2.6.4 Managing offline computers
Besides network-accessible computers, JP1/IT Desktop Management 2 can manage computers that it cannot access over the network, including standalone computers and computers connected to an isolated network at a remote site.
The management of computers that cannot be accessed over a network is achieved by using external media to install the agent on the computer and collect device information.
This process of using external media to manage computers that the management server cannot access over the network is called offline management, in contrast toonline management which involves the management of computers that are connected to the management server by a network.
- Storage capacity required on external storage devices
-
Device information is collected from offline-managed computers by an information collection tool stored on external media. The following free space must be available on the external media:
5 MB + (50 KB x the number of computers for which device information is collected)
There are some differences in management server capabilities depending on whether a computer is managed online or offline. For details on these differences, see (1) Functional differences between agent/agentless management.
Note that the offline management function is not supported on the Citrix XenApp and Microsoft RDS server.
Also, changing a setting of an offline-managed computer in the operation window requires re-execution of the installation set, the getinv.vbs command, or the setsecpolicy.vbs command tool. For details about configuration items that require re-execution of these commands, see the description about the conditions in which the tools must be re-executed on offline-managed computers in the manual JP1/IT Desktop Management 2 Administration Guide.
- Organization of this subsection
(1) Functional differences between agent/agentless management
There are some differences in management server capabilities depending on whether the managed computers have an agent installed or are agentless. In the case of computers with an installed agent, other differences arise depending on whether the computers are managed online or offline.
The following table describes functional differences by configuration type:
|
Function |
Managed computers |
|||||
|---|---|---|---|---|---|---|
|
Agent installed |
Agentless |
|||||
|
Online management |
Offline management#1 |
|||||
|
Windows |
UNIX |
Mac OS |
||||
|
Acquisition of device information#2 |
Y |
D |
D |
Y |
D |
|
|
Security diagnostics |
Assign security policies |
Y |
Y |
N |
Y |
Y |
|
Evaluate security |
Y |
N |
N |
Y |
D#3 |
|
|
Actions at security policy violation |
Automatic security measures |
Y |
N |
N |
D#9 |
N |
|
Restrict printing |
Y |
N |
N |
Y |
N |
|
|
Disable data export |
Y |
N |
N |
D#10 |
N |
|
|
Disable software startup |
Y |
N |
N |
Y |
N |
|
|
Acquire operation logs |
Y |
N |
N |
N |
N |
|
|
Send warning messages |
Y |
N |
N |
N |
N |
|
|
Power on/off |
Y |
N |
N |
N |
N |
|
|
Management of asset information |
Manage hardware |
Y |
D#4 |
D#4 |
Y#5 |
D |
|
Manage software licenses |
Y |
Y |
Y |
Y |
D |
|
|
Manage software |
Y |
Y |
Y |
Y |
Y |
|
|
Manage contracts |
Y |
Y |
Y |
Y |
Y |
|
|
Distribution of software and files |
Distribute software |
Y |
Y#6 |
N |
Y#6 |
N |
|
Distribute files |
Y |
Y#6 |
N |
Y#6 |
N |
|
|
Uninstall software |
Y |
N |
N |
N |
N |
|
|
Remote control of devices |
Remote control of computers |
Y |
N |
Y#7 |
N |
Y#7 |
|
Connection requests from computers |
Y |
N |
N |
N |
N |
|
|
File transfer |
Y |
N |
N |
N |
N |
|
|
Chat |
Y |
N |
N |
N |
N |
|
|
Management of device network connections |
Enable network access control |
Y |
N |
N |
N |
N |
|
Control network connections |
Y |
Y |
Y |
N |
Y |
|
|
Report creation |
Y |
D#8 |
D#8 |
Y |
D |
|
Legend: Y: Supported. D: Depends on the collectable device information. N: Not supported.
#1: Agents for UNIX or Mac are excluded.
#2: The device information that can be collected depends on whether the computers have installed agents or are agentless. See the following for details on the information collected from each type of computer.
#3: Use the Windows Administrative Share feature to evaluate the security of agentless computers. Screensaver security cannot be determined on a per-account basis when using agentless management.
#4: Depends on the information. For details, see (4) Hardware information.
#5: USB devices cannot be registered.
#6: Only distribution using Remote Install Manager can be performed. ITDM-compatible distribution cannot be performed.
#7: RFB protocol must be used for remote control.
#8: Depends on the information. For example, software and device management status are supported, but security status is not supported.
#9: The automatic security measures are possible only when update programs are automatically applied, prohibited software is blocked to start, and the security of services or OSs is configured.
#10: Limit assets permitted to be used cannot be configured in the Allow registered USB device usage settings.