Sorry for the extremely long post. I've bolded what I feel is most relevant.

Is the following technically possible without severe licensing issues:

I'm not sure if I can build the new VM with different IP, set it up fresh, power down the physical server, give the VM that IP, and have inventory start populating as checkins happen without importing the backup of the physical server. I'm hoping as long as the name and IP is the same on the VM the devices won't know the difference. Our physical servers are end of life 04/2019 so there is a lot of time.

We've had Kace for about 4ish years now but I've never really took care of it primarily until about a year ago. All of the admins who used to work here who speced, pushed purchasing, and setup everything do not work here anymore. I've learned a lot over the past year and would love to take the opportunity of transitioning to VM to have a clean slate. It would also give me the ability to document setup information in case I leave/move and help me understand the back end properly.

I get that all of this is probably fixable but just off the top of my head as to other reasons why I want to do this:

We've gone through 3 name changes since we've had this, this one final, so there are different business names tied to different things including the URL still. I never had a chance to get or learn LDAP Labels and manually labeled over 700 devices, continuing to do so to this day. We have the Organization feature which is irrelevant for us. Old contacts everywhere. A software library for non-admins that's not in the best of shape. A half setup help desk which we don't use and I just have disabled. The provisioning isn't setup ideally. There are LDAP creds I don't know the password to and I don't know what would happen if I change it but I doubt anything because it probably doesn't do anything anyway. There's so much more if I dug around.

Mainly the whole LDAP thing, I would LOVE for Kace to be able to read AD OUs, see a computer get deleted or moved or something, and act appropriately with the labeling. I've never had a chance to really understand Smart Labeling but really want this feature to work. I have like 80ish% trust in Kace as it stands right now with inventory and that's just mainly due to all the manual auditing I've done and continue to do. I know there are computers working in our environment that are just not in Kace for one reason or another but it's impossible to pin them.


I'm not sure if anyone has done this but any advice would be appreciated. Thank you!

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0
You are allowed to have one (1) appliance with the license key online at the same time.
But you can use three (3) MACs over the time (which means, a failed VM will not be a problem if you setup a new and restore, but you should not do this on a weekly basis)
This means if you want to go to virtual is:
1. Backup
2. shutdown physical hardware
3. setup the virtual appliance
4. restore backup

The way that you only want the inventory to the new appliance is also valid and should work as you thought.
Agents check in if they are able to reach the appliance and have a valid certificate. If they don't have one the will get one from the appliance.
Best practice for agent provisioning is using a GPO, since this is more efficient due to some limitations in the first place (default setting on windows devices like enabled admin approval mode)

Regarding your LDAP-Query.
This is possible since a long time.
The trick is just to understand how smart labels are working.
A smart label is updated every time it is touched.
A device smart label updates during check in of the client. This means: if you setup the label, it is empty even if you imported all from the AD already. If the device checks in and is valid for this label it is added. If it is no more valid for the label it is removed from it.

The deleted devices are a bit more complicated. By default the LDAP import only imports new items and updates old one but does not delete anything on KACE side. But you can use the MIA settings to retire devices which are no more checking in for a defined time.
I personally would create a LDAP label with retired machines and add this query to my KACE smart labels to substract the machines from the normal labels until they are archived using MIA.
Answered 11/18/2017 by: Nico_K
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity