Configuring Inventory Collection
As well as importing inventory information gathered by external tools, IT Asset Management can take inventory of computers directly, either by installing FlexNet Inventory Agent on a target computer or by using remote execution. Either method of inventory gathering requires a simple web server configured on the inventory beacon. As well, if this inventory beacon acts as a 'parent' through which 'child' inventory beacons channel their uploads/downloads, the same web server needs to be in place.
The local web server for inventory gathering cannot be activated until the inventory beacon has downloaded and imported its configuration file, and is able to communicate with IT Asset Management (for details, see Register an Inventory Beacon). Once the upstream communication is in place, you can configure the web server for downstream communications to and from inventory targets.
You can choose between a simple, self-hosted web server, and Microsoft IIS. One of the main purposes of this procedure is to advise the downstream devices how they are to communicate with the inventory beacon through the web server you have configured.
If that web server is to use basic authentication, make sure you have the account credentials (user name and password) ready, and that if you are using IIS, this account has access permissions for IIS. Consider using a long-running service account (see Changing IIS Passwords on Inventory Beacons for more insight).
To configure the local web server:
-
In the inventory beacon interface, select the Local
web server tab.
By default, the first radio button is selected, so that there is no web server running on the inventory beacon. While this choice is selected, no inventory can be collected, whether by an installed FlexNet Inventory Agent or by remote execution. Nor can child inventory beacons upload through this server.
-
Choose which web server to configure.
The following are the main differences between the web servers:
To choose the self-hosted web server, continue here. To choose the IIS web server, skip forward to step 4.Feature Self-hosted web server IIS web server Protocol Supports only HTTP Supports HTTP and HTTPS Authentication Supports only anonymous authentication Supports anonymous or Basic Authentication Port Port number is configurable Target devices will recognize only the default port numbers (port 80 for HTTP protocol; port 443 for HTTPS protocol). Number of concurrent connections Limited to 100 connections per CPU core in the inventory beacon server. Configurable, with the default value being the maximum of 4,294,967,295 connections. Connection to SAP
Not supported.
Required.
-
Select the Self-hosted web server radio button, and if
necessary adjust the controls that become enabled for this choice:
-
Set or clear the check box for Configure Windows
Firewall.
When this check box is clear, the inventory beacon makes no attempt to change the settings of Windows Firewall. When it is set, the inventory beacon attempts to configure only the port number you choose in the next field.
-
Specify the port number on which managed devices should access this web
server to upload inventory data, or leave the default value of
80.
It is best practice to set this value once while configuring the inventory beacon, and then not change it during operation.Important: Be extremely careful about modifying this value once the inventory beacon is operational. The inventory beacon sends this port number to all the devices it is targeting for inventory collection as they are adopted into management (and the inventory agent is installed).
- When a managed device can see only one inventory beacon, or when all alternative inventory beacons are using Basic Authentication, managed devices will be 'orphaned' by a change in port number: they continue to fail in attempts to upload to the old port number. The cure for orphaned managed devices is to revert the port number on the inventory beacon to the initial value it had when the inventory beacon was configured and the managed devices were adopted.
- The only circumstance in which you can change the operational port number on this web server is when all its managed devices can also see at least one other inventory beacon that is using anonymous authentication. In this case, the inventory beacons know of each other's existence (through their communication with IT Asset Management), and have configured applicable "fail-over" settings for each managed device. But be aware that, since no credentials are transmitted through IT Asset Management, a managed device cannot fail over to a beacon that uses Basic Authentication.
-
Click Save (at the bottom of the tab) to send
these settings to the targeted devices.
Your work here is done, and you may skip the next step.
-
Set or clear the check box for Configure Windows
Firewall.
-
Select the IIS web server radio button, and if necessary
adjust the controls that become enabled for this choice:
-
Check HTTPS to advise targeted devices that you
have configured Microsoft IIS to use the HTTPS protocol. Leave clear if
targeted devices should use the HTTP protocol to request updates and
return inventory data.
When using Basic Authentication, keep in mind that credentials are transmitted Base-64 encoded but not encrypted. In this case, using HTTPS protects your credentials. If you set this check box, when you click Save an alert appears to remind you that the inventory beacon is not changing IIS settings, but merely communicating them to the targeted devices:
The beacon will not configure IIS for use with HTTPS. Please manually configure IIS to use HTTPS.
-
Decide whether this inventory beacon should act as a
fail-over location where managed devices (while unable to access their
normal inventory beacons) can download updated
configuration information.
- Yes: The inventory beacon must use anonymous authentication (because inventory beacons with other authentication settings are excluded from the list of fail-over locations distributed to installed inventory agents). To achieve anonymous authentication, ensure that the check box Use Basic Authentication remains clear (not selected).
- No: You may select the check box Use Basic
Authentication (and remember to provide
credentials below). After saving your settings in the inventory beacon interface, you must use the
configuration pages for IIS to do the following:
- Set Basic Authentication for the ManageSoftRL (reporting location, for uploads)
- Set anonymous authentication for the ManageSoftDL (download location). This allows installed inventory agents that are locked to this inventory beacon to receive changes like new passwords, while all uploads use Basic Authentication set for the ManageSoftRL.
If you set this check box in the inventory beacon interface, when you click Save an alert appears to remind you that the inventory beacon is not setting up the account, but merely communicating the credentials to managed devices:Please manually ensure that the specified account has permissions for IIS.
Important: If you do not configure Basic Authentication in IIS for ManageSoftRL, so that it matches your choice of Basic Authentication in the inventory beacon interface, the FlexNet Inventory Agents fail to upload to the inventory beacons, giving an HTTP 409 error. Please ensure that there are matching settings in the inventory beacon and in IIS.
-
Enter the Username and
Password for the account that managed devices
should use when accessing IIS with Basic Authentication.
Tip: This account must either be a local account on the inventory beacon, or an account in Active Directory. In either case, it must have access permissions for IIS.Important: Be extremely careful about modifying these credentials once the inventory beacon is operational. The inventory beacon sends these credentials to all the devices it is targeting for inventory collection as they are adopted into management (and the inventory agent is installed). If you (for example) change the password, managed devices using the old password will be 'orphaned' when the original password expires, unless you have configured the download location for anonymous authentication as described above. For approaches to managing password changes, see Changing IIS Passwords on Inventory Beacons.
- Click Save (at the bottom of the tab) to send these settings to the targeted devices.
-
Check HTTPS to advise targeted devices that you
have configured Microsoft IIS to use the HTTPS protocol. Leave clear if
targeted devices should use the HTTP protocol to request updates and
return inventory data.
IT Asset Management (Cloud)
Current