Getting just one machine into the Panorama9 Dashboard is a mere start and manually installing P9 Agent is a bit of a drag. Let us look at ways to automate P9 Agent deployment:
- Remote install on Microsoft Windows
- Remote install on Mac OS X
- Send email with installation link
- Manually (aka the sneaker way)
Remote install on Microsoft Windows computers
There are at least 5 ways to get the Panorama9 Agent installed on Microsoft Windows devices. Choosing the right way depends on the options available in your network and may involve only one or a combination of them all.
Managed deployment (recommended)
Push the Panorama9 Agent to discovered machines. You can use the built-in deployment solution to automatically spot machines in your Microsoft network and have Panorama9 distribute agents to the discovered computers. This approach will automatically attempt to warn you about any problems encountered, and pick the correct installer type for the device.
Each machine pulls the Panorama9 Agent from a central software repository and installs it. The Panorama9 Agent comes as both a .MSI package and .EXE file that you can use with e.g. a Microsoft ActiveDirectory Group Policy. The pull methods co-exists without problems with the Panorama9 deployment service so you may use them jointly.
This approach is recommended if you have configured your client devices to disallow WMI/RPC requests. The downside is that it requires .NET to be preinstalled and generally takes longer as devices will need to reboot before they will process the GPO policy.
This is a complementary approach to the previous two solutions. Unlike GPO policies, this will allow installing the .NET dependencies alongside the agent. An example logon script is provided below.
Otherwise it has the same pros and cons as the GPO policy approach.
You can simply mail your users with an installation link. This will probably not give you 100% coverage right away but it is a simple practical solution for a network with little centralized management.
This encompasses walking around to each device. This is recommended only if your machines are not part of a domain, or otherwise unreachable.
Which solution you should choose is up to you. Each have their advantages and drawbacks, but setting them up is simple. Should you end up using a combination then it is not going to be a hassle - you may even learn some new tricks. And it will ensure a higher probability that all IT assets in you environment is monitored by Panorama9.
Remote install using the P9 deployment feature (recommended)
Using the Panorama9 deployment system is probably the easiest way. It only requires that you manually install the agent on one machine and enable the "Microsoft AD integration" feature during setup. Once done you then control the roll-out through the Panorama9 dashboard.
Installing the Panorama9 Agent on at least one machine with the"Microsoft AD integration" feature enabled is always recommended. Beyond the ability to remotely install the agent, it also spots active machines in your network without an agent installed. This makes it easy to see if you're getting the full picture or not. Furthermore your existing Active Directory groups are imported into the dashboard, so you can apply policies to groups of machines.
You may choose to enable the "Microsoft AD integration" feature on multiple machines (minimum recommendations is at least on 1 machine, preferably a server). Once enabled, you can configure how to deploy to other machines in your network through the dashboard when navigating to "Manage" -> "Deployment".
Install the P9 Agent using GPO
You can use a Group Policy Object (GPO) and then through the Microsoft ActiveDirectory (AD) instruct machines to install the Panorama9 Agent when the user restarts or turns on the computer. The main difference between using a GPO or the deployment system is that machines will pull the agent from a local share and install it during login.
This method requires that you download the .MSI version of the agent and save it on a network share that the machines have access to and then apply the GPO configuration to the relevant AD Organization Unit (OU).
To download the latest agent login to the Panorama9 Dashboard and click on the download link. Note that the agent will automatically update itself if a newer version is available (you're not required to constantly update your installation point).
Open the "Group Policy Management" editor found under "Administrative Tools" and edit existing policy or add a new. Navigate to "Computer Configuration" -> "Software Settings" -> "Software installation" and add new "Package". Select the downloaded .MSI file but most importantly is it that you use a path that all machines in your network are able to access.
Once configured allow ample time for the machines in your network to inherit the GPO and install the agent. New machines added to the network will also have the agent installed when the computer object resides in a OU that includes the GPO.
