Deployment rules are how you define the agent and module installation packages you want to install and the computers where you want to run the installation packages. You also define the following items in deployment rules:
The credentials to use for installation
The Deployment Service to use
The deployment schedule
Email notification of deployment success or failure
You can create new deployment rules or modify existing deployment rules, including out-of-the-box deployment rules installed when you install the Control Center console. To create or modify deployment rules, you use the Deployment Rule Wizard.
You can create a new rule, modify a rule you created previously, or modify one of the out-of-the-box deployment rules.
Control Center provides out-of-the-box rules for some installation packages, including the NetIQ AppManager Windows Agent. The default rules use the naming convention DefaultRule - application where application is the name of an application on an agent computer. If there is no out-of-the-box deployment rule, create a deployment rule.
If you want to use an out-of-the-box rule, you can modify the properties of the rule. For more information about modifying a rule, see Section 9.5.13, Changing the Properties of a Deployment Rule.
To create or modify a rule:
Log on to the Control Center console using an account that is a member of a user group with deployment permissions. For more information about permissions, see the Administrator Guide for AppManager, available on the AppManager Documentation page.
In the Navigation pane, click Deployment.
In the Navigation pane, click Rules.
(Conditional) If you want to create a new rule, in the Tasks pane, click Create New Deployment Rule.
(Conditional) If you want to modify an existing rule, click the rule you want to modify, and then in the Tasks pane click Edit Deployment Rule.
In the Deployment Rule Wizard, configure the rule. In some cases, you can use the default values. To make changes, click the links on the left pane of the wizard. For more information about the links, see the Help.
Click Finish.
If you want the rule to begin creating deployment tasks, ensure that the rule is enabled. For more information, see Section 9.5.11, Enabling and Disabling Deployment Rules.
In the Deployment Rule Wizard, click Packages to configure the installation packages you want to install.
To configure installation packages:
(Conditional) If you want to install certain packages on the agent computer, select the packages you want to install.
(Conditional) If you want to uninstall certain packages from the agent computer, select the packages you want to uninstall and then select the Uninstall the selected packages from the target computers option.
(Conditional) If the AppManager agent is not already installed on the agent computer, include the NetIQ AppManager Windows Agent installation package and the application-related installation packages.
(Optional) If you want the installer to skip the pre-installation check for packages on the agent computer, select the Skip pre-deployment check option.
(Conditional) If the Requires Configuration column is set to Yes, configure the selected package. To configure the selected package, click the configuration link in the list. The Configuration Wizard prompts you for the required configuration information. For more information about configuring the agent installation package, see the Installation Guide for AppManager, available on the AppManager Documentation page.
NOTE:
If the configuration of a deployment package requires you to specify a management server, use the NetBIOS name of the management server. You cannot use the IP address.
Before you install the AppManager agent, consider the permissions required to run Knowledge Scripts on the agent computer. For information about the permissions required to run a particular Knowledge Script, see the Help for that script.
In the Deployment Rule Wizard, click Credentials to specify the user account you want to use to run the installation package on the agent computer.
The credentials you provide to run the installation package are different than the credentials used by the AppManager agent to run particular Knowledge Scripts.
To run an installation package on an agent computer, for example, to install the AppManager agent, provide a domain user account that is member of the Administrators group on the agent computer. When configuring a rule, you can use the Windows user account that is currently configured as the default for deployment, or provide different logon information.
Select an option to specify the deployment credentials you want to use:
Use configured default authentication credentials. The Control Center console can be configured to use default authentication credentials for all deployment rules. Click Configure to configure the default credentials. For more information, see Section 3.2.1, Console Options.
Use different authentication credentials. You can provide a different set of credentials for this rule in place of the default credentials.
If you specify invalid credentials, the Control Center console does not raise a warning until after you enable the deployment rule. In the Deployment Rule view, the Status Details column displays information about any problems with the configuration of the rule.
In the Deployment Rule Wizard, click Target Computers to choose a method for selecting computers. After you choose a selection method, use the Inclusion Filters and Exclusion Filters tabs to configure filters to further refine the computers you want to include and exclude, respectively.
To generate a deployment task for a computer, the computer must match both the target selection method and the inclusion filter. If you specify an exclusion filter, the computer must not be selected by the exclusion filter.
HINT:If the package you want the rule to install is already installed on the agent computer, a deployment task is not generated.
Select an option to choose a selection method:
Agent. Selects AppManager 7.0 (or later) agents currently managed by Control Center. This option is useful for installing updates to the AppManager agent.
Domain. Searches for computers in the Active Directory domain you specify. In the Domain Name field, type the fully-qualified domain name or NETBIOS name of the domain you want.
Specific Computers. Click Add to add a computer name. You can specify the names or IP addresses of the computers you want. At this time, only IPv4 addresses are supported.
Click Remove to remove a computer from the list.
Computers List File. Specify the path and name of a file on the deployment server that contains an XML description of the computers you want, for example:
<ScannedMachines>
<ScannedMachine Name="Machine1" Platform="Windows"/>
<ScannedMachine Name="Machine2" Platform="Windows"/>
.
.
.
</ScannedMachines>
You can specify the names or IP addresses of the computers you want. At this time, only IPv4 addresses are supported.
Management Groups. Click Add to add a Control Center management group. This option is useful when you want to install a package on the computers in a management group. Use this option to leverage the power and flexibility of rule-based management groups to select the computers you want. For more information, see Section 4.1, About Management Groups.
To remove a management group from the list, select the management group and click Remove.
In the Deployment Rule Wizard, use the Inclusion Filters tab to configure the criteria you want to use to further refine the list of agent computers you want to include.
To generate a deployment task for a computer, the computer must match both the target selection method and the inclusion filter. If you specify an exclusion filter, the computer must not be selected by the exclusion filter.
Select a criteria you want and click the link to configure each criteria:
Domains. Include computers in a domain by selecting the domains you want from the list.
IP Addresses. Include computers by typing the IP address of each computer you want. At this time, only IPv4 addresses are supported.
IP Address Ranges. Include computers that fall within a range of IP addresses by specifying the starting and ending IP address. At this time, only IPv4 addresses are supported.
Computer Names. Include computers by typing the name of each computer you want or by browsing the list of computers.
Operating Systems. Include computers that run a supported version of the Microsoft Windows operating system.
Organizational Units. Include computers that belong to one or more organization units in Active Directory by specifying the distinguished name of the organizational unit, for example: OU=Domain Controllers,DC=corporate,DC=local
Regular Expressions. Include computers that match all specified regular expressions, for example, EXCHSERV0[1‑5] only selects computers named EXCHSERV01, EXCHSERV02, and so on, up to EXCHSERV05.
Wildcard Expressions. Include computers that match one or more specified wildcard expressions. Supported expressions include ? (one character) and * (more than one character).
Remote Registry Values. Include computers with one or more matching registry values. For more information, see the Help.
To exclude a computer that matches the target selection method and the inclusion filter, specify an exclusion filter on the Exclusion Filters tab. This tab uses the same filters as the Inclusion Filters tab. If the computer is not selected by both the target selection method and the inclusion filter, you do not need to specify an exclusion filter.
NOTE:To generate a deployment task for a computer, the computer must match both the target selection method and the inclusion filter, if one was specified. The Deployment Service does not generate a deployment task for a computer that matches the exclusion filter.
In the Deployment Rule Wizard, click Deployment Service to select the Deployment Server you want to use to deploy the task. For example, you might have a Deployment Service that is used to deploy installation packages to a particular corporate office. For information about installing the Deployment Service, see the Installation Guide for AppManager, available on the AppManager Documentation page.
In the Deployment Rule Wizard, click Deployment Schedule to specify when to run the installation on the agent computers.
Depending on the packages you are installing, and where you are installing them, you might need to specify a custom schedule. For example, if you have a maintenance window on your Exchange servers, you can schedule a deployment package to be installed during that time.
NOTE:If an agent computer is in maintenance mode, a deployment task will run at its scheduled time. Enabling maintenance mode on an agent computer does not prevent the deployment task from running.
Select an option to specify the deployment schedule you want to use:
Use default deployment schedule. The Control Center console can be configured to use a default deployment schedule. Click Configure next to the Use default deployment schedule option to configure the default schedule. For more information, see Section 3.2.3, Deployment Options.
Create custom deployment schedule. Select this option to create a custom deployment schedule. You can choose to deploy tasks immediately upon approval or based upon a specified schedule, once the task is approved.
|
Option |
What it does |
|---|---|
|
Deploy upon approval |
This option requires the deployment task to be approved before it runs. |
|
Deploy according to the following schedule |
Specifies when to deploy the task. Selecting this option changes the deployment task status to Scheduled. Scheduled tasks must also be approved. |
For information about configuring a custom deployment schedule, see the Help.
In the Deployment Rule Wizard, use the Notification tab to specify who will be sent an email message about the status of a deployment task. You can choose to send email notification to a list of recipients when a deployment task succeeds or fails.
Before you can configure recipients of email notifications, you might want to configure the Notification From email address that Control Center uses to send the email notifications. Otherwise spam blockers might block the email notifications. The default value for the From address is empty.
