Configuring Workspaces

Version 15

    Verified Product Versions

    LANDESK Management Suite 2016.x

    Intended Audience

    This document describes how to configure the ‘Workspaces’ application for customers who have LANDESK Management Suite or Security Suite 9.6 SP1 or above; LANDESK Service Desk 7.8.1 or above; or Wavelink Avalanche on Demand.

     

    What are Workspaces?

    LANDESK has released a new add-on product for all their existing customers called ‘Workspaces’ which is built on a new web-based platform called BridgeIT, and on which Workspaces for all the different user types in your organisation will exist. The platform is deliberately designed to match common web standards in terms of appearance and functionality, and is fully responsive so can be used across a range of devices while still presenting the data in an appropriate way. There are hybrid apps available for iOS, Android and Windows as well as full support for all major browsers.

    At present the workspaces available are:

     

    End User

    For Management Suite customers this provides a place from which to install published software and a place to access documentation and other downloads. It is offered as an alternative to LaunchPad/Portal Manager and is planned to be a replacement for that in due course.

    For Service Desk customers this provides an application where users can log and keep track of their incidents and requests along with any other data published to them, it also includes a Service Catalog view. The content in this workspace is an interpretation of that which has been configured for Web Access Self Service, including all existing shortcuts and dashboard designs. Offering this workspace to your end users is therefore optional alongside your existing Web Access Self Service.

    IT Analyst

    For Management Suite customers this offers the addition of a simple dashboard containing information pertaining to the logged in users’ tasks, as configured in the console, and data about the users and devices in the database.

    For Service Desk customers this provides access to the Web Desk ‘Home’ Dashboard for any analyst who logs in. Depending on how this dashboard is designed this can offer them access to their most used shortcuts, queries and dashboards in order that they can do many of their most common functions in the application. The plan is to migrate all existing Web Desk functionality to this workspace over time.

     

    I want it, what do I need to do?

    The other sections of this document describe how to set up Workspaces depending on your product suite and preferred logon policy. Continue reading to help you choose which section(s) to follow.

    Which LANDESK solutions have you got?

    The first thing you need to do is identify which LANDESK products you have in your environment, as the way you configure Workspaces will differ depending on which products you are integrating with. You will have at least one of the following products, but you should know before you continue if you have any of the others:

    • LANDESK Management Suite or LANDESK Security Suite
    • LANDESK Service Desk
    • Wavelink Avalanche on Demand (note, you must also have LANDESK Management Suite to be able to integrate with Wavelink AOD)

     

    What logon policy do you want to use?

    If you have only LANDESK Service Desk then you have the option to use an Explicit (Service Desk credentials) logon policy for access to the Web application via browsers. However, if you plan to integrate with any of the other LANDESK software solutions listed above or want to deploy the hybrid apps you must use the Secure Token Service (STS) logon policy.

     

    Secure Token Service (STS)

    STS is used by LANDESK to authenticate users of the software via Active Directory (AD). An STS server is installed automatically with LANDESK products so there is very little extra configuration required to use this for authentication purposes.

     

    LANDESK Management or Security Suite Only

    As part of the 9.6SP1 Workspace patch installation, a web app called Configuration Center is added on your core server. This application manages web applications you may need in your configuration, including workspaces. The installer tries to configure everything automatically for you so you can navigate to http://<servername>/my.BridgeIT in a browser and get the login page. If however it doesn’t, below are some steps on manually configuring everything.

