Managing Your Ignite System
Transcription
Managing Your Ignite System
Ignite Overview LabTech Ignite™ is a set of preconfigured, out-of-the-box functions built into the LabTech remote monitoring and management (RMM) platform and designed to get your business up and running in no time. Developed and built by IT managed services industry experts and following Microsoft® best practices, LabTech Ignite sets the standard for simple IT services delivery incorporating mission-critical monitoring packs, industry defined thresholds, auto-fix scripts, automated patch management and much more! LabTech Ignite allows you to turn on and off functionality so you can decide what level of functionality is best for your environment. Why Should I Onboard 1-2 Clients at a Time? A methodical approach should be taken when onboarding new clients to help better manage overall ticket creation. This allows you to adjust monitor conditions where required, whitelist or blacklist software, as well as events, services and processes. By onboarding one or two clients at a time and taking care of these tickets before onboarding additional clients, it will save you time in the end. Here’s why: LabTech has provided you with 100+ internal monitors to provide you with valuable information (more on this later). When you onboard a new client, it is likely that every machine will generate 7-8 tickets EACH for a variety of reasons (e.g., new software, services, processes, events, sensors, etc.). So, if this client has 30 computers, approximately 240 tickets will be generated that need to be remediated. Now, say you have 100 clients with 30 computers each and you onboarded all of them, that’s a whopping 24,000 tickets! Are you thinking you’d rather just do it all at once and get it over with? Well here’s the good news, if you onboard only one or two clients at a time and remediate those tickets you will drastically reduce the number of total tickets generated. How, you ask? With a little bit of planning! Here’s an example: You have just onboarded the two clients and 60 of the tickets indicate that new software has been installed (e.g., Microsoft Office Professional Plus 2010). Add this software with the exact name to your App Whitelist and now you have eliminated that ticket for all of your remaining clients (3000 tickets just eliminated). Applications can be whitelisted or blacklisted in the Dashboard > Config > Configurations > App Whitelist/App Blacklist or by rightclicking on the application in the Software tab of the agent’s Computer Management screen and then selecting Software > Add to Whitelist/Blacklist. The same applies for services and processes. A little preparation goes a long way. If you know what applications are on your clients’ computers, you can add these before you onboard and eliminate even more tickets! LabTech has provided you with 1000s of whitelisted software, services and processes; however, as new releases of 3rd party software come out these applications may or may not be already in the whitelist for you. You may have to take the few seconds of time to add them to your whitelist. Success depends upon previous preparation, and without such preparation there is sure to be failure. - Confucius Why Should I Create Tickets for Everything? One answer, “Information”. Creating tickets for everything provides a fullsized stream of information about your clients’ machines and networks and can be used to show root causes for some problems, predict new problems before they occur and simplify troubleshooting for technicians. The trick is learning to manage these alerts and separate the more important items from the lesser important ones is critical to being able to provide an acceptable level of client service and satisfaction. The overall goal is to maintain details to help in justifying your service delivery (remember, show your worth so the checks keep coming), as well as to help a technician pinpoint trouble in an efficient and quick manner. “Doing the best at this moment puts you in the best place for the next moment.” ~ Oprah Winfrey Top 10 Highest Ticket Producers The following table represents the ten highest ticket producers from LabTech. On the following pages, we will explain why these monitors are important, where they come from and how to better manage them to provide valid information versus ‘noise’ in your PSA system. While this list is not all-inclusive, it was generated from support requests into the LabTech Help Desk. Monitor or Type What it Does LT-No Agent Checking in (30 Days) This alert notifies you of any machine that has not checked into the LabTech server for 30 days. Change Management Tickets Upon onboarding and each day, servers are checked for roles and or changes to roles and tickets are generated with the details. LabTech Onboarding/Patching The monitors alert you to issues that should have been addressed within LabTech during location on-boarding by a technician. Performance Monitors These monitor specific performance variables on workstations and servers, as well as by server roles. Sensor Monitors These monitors monitor specific motherboard sensors for conditions that are excessive. EV – Blacklisted Events Currently three monitors monitor the blacklist event table for alerts that match entries within the table. They are Critical and Warning Events, Exchange Events and Informational Events that all match the list. SW-Uninstalled This monitor looks for applications that have been removed from computers but excludes common apps such as Java, Adobe, etc. that frequently do a removal when they are updated. SW – Installed New This monitor looks for applications that have been added to computers, but excludes common apps such as Java, Adobe, etc. that are common and updated often. SW—Unclassified Apps This monitor looks for applications that have been installed at some point on the various machines and lets you either whitelist or blacklist the application as either known good or bad. SVC-Auto Services Stopped This monitor runs each hour looking for services that are reported stopped, but set to an automatic start state. Why Should I Care if an Agent hasn’t Checked In? The LabTech—No Agent Checking In (30 Days) monitor will alert you to notify you of any machine that has not checked into the server for 30 days. Why is this important? The assumption is that you are providing a monthly service to your clients and if a machine has not reported in within the month, you were not able to perform what is required of you to deliver your service. Less work for you, right? Well, let’s look at it from another point of view. Let’s assume that every quarter you meet with your client and the client’s patch health score is not up to par. Those computers that are offline and not checking in are affecting the reporting. Now, you have to explain to your client why the patch health score is low, why this computer hasn’t been patched, etc. Of course, you could tell the client that you couldn’t patch the computer because it has been turned off for more than 30 days. Oh, but wait, the client is paying you to deliver a service. Do you see where we are going here? Again, being proactive will always score you more brownie points than being reactive. When a machine has been off for more than 30 days, contact the client and tell them that there is a machine that has been off for several days and you are unable to patch, backup or run antivirus against it. This will be another step to validating your worth with your client. If it is a computer that is turned off for a reason, you can exclude it at the monitor level so the machine will be ignored. From the Monitors screen, click on the Internal Monitors tab. Find the ‘LTAgents No Checkin for More than 30 days*’ monitor and double-click to open. Click on the Exclusions tab. Right-click in the Disabled Computers section and select the computer you want to exclude from this check. Server Roles Changing, Who Cares? During Onboarding and each day servers are checked for roles and/or changes to roles. Tickets are generated with the details. This process was designed to keep you upto-date on any changes you may not be aware of and to use as validation for changes that may have been requested. The best solution to manage these tickets is to utilize your PSA to maintain the history. With the ConnectWise 6.0 plugin, ticket management can be used to close these tickets automatically after a specified number of days if they have not been reviewed. Servers are configured to perform a number of roles and the applications that are running on the server specify the particular server’s role. What happens if an application or service that is installed to perform its specific role has been accidentally removed? If you are not monitoring the changes, you may start getting inundated with Help Desk tickets because the role that this server is responsible for is no longer performing this role. By monitoring any changes, you can be proactive and contact your client to indicate that the server role has changed and determine if the change was intended. Likewise, if a client has installed additional roles on an existing server that may conflict and now you are receiving Help Desk tickets because the server is crashing. Without these monitors notifying you of changes, it may take a considerable amount of time to locate the problem. Additionally, if the client asks you to remove applications that allow the server to perform certain functions, you can keep a history of the change for validation purposes if at some point the client comes back to you and says ‘my server is not functioning’. The golden rule for every business man is this: Put yourself in your customer’s place. ~ Orison Swett Marden Onboarding/Patching—What Are These Alerts?? The Onboarding and Patching monitors will alert you to configuration issues that should have been addressed during your initial configuration. To remediate these types of alerts, The purpose of these monitors is to configuration needs to be completed at notify you of important steps that were the location level. missed to get the desired outcome from LabTech. By ignoring these alerts, At the location level, assign Administrator Access on the Deployment & patching will not take place after you Defaults tab. On the Ignite tab, replace the ‘Not Selected’ service plan have approved patches, agents will not value to something that is appropriate and on then click over to the get deployed nor will agents be assigned Patching sub-tab, and select the desired patching days for servers, to the appropriate service plan groups for monitoring. Performance Monitors All performance monitors that are set to trigger are based on Microsoft’s published best practices, so if something is alerting, it is exceeding the published threshold and should be investigated. Each of these alerts that do not auto reset once the threshold is lowered should be investigated and remediated. If any alerts that show a pattern of reoccurring, even if they reset, should also be investigated as both situations represent an issue based on performance. coming in, your client is complaining that his server is running too slow. You have turned off the performance monitors, so you no longer have a history of the CPU usage. Is it happening at peak times? All the time? Now, you have a client that is complaining about slowness and wants it fixed NOW. If you would have been using the performance monitors, it is likely that you would have These performance monitors allow you received alerts that this particular to monitor your clients’ servers and machine was exceeding the workstations to identify potential Microsoft’s published threshold problems such as malware spiking the allowing you to determine the cause CPU usage or excessive usage that long before your client submitted a the hardware can’t support. Help Desk ticket. If it is an overAdditionally, if a server or workstation utilized machine, you could have continually exceeds the thresholds it contacted the client and made him gives you the opportunity to upsell aware that the computer was your client to upgrade their systems. consistently exceeding industry standard thresholds and made a sale Imagine for a moment that you have to upgrade the computer. turned off the performance monitors because you think they are ‘noisy’ and Performance monitors, when used you have ignored all alerts about CPU with other monitors (e.g., sensor usage spiking on a client’s server. monitors), can help you diagnose the Days later, Help Desk tickets are problem much quicker. For example, the CPU usage performance monitor has been sending alerts that CPU usage has exceeded 90% and the CPU Temperature has exceeded its threshold, this could be indicative of improper cooling. By being proactive, you can quickly identify the problem and correct it before disaster strikes! Did You Know? CPU spikes can be caused by excessive and continual usage, inadequate power supplies, improper cooling, running many programs at once and viruses resulting in system instability and spikes. A CPU spike can cause temporary or permanent damage to the CPU and motherboard. Why Should I Care About Sensor Monitors? Sensor monitors were designed to help you see potential issues before they render a machine critical, such as elevated temperatures due to a clogged or failing fan. These items will go unnoticed by way of routine monitoring, such as with event logs. They are set to alert after the 3rd failure and will auto-close if a condition clears. If a machine has been found to be causing alerts on a consistent basis with no concrete indication that there is a problem, the monitor can be overridden at the machine level. Failing machines can cost you and your client valuable time and money. A computer that overheats can cause costly damage and force you to abandon the computer and buy a new one or incur expensive repairs to fix it and this doesn’t include the possible financial loss your client faces if a key computer goes down. not cleared will remain and can be investigated. These hardware based sensors vary from manufacturer to manufacturer and report hardware information such as: CPU Temperature Drive Temperature CPU voltage Power Supply Voltage Battery Voltage on Laptops Fan Speeds Let’s assume that you are receiving alerts that the CPU temperature has exceeded the allotted threshold on one of your client’s computers. What do you do? and very little ventilation. Clean the computer and move it to a better location where it gets more air. No more alerts. Ta Da! Problem fixed! Now, let’s assume you turned off the sensor monitors and now you get a call to the Help Desk that the computer is not operable and only after you spend a couple of hours troubleshooting, you come to the conclusion that the motherboard and By default, on new installations only CPU have been rendered useless servers will have sensor monitors. because of overheating. Now, you Investigate and determine if there is in Don’t fret, within a short while, the have to restore data from backup for fact a problem. You find that the tickets will begin to auto-close and the client because they lost valuable computer is clogged with dust and dirt only the remaining issues that have data and you have to stage another computer. Remember, it is always If sensor monitors are desired on desktops/laptops, you can set the followbest to be