Escolar Documentos
Profissional Documentos
Cultura Documentos
ibm.com/redbooks
While the information provided by this paper can be used on deployments of any size, it is particularly useful to enable a remote control solution by small and medium businesses (SMB), as well as to enable Business Partners and IBM services for setting up demonstrations and proofs of concept. The instructions given in this paper are very detailed and explicit. These instructions are not the only way to install the product and related prerequisites. They are meant to be followed by someone with limited experience with the product, to enable them to successfully install and set up the IBM Tivoli Remote Control environment.
Managed Node
systems, the introduction of the Endpoints architecture leads to a paradigm shift. Managed Nodes are considered to be managing systems (hosting the desktop or running as a gateway), whereas endpoints are the managed systems. Endpoint Manager The Endpoint Manager establishes and maintains the relationship between an Endpoint and its assigned Gateway. It puts the Endpoint in charge when its assigned Gateway is no longer responding. It also is involved in identifying the Gateways assigned to an Endpoint when applications are trying to contact the Endpoint. The Endpoint Manager runs on top of the TMR Server and is created automatically during the TMR Server installation process. The Endpoint Gateway provides access to the Endpoint methods and provides the communications with the TMR Server that the Endpoints occasionally require. A single Gateway can support communications with thousands of Endpoints and can launch methods on an Endpoint or run methods on the Endpoints behalf. A Gateway is created on an existing Managed Node. An Endpoint Proxy is an optional component that emulates Endpoints to the Gateway to simplify the Tivoli communications in a firewall environment through a common port. The Endpoint Proxy funnels requests for specific Endpoints through a single TCP/IP port and passes it down to a Relay or a Gateway Proxy. This component is part of the Tivoli Firewall Security Toolbox and must be installed on the same network zone as the Tivoli Endpoint Gateway to which it is connected. The Relay component passes information sent to it up or down the chain to an Endpoint Proxy, Gateway Proxy, or other Relays. This component is optional and is part of the Tivoli Firewall Security Toolbox. It must be installed in the network zone between the Endpoint Proxy and the Gateway Proxy. Multiple Relays can be chained to allow this connection if the Endpoint Proxy and Gateway Proxy are separated by multiple network zones. There can be multiple instances of the relay running on the same machine. A Gateway Proxy is an optional component that emulates a Gateway to the Endpoints to simplify the Tivoli communications in a firewall environment through
Endpoint Gateway
Endpoint Proxy
Relay
Gateway proxy
a common port. The Endpoints are not explicitly aware of the fact that this destination is not truly a Gateway. This component is part of the Tivoli Firewall Security Toolbox and must be installed on the same network zone as the distant Endpoints. Endpoint A Tivoli Management Agent (TMA) is any system that runs an Endpoint service (or daemon). Typically, an Endpoint is installed on a machine that is not used for daily management operations. Endpoints run a very small amount of software and do not maintain a database. The majority of systems in most Tivoli Enterprise installations will be Endpoints. A Policy Region is a collection of Tivoli resources that are governed by a common set of policies. A Policy Region is created to represent a management domain or area of influence for one or more system administrators. Tivoli Administrators are responsible for managing various aspects of enterprise-wide systems management. Tivoli functionality enables administrative functions that may be performed at many levels and locations of the organization. Administrators may be individuals or groups of persons with different logons. The Collection is a container that groups objects on a Tivoli Desktop, thus providing the Tivoli Administrator with a single view of related resources. Such Collections are defined when an Administrator needs to centralize miscellaneous resources stored in different Policy Regions. A Collection provides a shortcut for using resources.
Policy Region
Administrator
Collection
For more information about TMR Server, Managed Node, Endpoint Gateway, Endpoint and Policy Region, refer to the manual Tivoli Management Framework Planning for Deployment Guide, GC32-0803. For more information about Endpoint Proxy, Gateway Proxy, and Relay, refer to the manual Firewall Security Toolbox Users Guide, GC23-4826, and to the Redbook Tivoli Enterprise Management Across Firewalls, SG24-5510.
