Kaseya Fundamentals Workshop - School of Computing and

Kaseya Fundamentals
Workshop
DAY ONE
Developed by
Kaseya University
Powered by
IT Scholars
Kaseya Version 6.5
Last updated March, 2014
Day One Overview •  Kaseya System Architecture •  Workshop LAB environment •  System Administra<on –  Organiza<on, User Roles, and Scopes • 
• 
• 
• 
• 
Visual System Administrator (VSA) Agent Deployment Discovery Module Audit Module Views Kaseya Fundamentals
Workshop
KASEYA SYSTEM
ARCHITECTURE
What Kaseya’s Framework Provides? Seamless and Consistent Integration Customizable Reporting
24x7x365 Automated System Management
Patch Management and Updates
Monitoring
Remote Management
Application Deployment
Asset Management
Ticketing, / Service Desk
Data Protection
Privacy – Anti-Spy
Anti-Virus
User State Management
More….
Kaseya Agent Interac<on with the KServer Agent Alive
Tasks
When Task is scheduled the Agent Grabs the task and executes without needing firewall ports open
Kaseya Fundamentals
Workshop
Kaseya
Virtual System
Administration (VSA)
Supported Browsers for VSA •  Supported –  Windows •  Internet Explorer 8 or 9 •  FireFox 3.x and later •  Chrome 8 and later. –  Mac OS X •  Safari 4, FireFox 3.x, Chrome 8, and later versions. •  ChromePlus is not supported. Kaseya Fundamentals
Workshop
LAB Environment
VSA SaaS Instance
and IT Scholar VLAB
If you have not created your account yet, create one now! Go to: http://www.kaseya.com/lps/global/lp/product-preview.aspx
Once your account is created successfully Now, it is <me to login to your preview account! Go to: https://preview.kaseya.net/
The new no<fica<on bar gives you hints on what to do next. Kaseya Fundamentals
Workshop
IT Scholars
LMS Web Site
Overview
Let’s Start! •  Go to www.it-­‐scholars.com •  Create a new account Create a New Account •  The required fields are marked by * •  Username should be in the format of firstname.lastname and should NOT include: " / \ [ ] : ; | = , + * ? < > @ •  Do not use your bank account password •  A good password is 6 to 10 characters long •  Use your work email Create a New Account •  Your Kaseya Customer ID is the first 6 characters of your Kaseya License Code (see System > License Manager). •  If you do not have a Skype or Google Talk account, enter Do not have one! •  If you do not know what is your Kaseya Sales Rep’s email, enter Unknown Note •  Aper clicking on Create my new account buqon, you may receive a “Session Key Error” message •  This is related to the Cookie security setngs in your browser. •  You can add www.it-­‐scholars.com to list of your trusted sites to address this issue. •  Alterna<vely, you can use Chrome as its default security setngs are more relaxed than other mainstream browsers. Create New Account •  Once successfully submiqed, you will receive an email confirma<on with a link to confirm your account. •  Aper visi<ng the confirma<on link, you can login to the portal –  www.it-­‐scholars.com –  Chrome is a preferred browser Enroll In Kaseya Fundamentals •  Once successfully logged in, click on the Kaseya 6.5 Fundamentals Workshop – Instructor Led Kaseya 6.5 Fundamentals Workshop – Instructor Led
Enroll In Kaseya Fundamentals •  The enrollment key is 201307 •  Or the instructor would provide the key This Workshop
Announcements
Quick Links
Lecture Notes
and
Recorded Videos
Show Only
This Module
Agent Module
You can safely ignore this part! You can safely ignore this part! Orientation Video
Access You Virtual Lab •  If you have not scheduled your virtual lab yet, you will see this window, allowing you to schedule your virtual lab on demand. Virtual Labs Portal Network Diagram Virtual Labs Portal Data Sheet Virtual Labs Portal Connec<on Info •  Link to the KServer •  RDP connec<on informa<on to your five dedicated virtual machines –  HostName:PortName https://preview.kaseya.net
Kaseya Login Account
IT-Scholars
account
login name
and
password
Control Buqons and Timer •  You do not need these buqons for any of the exercises, but just in case you want full control over your dedicated machines, they are provided to you. •  Note: Refresh provides you with a fresh copy of the virtual machine! •  Using + or – you can adjust the remaining <me of your virtual lab. •  Use the eject buqon to cancel your lab. Kaseya Fundamentals
Workshop
VSA
Administration
Expand/Collapse
VSA Layout Overview Notification Maintenance
Role/Scope Selector
No<fica<on Bar Toolbox/Tool Bar Search Naviga<on Module Selector Naviga<on Mode Site Header Logged On User Timers Selector Panel Buqons Page Selector Tab Specific Buqons Selector Panel Data Panel Logoff VSA Modules •  All VSA func<ons can be accessed through modules located along the lep side of the user interface. •  Within each module are the core func<ons that allow users to perform a variety of tasks on remotely managed machines and the Kaseya Server. •  Naviga<on Mode •  Tree-­‐Based •  Classic Help & Bookmarks •  Online Help –  Content Sensi<ve Help •  Bookmarks –  Create a list of most visited func<on •  All the other parts and features of VSA will be introduced in more details when the <me is right. VSA System Administra<on • 
• 
• 
• 
• 
• 
Organiza<on Machine Groups Scopes User Roles Machine Roles VSA Users Organiza<ons •  In VSA, an organiza<on is –  your own organiza<on, as a service provider –  a customer, using your service –  a business partner, complemen<ng your service •  Most user defined objects in the VSA belong to an organiza<on. •  Every managed machine, managed device and VSA user belongs to an organiza<on. •  They are op<onally associated with scopes, <ckets and service desks. Pre-­‐Defined Organiza<ons •  myOrg –  The organiza<on of the service provider using the VSA –  The default name of myOrg, My Organiza<on, should be renamed to match the service provider's company or organiza<on name. –  Agents installed to internally managed machines can be assigned to this organiza<on. –  VSA user logons are typically associated with staff records in the myOrg organiza<on. –  myOrg cannot be assigned a parent organiza<on. Pre-­‐Defined Organiza<ons 2.  Unnamed –  The default organiza<on to assign an agent. 3.  KServer (on-­‐premise only) –  The organiza<on assigned to agents installed on your Kaseya Server. –  This makes it easy to apply specialized setngs to the Kaseya Server, which is typically maintained differently from other agent managed machines. FIU’s Network Diagram Kaseya Server Your Laptop/Desktop Internet 192.168.0.0/24 192.168.0.1 192.168.2.1 192.168.3.1 192.168.2.0/24 192.168.1.1 NAT ROUTER 192.168.3.0/24 Instruc2on Lab ws1 192.168.0.100 Machine Room dc 192.168.3.10 192.168.0.10 192.168.1.0/24 Guest Desktops PCs & Laptops guest1 pc1 192.168.2.100 192.168.1.100 192.168.1.10 … … … … Technical Informa<on •  KServer: preview.kaseya.net •  NAT Router has 4 network cards: –  192.168.0.1, 1.1, 2.1 and 3.1 •  SCIS hosts worksta<on 1 (ws1) with one card: –  ws1.scis.fiu.edu -­‐ 192.168.0.100 •  MR hosts domain controller (dc) with 3 cards: –  dc.mr.fiu.edu -­‐ 192.168.0.10, 1.10, and 3.10 •  GL hosts guest 1 (guest1) with one card: –  guest1.gl.fiu.edu -­‐ 192.168.1.100 •  CEC hosts personal computer 1 (pc1) and laptop 1 (laptop1), each with one card: –  pc1.cec.fiu.edu -­‐ 192.168.2.100 –  laptop1.ced.fiu.edu – 192.168.2.200 Background Story •  Imagine that you were just hired by Florida Interna<onal University (FIU) as the lead IT Administrator to manage 500 computers. •  Obviously, we cannot provide each one of you with 500 computers to play with! •  Instead, we provide each one of you with a virtual environment that has –  One shared SaaS Kaseya Server –  5 dedicated virtual machines –  One NAT router Background Story •  The virtual machines are distributed in four buildings –  School of Compu<ng & Info. Sciences (SCIS) –  Machine Room (MR) –  Green Library (GL) –  College of Engineering & Compu<ng (CEC) •  More informa<on about your environment –  1 x KServer (a SaaS Account with System Role) –  1 x Windows 2003 Server (Domain Controller) –  4 x Windows XP (only 2 in the domain) –  1 x Linux (playing as a NAT router) FIU’s Organiza<onal Structure Crea<ng an Org for FIU •  As you are hired by FIU to manage their computers, you only need to create one internal organiza<on. •  Organiza<on plays a very important part on how machines are organized, viewed, and managed. •  Organiza<on configura<on plays a role on assets (machines) visibility through Scopes. WrapUp
Note: Avoid Name Clashing •  To avoid name clashing in the shared SaaS Kaseya Server, you MUST choose unique names in your virtual lab. •  For this, at points we ask you to add your username as a suffix to some of the labels in your environment. •  To find out what is your username in this virtual environment, you can visit the “Data Sheet” tab of your virtual lab graphical user interface. Note: Avoid Name Clashing •  If you do not follow the naming conven2on closely, you may run into many issues in future labs as a result of name clashing. •  For example, if two individuals happen to choose the same organiza<on name in their virtual labs (e.g., both use fiu-­‐johndoe instead of fiu-­‐
username1 and fiu-­‐username2), the agents in their two virtual environments may report to the wrong tenant on the SaaS KServer and may become irresponsive to your requests. Crea<ng Machine Groups for FIU •  You are expected to manage computers distributed over four buildings. •  As each building has its own subnet, you decide to define four machines groups as follows: –  scis: School of Compu<ng and Informa<on Sciences –  mr: Machine Room –  gl: Green Library –  cec: College of Compu<ng and Engineering WrapUp
Crea<ng Scopes •  Scopes defines visibility for individual users. Scopes can define visibility for Organiza<on, Machine Groups, Machines, and other types of Data Objects. •  You should not give Master or System scopes to just anyone. •  Master Scope and System Scope provides access to all data objects: organiza<ons, machine groups, machines, departments, and service desks. Crea<ng User Roles •  You do not plan to give Master or System user role to your team members –  Tim is only responsible for crea<ng <ckets originated from cec issues –  Tom is only responsible for patching the gl machines •  Therefore, you create the following user roles: –  Kcket-­‐<USERNAME> can access TickeKng –  Patch-­‐<USERNAME> can access Patch Management Example of Crea<ng VSA Users •  Technicians: –  Tim is the <cke<ng technician for cec • 
• 
• 
• 
• 
User role: KckeKng-­‐johndoe Scope: cec-­‐johndoe Department: fiu-­‐johndoe.uts Username: Km-­‐johndoe Password: <same as your password> –  Tom is the patch manager for gl • 
• 
• 
• 
• 
User role: patch-­‐johndoe Scope: gl-­‐johndoe Department: fiu-­‐johndoe.uts Username: tom-­‐johndoe Password: <same as your password> Kaseya Fundamentals
Workshop