proactive and not reactive. ing properties: _sysMonSensorDisableDesktop and Would you ignore your car if it was _sysMonSensorDisableLaptop properties to ‘0’ (Dashboard > Config > overheating? Configurations > Properties) . Sensors tab on the agent (Devices > Sensors) shows all sensors that have been detected on this machine. Well, there are various reasons why the temperature is exceeding the manufacturer’s specifications: poor ventilation, a bad fan, defective fan, clogged with dust and dirt, the computer running at a higher than normal capacity, etc. What Can Blacklisted Events Do For Me? Events can indicate a potential security risk or critical system failure. By default, there are three monitors that monitor blacklisted events: Exchange Server, Critical and Warning Events and Informational Events. These are important because these events are listed within the blacklist by specific ID and/or message and indicate true issues. These issues should be investigated and resolved. Events can be removed from the blacklist if you feel they are not necessary. By doing so, alerts will no longer be generated for that event. You can also add application specific events to alert you when a potential issue may arise. For example, you could create a monitor that monitors an event ID or message that indicates a backup did not occur. You could always go directly to the backup software and check but you can eliminate this step and have a monitor alert you via a ticket if a backup did not occur. Let’s assume you were not verifying backups and something happened and required you to restore from backup. What are you going say to your client when you have to tell them that the last successful backup you have is a week ago and all of their data is lost? Guarantee it’s not going to be a pleasant experience! It doesn’t need to be backup jobs you are monitoring, it could be other applications that your client absolutely has to have to keep their business running. Managing these alerts is simple as fixing the issue and the alert will stop. To add or remove events from the Event Blacklist: To add: Go to the Dashboard > Config > Configurations > Event Blacklist and enter the Event ID, Source, Message, Event Log Name, Event Type and the Category. To remove: Simply right-click on the event and select Delete. Software was Uninstalled...so? The ‘SW—Uninstalled’ monitor looks for applications that have been removed from computers but it does exclude common apps such as Java, Adobe, etc. that are typically removed when updates are performed. There are a few reasons why you should want to be alerted when software is uninstalled. Let’s assume Ollie at Client XYZ has uninstalled an application that is a key business app for your client. You start getting flooded with Help Desk tickets because all of the users are getting errors trying to access the app. Your client calls up angry because he thinks the update you did yesterday broke something even though you know it is unrelated. Now, you spend a few minutes to a few hours finding the issue and trying to convince the client that it was not your update that caused the problem. So, let’s change the scenario and turn that monitor back on. Ollie uninstalls the software and your monitor alerts you that software has been uninstalled. You contact your client (before he contacts you) and indicate that you have been alerted that their key business app has been uninstalled. The client asks you to reinstall the software and that they will look into the incident on their end. He then thanks you for being proactive because it is a key business app and without it, it would cause financial implications for his business. Let’s look at it from another angle. If a client has requested an application be uninstalled, the monitor will create ticket that you can use to validate that the request was completed. This monitor consolidates tickets for each machine so you are not notified via more than one ticket per machine if any applications are removed. If specific machines need to be excluded, you can add them to the exclusions list on the monitor. From the Monitors screen, click on the Internal Monitors tab. Find the ‘SWUninstalled’ monitor and double-click to open. Click on the Exclusions tab. Right-click in the Disabled Computers section and select the computer you want to exclude from this check. Applications—Good or Bad? In a perfect world, you wouldn’t have to classify applications good or bad. Unfortunately, in the real world you do. Users can unintentionally install potential harmful applications that threaten your network security or your client’s network security. The ‘SW-Unclassified Apps’ monitor looks for applications that have not been whitelisted or blacklisted and allows you to classify them good or bad. You can then alert on the bad ones. This monitor consolidates tickets for each machine so you are only notified with one ticket per machine if any unclassified applications are found. By monitoring applications that have been installed and are not classified you can reduce the risk of any harmful applications threatening your network or your client’s