    1. 1) Navigate to configuration center, this is at http://<core server name>/ConfigurationCenter
    2. 2) Log in. The default credentials are:

     

    Username = sa

    Password = administrator

    This has changed in LDMS 2016: LDMS 2016 Configuration Center Log In

     

    NOTE: you can change the username and password after you have logged in the first time

    1. 3) You should now see a list of all the instances that are configured. The default one is called ‘My’. Click this to view the applications.
      1. If there is no instance listed, you can create one by clicking ‘Create Standard Instance’. Set the instance name to ‘My’.
    2. 4) You should see an Application called ‘My.BridgeIT’ in the ‘Configured Applications’ list, click the ‘Edit’ button for this application.
    3. 5) In the dialog that appears, ensure the following values are set:

    Configuration Parameter

    Value

    Name

    <instance name>.BridgeIT

    Application Pool

    select from the list, usually ‘My AppPool1’

    Logon Policy

    Token Only

    LDSD Web API URL

    Leave this field blank

    LDMS Web API URL

    https://<core server name>/ldapi/api

    STS Issue Token URL

    https://<core server name>/STS/IssueToken

    Avalanche Enterprise Server URL

    Leave this field blank

    Avalanche Smart Device Server URL

    Leave this field blank

    Avalanche Company ID

    Leave this field blank

    Enable LDMS Agent Integration

    True

    1. 6) Click ‘OK’.

     

    LANDESK Service Desk Only

    Explicit Logon

    If you choose to use explicit logon for using Workspaces in web browsers (including mobile browsers) then you’ll need to follow the following steps:

    1. 1) On the Service Desk web server, navigate to configuration center (http://<web server name>/ConfigurationCenter) and log in using your credentials.

    NOTE: The default credentials are:

    Username = sa
    Password = administrator

    NOTE: You can change the username and password after you have logged in the first time.

    1. 2) Select your instance from the list of ‘Current Instances’.

    NOTE: The default name for an instance is ‘Service Desk’.

    1. 3) In the list of ‘Configured Applications’ locate the application that has a type of ‘Framework’ and take a note of the Name and application pool.

    NOTE: You may have several applications of the ‘Framework’ type. You need the one that has a logon type of ‘Explicit’. You can check which one has this value by clicking on the ‘Edit’ button and looking at which one has a ‘logon Policy’ of ‘Explicit Only’. If you do not have a Framework with this property you can create one by clicking the ‘Create’ action for the ‘Service Desk Framework’ in the list of ‘Available Applications’, it is recommended that you create a separate application pool for it.

    1. 4) In the list of ‘Configured Applications’ locate the application that has a type of ‘BridgeIT’ and click the ‘Edit’ button.

    NOTE: You may have several applications called BridgeIT, you want the one that you use for explicit login.

    NOTE: The default name for the application is ServiceDesk.BridgeIT. However, if you have upgraded from an earlier version of Service Desk, it may be called ServiceDesk.SelfService or ServiceDesk.Fuse.

    NOTE: If you don’t have an application type of BridgeIT in your instance you can add one from the list of ‘Available Applications’ by clicking the ‘Create’ link on the BridgeIT application.

    1. 5) In the ‘Edit Application’ dialog. set the properties as follows:

    Configuration Parameter

    Value

    Name

    Whatever this is already set to

    Application Pool

    select from the list, it should be the same one as the Framework from step #3

    Logon Policy

    Explicit Only

    LDSD Web API URL

    http://<server name>/<framework name from step #3 including instance name>

    LDMS Web API URL

    Leave this field blank

    STS Issue Token URL

    Leave this field blank

    Avalanche Enterprise Server URL

    Leave this field blank

    Avalanche Smart Device Server URL

    Leave this field blank

    Avalanche Company ID

    Leave this field blank

    Enable LDMS Agent Integration

    False

     

    1. 6) Click OK.

    Token Only

    Follow the steps above as for Explicit logon except use the Framework that has a logon policy of ‘Token Only’ (create one if it doesn’t exit) and when checking the configuration parameters for BridgeIT, use these:

    Configuration Parameter

    Value

    Name

    Whatever this is already set to

    Application Pool

    select from the list, it should be the same one as the Framework from step #3

    Logon Policy

    Token Only

    LDSD Web API URL

    http://<server name>/<framework name from step #3 including instance name>

    LDMS Web API URL

    Leave this field blank

    STS Issue Token URL

    https://<server name>/STS/IssueToken

    Avalanche Enterprise Server URL

    Leave this field blank

    Avalanche Smart Device Server URL

    Leave this field blank

    Avalanche Company ID

    Leave this field blank

    Enable LDMS Agent Integration

    False

     

    NOTE: If the ‘Test STS Connection’ is not successful then enter the credentials of the local system administrator in the username and password fields.

    LANDESK Management Suite or Security Suite AND LANDESK Service Desk

    If you have both Management Suite and Service Desk then you can configure BridgeIT to present data from both applications. While BridgeIT is installed separately with both applications we recommend that you use the BridgeIT application installed on the Service Desk web server but using the STS installed on the Management Suite core. If you will be using the Hybrid App (installed on managed devices) it is recommended that you primarily use the BridgeIT application installed on the Management Suite Core Server, both through the Hybrid/Desktop app and the browser.

     

    To configure this application, follow these steps:

         1) On the Service Desk web server, navigate to configuration center (http://<web server name>/ConfigurationCenter) and log in using your credentials.

    NOTE: The default credentials are:

         Username = sa

         Password = administrator

    NOTE: You can change the username and password after you have logged in the first time.

         2) Select your instance from the list of ‘Current Instances’.

    NOTE: The default name for an instance is ‘Service Desk’.

         3) In the list of ‘Configured Applications’ locate the application that has a type of ‘Framework’ and take a note of the Name and application pool.

    NOTE: You may have several applications of the ‘Framework’ type. You need the one that has a logon type of ‘Token Only’. You can check which one has this value by clicking on the ‘Edit’ button and looking at which one has a ‘logon Policy’ of ‘Token Only’. If you do not have a Framework with this property you can create one by clicking the ‘Create’ action for the ‘Service Desk Framework’ in the list of ‘Available Applications’, it is recommended that you create a separate application pool for it.

         4) In the list of ‘Configured Applications’ locate the Framework Application in step 3 and click the 'Edit' button

         5) In the ‘Edit Application’ dialog. set the properties as follows:

     

    Configuration Parameter

    Value

    STS Issue Token URL

    https://<core server name>/STS/issueToken

     

         6) Click ‘Test STS Connection’ and ensure you get a ‘Test Successful’ message returned. If not, set the Username and Password fields to the credentials of a network account that has access to the server where STS resides.

         7) Click ‘OK’.

         8) In the list of ‘Configured Applications’ locate the application that has a type of ‘BridgeIT’ and click the ‘Edit’ button

    NOTE: You may have several applications called BridgeIT, you want the one that you use for token login.

    NOTE: The default name for the application is ServiceDesk.BridgeIT. However, if you have upgraded from an earlier version of Service Desk it may be called ServiceDesk.SelfService or ServiceDesk.Fuse.

    NOTE: If you don’t have an application type of BridgeIT in your instance you can add one from the list of ‘Available Applications’ by clicking the ‘Create’ link on the BridgeIT application.

         9) In the ‘Edit Application’ dialog. set the properties as follows:

     

    Configuration Parameter

    Value

    Name

    Whatever this is already set to

    Application Pool

    select from the list, it should be the same one as the Framework from step #3

    Logon Policy

    Token Only

    LDSD Web API URL

    http://<server name>/<framework name from step #3 including instance name>

    LDMS Web API URL

    https://<core server name>/ldapi/api

    STS Issue Token URL

    https://<core server name>/STS/issueToken

    Avalanche Enterprise Server URL

    Leave this field blank

    Avalanche Smart Device Server URL

    Leave this field blank

    Avalanche Company ID

    Leave this field blank

    Enable LDMS Agent Integration

    True

     

     

         10) Click ‘Test STS Connection’ and ensure you get a ‘Test Successful’ message returned. If not, set the Username and Password fields to the credentials of a network account that has access to the server where STS resides.

         11) Click ‘OK’.

    Adding Wavelink Avalanche on Demand

    To add AOD, you need to know your customer ID, generate a workspace public key then apply it and sync managed devices. To do this, follow these steps:

    1. 1) Login to Avalanche and click the ‘My Account’ link.
    2. 2) Select the ‘Company ID’ and copy it.
    3. 3) On the server that you will run BridgeIT from, launch the configuration center and log in.
    4. 4) Click the instance you are using.
    5. 5) Click the ‘Edit’ link on the BridgeIT application to access the configuration options.
    6. 6) Fill in the dialogue with the below properties:

    Configuration Parameter

    Value

    Name

    Whatever this is already set to

    Application Pool

    Whatever this is already set to

    Logon Policy

    Token Only

    LDSD Web API URL

    Whatever this is already set to

    LDMS Web API URL

    Whatever this is already set to

    STS Issue Token URL

    Whatever this is already set to

    Avalanche Enterprise Server URL

    https://aod.wavelink.com

    Avalanche Smart Device Server URL

    https://sds.aod.wavelink.com

    Avalanche Company ID

    <enter the company ID from step 2>

    Enable LDMS Agent Integration

    Whatever this is already set to

    1. 7) Click the ‘Generate’ link.
    2. 8) Click the ‘Download Public Key’ link.
    3. 9) Click ‘OK’.
    4. 10) Go back to Avalanche, in the ‘Tools’ panel, click ‘System Settings’.
    5. 11) In the ‘Public Key (BridgeIT Server)’ section, click ‘Replace’ and select the key you downloaded from Configuration Center.
    6. 12) Click ‘Open’.
    7. 13) Ensure the ‘LDMS Core Server’ section contains the right settings.
    8. 14) Click ‘Test Connectivity’ on both the ‘LDMS Core Server’ and ‘LDAP Account Settings’.
    9. 15) At the top of the page, click ‘Save’.
    10. 16) To sync the server certificates, open the ‘Inventory’ panel and click the ‘Needs Deployment’ link.
    11. 17) In the ‘Server Deployment’ dialog, click ‘Finish’.

    OK, it’s configured, how do I login?

    However you have the application configured, you can always login to it using any supported browser. These are listed in the supported platforms manual.

    Alternatively, you can use one of the apps. On iOS and Android devices this is available from the app store, you can login using your AD credentials.

    On desktops, you can use the Windows or OS X app, available on machines that have the Management suite agent deployed to them. This should automatically login, no credentials are required.

    Regardless of which method you use to access, the web service URL will be http://fqdnservername/nameofinstance.  For example, http://ldserver.ldlab.org/my.bridgeit.

    The username and password will leverage a valid Active Directory account.

    What if my clients are off the corporate network, how do they access the web service URL?

    LANDESK Service Desk Only

    An external name or IP will need to be created and made routable to the server hosting the BridgeIT web service or the BridgeIT web server will need to be placed into the DMZ.

    LANDESK Management Suite and/or LANDESK Mobility Manager

    If using LDMS or LDMO and you have a Cloud Service Appliance the URL changes to https://publiccsaname/RTC/fqdnservername/nameofinstance.  Again, utilizing the example above, it would be https://landeskpubliccsa/RTC/ldserver.ldlab.org/my.bridgeit.

    NOTE: The CSA will only pass through valid URL extensions that have been specified in the BrokerURL table inside the LDMS database. By default, my.fuse and my.bridgeit have been added to the table.  If you have created a unique instance name, you’ll need to modify the BrokerURL table to include the name of your instance.  The format to input is “!/instancename /*”

    To modify the table, open SQL Management Studio, browse to the dbo.BrokerURL table inside the LDMS database. Right click on the table name and select Edit Top 200 rows.  Add the extension “!/instancename/*”

     

    In the Version 10 installation,  We no longer create a well-known password for the login.

     

    If you need to log into the ConfigurationCenter then

     

    Go to IIS Manager

    Browse to the ConfigurationCenter web site

    Select authentication

    Disable Anonymous Authentication

    Disable Forms Authentication

     

    In early builds the shortcut that is created to configuration center needs to be modified

    http://localhost/ConfigurationCenter/

    Or you can just backspace in the browser.

     

    IISAuthDOC34966.png