This section explains the considerations for installing Systemwalker Desktop Keeper.
For considerations relating to each particular function, refer to "Notes Relating to Functions" in the User's Guide for Administrator.
Network Environment
Use the following protocols to communicate:
[Management Server/Master Management Server] - [Management Server/Master Management Server]: HTTP
[Management Server/Master Management Server] - [Management Console]: HTTP
[Management Server/Master Management Server] - [Client (CT)]: TCP/IP Socket communications
[Management Server/Master Management Server] - [Log Analyzer Server]: TCP/IP Socket communications
[Management Server/Master Management Server] - [Web Console]: HTTP
HTTPS is recommended.
[Log Analyzer Server] - [Report Output Tool]: TCP/IP Socket communications
When the communication data packet is restricted by the firewall between Management Server/Master Management Server and Client (CT), or Management Server/Master Management Server and Management Server/Master Management Server, the server must be configured in a place where communication with the client (CT) can be performed. At this time, it will be closed within the domain area available for communication, and multiple independent systems that are not linked will start working.
Communication between the Management Server or the Master Management Server and a client (CT) is encrypted.
Therefore, there are restrictions on unencrypted communications, such as communication with a client (CT) of V14.3.1 or earlier to which the communication encryption update has not been applied.
You must apply the urgent updates that were released in and after September 2014 to clients of V13.3.0 to V14.3.1, or upgrade to V15.1.
Clients of V13.2.1 or earlier cannot be used. They must be upgraded to V15.1.
After the Management Server is upgraded to V15.1, only a client of V15.0 or V15.1 can be installed.
When communication between segments is restricted due to the use of VLAN, servers that can communicate directly must be set in each domain, which means that multiple Systemwalker Desktop Keeper servers need to be set.
When performing the following communications, ports 137-139 and port 445 must be opened.
When the printing logs of printing jobs performed on the printer server are not obtained, it is unnecessary to open these ports.
Communications between Master Management Server and Management Servers
Communications between Master Management Server and client (CT)
Communications between Management Server and client (CT)
If there is a NAT (Network Address Translation) environment between the server and the client (CT), the following types of communication cannot be performed:
Immediate sending of a policy from a Management Server or Master Management Server to a client (CT)
Remote acquisition of materials by a Management Server or Master Management Server from a client (CT)
Setting of a CT debugging trace by a Management Server or Master Management Server for a client (CT)
Retrieval of a list of services from or control of services in a client (CT) by a Management Server or Master Management Server
Retrieval of a list of processes from or control of processes in a client (CT) by a Management Server or Master Management Server
Communication of the self version management feature from a client (CT) of V15.0 or earlier to a Management Server or Master Management Server
Registration of a client (CT) by a client (CT) of V12.0L20 or earlier to a Management Server or Master Management Server
Policy retrieval request from a client (CT) of V12.0L20 or earlier to a Management Server or Master Management Server
When connecting the Management Server/Master Management Server with the client (CT) through a VPN connection, the operations of Systemwalker Desktop Keeper, such as the collection of E-mail sending logs, may be affected. It is recommended to confirm the operations in advance when operating under such environment.
If using a firewall in the Log Analyzer Server, open the port to be used by it. For information regarding the port used by the Log Analyzer Server, refer to "Port Numbers and Services" of Reference Manual.
IPv6 addresses can be used.
If using Log Analyzer in an environment that uses IPv6 addresses, host name resolution is required.
Do not use link-local addresses. Behavior is not guaranteed if link-local addresses are used.
The client (CT) must have resolved (forward or reverse lookup) the name of the Management Server or Master Management Server.
The Management Server must have resolved (forward or reverse lookup) the name of the Master Management Server, or the Master Management Server must have resolved (forward or reverse lookup) the name of the Management Server.
Line switching (dial-up) adapters cannot be used in clients (CT) because they cannot communicate with the Management Server.
Virtual Environment
In a provisioning environment, depending on settings, user data may be discarded during shutdown of the virtual PC. If the log storage folder is in the disk of a virtual PC, accumulated operation logs and violation logs may be discarded. Take any of the following measures to prevent logs from being discarded:
In the settings of the virtual environment, set to not discard user data on the virtual PC.
In the settings of the provisioning environment, set an area in which user data will not be discarded and save the log saving folder in this area.
In case of a dirty shutdown of the virtual PC (cut off the power of the virtual PC by force, etc.), and in case of a dirty shutdown of the running terminal of the virtual PC (cut off the power of the physical PC or Hypervisor, etc.), operation logs and violation logs may not be saved. Be sure to shut down the virtual PC and physical PC by normal procedure.
For a clone PC, since it is not managed on the Management Server, CT policy and user policy cannot be applied immediately. Apply user policy after logging off and then logging on again.
Installer
Considerations for using Unicode characters
When the ID for logon to Windows is a user ID (*1) that contains Unicode-specific characters, an error will occur in all installers during the installation process and installation will be interrupted.
*1: Applicable to a device in which a user ID that contains Unicode-specific characters was used during the installation process or at least once for logon.
If a Windows firewall is enabled in any of the following OS, after the product has been installed, register the port number used in the product as "Exception" in the firewall and open the port.
Windows Server(R) 2003
Windows Server(R) 2008
Windows Server(R) 2012
Windows Server(R) 2016
Windows Vista(R)
Windows(R) 7
Windows(R) 8
Windows(R) 10
Management Server/Master Management Server
If the IP address specified using the Server Settings Tool differs from the actual IP address, the Management Server or Master Management Server service will not start.
Do not make significant changes to the system time of the Management Server and Master Management Server. When the system time is modified, the Management Server and Master Management Server may not run normally.
When the system time is modified significantly, restart the Management Server and Master Management Server.
The logon information in the Server Settings Tool and the execution information of the Active Directory Linkage will be output to the event log (application).
When Systemwalker Desktop Keeper V14.3.0 or earlier is upgraded, the Web Console is provided as a 32-bit application. When the Management Server or Master Management Server is installed, IIS is set automatically to create 32-bit worker processes. As a result, 64-bit applications can no longer be used in IIS.
When Systemwalker Desktop Keeper V15.0.0 or later is first installed to a 64-bit operating system, the Web Console is provided as a 64-bit application. As a result, 64-bit applications can be used in IIS.
To allow client (CT) to access the Management Server/Master Management Server via the Internet, configure the settings for secure communications on the Management Server/Master Management Server.
In the environment where the client (CT) accesses the Internet through the proxy server, when making the client (CT) access the Management Server or Master Management Server through the Internet, perform the proxy server settings using the CT operation parameter information file on the Management Server or Master Management Server. For details, refer to "CT operation parameter information file" in "Reference Manual".
Log Analyzer Server
When the log data aggregation results and the number of target items exceeds 2GB and the available disk space is not enough, aggregation processing and result display or report output will not run normally and an error will occur.
About character data
Non-Shift JIS characters (such as Unicode characters that do not have a corresponding Shift JIS, including JIS2004, code) cannot be used in strings (such as an installation path, folder path, user ID or password) to be set in the Log Analyzer Server. Non-Shift JIS characters cannot be used for Log Analyzer users (Windows accounts that will log on to Windows) either.
Non-Shift JIS characters will not be handled correctly. For example, they will be converted to other characters or an error will occur.
However, in the Keyword column of Aggregate by Objective of Log Analyzer (Web Console), and in the Keyword column of Screening Condition Settings of the Configuration Management window, Unicode characters including JIS 2004 can be used.
Relay Server
Only CT policies can be applied to smart devices (agent). User policies cannot be applied.
Even if a smart device (agent) is not being operated, data communication will be periodically performed (policies are periodically sent and received, and operation logs are periodically sent) between a smart device (agent) and the Relay Server. Preferably use a fixed price plan for data communication from your smart device (agent).
Reinstalling the Relay Server initializes the information regarding connection to the database. Use SDSVSetMS.EXE (Change Configuration of Relay Server) to reset the information regarding connection to the database. Refer to "SDSVSetMS.EXE (Change Configuration of Relay Server)" in the Reference Manual for details on the command.
Management Console
In a 3-level system structure, the Management Console can be installed in both the Management Server and Master Management Server. If a Policy is set from multiple Management Consoles, the Policy that was set last is reflected in the client (CT).
Client (CT)
When applications similar to Systemwalker Desktop Keeper control, such as the filter driver control that restricts writing in devices and the hook method (when installing products like INSTANT COPY), exist at the same time, operation will not be guaranteed. Moreover, VMware ThinApp does not operate properly due to a conflict with the hook method of Systemwalker Desktop Keeper.
Behavior is not guaranteed if the client (CT) coexists with an application that uses a local proxy to control Internet access.
After upgrading an OS with the client (CT) installed, the client (CT) may not run normally. (for example, upgrading from Windows(R) 7 to Windows(R) 8)
When upgrading the OS, perform the upgrade after uninstalling the client (CT), and then install the client (CT) again. To associate and register the client with the same CT as previously during reinstallation, open the System settings window in the Server Settings Tool and specify Not use for OS Type in the conditions for determining an identical CT during CT registration.
Moreover, you can restore Windows(R) 10 to the pre-upgrade version. (for example, restoring to Windows 8.1 after upgrading to Windows(R) 10).
In this case, if the client (CT) is installed, it will no longer operate properly. Perform the same procedure as that when upgrading the operating system.
When a new CD/DVD device is connected for the first time, restart. Without restarting, the newly connected CD/DVD device will not work properly.
If an export prohibition for the CD/DVD has been set, the DVD-ROM (DVD-Video) or CPRM DVD may not be playable in the DVD play software. Remove the export prohibition for the CD/DVD temporarily, or use another DVD play software.
The CT cannot coexist with "Net screen Remote" of Juniper Corporation. It can be run by uninstalling the Virtual Adapter function of "Net screen Remote".
In addition, in an environment where there is coexisting VPN software (such as Net screen Remote), communication may fail.
In an environment where there is a coexisting capture product, neither function may run normally.
When the client (CT) is installed on the computer with Virus Buster 2007 installed, the "Network connection environment has been changed" dialog box of Virus Buster 2007 may be displayed, but this is okay.
When the OS of the client (CT) is Windows Vista(R), Windows(R) 7, Windows(R) 8, Windows(R) 10, Windows Server 2008(R), Windows Server(R) 2012, or Windows Server(R) 2016 and authority promotion is allowed and operation can be continued in UAC, the following logs cannot be collected:
The printing log oriented for network printer
The structure change log of network driver
Under the environment with TC Plink installed, after the PrintScreen key has been pressed, the network printer may print two pieces of paper.
Modify the settings of this network printer from "Lan Manager Printer Port" to "Standard TCP/IP Port".
In an environment using an Intel LAN adapter under Windows Vista(R) (No Service Pack), when using the "Receiving scaling" function of the LAN adapter, E-mail may not be sent. Use Windows Vista(R) Service Pack 1 or later.
When Shutting down or Restarting Computer
When shutting down or restarting the Management Server and Master Management Server, it is necessary to follow the steps below.
Note
How to stop server correctly
In order to prevent loss of previous logs of the client (CT) saved in the database, be sure to follow the steps below.
When the Windows Services window is displayed in the Management Server or Master Management Server, select the following services, and select "Stop" from the "Action" menu. It may take about 30 seconds to 1 minute to stop. In addition, immediately after restarting SWServerService or after the date has changed (00:00), available space in the database will be checked. This check takes approximately 15 minutes, and services may not stop during this time. Wait for a few moments and then check if the services have stopped.
SWLevelControlService
SWServerService
PostgreSQL RDB SWDTK
Shun down or restart the Management Server/Master Management Server.
Restrictions of Remote Operation
Under the following environments, operations such as "Remote Desktop Connection" of Windows cannot be performed through the Windows Terminal Service. It is the same when the session of a remote connection remains. Be sure to log off after establishing a remote connection.
When shifting command is used to perform a version upgrade of Systemwalker Desktop Keeper V13.0.0/V13.2.0/V13.2.1
An environment in which a version prior to V13.2 of the following products that share a database with Systemwalker Desktop Keeper is installed before Systemwalker Desktop Keeper:
Systemwalker Centric Manager
Systemwalker Desktop Patrol
Systemwalker Desktop Rights Master
When Performing System Backup
When the system backup software is used in the Management Server/Master Management Server/Log Analyzer Server for system backup, note the following:
Even if the Management Server, Master Management Server, or Log Analyzer Server is installed to a drive other than the system drive, some Systemwalker Desktop Keeper programs will be installed to the system drive.
Perform backup and restore for both the installation drive and the system drive.
It is required to stop the service during backup. Perform backup according to the following procedure:
In case of Management Server/Master Management Server
When the Windows Services window is displayed in the Management Server or Master Management Server, select the services in the following order, and select "Stop" from the "Action" menu. It may take about 30 seconds to 1 minute to stop. In addition, immediately after restarting SWServerService or after the date has changed (00:00), available space in the database will be checked. This check takes approximately 15 minutes, and services may not stop during this time. Wait for a few moments and then check if the services have stopped.
SWLevelControlService
SWServerService
PostgreSQL RDB SWDTK
PostgreSQL RDB SWDTK2
After system backup has completed, start the stopped serviced in the following order:
PostgreSQL RDB SWDTK2
PostgreSQL RDB SWDTK
SWServerService
SWLevelControlService
In case of Log Analyzer Server
Confirm the Log Analyzer functions that are not used.
When the Windows Services window is displayed in the Management Server or Master Management Server, select the services in the following order, and select "Stop" from the "Action" menu. It may take about 30 seconds to 1 minute to stop.
SymfoWARE RDB SWDTLA
After system backup has completed, start the stopped services in the following order:
SymfoWARE RDB SWDTLA
64-bit support
64-bit components cannot be installed to a 32-bit operating system.
64-bit components cannot be upgraded in a 32-bit component environment. Upgrade installation is not supported for the Log Analyzer Server.
Connection between the Management Server and the Log Analyzer Server is possible only when both are the same version (32-bit or 64-bit).
Only the 64-bit version can coexist with a 64-bit WSUS server. Similarly, only the 32-bit version can coexist with a 32-bit WSUS server.
The Report Output Tool does not support the 64-bit version of Microsoft(R) Office.