machines at local or remote locations. Installation is mandatory for the following Remote Control components (except for the Remote Control Proxies and the Remote Control Gateway, which are used only in environments where components of a Tivoli Management Region are separated by firewalls): RC Server The Remote Control Server (RC Server) component is installed on the TMR Server and on each Managed Node that will act as an Endpoint Gateway. It manages the Remote Control session request from a Remote Control Controller to a Remote Control Target until successful initiation of the connection between the two machines. The Remote Control Tool (RC Tool) is the Remote Control managed resource in the Tivoli Management Region and is associated with a Policy Region. This tool enables remote operations such as remote controlling or rebooting of a workstation, transferring files, and chatting. Customizing the default Remote Control policies enables you to change the set of rules that will apply to the RC Tool within a Policy Region. The Remote Control Policies consist of a set of rules, the policy methods, that govern the default behavior and graphical appearance of Remote Control Tools. The Remote Control Controller component is installed automatically on each Endpoint that initiates a Remote Control session. It enables a Tivoli Administrator to take control of a remote target workstation to which it is linked over a network. This component is also known as Controller. The Remote Control Target component is installed automatically on each Endpoint when a session from a Remote Control Controller is initiated. This component is also known as Target.
RC Tool
RC Policies
RC Controller
RC Target
RC Controller Proxy The Remote Control Controller Proxy is an optional component that can be used to simplify communication between Controllers and Targets in a firewall environment through a common port. In fact, this component simulates a Remote Control Controller to the Targets that are separated from the Controllers by firewalls. This component must be installed in the same network zone as the Targets. Nevertheless, this component could be installed either on top of an Endpoint/Gateway Proxy or as a standalone component.
RC Target Proxy
The Remote Control Target Proxy is an optional component that can be used to simplify the communication between Controllers and Targets in a firewall environment through a common port. This component simulates Remote Control Targets to the Controllers that are separated from the Targets by firewalls. This component must be installed in the same network zone as Controllers. Nevertheless, this component could be installed either on top of an Endpoint/Gateway Proxy or as a standalone component. The Remote Control Gateway is an optional component that can be used when a direct link from the Controller to the Target is not authorized. In this case, a Remote Control Gateway must be installed on top of a Tivoli Endpoint Gateway.
RC Gateway
For more information about Remote Control Server, Tool, Policies, Controller, and Target, refer to product manual IBM Tivoli Remote Control Users Guide, SC23-4842. For more information about Remote Control Controller and Target Proxies and their implementation in an IBM Remote Control environment where firewalls are involved, refer to the redbook Implementing Remote Control Across Firewalls, SG24-6944.
TMR Server
RC Controller
Target
Based on Figure 1, we provide a description of each step, from the time the Tivoli Administrator opens the Remote Control Tool (RC Tool) until the connection is established between the Controller and the Target. The legend used in Figure 1 is explained as follows: A The Tivoli Administrator must first open an RC Tool to be able to select a Target from a list. The Policy Region in which the RC Tool is located must be opened as well. As soon as the RC Tool is opened, the Remote Control Server must validate the RC Controller by checking: Whether the RC Controller is an Endpoint. Whether the label of the Endpoint is the same as that of the hostname of the RC Controller. Whether the interpreter of the RC Controller is supported and able to start a Remote Control session.
To get this information, the Remote Control Server must contact the Endpoint Manager.
If the RC Controller is validated, the Remote Control Server loads a subset of the Remote Control policies from the Policy Region where the RC Tool is located. In this scenario, we will call these policies basis policies. These basis policies are accessed only when the RC Tool is opened and not loaded again while the Tool is active. At this point, the Tivoli Administrator can start a Remote Control session by clicking on the Run button of the RC Tool after selecting a Target. The Remote Control Server then loads the rest of the Remote Control policies. These policies are more network-related; for example, they specify whether a Remote Control Proxy or a Remote Control Gateway should be used and which port is defined to start the session. Unlike the basis policies, these Remote Control policies are loaded every time a new session is started from this RC Tool. When all Remote Control policies are loaded, the Remote Control Server must obtain additional information for both the RC Controller and the Target, such as their IP addresses. To obtain this information, the Remote Control Server must contact the Endpoint Manager. Before initiating the connection, the Remote Control Server needs to know whether the Target must be reached using an Endpoint Proxy/Gateway proxy infrastructure. If the Target is a proxied Endpoint, the Remote Control Server should send the request through an Endpoint Proxy instead of using the standard Tivoli Endpoint Gateway communication process. As soon as the Remote Control Server knows how it should contact the Target, it sends an executable (sometimes referred as Endpoint method) to the Target and waits for the process to start. This executable prepares the Target to communicate to the RC Controller and is named EQNRCMAI.EXE. As soon as the Target is started, the Remote Control Server sends an executable method to the RC Controller and waits for the process to start. The local process started on the RC Controller prepares the RC Controller to contact the Target and is named EQNRSMAI.EXE. The Remote Control session is now established. It is important to note that once the session established, the RC Controller communicates directly with the Target; this is a peer-to-peer communication. The Target listens on port 2501 (port 2502 for file transfer and port 2503 for chat) by default. On the Controller side, by default, the port is assigned by the communication stack. However, these ports can be changed easily by changing the Remote Control Policies.
There can be cases where the network architecture requires the use of the Remote Control Proxies because of firewall restrictions. In order to understand how IBM Tivoli Remote Control sessions work where firewalls are involved, refer to the redbook Implementing Remote Control Across Firewalls, SG24-6944.
10
full access
technical suppport
CSI Financial
The company would like to implement the remote control environment from one central point, preferably the entire management environment rolled out on one single server, and has chosen IBM Tivoli Remote Control. The proposed Tivoli environment for CSI Financial is depicted in Figure 3 on page 12. An additional server will be introduced to the CSI IT environment hosting the TMR server. This server will also host the RC Server and RC Controller components. Tivoli Desktop software will be deployed on the technical support team systems. Tivoli endpoint will be deployed throughout the CSI IT infrastructure, enabling remote control access for the technical support team.
11
Endpoint targets
Endpoint targets
Tivoli Desktop
Tivoli Desktop
In the next sections of this Redpaper, we will cover the installation steps required to have the remote control environment for CSI Financial shown in Figure 3 up and running. We will also show how to configure the Tivoli environment in order to have the proper remote control solution and permissions according to the companys requirements presented in this section and shown in Figure 2 on page 11. We will also show how to establish a remote control session step-by-step with the Target, using one of the technical support operators as an example.
12
13
The following table lists the minimum disk space required for Tivoli Management Framework. The estimated disk space includes space for the Tivoli libraries, binaries, server database, client database, manual pages, and message catalogs.
Table 2 Required disk space
Platform AIX
Linux Windows
Libraries
20MB 15MB
Binary files
110MB 100MB
Server DB
30MB 30MB 30MB
Client DB
10MB 10MB 10MB
Man pages
1MB 1MB 1MB
Message catalogs
1MB 1MB 1MB
The following table presents the minimum memory requirements for Tivoli Management Framework.
Table 3 Memory requirements
Platform AIX Linux Windows Tivoli Server 128MB 128MB 128MB Managed Node 128MB 128MB 128MB Endpoint less than 2MB less than 2MB less than 2MB
As each Tivoli Enterprise product is added to your Tivoli environment, additional disk space and memory are required. Refer to the appropriate documentation for planning information and additional disk space requirements.
14
Operating system
AIX Solaris HP-UX Red Hat Linux SuSE Linux Turbo Linux Windows 2000
Version
4.3.3 and 5.1 7 and 8 11.0 and 11i 7.1, 7.2, and 7.2 for S/390 7.3 6.5 Professional Server and Advanced Server
RC Server
X X X X X X
RC Controller
Target
X X X X X X X X
X X X X X X X
Windows NT
Table 5 on page 16 lists the hard-disk space required by the IBM Tivoli Remote Control components for each supported platform. To know the disk space needed when file transfer and chat software are installed you must also consider the disk space occupied by the Java Run-time Environment 1.3 files. These files are downloaded, if not already present, the first time you start a file transfer or chat session.
15
Windows XP
Windows NT
Windows 2000
4.4 5.1 -
4.3 5.1 -
24 -
24 -
24 -
24 28.3
Pre-installation tasks
Before installing IBM Tivoli Remote Control, you must have the following software installed and running. Information provided here is focused on Windows platforms. For other platforms, refer to product manual IBM Tivoli Remote Control Users Guide, SC23-4842. A supported operating system and network protocol. Tivoli Management Framework 3.7.1 or higher. Tivoli Endpoint (lcf version 91 or later) installed on the workstations that will work as Controllers and Targets. Tivoli Desktop on the workstations where you want to use the Tivoli Remote Control graphical user interface. One of the following Web browsers on the workstations where you want to use the Tivoli Remote Control Web interface: Netscape 4.6 or later Internet Explorer 5.0, 5.5+SP1 or later User Permission Requirements on Windows Endpoints Before installing Tivoli Remote Control and starting a session, ensure that the user account name specified in the root_user map is an administrator account for the endpoint operating system. For Windows NT, Windows 2000, and Windows XP Endpoints the default value of the root_user map is the default built-in Administrator account. If you rename the default built-in
16
administrator account or you use a different Windows account name as the root_user map, ensure that this new user account conforms to the following rules: Is defined either at domain level or on each Endpoint of the Tivoli management region. Is defined in the Windows Administrators and Tivoli_Admin_Privileges groups on each endpoint. Has Full Control permission on the following directories: %WINDIR% %WINDIR%\system32 %WINDIR%\system32 \drivers %LCF_DIR%, where LCF_DIR is the Endpoint installation directory
Has Full Control access to the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \RunOnce HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli
Is authorized to: Log on locally Access the workstation from the network Install services and drivers Reboot the workstation
17
2. Press Next to continue. The license agreement screen will be displayed. Click Yes to accept the agreement. 3. The window in Figure 5 on page 19 describes what accounts should be created and what permissions should be set in order to ensure the proper operation of the software. Click Next to continue.
18
4. The installation proceeds asking for a installation password. We did not specify one. Click Next to continue. 5. The next panel enables you to create a Remote Access user id and password with which you can access remote drives. We did not define one. Click Next. 6. The Setup Type panel appears. Select the destination folder and installation type Typical. Click Next. 7. Select the directory for the Tivoli database, as shown in Figure 6 on page 20. Click Next.
19
8. Enter your license key, and click Next. 9. You will have a chance to review the installation settings. Click Next to start the installation.
20
10.While the files are being copied, the Tivoli Object Dispatcher Server database initializes.
11.When the installation wizard completes the installation process, click Finish and reboot the system. 12.After restart, the following services should be running: Tivoli Object Dispatcher Tivoli Remote Execution Service
21
22
where <Tivoli_Srv_hostname> is the Tivoli Server hostname, <Endpoint_GW_name> is the name of the new Endpoint Gateway, port is the communication port, and protocol is the communication protocol (TCP/IP). For example:
wcrtgate h itrc01 n itrc01_gw p 9494 P tcpip
Endpoint installation
To install the Endpoint on a Windows platform, perform the following steps. In our case study scenario, we install the Endpoint on the same machine as the IBM Tivoli Management Framework, as well as on every machine that will be a Remote Control Target. 1. To install the Endpoint, mount the IBM Tivoli Management framework media, locate and run Setup.exe in <CD_drive>:\lcf\<OS>, where <OS> is the operating system. In our case WINNT. Click Next on the welcome screen. 2. The license agreement screen will be displayed. Click Yes to accept the agreement. 3. The following window describes what accounts should be created and what permissions should be set in order to ensure the proper operation of the software. Click Next to continue. 4. Choose the destination folder. Click Next to continue.
23
5. The next panel asks for the Remote Access user ID and password. As this was not specified during the IBM Tivoli Management Framework installation, we do not enter any value. Click Next to continue. 6. The Advanced Settings window is now displayed.
In this panel, you should specify the following: The Endpoint Gateway communication port. Default to 9494. The Endpoint communication port. Default to 9495. In the Options box, the login interfaces to the Endpoint Gateway: -D lcs.login_interfaces=<Endpoint_GW_IPADDR>+port, where <Endpoint_GW_IPADDR> is the Endpoint gateway IP address and port is the communication port specified in the Gateway port box. Click Next to continue. 7. Review the installation settings, and click Next to start the installation. 8. When the installation completes, the Endpoint tries to log on to the Endpoint gateway using the information provided in the Advanced Configuration panel.
24
Press Next and Finish to complete the installation process. 9. You can check the Endpoint status by clicking on the endpoint icon in the system tray of your machine. A status window will pop up.
25
26
To install the IBM Tivoli Management Framework on Windows, perform the following steps: 1. From the Start menu, open Tivoli Desktop, and click Desktop -> Install -> Install Product, as shown in Figure 15.
27
2. The File Browser window pops up, as shown in Figure 16. Set the path to Remote Control installation media, and click Set Media & Close.
28
Highlight IBM Tivoli Remote Control Server 3.8, and select the machine that you want to install on. Press Install & Close to start the installation. 4. The product installer performs all dependency checks and lists what files will be installed and what actions will be performed. Click Continue Install.
29
30
itrc01_Region
pr.RC.SA
pr.RC.TS
pr.RC.UserWS
rc_SA_SRV pr.RemoteControl
rc_TS_SRV
rc_UserWS
pr.RemoteControl.UserWS
UserWS1 UserWS2
PRT.SRV1
SVR1
WebSvr1
To create a Policy Region, open Tivoli Desktop and select Create -> Region from the menu. Enter a name for the new Policy Region and click Create & Close. You can create subregions by opening the new Policy Region and clicking Create -> Subregion.
31
More on Policy Region can be found in the Tivoli Management Framework Planning for Deployment Guide, GC32-0803 manual.
2. Use the Tivoli command line to assign the Endpoint to the Policy Region. Open a Command Prompt window and initialize the Tivoli command line environment as follows:
cd \WINNT\system32\drivers\etc\Tivoli .\setup_env.cmd
where <Endpoint_Label> specifies the Endpoint label on the Tivoli environment, and <Policy_Region_Label> specifies the Policy Region name to which the Endpoint has to be assigned.
32
For example:
wmv @Endpoint:itcmpda1 @PolicyRegion:pr.RemoteControl.PrinterSVR
4. Synchronize the Tivoli gateway to which the endpoint logs on by using the following command:
wep sync_gateways
5. Close and restart the Tivoli Desktop in order to effect these changes. 6. Check to see whether the endpoint is assigned by opening the Policy Region.
33
To create the Remote Control Tool: 1. Ensure that the Policy Region where the Endpoint will be assigned has the RemoteControl resource in the list of managed resource types valid for that specific Policy Region. Using the Tivoli Desktop, open the Policy Region and click Properties -> Managed Resources. Select RemoteControl from the Current Resources list, then click Set & Close to continue.
2. From the Policy Region, select Create -> RemoteControl to display the Create Remote Control Tool dialog.
3. Enter a unique name for the Remote Control tool in the Name/Icon Label field. 4. Click Create & Close to create the Remote Control Tool and return to the Policy Region window.
34
2. Specify the label and accounts for the administrator: a. In the Administrator Name/Icon Label box, type the administrator name.
35
b. In the User Login Name text box, type the user login name (not a numeric user ID). The user login name must be a valid login name on all machines. c. In the Group Name text box, type the group name (not a numeric group ID). The group name can be a user login map in the form $map_name. This text box is used for operations performed on UNIX managed nodes. For our case study, we leave it blank.
3. Click Set TMR Roles to set the following Tivoli Region roles for the administrator in order to use the Remote Control features: Admin User
36
4. Click Change & Close to save your changes and return to the Create Administrator window. 5. Click Set Logins to display the Set Login Names window where you can list the login names under which the administrator will run Tivoli operations from either the Tivoli Desktop or the command line. The user account name must be in one of the following formats: username username@ManagedNode domain\username domain\username@ManagedNode kerberos-name:realm In our case study scenario, we add the following account names sysadmin for the system_admin Tivoli Administrator support for the technical_support Tivoli Administrator
37
6. Click Set & Close to save your changes and return to the Create Administrator window shown in Figure 25 on page 36. 7. Click Set Resource Roles to associate the IBM Tivoli Remote Control roles to the Tivoli Administrators. In our case, we created two administrators, the technical_support and the system_admin. Now we have to assign Remote Control roles to them. Setting roles at the Policy Region level enables you to perform the appropriate IBM Tivoli Remote Control tasks within the specified Policy Region. These privileges do not extend to other Policy Regions. These privileges do apply to any sub-Policy Region associated with the Policy Region where the IBM Tivoli Remote Control roles have been defined. If the sub-Policy Region was created before you assigned new privileges to its parent Policy Region, the sub-Policy Region does not inherit these privileges. The IBM Tivoli Remote Control roles are required in the Policy Region where the Target systems are defined. In addition to these roles, the Admin role is required where the RemoteControl managed resource is defined. Table 6 and Table 7 on page 39 show the activities available to administrators of Tivoli Remote Control and the role associated with each activity.
Table 6 Controller - Role X Activity
Activity Use any Tivoli Remote Control action
38
We want the system_admin Tivoli Administrator to have full control over all of the Targets in all Policy Regions, so we assign all of the IBM Tivoli Remote Control roles to them.
39
Select the Policy Regions one by one, and add all Remote Control roles to its Current Roles list. Click Change before you select another Policy Region. Do the same for the technical_support Tivoli Administrator, except exclude the pr.RemoteControl.SVR and pr.RemoteControl.WebSVR Policy Regions. These Policy Regions contain Targets that technical_support administrators are not supposed to control. On the Policy Region hosting the companys servers with no sensitive data, such as printer servers (pr.RemoteControl.PrinterSVR), grant the remote_monitor and remote_reboot roles to the technical_support administrators.
40
8. Click Change & Close to save your changes and return to the Create Administrator window. 9. Click Create & Close to create the new administrator and return to the Administrators window. An icon for the new administrator is displayed in the Administrators window, showin in Figure 30 on page 42.
41
42
The method used is: 1. Create a copy of the default Policy. 2. Modify the values of some of its methods to comply with the desired rules. 3. Assign the new Policy to the RemoteControl managed resource of the Policy Region where the Remote Control Tool that you want to customize resides.
where <New_Policy_Name> is the name of the new Policy to be created, for example, to create three different Policies:
wcrtpol -d RemoteControl UserWS_Pol RemoteControl_PDO wcrtpol -d RemoteControl TSPS_Pol RemoteControl_PDO wcrtpol -d RemoteControl SASVR_Pol RemoteControl_PDO
where: <New_Policy_Name> is the new Policy name, <policy_method_name> is a particular rule that applies to the desired behavior, and outfile is a temporary text file. Using the UserWS_Pol Policy as an example, we want the Target machine user to be able to accept the Remote Control session initiated by the Tivoli Administrator. In this case we have to modify the rc_def_timeout_op policy method. The wgetpolm command would be the following:
wgetpolm -d RemoteControl UserWS_Pol rc_def_timeout_op > UserWS_Pol.txt
43
We have to change the echo line to ENABLE-lock, which means the Target machine user must accept the Remote Control session to establish it. The modified UserWS_Pol.txt file would be similar to Example 2.
Example 2 Modified rc_def_timeout_op policy method
#!/bin/sh # # Default policy method for Remote Control Policy Region # This policy method determines whether or not to start a session if # the target user does not respond within the grace period. # # Possible values: # ENABLED Starts the session if the grace period times out. # DISABLED Cancels the session if the grace period times out. # # Default value: DISABLED # # If the value has the suffix -locked, it cannot be reset in # the Edit Settings dialog. # # (For example: echo "ENABLED-locked") #
44
where: <New_Policy_Name> is the new Policy name, <policy_method_name> is a particular rule that applies to the desired behavior, and outfile is a temporary text file. Using the UserWS_Pol Policy as an example, the wputpolm command would be the following:
wgetpolm -d RemoteControl UserWS_Pol rc_def_timeout_op > UserWS_Pol.txt
4. The first three steps of this procedure must be performed to all the Remote Control Tools defined in the environment, whenever necessary.
where: <New_Policy_Name> is the new Policy name and <Region_name> specifies the Policy Region where the new default Policy is assigned. Using the our case study scenarios new policies as examples, the wsetpr command would be:
wsetpr -d UserWS_Pol RemoteControl @PolicyRegion:pr.RemoteControl.UserWS wsetpr -d TSPS_Pol RemoteControl @PolicyRegion:pr.RemoteControl.PrinterSVR wsetpr -d SASVR_Pol RemoteControl @PolicyRegion:pr.RemoteControl.SVR
45
For the system_admin Tivoli Administrator, they are: pr.RC.SA pr.RC.UserWS pr.RemoteControl For the technical_support Tivoli Administrator, they are: pr.RC.TS pr.RC.UserWS pr.RemoteControl To assign the Policy Regions to technical_support and system_admin Tivoli Administrators: 1. Log on to the Tivoli Desktop using the Administrator user ID. 2. Double-click the Administrators icon. 3. Double-click the related Tivoli Administrator group (system_admin and technical_support groups in our case study) to open the designated Tivoli Desktop of the Tivoli Administrator group. 4. Drag and drop the respective Policy Regions to the Tivoli Desktop. 5. Exit the Tivoli Desktop. 6. To verify the Tivoli Administrators Desktop, log in to the Tivoli Desktop using the Tivoli Administrator user ID. (In our example, system_admin.) The Tivoli Desktop will be similar to Figure 31 on page 47.
