N-central Deployment Best PracticesN-central Deployment Best Practices in a domain environment V4.0...

Sept 24 2014 N-central Author: Scott Parker

N-central Deployment Best Practices in a domain environment

V4.0

Deployment Best Practices in a domain environment .

2

Contents

Introduction - The Deployment Process ....................................................................................................... 3

Important Information regarding this document ......................................................................................... 3

Phase 1 – Customer Creation ........................................................................................................................ 4

Create the Customer in N-central ............................................................................................................. 4

Phase 2 – Readying the environment in a domain ....................................................................................... 4

Firewall Changes ....................................................................................................................................... 4

Group Policy Changes ............................................................................................................................... 4

DNS Server Changes .................................................................................................................................. 6

Network Equipment Changes ................................................................................................................... 6

Windows Server Preparation .................................................................................................................... 6

ESX and ESXi Host Preparation ................................................................................................................. 6

Preparing your OS X Workstations............................................................................................................ 7

Probe Admin Account Creation ................................................................................................................ 7

Phase 3 – Deploying your Probe ................................................................................................................... 7

Probe Hardware Requirements ................................................................................................................ 7

Downloading and Installing the Windows software Probe ...................................................................... 8

Phase 4 – Discovering the Environment in a Domain + Mac OSX ................................................................. 9

Discovery A - Workstations, Laptops, Servers, Printers, Switches/Routers + Mac OSX ........................... 9

“Other” Devices – Importing what was not auto-imported ................................................................... 11

Discovery B - ESX and ESXi Host Servers ................................................................................................. 12

Appendix A – Server SNMP configuration .................................................................................................. 13

Appendix B – Troubleshooting SNMP configuration .................................................................................. 15

Appendix C – What if I have a Workgroup environment or device? .......................................................... 16

Options for Workgroup environment deployment ................................................................................ 16

Management of a Windows Workgroup device ..................................................................................... 17

Appendix D – Mac OSX Device Onboarding (detailed) ............................................................................... 18

Automatic Onboarding Mac OSX Workstations with a local Windows Probe ........................................ 18

Manually Onboarding Mac OSX Workstations & Servers ....................................................................... 18

Troubleshooting the OSX Agent install ................................................................................................... 20

Appendix E – Probe troubleshooting and Admin password reset .............................................................. 21

Appendix F – Recommended process around deployment ........................................................................ 23


3

Introduction - The Deployment Process N-central relies on Probes and agents to discover and manage your environments. We will be

downloading a software Probe from N-central, installing it on a server in the customer’s environment,

and then allowing it to discover your client’s IP based devices. Once discovered, Agents will be deployed

out to Windows based systems and we will be able to classify and import your non-windows based

hardware. Note that non-domain/workgroup environments require special steps detailed further on.

By following this document you will walk through the best practice process of:

Preparing your client’s domain based environment before deployment.

Deploying a software probe into your customer’s network.

Running environment discovery tasks using that probe.

Agent deployment for servers and workstations.

Application of probe based monitoring for network equipment.

Managing a Workgroup based environment.

Important Information regarding this document Section specific Warnings, Notes and Best Practices Tips should be understood before continuing with

your changes. Please be sure to read them carefully. This content is identified by the images below:


4

Phase 1 – Customer Creation

Create the Customer in N-central

We will create a “Customer Level” in N-central to house the devices of your new customer.

From the Service Organization level (SO - the orange level) under the Actions menu, click on

“Add Customer/Site”.

Give the site a name (it must be different than the SO level and any other Customer).

Choose “Professional” as your license type (we can downgrade devices as needed later).

Choose the Ticketing system customer you wish to map to, if any (optional).

Put in your Domain credentials (domain\username) and Password (do not leave as “Inherit”).

Click “Save and Continue”. You will see the system switch to your new Customer level and a

Wizard tool as seen below. Continue to Phase 2, do not yet download the probe:

Phase 2 – Readying the environment in a domain Before deploying your first probe and running a discovery we will make the following changes to ensure

the client environment is ready for exploration. Best practices dictate making these changes more than

48 hours in advance of running your first discovery to allow them to propagate into the environment.

Firewall Changes There should be no changes necessary to your client’s firewall to allow for monitoring. The N-central

agents and probes will be sending minimal traffic over ports 443 (HTTPS), 80 (HTTP) and 22 (SSH). These

ports are usually readily available for outbound traffic in most environments.

Group Policy Changes

Without these changes, you will often find many devices are discovered as unclassified or “Other”.

Create a new GPO object, add the following changes, and deploy them to your environment. Note that

some of these paths may be slightly different in your own environment; use them as a guide to make

the necessary changes:

PATH – Windows Firewall: Computer Configuration \ Policies\ Administrative Templates \ Network \

Network Connections \ Windows Firewall


5

Enable File/Print Sharing

Enable ICMP inbound echo requests

Enable Inbound Remote Administration

Example of the Windows Firewall location in Group Policy:

Examples of each Firewall setting to modify:

File and Print Sharing ICMP Inbound Echo Requests Inbound Remote Administration

If you require additional assistance with these GPO changes, please refer to this video which will walk

you through the process: https://www.dropbox.com/s/l434n4ibyc0ljvp/__Gpo-configuration-for-best-

practice-deployment-DNS-scavenging.mp4.

Please skip the section on DCOM permissions as they are no longer necessary.

https://www.dropbox.com/s/l434n4ibyc0ljvp/__Gpo-configuration-for-best-practice-deployment-DNS-scavenging.mp4

https://www.dropbox.com/s/l434n4ibyc0ljvp/__Gpo-configuration-for-best-practice-deployment-DNS-scavenging.mp4


6

DNS Server Changes

Configure DNS Scavenging for stale records.

This setting will help ensure that environments using DHCP do

not detect duplicate devices based on multiple DNS entries for

the same device.

No-refresh and Refresh combined should be equal to or less

than your DHCP lease. For example, with an 8 day DHCP lease

set the No-refresh to 4, and the Refresh to 4.

While in your DNS server, choose to “Scavenge Now” to get the

process moving.

Network Equipment Changes

Ensure SNMP is enabled on all network devices and servers with community string of "public".

For devices, refer to your device documentation on how to accomplish this as it will be different

on each. Some devices require SNMP to be turned on in multiple locations such as

Administration and the LAN interface.

Note that you do not need to use “public”, however most devices will already default to that

string as will N-central. If you choose to change this you will need to be diligent in changing this

string when running your discoveries and on the individual devices in N-central on their

respective Properties tabs.

If you are planning to monitor SYSLOG you will want to point the Syslog output of your device at

the IP of the server that houses the local N-central Probe.

Windows Server Preparation

Install server management software on physical servers (Dell Open Manage, HP Insight Manager etc.)

Refer to your server documentation for details. You must be sure to install full suites; The Dell

Open Manage “Essentials” package, for instance, is not adequate.

Enable SNMP with a community get (or Read) string of “public”.

Refer to Appendix A – Server SNMP Configuration

Note that you do not need to use “public”, however most devices will already default to that

string as will N-central. If you choose to change this you will need to be diligent in changing this

string when running your discoveries and on the individual devices in N-central on their

respective Properties tabs.

ESX and ESXi Host Preparation You may wish to install the “offline bundle” for your ESX server. These bundles are available from your

server hardware vendor and will allow you to monitor items such as physical drives and RAID status on


7

your ESX/I host. Assistance with this install including picking the correct bundle and loading the “vib”

files into your system may require you to approach your vendor for assistance.

Preparing your OS X Workstations

N-central 9.3 and above is capable of deploying Agents to your Mac OSX Workstations. In order to

accomplish this you will need to have a universal administrative account on every OSX device to

facilitate the Agent installation. You may want one account for your workstations and a separate

account for Servers.

You will want to choose a universal Admin account to add to all of one customer’s Mac OSX devices. If you

run a discovery with too many accounts included, each will be tried against all OS X devices, and will lock

the system because of too many failed access attempts.

Probe Admin Account Creation Create an account in the clients Active Directory that has full domain administrative privileges and a

password that never expires. We will give this account to the Windows Probe during installation to

allow for Agent install and a host of other functions.

The account name cannot be longer than 20 alphanumeric characters.

You may need to log into the server you wish to put your probe on with these credentials to allow the correct access for

probe setup.

