Build-Query and Portal Task

Create the query and task for the portal mechanism.

Build-Query and Portal Task with isProcessed

Create the query and task for the portal with isProcessed mechanism.

Set EPM Desired State Status = isProcessed

Set the isProcess Status in the EPM table to 1. That means the installation is successfully.



3.4. ISM Server Configuration 1. Connect the IA Server

a. 2. Connect the EPM Server

a. i. Check on your EPM Server your JSON File to connect with your Identity Server

1. C:\ProgramData\LANDesk\ServiceDesk\My.IdentityServer\IdentityServer3.core.models.client.json

ii. For the authentication you need local Service Account user on the EPM Server



4. General Configuration

4.1. Importing ISM Development Package



4.2. Importing the EPM CI’s into the ISM EPM connector enables the Ivanti Service Manager to import CI information from the EPM database in any of the SQL server instances. See Setting Up a Data Import Connection To enable to data import from EPM database to ISM, we are required to configure the firewall by opening the ports to allow external remote connection to the EPM Server. In the case of any further issues in connecting/reaching to the EPM Server from ISM, Ex. On-Premise EPM and Cloud ISM setup and infrastructure VPN tunnel is a must and configured for connectivity.

4.2.1.1. In AdminUI page, click on Integration Tools > Data Import Connections, double click on the new imported package name. e.g. EPM Integration.

Denny Cannon

We need to expand on this a bit further. In order to make this work you have to use a local windows account on the EPM Server that has EPM admin rights in the EPM product. If it’s a domain user it won’t work because there is a bug in the EPM APIs and Identity Server that requires a local user. Maybe we need to call this out We then need them to open up the EPM Software Packages configuration in ISM and have them click the “Refresh” button. There seems to be two different pick lists that exists. In my environment the pick list for EPM Packages is called “EPMRequstPackages”, but in the screenshots below around the request offering it’s called “EPMSoftwarePackages”. So do we need a new pick list or what’s needed?

Andreas Schmid

Okay, thats a new information for me, too. I don’t know that isn’t working with an Domain Admin Account. Hopefully is now better described?



4.2.1.2. Perform Test Connection action once configurations details are entered.

4.2.1.3. Click on Next button to proceed to Object Mapping page. By default, the below tables are selected.



4.2.1.4. Keep the default values to proceed to next page to Filter Setting page. If any specific filter is required, you can add mapping else you may choose to go to Field Mapping page.



4.2.1.5. In Field Mapping page, verify all the mapping values are correct.

4.2.1.6. Skip the Schedule setting step (optional)



4.2.1.7. Click on Preview Button and the following is displayed.

4.2.1.8. Click on Publish to Complete the Data import connection.



4.3. Import IA Runbooks into ISM



4.4. Creating Request Offering After the ISM Development Package import you can use the Templates.



Done



5. Uninstall Software from ISM Perspective



6. Additonal Information

Cleanup the EPM Databse with the ISM Integration Table run the following script onto your EPM Database:

declare @tablename varchar(50) set @tablename = 'ISM_DesiredState' Delete from METAOBJATTRRELATIONS where Tablename = @tablename or tablename = 'MP_AC'+@tablename Delete from Metaattributes where metaattributes_idn in (Select metaattributes_idn from dbo.METAOBJATTRRELATIONS where Tablename = @tablename) Delete from Metaobjrelations where metaobjects_idn in (Select Metaobjects_idn from Metaobjects where objectname = @tablename) Delete from Metaobjects where objectname = @tablename Drop table ISM_DesiredState

Important: This SQL Script will delete the full table. Create Backup first, please!

ISM EPM Integration...EPM Install Drive Letter One which Drive letter is Ivanti Endpoint Manager...

Documents

Transcript of ISM EPM Integration...EPM Install Drive Letter One which Drive letter is Ivanti Endpoint Manager...