network. tickets. Additionally, if there are Applications should be whitelisted/ machines that should be excluded, blacklisted during Onboarding as much they should be excluded at the monitor as possible to eliminate many future level on the Exclusions tab. Applications can be whitelisted and blacklisted in the Dashboard > Config > Configurations and then selecting the appropriate blacklist or whitelist tab. You can also add to the whitelist/blacklist by right-clicking on the application in the Software tab of the agent’s Computer Management screen and then selecting Software > Add to Blacklist. Why Should I Care if Auto Services Have Stopped? The ‘SVC-Auto Services Stopped’ monitor reports on services that have stopped but are set to an automatic start state. If they are automatic start, should I really care about them? service that needs to be running. What it does, is run a script to restart the stopped service and does multiple passes and then reports on success. application is launched, these can be excluded by adding them to the Services Blacklist. Additionally, if there are machines that should be excluded, they should be excluded at the monitor levels on the Exclusions tab. Now, for services that are set to The answer is Yes and here’s why. automatic start by the application Many business applications are installer but really only start once the service driven. If these services are Services can be blacklisted in the Dashboard > Config > not restarted, you will start receiving Configurations > Service Blacklist or by right-clicking on the service in Help Desk tickets because the the Service tab of the agent’s Computer Management screen and application is not working. The beauty then selecting Software > Add to Blacklist. of this monitor is it keeps you from having to identify each and every It is easier to do a job right than to explain why you didn’t. ~ Martin Van Buren Why Do I Want to Monitor Software Installations? Software may contain viruses, spyware, key loggers or other things that can compromise security, which can cause a loss of valuable data as well as considerable financial loss. Additionally, unlicensed software can be installed without your or your client’s knowledge which could potentially cost your client thousands of dollars in copyright infringement fines. So why do you want to monitor software installations? Let’s assume for a moment that Ollie Operator that works for your client just installed this “cool” add-on for Microsoft Word. LabTech has detected the change as newly installed software and reported it via an automatically generated ticket. A few days later, your client calls your Help Desk about Word crashing repeatedly. Within minutes, your technician has tracked it down to this “cool” add-on because a ticket had been generated for it just days prior Applications can be blacklisted in the Dashboard > Config > Configurations > App Blacklist or by right-clicking on the application in the Software tab of the agent’s Computer Management screen and then selecting Software > Add to Blacklist. and is in the history. The add-on can be quickly removed using LabTech and the application blacklisted so you are alerted in the future if it has been installed again. What if you weren’t monitoring software installations and the same event occurs? How long do you think it would take to locate the problem? Could be hours, could be days or maybe not at all. Now, let’s say the same client has 100 agents and Ollie Operator is doing his own thing again. He just installed the newest version of Microsoft Office Professional on all of the agents. At this point, you do not know if it is legal software or if it is pirated. If it is pirated, this could cost your client thousands of dollars in copyright infringement fines should the software company ever find out, say through a disgruntled employee (it’s happened before). This gives you the chance to show your ‘worth’ to your client. Send your client a letter that you have detected that You can keep track of the licensing information on the License Management tab of the client. ABC Software has been installed on all of his agents. Ask the client to please provide licensing information so in the event of a failure, recovery is accelerated by having the licensing information immediately available. Include information about piracy and that companies are subject to significant fines for copyright infringement if software is found on computers that is not licensed. By communicating with your client, you are showing that you are looking out for their best interests. It makes for happy clients. Happy clients send checks. This is all about being proactive, the more proactive you are the less Help Desk tickets you will receive and the more time you have to build your business or to improve your business. Not so Fun Facts: Did you know that dealing with viruses, spyware, PC theft and other computer related crimes costs U.S. businesses a staggering $67.2 billion a year (according to the FBI in 2006). The successful man is the one that finds out what is the matter with his business before his competitors do. ~ Roy L. Smith