AGENT
COMMUNICATION
ARCHITECTURE and
REQUIREMENTS
Flexible Deployment of Agents in Kaseya Kaseya Agent Interac<on with the KServer Agent Alive
Tasks
When Task is scheduled the Agent Grabs the task and executes without needing firewall ports open
Preparing the Network •  Setup your Internet host name (Internal vs. External DNS) •  Setup port forwarding •  Kaseya Server must be able to access –  hqp://vsaupdate.kaseya.net and –  hqp://license.kaseya.net –  hqp://kpls.kaseya.net •  Web UI: Typically TCP port 80 or 443 inbound & outbound •  Email No<fica<ons: typically TCP port 25 outbound •  Agent connec<ons: default TCP and UDP port 5721 inbound and outbound Agent Requirements •  Requirements for Each Managed Machine –  333 MHz CPU or greater –  128 MB of RAM –  30 MB of free disk space –  Network Interface Card (NIC) or modem –  TCP/IP Outbound Port 5721 (1) –  No Inbound Ports –  Server and Agent Requirements hqp://help.kaseya.com/WebHelp/EN/VSA/6030000/Reqs/K2-­‐System-­‐Requirements63.htm Supported OS for Agents •  Microsop Windows NT, 2000, XP, 2003, 2003 R2, Vista, 2008, 2008 R2, 7, 8, 2012 •  Apple Mac OS X version 10.3.9 or above •  SuSE Linux Enterprise (10 & 11), Red Hat Enterprise Linux (5 & 6), Ubuntu (8.04 LTS, 10.04 LTS, and the 2 most recent non-­‐Long Term Support versions), OpenSuSE (11 & 12), and CentOS (5 & 6) are fully supported (6). In addi<on, efforts will be made to resolve any issues reported for reasonably current Fedora, Debian, and other Linux Standard Base compliant systems (7). Agent Deployment •  Create Agent Deployment Package •  Ini<al Agent Deployment – Manual Deployment •  Discovery Module –  Domain Watch -­‐ Ac<ve Directory –  LAN Watch – Network Discovery •  Naming Policy FIU’s Network Diagram Kaseya Server Your Laptop/Desktop Internet 192.168.0.0/24 192.168.0.1 192.168.2.1 192.168.3.1 192.168.2.0/24 192.168.1.1 NAT ROUTER 192.168.3.0/24 Instruc2on Lab ws1 192.168.0.100 Machine Room dc 192.168.3.10 192.168.0.10 192.168.1.0/24 Guest Desktops PCs & Laptops guest1 pc1 192.168.2.100 192.168.1.100 192.168.1.10 … … … … Kaseya Fundamentals
Workshop
AGENT DEPLOYMENT
Manual Agent Deployment Deploy Agents: Domain Watch •  Leverage Ac<ve Directory to automa<cally deploy agents to Domain Computers •  Create VSA users from Domain Users •  Kaseya Agent must be installed on the Domain Controller to collect Ac<ve Directory informa<on. •  A new Group Policy will be created on the Domain Controller for Agent Deployment. Domain Watch Overview 1 2 3
Deploy Agents: LAN Watch •  The CEC network is not well-­‐documented. •  Do a LAN Watch to make sure you account for all the computers within CEC . •  There may be new computers deployed or laptops that may only show up on the network every now and then. •  Schedule the LAN Watch discovery daily. Overview of LAN Watch Steps 1 2 Naming Policy •  Automa<cally assign machines to specific group IDs based on machine’s Connec<on Gateway and IP address range. •  You can add mul<ple IP address range for each machine group. •  Force the Machine ID to always use computer name. •  If you have computers that roam into different Naming Policy defini<ons, the machine will change group associa<on accordingly Kaseya Agent Files Windows Operating System:
These files need to be excluded by any ANTi-VIRUS software. Also exclude
Kaseya’s working directory and installation folder under Program Files
(x86)\Kaseya
•  AgentMon.exe
• 
The actual Kaseya Agent Application. This is what runs as a
service on your system.
•  KaSetup.exe
• 
Kaseya's Setup program.
•  KaUsrTsk.exe
This process will run as the logged in user.