If you need to reset this probe password you will typically choose to simply re-install the probe. The password cannot be

reset from within the N-central UI.

Phase 3 – Deploying your Probe We will download a software probe from N-central to a windows based server or VM in the client

environment and install it. The probe will give you the following abilities in the host network:

Facilitate discovery of IP based devices including workstations, servers, switches, printers etc.

Push software Agents out to Windows based workstations and servers.

Monitor devices that cannot have an agent installed (network gear, printers, etc.).

Assist in some forms of remote control.

Cache Patch data to the UNC path of your choice.

Collect log data from devices.

Probe Hardware Requirements There are no set requirements for the software probe aside from needing a Windows OS. It is highly

dependent on how many devices you plan to monitor and what type of monitoring will be performed.


8

The probe itself is not a significant drain on resources, it is simply a Windows Service. Best practice

would dictate that you will be deploying to a piece of server hardware or a virtual machine that will not

be shut down, and that is not already overburdened with traffic and processing requirements. It is

recommended you avoid SQL or Exchange servers in favor of File or Print type servers which will likely

have more resources available on a consistent basis. If the environment is smaller in size and the only

option is an SBS server, this will be more than adequate for your probe.

Downloading and Installing the Windows software Probe

To download the probe, drop down to the appropriate Customer level in N-central and select

“Download Agent/Probe Software” from the Actions menu (see below). It is critical that you take

software from the Customer/Site Specific Software section only. This applies for all Windows based

devices.

You will be able to tell you have taken the proper file if it is prefixed with the client’s ID number from N-

central. Ex: 101WindowsAgent.exe (good) vs WindowsAgent.exe (bad).

Run through the install on the client’s server with the following configuration which will be applicable in

most cases:

Do not configure a proxy unless required, click Next

Do not enable the AMT data store, click Next

Provide the previously created Admin credentials when requested.

o The domain field should not typically contain “.com”, “.local” etc. You should only need

to provide the domain name (ie: ESABanking)

o If the system requests to grant “Login as a Service” please allow this access.

Do not provide a Discovery IP Range. We will do this from within N-central after the probe is

installed. Click Next.

The installation will continue. You will observe a progress bar that will pause at 0% for several seconds

before progressing rapidly to completion. Once the probe is installed you can exit the server and return


9

to N-central to continue. You will see under All Devices that the Probe has appeared and it has begun

the process of installing an Agent on itself. This process will take a few minutes and should not prevent

you from now running a discovery.

If your probe is unable to communicate back with your N-central server you may not have adjusted your

NETWORK SETTINGS in the back end (port 10000) of your on-premises installation.

Phase 4 – Discovering the Environment in a Domain + Mac OSX Once phase 3 is completed we will begin to run a few discovery jobs that target specific types of devices.

Discovery A - Workstations, Laptops, Servers, Printers, Switches/Routers + Mac OSX

All of the Windows based devices, OSX Workstations and SNMP based devices that can be identified will

be pulled in automatically and agents will be deployed to them if applicable. The GPO and SNMP

changes we executed in Phase 2 will assist in making this process a smooth one for you. Discovery can

take anywhere between 15 minutes and several hours depending on the size of the environment and

the IP range(s) chosen.

1. We will start on the Devices to Discover tab.

2. Give the Discovery a Name you will recognize such as “First Discovery”.

3. Add an IP Range to scan following the example format (192.168.1.1-254).

4. Add the admin credentials you may have for your Mac OS X devices so that we have access to

deploy Agents to them:


10

5. On the Auto Import tab we will choose to import Servers-Windows, Servers-Generic,

Workstations-Windows, Workstations-OS X, Laptop-Windows, Printers and Switch/Routers if all

of those types apply to your needs. For now we will exclude the other types as they often

include things you will not want to import such as VOIP phones, security cameras, and anything

on your wireless infrastructure etc.

6. On the Advanced Settings tab we will turn on SNMP with the Community (Read Only) string you

have chosen for that environment (typically “public” is default). Only one String per discovery is

possible.

7. We do not need to adjust the Virtualization Settings or Schedule at this time.


11

8. Click FINISH at the bottom of the page to run your discovery. Anything that can be identified

through WMI or SNMP will be imported to your ALL DEVICES view in N-central.

Mac OSX Workstations: These devices should automatically receive an Agent and import along

with your Windows devices if they are detected by the probe and you have credentials in place.

If they do not import, see Appendix D – Mac OSX Device Onboarding (detailed).

Max OSX Servers: These will not auto import with a Mac agent installed. They will be classified

as Servers – Generic. See Appendix D – Max OSX Device Onboarding (detailed) to install the

Agent and apply monitoring.

“Other” Devices – Importing what was not auto-imported

Under Actions > Add/Import Devices you will see a list of “Other" devices growing. We will deal with

them in the following fashion:

a. Some ESX boxes may be discovered as “Other”, so be sure to avoid importing them for

now. At this point you can check them off and Delete them. We will re-discover them

properly soon.

b. The remainders are devices that couldn't be identified such as Linux/Unix boxes without

SNMP turned on, Macintosh systems where your credentials did not work, Workgroup

PC’s and miscellaneous devices that you may have no intention of monitoring such as

VOIP handsets. By default these devices will get the Connectivity service only (a ping

test from the probe to the device to ensure it is still active) and will have no Asset

details.

You will need to work through these unknown “Other” devices to identify and classify them properly if

they are needed, as well as applying the appropriate Service Templates for monitoring in some cases.

Hint: Trying to remote control one of these devices via the Web option (try both HTTP and

HTTPS) and see if a web based front end comes up that may indicate the device type. Web

remote control can be found under the device once it’s imported, under the REMOTE CONTROL

tab.

Workgroup PC’s: You will need to manually apply an Agent to these devices. Take the agent file

from the Customer level, under “Download Agent/Probe Software” under the section titled

“Customer/Site Specific Software. (See Appendix B – What if I have a Workgroup environment

or device?)

Devices without SNMP enabled properly may also come in as “Other”: You will commonly see

this issue on switches and routers which will appear with no asset information etc. and nothing

more than Connectivity applied. Many of these devices need SNMP turned on in the

Administration section AND the local LAN settings. To troubleshoot these issues please refer to

Appendix B – Troubleshooting SNMP.


12

Discovery B - ESX and ESXi Host Servers

We will run a second discovery task to specifically target ESX and ESXi boxes and perform a full

virtualization discovery on those with an included root credential.

Do the discovery by pointing directly at the IP of the ESX(i) box and enabling a “Virtualization discovery”

by checking the appropriate box under the Virtualization Settings box. Your root account will be

required. Import these devices one by one and ensure the ESX(i) templates are (re)applied.

Note that the account the system will ask you to include should be your ROOT account and password.

We will communicate through your VMware CIM ports to pull ESX status and information during the

discovery. See the next image for an example:

Your discovery is now completed! You should proceed to review and clean up any residual services etc.

that need attention including any Active issues or Misconfigured items.


13

Appendix A – Server SNMP configuration Included with N-central are various hardware monitoring templates for Dell, HP, IBM and Intel servers.

In order to leverage these templates there are a number of steps that must be performed on the

servers:

1. Add the SNMP Features on the windows server.

2. Configure the windows SNMP service.

3. Install third-party server management software (Dell Openmanage, HP Insite manager).

4. Discover the server using a Windows Probe.

5. Apply hardware specific Service Templates in N-central to the device (Dell Server etc.).

Step 1: Add the Windows SNMP feature on the server

1. In Windows, click Start > Control Panel.

2. Click one of the following:

Add or Remove Programs - for Windows XP or Windows 2003

Programs and Features - for Windows 7, Windows Vista, or Windows 2008+


Add/Remove Windows Components - for Windows XP or Windows 2003

Turn Windows features on or off - for Windows 7, Windows Vista, or Windows 2008+

4. Select Simple Network Management Protocol (SNMP).

Note: For Windows XP and Windows 2003, this is a sub-component of the Management and

Monitoring Tools component.


Next - for Windows XP or Windows 2003

OK - for Windows 7, Windows Vista, or Windows 2008+

The Windows SNMP software will be installed.

Step 2: Configure the SNMP Windows service

1. In Windows, click Start > Control Panel > Administrative Tools > Computer Management.

2. In the Computer Management application, click Services and Applications > Services.

3. Double-click SNMP Service.


14

4. Select the Security tab (if you have just installed SNMP this may not be visible until a reboot occurs).

5. Under Accepted community names, click Add.

6. In the Community rights drop-down list, select READ ONLY.

7. Type a Community Name (for example, “public”).

8. Click Add.

9. Select Accept SNMP Packets from any host and click OK

10. Quit the Computer Management application.

Step 3: Install third-party server management software Refer to your product documentation to install your management software such as Dell Open Manage,

HP Insite Manager etc. Vendors we support with regards to monitoring in this fashion are Dell, HP, IBM

and Intel.

Best Practices Tip: Restart the SNMP service on the server to ensure a proper handshake with the management software.

Step 4: Discover the server using a Windows Probe

Refer to Phase 4 – Discovering the environment in a domain for running a probe discovery. If you are

turning on SNMP as part of your pre-deployment steps, these servers can be discovered as part of that

process. If you had missed this step, and are looking to enable SNMP server monitoring for one device,

simply run a discovery against this one device once it is properly configured. The device should now

appear in the ALL DEVICES view. If not, find it under Actions > ADD/IMPORT DEVICES and import it

(Note: do not click “map” during the import process).

Step 5: Apply Service Templates in N-central to the device

1. On the device in N-central, click on the Service Templates tab.

2. Click on the template you want to Re-apply (for example Dell Servers) or if it is not visible, click

APPLY NEW SERVICE TEMPLATE and locate the template for your server manufacturer and apply it.

3. Check under the Status tab and watch as the newly added services appear, gather data (grey circle)

and then ultimately check in (green checkmark).


15

Appendix B – Troubleshooting SNMP configuration To troubleshoot SNMP monitoring that is misconfigured or otherwise non-functional, try these steps:

1. Verify you have enabled SNMP on the hardware with a “GET” / “READ ONLY” community string of 'public'.

a. Note that some hardware has multiple places to enable this. 2. Verify that the devices are able to accept SNMP requests from "ALL" sources rather than specific

IPs. (for troubleshooting purposes. If you want to lock it down later, you can). 3. Ensure you have enabled SNMP on the Properties tab of the device in N-central with the above

community string populated. This is case sensitive. 4. Make sure the appropriate device class is chosen on the Properties tab. Server - Windows or

Switch/Router etc. 5. Re-discover the device by running a discovery with the SNMP string populated with the

community string. 6. Re-apply the Service Templates that may include:

a. NETWORK for switches for Network Devices. b. Network and CISCO ASA/PIX for Cisco Firewalls, SonicWall for Sonicwalls etc for

Routers/Firewalls. c. Dell, IBM or Intel Server hardware monitoring.

If that doesn't pull the data you need then you probably have typically not got SNMP configured on the device quite right, or the probe can't reach the device properly. If this is the case get an application like the free MIB BROWSER from iReasoning, install it on the probe server, point it at the SNMP enabled network device by IP and choose to 'walk' the device. It should show a collection of OIDs. If it does not, SNMP is not properly configured. It's also possible this is not a device that supports much in the way of detail when it comes to SNMP. A search in google for its "MIB" file or "OID" list will confirm that, as well will other peoples experience with monitoring it. Tier 1 devices such as Cisco or Sonicwall, Procurve switches etc. should work without issue.


16

Appendix C – What if I have a Workgroup environment or device? Without the advantage of an administrator password and an environment governed by group policy we

will not have success with a discovery and auto-deployment of Software Agents. We will need to

employ some manual tactics for Agent deployment.

Options for Workgroup environment deployment Best practice in these environments is to simply take the customer specific Agent file from the Customer

level under “Download Agent and Probe Software” and install it manually on the end users system.

This includes windows workstations, laptops and servers.

You will be able to tell you have taken the proper file if it is prefixed with the client’s Customer Number

from N-central. Ex: 101WindowsAgent.exe (good) vs WindowsAgent.exe (bad)

You WILL need .NET4 installed on your systems prior to your agent install. We have provided links to the

64 and 32 bit installers in the Download Agent/Probe Software section of N-central for your convenience.

Best Practices Tip: It is recommended every client environment have an N-central probe. In a small workgroup this may mean adding a dedicated Windows OS based appliance to host it or designating one workstation to remain on and run the probe service 24x7.

