9.2 How Does Deployment Work?

This section describes how you can use the Control Center console to deploy agents and modules on agent computers. Control Center needs the following to successfully deploy agents on a Windows computer:

  • Deployment rules

  • Deployment Service and deployment server

  • Deployment Web Service and Web Depot

You will follow the same basic steps to deploy agents and modules on Windows agent computers.

To deploy agents and modules on agent computers:

  1. Verify the default deployment credentials, schedule, and notification emails. For more information, see Section 3.2.3, Deployment Options.

  2. If necessary, check in an installation package. The Control Center console installs with a default set of installation packages, and you can add or upgrade installation packages as they become available. For more information, see Section 9.4, Managing Installation Packages.

  3. Create a deployment rule or modify an out-of-the-box deployment rule, and then enable the rule. For more information, see Section 9.5, Working with Deployment Rules.

  4. Approve the deployment task created by the deployment rule. For more information, see Section 9.6, Managing Deployment Tasks.

  5. View the results. For more information, see Section 9.7, Viewing the Results.

9.2.1 Deployment Rules

Once you install the Control Center deployment components, you use the Control Center console to configure a deployment rule.

A deployment rule consists of a list of agent computers, a set of installation packages you want to install, the credentials needed to perform the installation, and a deployment schedule. For your convenience, Control Center includes default rules to install some of the out-of-the-box installation packages, including the NetIQ AppManager Windows Agent. For more information, see Section 3.2.3, Deployment Options.

The Control Center console provides an easy-to-use wizard interface to help you create deployment rules. Deployment rules allow you to identify computers where you want to install agents and modules based upon a variety of criteria, including the following:

  • Agent

  • Domain

  • Specific computers

  • Computer list file

  • Management groups in the Control Center console

AppManager will not install any modules unless you first install the AppManager agent on the computer you want to monitor. For more information about creating deployment rules, see Section 9.5.1, Creating or Modifying Rules.

9.2.2 Enabling Deployment Rules and Generating Deployment Tasks

You must first enable a deployment rule before you can generate deployment tasks with the rule. To enable a rule, you need to verify the credentials, schedule, and email notification (if any) for the rule. If an installation package requires configuration, you must also configure the package before you can enable a deployment rule. For more information, see Section 9.5.11, Enabling and Disabling Deployment Rules.

Once you enable a rule, the Deployment Service generates a deployment task for each installation package on each agent computer. For example, if a rule has five agent computers and three packages to install, the Deployment Service generates a maximum of 15 deployment tasks. A deployment task is not generated if:

  • An installation package is already installed on an agent computer.

  • The agent computer does not pass pre-deployment checks for the installation package.

You must approve each deployment task created by the deployment rule before the deployment tasks will run.

9.2.3 Deployment Service and Deployment Server

The Deployment Service communicates with the CCDB to process deployment rules and tasks. Tasks run on the agent computer using credentials provided in the deployment rule.

The computer where you install the Deployment Service is the deployment server. If you configure more than one Deployment Service to work with your CCDB, you can configure a deployment rule to deploy the agent or modules by using a certain deployment server.

The Deployment Service must be configured to run as the Local System account. If the Deployment Service is not configured to run as the Local System account, you might encounter problems with the Background Intelligent Transfer Service (BITS), which the Deployment Service uses to communicate with the Web Depot.

NOTE:Multiple Deployment Services allow for collocating with network segmented (firewall) AppManager agents in your environment.

For more information about specifying the Deployment Service, see Section 9.5.7, Deployment Service.

9.2.4 Deployment Web Service and Web Depot

The agent uses the Deployment Web Service to communicate with the deployment server. The Deployment Web Service consists of two web services that you install on a Microsoft Internet Information Services (IIS) server. The computer where you install the Deployment Web Service and check in the installation packages is the Web Depot.

The Deployment Web Service performs the following actions:

  • Checks in installation packages to the Web Depot.

  • Distributes installation packages to the Deployment Services. The Deployment Web Service uses Microsoft Background Intelligent Transfer Service (BITS) server extensions to distribute installation packages to the Deployment Service.

  • Communicates with Deployment Services that are across a firewall.

The following figure illustrates a simplified view of this architecture:

For more information about AppManager ports, see the Installation Guide for AppManager, available on the AppManager Documentation page.

9.2.5 Communication Flow Between the Remote Deployment Components

When you approve a deployment task:

  • The Deployment Service checks the CCDB and identifies the approved task.

  • The Deployment Service retrieves the corresponding installation package from the Web Depot on the deployment Web server and runs the installation package according to the configuration of the deployment rule on the agent computer.

  • The Deployment Service scans the list of agent computers. For default computer detection interval, this happens after you enable the rule. For non-default computer detection interval, the interval must pass after you enable the rule, before the Deployment Service scans the list of computers. If a computer is found that matches the rule, the Deployment Service generates a deployment task. The deployment task only runs if the task is scheduled to run at a particular time or if the task must be manually approved.

  • The Deployment Service updates the task status to Active while the task is being processed and then Completed once the installation has completed.

  • The agent computer reports software inventory information back to the management server. For example, if you installed the AppManager agent, software inventory information would include the version of the agent.

    If you have version 7.x agents in your environment, those agents report software inventory information back to the Deployment Web Service.

  • The management server forwards the software inventory information from the AppManager agent to the QDB, and the command queue service manages a process that synchronizes the information from the QDB to the CCDB.

    For version 7.x agents, the Deployment Web Service forwards the software inventory information from the AppManager agent to the CCDB.

  • The Control Center console retrieves the software inventory information from the CCDB.

The following figure illustrates a simplified view of the communication flow between version 8.0 and later remote deployment components: