Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Wisdom 4.1

Several years ago RES released RES PowerFuse. With RES PowerFuse all kind of user settings can be configured, managed and monitored concerning applications and Windows. Because PowerFuse is only developed for those user settings, the applications need to already available on the Terminal Server or workstation. In other word the machine part is not the responsibility of RES PowerFuse and some other way need to be used to accomplish the installation of Windows and applications. Till now you should use some other products for this. Now with RES Wisdom RES aims to this machine part of the Terminal server and workstations.

RES Wisdom is build with a starting point "Keep it simple and easy". RES claims that with three steps the product is operational. They called these steps in version 3.0 Get Ready, Set, Go, but are renamed in version 4. Let's find out if Wisdom is that easy and which new features are available in series 4.1.




Installation

Logically the product needs to be installed first before you can use it. If you look too this very black and white this is actually the first step, which is not mentioned by RES (or is this part of the first step Get Ready?). The first installation should be done on a machine which will be used for managing the Wisdom environment. During this installation the Wisdom console will be installed on the machine from which all settings and configurations are set up. The installation itself is pretty easy, you can specify the destination directory and need to accept the license agreement. That's all you need to configure, because the installation file is MSI based this part can be made unattended easily.

Configuring the Wisdom Infrastructure

After the first installation the Wisdom environment need to be build up. This starts with creating a datastore, the database where all Wisdom configuration settings are stored. All traditional database like MS SQL, MySQL, DB2 and Oracle can be uses. All settings needed to create this database are filled in via the Wisdom console and using this data everything is created on the SQL server. After creating the datastore system settings can be configured like additional Wisdom administrators (only full administrator rights possible), licenses and settings for the dispatchers like bandwidth and discovering (information later in this article).

Within Wisdom three types of machines are recognized, Consoles, Dispatchers and Agents.
- Console
This type of machine is being used for administrating and configuration the Wisdom environment.
- Dispatcher
A dispatcher is responsible for caching the installation sources and acts as a traffic officer for the agents.
- Agent
The agent component is active on the machines on which the jobs are executed. In other words the agent is responsible for execution the jobs on the Terminal Servers, laptops and/or the workstations.

Image

Within the Infrstructure component you can select one of more of these components and install them automatically on the system(s). If wanted it is also possible to install these components yourself using the MSI files which are used for the automatically deployment. Because of these MSI files silent installation is easy.

The last configuration option is to combine agents into a team, which makes it possible to install jobs to more systems with a single click.

Preparing the Jobs

In this phase you are building the configuration for the machines with the agent component installed. This configuration is made in a module. This module exists of one or more tasks. Modules can then be combined to a project (or scheduled separately)
The interface is very understandable. Adding a new module opens a configuration screen where task(s) and/or querie(s) needs to be added. Version 3 had a total of eleven tasks. Right now this version has 25 tasks, so this part is extended a lot.
The following tasks are available:

- Apply Registry Changes
With these task you can add or modify registry settings in the HKEY Local Machine key of HKEY_Users key. Like all components it is no problem to browse to the key, also from other computers on the network.

- Change Computer Name Properties
Wisdom needs a basic installation of the operating system. With this tool the computer name can be changed, joining a domain, placed in the right OU and changing the computer description. There is no option to change the SID of the machine, so you need to arrange it yourself by using Sysprep or someother tool before deploying applications to the agent server.

- Change Service Parameter
With this task all settings concerning services can be changed. Examples are: changing the service account, service start-up, service status and restarting the service.

- Download Resources
This task can be used to already download the source to the dispatcher. This option can be used to download files which are needed by one of the installation tasks or transferring files during off-peak hours.
- Execute command
Execute command can be used to start an command on the machine itself, using specified credentials and logging.
- Install Microsoft update
Using this command a Microsoft hotfix or update can be installed on the machine silently.
- Invoke Softricity client
With the option the machine settings of the Softricity client can be managed. Wonderful option is the preload application cache, where the applications can be configured which should be preloaded to that system. Publishing the application to the startmenu and/or the desktop can be configured here. Also the logging level can be adjusted and if needed an extra task can be made clearing the application cache.
- Invoke Windows Installer
This task is available tot install applications on the systems using a MSI based installation. Within this task the MSI file need to choosen and what the Installer should do (Install, Upgrade, Patch, Repair or Uninstall). If necessary additional MSIEXEC parameters can be filled in and MST files can be added to the installation.
- Perform Unattended Installation
If the manufacturer supports an silent installation using his own executable file, this option will be used to perform the installation. Parameters can be specified to fine-tune the installation.
- Set Windows Shell Configuration
An option special available for the PowerFuse customers. PowerFuse can use his own shell in stead of the Windows shell. This task sets the shell you would like to use.
- Shutdown Computer
This task makes it possible to reboot the system. Options are available to display a message to connected users, forced closing of application, shutdown time limit and the possibility to delay the reboot if users are logged in to the system. Can be used after an installation of an application or periodic reboots.