Many customers remote into each PC individually to install or put the Agent on a website, USB stick or

network share for their IT staff to draw from and install. You may also log in to N-central and pull the

Agent directly from the UI. Another option is to RIGHT-CLICK the Agent link and send that directly to

your clients; the link will download the correct customer Agent and start the install when clicked

without the need of an account on the N-central server.

Once the agent has run its installation it will appear in the All DEVICES view and will now be checking in

directly with N-central. If it does not, check under the ADD/IMPORT DEVICES section from the N-central

ACTIONS menu for the device and import it.


17

Management of a Windows Workgroup device

Best practice on a device that is not part of a domain is to create a local administrator account and to

add those credentials on to the Properties tab of the device in N-central. This will allow you to execute

scripts and other management tasks.

If this action is not taken, the N-central Agent will attempt to execute scripts and software pushes as the

locally logged in account which may offer mixed results.

If you decide to create a universal admin account for all Workgroup PC’s you can propagate this too all

devices in a Customer environment by doing the following:

1. Head under the Customer Level (green by default) under Administration > Defaults > Appliance

Details.

2. Choose the Credentials tab.

3. Enter the admin credentials you have added to all PCs and check the options to Propagate.

4. Save to push these credentials to all devices in this customer.


18

Appendix D – Mac OSX Device Onboarding (detailed) Mac OSX Workstations and Servers can be monitored with N-central for CPU, Disk, Memory, Agent Status, Processes and Logs. In this Appendix we will detail OSX Workstation automated onboarding, as well as the manual onboarding process for an OSX Server. The manual process can be used for workstations as well if the automatic Agent deployment is not applicable/successful.

Mac OSX Workstations alone can be auto-imported and on-boarded. Servers MUST be done using be manual process.

Automatic Onboarding Mac OSX Workstations with a local Windows Probe

If you have the ability to install a Windows Probe in the Customer environment you should be able to

automatically detect and onboard the Mac OSX Workstations that it discovers.

1. Run the Discovery Job as explained in Phase 4 - Discovering the Environment in a Domain + Mac OSX, and be sure to include your Mac admin credentials.

2. Mac OSX Workstations should automatically receive Agents and appear in the All Devices View with proper monitoring.

You may need to adjust the DISK monitoring service to include the appropriate Logical Drive name (found under the Asset tab, typically / for the main drive). Once adjusted, Disable and Enable the service to pull new data based on your change or wait for the monitor to right itself (up to 4 hours).

Manually Onboarding Mac OSX Workstations & Servers

If you do not have a Windows Probe available in the Customer environment, or lack Admin accounts on your Mac devices you will need to install your Agents manually.

1. From the Service Organization level (orange by default) in N-central under Download Agent/Probe Software > System Software, download the generic Mac OS X Agent or right-click and send the link to your end user.

2. Install the Agent on the destination device. It will ask for you to populate one of several things

that can identify what N-central Customer the Agent should communicate with. We will provide the CUSTOMER ID (known as Access Code in N-central under the SO Level (orange by default) > Administration > Customers/Sites). See below:


19

3. We will also populate the Server address of our N-central server. No other fields should be

adjusted or filled in to complete the install:

4. When the Agent installation completes the device will either appear under your Customer’s All Devices view, or will be awaiting import from the Customer’s Actions > Add/Import Devices section waiting for you to Import it to the All Devices view.

Workstations will be classified as Workstations – OS X, Servers however will be classified as Server – Generic. You also may need to set the Operating System on Servers to an Apple Mac OS X version on the Properties tab of the device OR in the Import screen as you see fit.

5. A workstation should import and have its Workstation – OS X Service Template apply

automatically, providing the proper monitoring. Servers however do not have a pre-built template so you may wish to manually apply CPU, DISK, Memory, Process or Log monitoring as you see fit.