To configure the Notification From email address:
Open the following file:
<Install_folder>\AppManager\ControlCenter\bin\DeploymentService.exe.config.
Specify an email address to use as the Notification From email address in the NotificationEmailFromAddress parameter.
When the Deployment Service sends an email notification to the recipients, the email displays the value you specify in the DeploymentService.exe.config file as the From address.
Close and save your changes.
Restart the NetIQ AppManager Control Center Deployment Service for your changes to take effect.
Select an option to specify the email notification option you want to use:
Use default list of notification recipients. The Control Center console can be configured to use a default list of notification recipients. You can also change the default list of recipients. Click Configure to configure the recipient list. For more information, see Section 3.2.3, Deployment Options.
Use custom list of notification recipients. You can use a specific list of recipients rather than using the default list of recipients.
To add recipients to the custom list, type the email address of the recipient in the New Email Recipient Address text box and click Add.
To remove recipients from the custom list, select the recipient in the custom list and click Remove.
In the Deployment Rule Wizard, use the Summary tab to view a summary of how the rule is configured.
When you create a new rule, you can also view the summary information in the Rules view. Click the rule for which you want to view summary information in the Summary pane.
Summary information for the default, out-of-the-box rules is not displayed until after you configure the rule.
To allow the Deployment Service to generate a deployment task for each agent computer, enable the deployment rule.
NOTE:If Control Center generated deployment tasks before you made changes to or enabled the rule, delete the previous deployment tasks.
When you update a deployment rule, Control Center creates new deployment tasks for the deployment rule. However, Control Center does not update or remove any deployment tasks that it previously created for the deployment rule.
You cannot enable a rule until you have properly configured it. For example, you might need to configure an installation package before you can enable the rule.
After you enable a deployment rule, the associated Deployment Service will execute the rule at the next interval. By default, this interval is every 5 minutes. For information about the deployment interval, see Section 9.3, Deployment Preferences.
When you configure a rule to install one or more packages, the rule remains Enabled. The rule will generate new tasks only for those computers that match the rule requirements. However, if you configure a rule to uninstall one or more packages, the rule is automatically Disabled after the list of agent computers is evaluated.
You can also disable a deployment rule to prevent the rule from running or generating new deployment tasks. Note that matching deployment tasks are only generated if the tasks have not been previously generated or if they have been deleted while in Waiting for Approval state.
To enable a deployment rule:
Log in to Control Center with an account that has permissions to create, delete, and modify rules.
In the Navigation pane, click Deployment.
Click Rules to display a list of rules.
Select the rule you want and in the Tasks pane, click Enable Deployment Rule.
To view the rules that you create or modify you need to refresh the list of rules.
To refresh the list of rules, click Refresh Current View on the ribbon or press F5.
Before you update a rule, consider whether you need to change the rule. If the change applies:
To a few agent computers, you can edit the deployment tasks for those computers. For more information, see Section 9.6.7, Configuring the Installation Package for Deployment Tasks.
To most of the agent computers, update the rule. You must delete existing deployment tasks created by the rule before new deployment tasks with the updated configuration are generated.
To change the properties of a rule:
Log in to Control Center with an account that has permissions to create, delete, and modify rules.
In the Navigation pane, click Deployment.
Click Rules to display a list of rules, and then click the rule you want to modify.
In the Tasks pane, click Edit Deployment Rule to start the Deployment Rule Wizard and edit the selected rule. For more information about fields on a window, see the Help.
After you edit the rule, enable the rule. For more information, see Section 9.5.11, Enabling and Disabling Deployment Rules.
As a convenience you can copy an existing rule and then modify it to meet your needs. After you copy a rule, its status is Disabled.
To copy a rule:
Log in to Control Center with an account that has permissions to create, delete, and modify rules.
In the Navigation pane, click Deployment.
Click Rules to display a list of rules, and then click the rule you want to copy.
In the Tasks pane, click Make Deployment Rule Copy.
The name of the copied rule is prefixed with Copy of <rule name> where <rule name> is the original rule name.
After you delete a rule, you cannot restore it. If you want to temporarily prevent the rule from generating deployment tasks, consider disabling it. For more information, see Section 9.5.11, Enabling and Disabling Deployment Rules. When you delete a rule, you are prompted to confirm you that want to delete the rule.
You can disable the confirmation to delete a rule by configuring the Control Center options. For more information, see Section 3.2.3, Deployment Options.
To delete a rule:
Log in to Control Center with an account that has permissions to create, delete, and modify rules.
In the Navigation pane, click Deployment.
Click Rules to display a list of rules, and then click the rule you want to delete.
In the Tasks pane, click Delete Deployment Rule to delete the rule.