 

 

New in version 4 are:

- Defragment Disks
As the name implies you can deframent Disks of the agent machines.
- Deploy Res Wisdom Component
Another way to enroll one of the Wisdom components like the dispatched and agents
- Manage Certificates
Install or Remove certificates and/or certificates lists
- Manage Local Groups
Create or Remove Local Groups, add or Remove users from local groups and/or change the local group name and description.
- Manage Local Users
Exactlty the same options as Manage Local Groups, but then on user level.
- Manage Printer Drivers
With this option you can add or remove a printerdriver from the agents machines. You need to add the inf file and driver into the resource pool before.
- Manage Remote Terminal Server Logons
Task to enable or disable Logons on the Terminal Servers.
- Manage Shares
With this taks you can to create or remove shares. Also the number of maximum users can be configured. No option to configure the share rights.
- Manage Windows Firewall
Configure the Windows Firewall completely. You can enable or disable the firewall, change the advance settings and configure exceptions to the default rules.
- Refresh RES PowerFuse Sessions
This option makes it possible to refresh the user PowerFuse sessions automatically.
- Set Microsoft Product Key
With this task the 25 characters Microsoft Product key.
- Set Security
A good new option, it is pity this can only be done on username right now. With this task you can set security on share, registry and NTFS level. You can configure of the new rights should be replace permissions or remove all permissions.
- Set System Environment variables 
Add or remove System variables to the agent machines.
- Show Message Box 
With this option you can display a messagebox to your users. For terminal servers there is the option to show this option only to the console. Also useful for a manual check of the result of a project using conditions.

Image

Beside the above mentioned tasks, the following queries are available. Series 4 is extended with much more queries.
- Baseline secruity
In this query you need to specify the security catalog (if possible it can also be download from Microsoft's website). This catalog will be used to analyze the systems and reporting any missing updates and/or vulnerabilities. Specify for which vulnerabilities need to be searched. The Microsoft Baseline Security Analyzer and Agent need to be present on the target system.
- Computer Inventory
This query check all kind of computer attributes like processor, memory, manufacturer, display adapter, network adapter and so on.
- Computer Name Properties
Simple query, what is the computer name of the system.
- Computer Uptime
Again a simple query for the time the system is running till now.
- Disk Space
Query to monitor the used disk space. If this query is run regularly a chart can be created for analyzing the consumption of disk space.
- Event Logs
Wonderful option to view all the event logs from one console, already filtered by your specifications (warnings, errors, information and security audits) and your time slice.
- File version/contents
This query can check the file version for specified files (variables can be used) or content within a file.
- Installed Programs
This query checks which programs are already installed on the systems.
- Registry Settings
Checking all values within a key or a specific value within the registry value.
- SServices
Query if a service is available on the agent together with his parameters. It can not be used to monitor the status of specified services directly, indirectly this can be seen navigating to all services queried.
- Softgrid client
This query can be used for two purposes. The first is to query the applications in the application cache of the machine. Second you can query the softgrid client log for errors and warnings (and resetting the log).
-
TCP/IP Configuration
Just the name of the query tells you. Running this query shows the IP configuration of the system(s) queried.
-  Windows Shell Configuration
Query the machine which shell is configured. Again a special query for the companies who use PowerFuse.

New in version 4 are:

- Certificates
- Disk Fragmentation
- Microsoft Product Keys
- Parameters
- Printer Drivers
- Remote Terminal Server Logons
- Security
- Shares
- System Environments Variables
- Windows Firewall
- Dispatcher Discovery
- Scan Computers
- Local User Accounts
- Local Groups
- Citrix Metaframe Published Applications

Most queries explain their selves. With the most queries you can use filters to reduce the amount of results. At the User Account queries you can also query on the properties of the account like password properties. Scan Computers queries all computers in a defined IP Range. With Citrix Metaframe Published Application you can query which Published Application are available per server.

Besides these new tasks and queries Wisdom now also have parameters and conditions possibilities. The conditions will be the most used. You can define several rules and add these to the task to filter out machines or check if a requirement is already available.

Where necessary within the tasks or queries additional credentials for carrying out the task can be supplied. A module can exist of one or more tasks. Modules can be combined in projects. These projects can be scheduled in the job part in the third step. A practice sample is to put the installation and configuration (MSI install with some registry key changes) in one module. This module will then be placed in a project, that exist of an application set (for a specific target like Terminal Server desktop environment).

For all files be used for installation on the system (via the Windows installer or unattended installation) the installation source need be added to the resource tab. A resource can be placed within in the database of Wisdom or on a file share. If you place the resource in the database do not forget to add all files needed by the installation to the database. In version 4 it is now possible to select multiple files.  If you use a setup with more than one file and a folder hierarchy you can use the new Wisdom Resource Package. In a Resource Package you can add more files and folder. In the Task properties you can select a file inside the Wisdom package.

Image

Rollout

After creating a projects you are ready for the Rollout phase. In this step the projects can be scheduled for execution. At the job scheduling you add new jobs. A job can have the following moments of execution: immediately, scheduled, reoccurring, after next reboot, after every reboot or after new agent registered. All options are clearly explained and have enough detail to execute the job exactly how you like it to do. Next is to select the project you want to execute. Last you need to specify on which agents this job need to be executed. Here you can use the teams created in the Get Ready step. When the job is executed it can be monitored in the current activity tab looking the same way as the installation of a dispatcher of agent installation (see first image in this review). If the job is finished or failed it will be moved to Job Results. In this tab the results can be viewed in detail why the job is failed (or succeeded of course).

If a job is failed because you made some mistakes in the module you need to create an new Job within Go. The changes saved in the modules or project are not effective for jobs which already run (in other word it is using the content of the modules, which was available when the job was run the first time). Only when creating a new job or use the Reload feature the modules are checked again for their (new) content. If a party of a job failed and you would like to rerun it you can uncheck some parts of the job that do not need to done again.

Managing Wisdom

As described in the steps Get Ready and Go the monitoring functions of the installations and/or executing are orderly and detailed.
Also when a job fails the error codes are good enough to identify quickly where the problem comes from. It is wonderful that Wisdom itself also logs the installation of the MSI file itself.

For every object within Wisdom a audit trail is maintained where all changes to one of these objects are described. If you have seen PowerFuse you recognize this a little. In PowerFuse the login name of the user which changed the object the last time is displayed. Within Wisdom all events concerning this object are written down in the audit trail log.

Image

Conclusion

With Wisdom application deployment becomes almost blind man's buff. Also the setting up the installation and configuration of an application is getting a lot easier. Logically you should know the parameters for installation, but that is true for every deployment system. Using enumeration of the object to create one project for execution is a nice and wonderful method. It is a pity that adding files to the resource can be time-intensive process and failed jobs need to completely scheduled again if there is a configuration error in one of the modules.

The queries are most useable for workstations inventories. Within version 4 their also some specific Terminal Server queires, but it would be nice if RES extends this a little bit more. My last wish would be if RES can add a Windows installation (with PXE boot) to their product. If this is available the complete deployment can be done using one console. Till now you need another tool to install the operating system on the server or workstation.

In spite of these wishes Wisdom is already a wonderful, solid product for application deployment and configuration (system settings) and enrollment of Microsoft updates en patches. Also the installation model is very competitive if draw a comparison between equivalent products.

Advantages
- Easy, simple but solid and robust application deployment and configuration
- Wonderful options available in the product like the Softricity integration, Event Log filtering and audit trail
- Wisdom can be used for workstations and terminal servers
- Good overview of status of the jobs with useful logging

Disadvantages
- Adding files to resource object is time-consuming
- Service query can not be directly used to monitor the status of the services