Best Practices Tip: It is recommended you create a Service Template of these manually added items for future use on OSX “Servers-Generic” devices. Check off the Services you have added (with the exception of Agent Status, it is not required) and click “Create Service Template”. On future OSX Servers-Generic classified devices you can


20

Troubleshooting the OSX Agent install

To confirm the Agent is up and running you can run the following command on the Macintosh workstation: launchctl list | grep com.n-able.agent.macos10_4ppc If agent is running it will show it’s PID (left hand side of the output), otherwise it will show “-”. In following screenshot you can see that agent is running while agent log rotate service is not:


21

Appendix E – Probe troubleshooting and Admin password reset If you encounter issues with your probe, or need to change the hard coded credentials that were

deployed with it, please review the following:

o Ensure the Windows Software Probe service is installed and running. It may simply need to

be restarted.

o As discussed, it is recommended you create a Domain Administrator account for the probe

to use, with a complex password that will not expire. If however the password does expire,

or an upgrade does not complete successfully you will see the probe fail due to credential

issues. You can reset the password and account the probe is using by following these steps:

Log on to the server or device that hosts your probe. Run the Windows application services.msc on the probe device to view system

services. Stop the N-central Probe services:

- Windows Software Probe Maintenance service. - Windows Software Probe service. - Windows Software Probe Syslog service.

Open the Properties of the Windows Software Probe service by right clicking the service.

Select the Log On tab. Enter the new Domain Administrator credentials. Click Apply. Select the General tab. Enter the following in the Start Parameters field:

username=yourDomain\User Password=Yourpa$$word

Select the Start button. Re-start the other Windows Software Probe services.


22

o If you decide to re-install the probe, you may simply manually install the appropriate

customer specific Probe directly over top of the existing one on the customer’s server. The

first time you launch the installer it will remove the existing probe. You will commonly need

to run it a second time to install a new probe service.

o If you choose to install the probe on a different system, DO NOT DELETE THE EXISTING

PROBE IN N-CENTRAL until you have performed a Task Transfer in the Administration >

Probes section of the N-central UI to move the requirements of the one probe to the new

device.

Best Practices Tip: Every environment (including workgroups) should have an N-central Probe. They facilitate agent deployment, patch management, device discovery and act as a source for the monitoring of network devices. If you have an environment without a server, consider building a small box running Windows 7 to place into the environment to run your probe. Alternatively, designate a PC in the environment to stay on permanently and run the probe.


23

Appendix F – Recommended process around deployment You should plan to develop process around deployment within your own organization to ensure continued conformity and to maintain a clean manageable monitoring environment. Below is a framework of suggested process for your consideration and adoption.

1. Follow Discovery Best Practices, and do the pre-deployment steps fully including the suggested 3 group policy changes (Enable ICMP, Remote Administration and File/Print Sharing) as well as DNS scavenging set up.

a) An ounce of prevention saves a pound of cure later on. Even if the environment doesn’t need these changes, they won't hurt. For the environment that does, it can considerable time.

2. Do deploy a probe whenever possible. It has value with regards to continued scanning of the environment for new devices, it provides the ability to push agents, and it gives the ability to monitor syslog and SNMP and will soon be needed for patching.

3. Fully complete your onboardings. Be sure to check if you have brought in all devices you are contractually obligated to manage. Be sure that you have applied Dell/HP/IBM/Intel templates as needed for servers with hardware management software installed.

4. Ignore all extra devices from ADD/IMPORT devices (excluding DHCP ranges, we can’t ignore those as the devices may change, simply delete these found items.)

a) This will avoid you having to sort through them later as new things are discovered. 5. Set up a Recurring Discovery for the Customer environment that does not auto-import. Review

weekly from the Service Organization level (orange) under ADD/IMPORT DEVICES and Import, Ignore or Delete items as needed. Be sure to clear this list weekly.

6. Check all servers that were imported, be sure that items that do not need to be monitored for Exchange, AD, DNS etc. are DISABLED (not deleted).

7. Ensure Credentials are populated for all devices (Administration > Defaults > Appliance Settings > Credentials) and Propagated.

8. Clear Active Issues of Failed/Warning that are not relevant by adjusting thresholds or disabling services.

9. Clear Active Issues of Misconfigured/Stale alerts. Engage N-able if you are unable to resolve.

N-central Deployment Best PracticesN-central Deployment Best Practices in a domain environment V4.0...

Documents

Transcript of N-central Deployment Best PracticesN-central Deployment Best Practices in a domain environment V4.0...