Getting the Most Out of Your Tivoli Endpoint Manager Deployment
IBM Tivoli Endpoint Manager (ITEM) is a product designed to let enterprises automatically manage computers, allowing thousands of them to be managed by just a few support staff. With ITEM, tasks such as patch application, software distribution, and security policy enforcement can be performed on all of an organization's computers with minimal supervision.
IBM Tivoli Endpoint Manager (ITEM) is a product designed to let enterprises automatically manage computers, allowing thousands of machines to be managed by just a few support staff. With ITEM, tasks such as patch application, software distribution, and security policy enforcement can be performed on all of an organization's machines with minimal supervision.
Ideally, ITEM allows the entire lifecycle of a workstation to run its course with little to no individual attention from IT staff. From the moment the machine is first placed on the network to the moment it is last removed from the network, ITEM can take care of all of the management tasks needed to maintain the software and security of that machine.
To achieve this level of automation, you will probably have to tweak your ITEM installation a bit from its out-of-the-box settings. There are several ways to get the most out of your Tivoli Endpoint Manager Deployment including:
1. Creating custom settings for automatic groups
2. Using bandwidth throttling
3. Designating relay affiliation and custom relay settings
4. Pre-caching data for more efficient data transfers
5. Applying policy or persistent baselines
This paper will cover each of these options along with screenshots and step-by-step instructions on how to increase the level of ITEM performance in almost any setting.
Make the Most of ITEM by Using Custom Settings for Automatic Groups
When using ITEM, machines can be grouped using various criteria, including factors such as which operating system the machines are running or to which department the machine belongs. When designating groups, ITEM allows for two types of grouping methods: manual and automatic. Manual grouping requires a human operator to make a static assignment of machines to a particular group. Once machines are assigned manually to a group, they will stay in that group unless they are manually removed from it.
Automatic grouping allows ITEM to build a list of the computers in an organization and assign them to dynamic groups based on their attributes. Many organizations already use this ITEM automatic group function by allowing ITEM to group machines based on settings retrieved from the computers in the group. Right out of the box, ITEM is configured to easily group machines based on characteristics such as their operating system version or subnet. That's a great way to start using the power of automatic grouping, but it's only the tip of the iceberg.
Beyond the basic automatic groups, groups can also be built using the full range of relevance language. For example, you can build a group based upon the existence of a particular file on a computer, the value of a registry entry, or which user is logged into the machine.
While relevance queries allow us to query computers for things that they know about themselves, custom settings provide a way to teach individual machines things that are not intrinsic to the machine itself. For example, we can inform the computer about which department it belongs to, or whether it is part of a test environment (as opposed to a production environment). We can then use custom settings to create automatic groups based on these external factors.
For instance, if we apply a custom setting about which environment the machine is in (e.g., test, QA, or production), machines that are part of a test environment can then be grouped separately from machines in a production environment.
Once the machines are in appropriate groups, these groups can be used by ITEM to control operator permissions. For example, custom settings can be used to ensure that an organization's development team can only deploy to servers defined to be in the development environment.
If we add a setting to define which department in an organization owns a particular device, we can use custom group settings to control or define which machines will be the targets of a particular distribution (e.g., making sure that machines in an organization's accounting department should receive a particular software distribution, and machines in the HR or sales departments should not).