Before the Panorama9 agent can be installed the following dependencies must be met:
- MS .NET Framework 3.51 or higher
- MS Windows Installer 3.1 or higher
Failure to comply will result in the agent not being installed and an error written to the System Event log. You can use the same GPO to include and also install needed dependencies (remember the order you add .MSI packages to the GPO is important and the agent should be added last), but it's recommended that you begin trying with only installation of the Panorama9 agent. Chances are high that your machines already have the dependencies installed.
Install the P9 Agent using a logon script
You may configure a login script that instructs machines to install the Panorama9 Agent. Download the .EXE version of the agent and save it on a network share all machines have access to and add needed scripting code to the logon script. The Panorama9 installer will check for required dependencies and install missing components (a feature that isn't possible with the .MSI package).
To download the latest .EXE version of the agent, sign in to the Panorama9 Dashboard and click "Download". Select and download the "P9Agent.exe". Note that the agent will automatically update itself when a more recent version is available (you're not required to constantly update your installation point).
Add the following to the login script:
IF EXIST "%ProgramFiles(x86)%" goto 64bit
IF NOT EXIST "%ProgramFiles%\Panorama9\Panorama9.Agent.Service.exe" (\\share\path\P9Agent.exe -q)
IF NOT EXIST "%ProgramFiles(x86)%\Panorama9\Panorama9.Agent.Service.exe" (\\share\path\P9Agent.exe -q)
Note: Please replace "\\share\path" with the network share where you copied the Panorama9 agent to.
If the logon script runs in User level context the user that logs in to the machine must have administrative rights to complete the installation. It's recommended that you configure the logon script to run in Computer level context if users doesn't have administrative rights on their own machines - remember that workstations must have read access to the network share (e.g. verify that the group "Domain computers" and "Domain controllers" have "Read access").
When the user logs in the machine will only install the agent if not already done. Installation will be completed within seconds and without displaying any dialog or prompting for answers.
Remote install on Mac OS X computers with ARD
If you have a lot of Macs in your organization, you would probably prefer not to have to walk to each and every one of them to install the Panorama9 Agent for macOS. Unlike Microsoft Windows machines, which are often bound to an Active Directory, Macs are often set up as standalone machines and this complicates the procedure a bit.
The remainder of this article will describe how to deploy the agent with Apple Remote Desktop. Note that it is also possible to use Open Directory for all, or parts, of this job if you have it installed.
To use this approach, you must have the Apple Remote Desktop application and a valid user on each of your Macs.
First, each Mac must be enabled for "Remote Management". If you do not have Remote Management, but do have Remote Login (with SSH) enabled, you can skip a few steps and use this Apple guide (http://support.apple.com/kb/HT2370) to remotely enabled Remote Management. Otherwise, follow the procedure outlined here:
After you have done this, the Mac can be remotely managed. Now you can mount the Panorama9 agent disk image.
Open Apple Remote Desktop.
Select all of your Macs. If you do not have all your Macs in the "All Computers" view, you can use the scanner to find them, or the + button at the bottom to add by individual IP address. Click the "Install" button which opens the Install Screen.
First, click the + button under the Packages list, find the mounted Panorama9 Agent image and select the "Click me, please" icon. Then press the Install button.
And that should do it.
Send download link to users via email
Sometimes it may not be practical to orchestrate deployment centrally - you may have branch offices, use a work group and so forth.
Copy the P9 Agent download link and share it with you users via email. For Microsoft Windows users we recommend using the .EXE installer as it comes bundled with Microsoft .NET.
Note: Installation requires the user has local administrative privileges.
Manually (aka the sneaker way)
Put the installer on a USB flash drive and visit each machine. At least it will give you a chance to visit colleagues and stretch your legs.
For Microsoft Windows it's recommend that you install using the .EXE version of the Panorama9 Agent, so any missing dependencies are automatically installed. The installation requires that you are logged in as an user with at least local administrative privileges, since the agent creates two new services that will run under the "Local System account".