•  Tells Kaseya who the logged in user is
•  Simulates users when necessary (scripts),
•  Allows the "execute as user" function in scripts"
• 
•  KaUpdHlp.exe
• 
Agent Update requires this application to stop, update the agent,
and restart agentmon.exe
Agent Deployment Strategies –  No single method is 100% effec<ve –  LAN Watch & Network Discovery –  Domain Watch Ac<ve Directory –  Login Script –  Other methods: •  Download from dl.asp •  Email package / link •  Manually Best Prac<ces •  Manual installa<on of agents can be easier if you click on the checkbox, labeled List on dl.asp next to the package you want to deploy, in the Agent > Deploy Agents page. •  This will allow you to see the selected packages in this URL: –  hUp://<KASEYA_SERVER>/dl.asp?id=???????? •  You can then install the agent without logging into Kaseya VSA. Kaseya Fundamentals
Workshop
AUDIT
What is Covered? • 
• 
• 
• 
• 
Audit Overview Assets Collec<ng Data Viewing Group Data Viewing Individual Data Audit •  Agents can be scheduled to automa<cally audit the hardware and sopware configura<ons of their managed machines on a recurring basis. •  Agents report the informa<on back to the Kaseya Server so you can access it using the VSA even when managed machines are powered down. •  Audits enable you to examine configura<ons before they develop into serious problems. •  Simple, efficient, and reliable tracking of every system and sopware no maqer where the machines you need to manage are located. Assets •  The View Assets page –  Populated by Discovery scans of networks and domains; provides a consolidated view of all "assets" managed by the VSA. •  The Manage CredenKals page –  Specifies creden<als by organiza<on and machine group; can be referenced by a VSA user when accessing a machine or device. •  The CredenKal Log page –  Provides an audit log of the VSA users’ ac<ons Kaseya Fundamentals
Workshop
Collecting
Data
What Informa<on is Collected? •  All hardware –  CPUs, RAM, PCI cards, and disk drives. •  All installed sopware –  Licenses, version numbers, full path, and descrip<on. •  System Informa<on from DMI and SMBIOS –  PC make, model, serial number, mother board type, etc. •  OS info –  version number and service pack build. •  Current network setngs –  local IP address, gateway IP address, DNS, WINS, DHCP, and MAC address. Audit Types VSA maintains three types of audits: •  Baseline Audit –  The configura<on of the system in its original state. –  Typically a baseline audit is performed when a system is first set up or once a year. •  Latest Audit –  The configura<on of the system as of the last audit. –  Once per day is recommended. •  System Info –  All DMI / SMBIOS data of the system as of the last system info audit. –  This data seldom changes and typically only needs to be run once or when hardware is changed. More about Audits •  Baseline Audit, System Info, and Latest Audit are done by default when an AGENT is installed on a machine. •  Most of the agent and managed machine data displayed by func<on pages are based on the latest audit. •  The latest audit record is stored for as many days as you specify. •  The VSA detects changes in a machine's configura<on by comparing the latest audit to the baseline audit. Collec<ng Data Recommenda<on •  Annual audits is required for planning and compliancy purposes, and for Baseline/Latest Audit comparisons for opera<onal tasks. •  Schedule Baseline Audit –  Frequency: annually •  Beginning on January 1st through the 14th –  Between 6am-­‐6pm •  Schedule System Info and Latest Audit –  Frequency: daily –  Between 6am-­‐6pm Kaseya Fundamentals
Workshop
Viewing Data
Viewing Group Data •  The Audit Summary –  provides a view of the data returned by audits of machines using the Run Audit page. –  The columns of audit data shown on this page are individually selectable and filterable. –  Addi<onal data not shown in the Audit Summary page is provided using the Machine Summary page. •  Configure Column Sets –  defines columns sets that can be used to select a set of columns in the Audit Summary table. View Individual Data This sec<on allows users to perform tasks and func<ons solely for one managed machine. •  Machine Summary –  A series of tabbed property sheets provided access to various categories of informa<on about the managed machine •  System Informa<on –  displays all DMI / SMBIOS data collected by the system info audit •  Installed Applica<ons –  lists all applica<ons found View Individual Data •  Add/Remove –  displays the programs listed in the Add or Remove Programs window. •  Sopware Licenses –  displays all sopware licenses found for a selected machine ID. •  Documents –  stores files associated with a machine ID. –  You can upload scanned copies of purchase receipts, contract informa<on, and configura<on notes specific to a machine ID. Custom Fields •  Custom fields can be maintained on –  Audit > Machine Summary > Summary tab –  Audit > Machine Summary > Hardware > Summary tab –  Audit > System InformaKon page •  You can create new, rename, and delete custom fields. View Defini<ons •  View Defini<ons further refine machine ID and machine group filter based on aqributes contained on each machine. •  Machine Search on the No<fica<on Bar. –  Search syntax string in Machine’s informa<on •  i.e. Display Name, Current Login, Last Login, Machine Name, IP Address, Connec<on Gateway, OS Type, OS Info, Organiza<on Name, Group Name, and others Day One Wrap Up Q&A Day One Hands On Labs •  Day Two Topics – Patch Management Module – Remote Control – Live Connect