46
47
Remote Control
Logging on to the Tivoli environment with the Tivoli Desktop using the technical_support Tivoli Administrator results in the Tivoli Desktop shown in Figure 32.
At this point: The technical support operator opens the pr.RC.UserWS Policy Region, and double-clicks the rc_UserWS icon to start Remote Control Tool. The Controller interface appears, as shown in Figure 33 on page 49.
48
The Targets field shows all of the user workstations, and in Actions field shows all of the Actions that can be performed on the Targets. The technical support operator clicks the appropriate workstation and Edit Settings to open the Edit Settings dialog, as seen in Figure 34 on page 50.
49
As you see, the Grace period, the Proceed if timeout, and the State Change on Target fields are grayed-out. They are fixed values that you cannot change due to the fact that we applied the -locked tag to these variables in the Remote Control Policy file. Click Close to return to the Controller window. The technical support operator clicks Remote Control from the Actions list then Run to start the session. A window pops up on the Target users workstation, indicating that a Remote Control session is being requested. The user can choose to accept the remote session or not.
50
If the user does not accept the session, or the grace period passes, the technical support operator receives a notification, as shown in Figure 36 and Figure 37.
If the user accepts the session, the session window in Figure 38 on page 52 opens. To exit the session select File -> Exit from the menu.
51
When a session is established, the dialog shown in Figure 39 appears on the Target machine. Through this dialog, a Target machine user can change the Remote Control session or terminate it.
52
Chat
Chat can be used to interact with the user to obtain additional information about the problem: The technical support operator opens a chat session by selecting Chat from the Actions list on the Remote Control Tool window, then Run to start the chat session. When running chat for the first time for that particular workstation, a JRE1.3 installation window appears. Press Yes to proceed with JRE installation.
After the JRE is installed on the Target machine, a chat session window pops up.
53
File transfer
Use file transfer to update files on a users workstation: The technical support operator selects File Transfer from the Actions list on the Remote Control Tool window, and Run to start the file transfer session. If the Target machine user accepts the request, the file transfer window shown in Figure 42 appears.
Now the technical support operator can copy any required file from the Controller machine to the Target machine, and vice-versa.
54
Reboot
After transferring the required files, the Target machine can be rebooted, if necessary, to make the changes effective: The technical support operator selects Reboot from the Actions list on the Remote Control window, then clicks Run. A dialog window pops up, asking for confirmation, as shown in Figure 43.
Conclusion
IBM Tivoli Remote Control offers highly robust, enterprise-scalable, secure remote control functionality for organizations and enterprises of all sizes. Although typically sold into the largest, most complex Global 5,000-type customers, IBM Tivoli Remote Control also gives small and midsized enterprises the ability to increase productivity and lower costs. When implemented side-by-side with other Tivoli solutions, such as IBM Tivoli Configuration Manager, the value proposition and ROI increase significantly. IT shops are able to leverage the unified, integrated solutions to simplify the IT management process and to bolster administrative ease-of-use. With the latest version of IBM Tivoli Remote Control (version 3.8), small to midsized businesses can leverage the new firewall traversal technologies and data stream protection capabilities to extend their growing enterprise. With this Redpaper, Customers can quickly implement and realize the tremendous value and business advantages that IBM Tivoli Remote Control brings. Running either independently or integrated with IBM Tivoli Configuration Manager, IBM Tivoli Remote Control enables customers to support their employees and productive resources by quickly deploying an enterprise-scale, robust desktop management solution.
55
56
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrates programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM's application programming interfaces.
57
This document created or updated on May 29, 2003. Send us your comments in one of the following ways: Use the online Contact us review redbook form found at: ibm.com/redbooks Send your comments in an Internet note to: redbook@us.ibm.com Mail your comments to: IBM Corporation, International Technical Support Organization Dept. JN9B Building 003 Internal Zip 2834, 11400 Burnet Road Austin, Texas 78758-3493 U.S.A.
Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both: Tivoli Redbooks AIX Tivoli Enterprise Redbooks (logo) IBM S/390 ibm.com SP1 OS/2 The following terms are trademarks of other companies: ActionMedia, LANDesk, MMX, Pentium and ProShare are trademarks of Intel Corporation in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. C-bus is a trademark of Corollary, Inc. in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. SET, SET Secure Electronic Transaction, and the SET Logo are trademarks owned by SET Secure Electronic Transaction LLC. Other company, product, and service names may be trademarks or service marks of others.
58