Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

2 Neutral

My Information

  • Agent Count
    1000 - 1500 Agents
  1. If anyone needs a way to bring in some of the Virtualization Manager info over to the associated Network Device which can then Sync through the "CW Manage Sync Plugin", you can execute this SQL query on the Automate server (could be run daily or hourly) : It does an inner join between "vSphere Host" network devices and their Virtualization Manager counterpart (plugin_vm_esxhosts) UPDATE networkdevices INNER JOIN plugin_vm_esxhosts ON networkdevices.deviceid=plugin_vm_esxhosts.deviceid SET networkdevices.name=plugin_vm_esxhosts.DeviceName, networkdevices.OS=plugin_vm_esxhosts.ProductName, networkdevices.ManufacturerName=plugin_vm_esxhosts.Vendor, networkdevices.ModelName=plugin_vm_esxhosts.Model WHERE networkdevices.devicetype=18 This second query attempts to fill the SerialNumber Device EDF with the Service Tag : REPLACE INTO extrafielddata(ID,ExtraFieldID,Value) SELECT plugin_vm_esxhosts.DeviceId,4,SUBSTRING_INDEX(stringSplit(plugin_vm_esxhosts.OtherInformation, "Service tag=",2),";",1) FROM plugin_vm_esxhosts WHERE SUBSTRING_INDEX(stringSplit(plugin_vm_esxhosts.OtherInformation, "Service tag=",2),";",1) <> "" Note that it will generate some warnings relative to data being cropped because of the size of the "OtherInformation" field, these can be ignored. Once you have populated your Network Device fields you'll want to make sure they populate your Connectwise Manage devices properly by configuring the "Field Mappings -> Device API Field Mapping" section of the plugin in Automate. More specifically you'll want the following field mappings for NetworkDevice : ConfigurationName = NetworkDevice.General.Name ManufacturerId = NetworkDevice.Hardware.Manufacturer OSType = NetworkDevice.General.OS SerialNumber = NetworkDevice.Extra Data Field.Default.Serial Number (It this isn't a default EDF you'll need to create it and use the right ID in the SQL query above) If you are using WarrantyMaster with Automate you don't need to sync to CW Manage in order to get the Warranty data, it can retreive the SerialNumber EDF directly from Automate. If you want to sync your devices to IT Glue then you have no choice but to sync through CW Manage first, since IT Glue does't "see" Network Devices in Automate. Maybe this will be helpful to someone.
  2. If someone writes a tool that allows uninstall of solutions should be able to check for individual items and make sure they aren't shared with other solutions should allow to ignore "local change" items (as in, not remove them), or uncheck items for removal I would pay for this. Or, you know, better yet, have CW implement that most basic and essential function.
  3. I whitelisted internal ranges / localhost, denied everything else. Had to play a bit with the IIS IP filters they didn't behave as expected (deny/allows hierarchy and inheritance). Make sure to confirm it is behaving as expected from internal/external IPs. Other than that working like a charm, have yet to test API integrations which are likely to need some whitelisting. Anything that uses a Labtech/Automate account for integration will likely come through the API path. Outbound integrations (i.e. Labtech pluging authenticating to external service) should be fine.
  4. From what I was able to figure out, those "Feature Upgrades" aren't actually feature upgrades, but LCU (Latest Cumulative Updates) to those bi-annual versions. In other words, they are just quality patches. The bi-annual feature upgrades are not part of the patch manager functionality, you can't fully automate those, so you can either let your users upgrade by themselves (its not clear if / when they will get prompted if you disable WUA) or you can use the Connectwise-Provided script to plan those upgrades yourself. (See Automate documentation, search for Windows 10 Supportability statement). Since those systems become end of life after just 1.5 years, it feels like that information should be made very explicit in the patch manager documentation and that the Windows 10 upgrade processes and options should be more explicit - but it seems like everyone is playing catch up to MS.
  5. We used to block external access to the "Old" Web control center through IIS filtering policies, but now we need to block the new one + the API itself and possibly other components. As far as I know there is zero documentation on locking down those accesses. Probably due to a focus on Automate Cloud which, by definition, is open to the Internet. Shouldn't we be able to differentiate agent check-in from privileged API/console access? How about restricting API accounts to specific IP ranges, since they can't be protected by MFA? It feels like such a security-critical system should provider better control and segmentation. MFA is nice (and necessary) but it isn't sufficient in itself when plugins and integrations are an essential functionality. EDIT : Here's what I was able to find out so far regarding the IIS sites/folders : aspnet_client : no idea, not much there - access seems disabled automate : new web control center UI crystalreportviewers12 : I'm assuming its related to crystal report (!) - access seems disabled cwa : Connectwise Automate API dashboard-pod : some work in progress? seems like mostly frontend assets LabTech : this seems to be the main point of communication for agent check-in, deployments, etc. WCC2 : Legacy Web Control Center I blocked external access to everything except the LabTech "folder", I guess we'll see 😃 I'm expecting this to break external integrations that communicate through the API (ex: IT Glue), but then I can allow their source IPs assuming they public them.
  6. They don't. They use complex passwords and MFA and get on with their days.
  7. Windows 10 Patching involves semi-annual update packages. That's how it works. They're not discretionary and if you're not applying them on a regular basis you'll end up in trouble with your customers. The support lifecycle for Home/Pro is 1 1/2 years from release BUT your customers will be nagged and force-updated So, since Labtech is mostly a Windows-OS-management tool, and that patching is at the core of its value proposition, I don't think it is unfair to expect them to fully support Windows 10 patching almost three years after its release. No one said it was easy, but that's their core business.
  8. Spoke with rep yesterday, told me they plan a CW integration (but that you should NOT run both LT and CW integrations at the same time). Maybe the CW integration will be better suited to monitoring/response/reporting?
  9. Great tips, thanks! One of the things that prevented me from trying Grafana in the past is that I was certain it didn't support SQL sources. For those who would like to try this quickly on Windows, here's an alternative 1. Download Docker for Windows (newer versions require Hyper-V to be enabled on host) 2. Run this command is PowerShell : docker run -d -p 3000:3000 --name grafana grafana/grafana 3. Login to http://localhost:3000 Docker won't "save" your changes when the image terminates, but its a good way to play around with Grafana. *** Turns out the docker image doesn't include the pre-built SQL support, so you might not get very far with that option
  10. Yes unfortunately Acronis has been less than responsive regarding their (newly aquired) product, In Canada they are reselling through Ingram's Cloud Marketplace in a watered down format so they don't have any local reps and their pre-sales effort is pretty much non-existent. That's too bad because the product demos looked really promising. I really wanted this to be an alternative to our Veeam offerings and a replacement for Vembu StoreGrid (or whatever its called these days). I wouldn't be supprised if Veeam came out with a commercial version of Endpoint Backup that uses the Cloud Connect functions in the next 12 months. If that happens they're going to give the other guys a run for their money.
  11. CloudBerry for Bare Metal backups requires a "staging" area where the whole image needs to be created before being uploaded. That was kind of a deal breaker for us. Trying Acronis BaaS now ... looking good.
  12. Hi Robbert, We're likely to adopt BaaS as one of our primary backup solutions. We were not originally a BackupAgent user, but we might be a good candidate for beta testing the integration. We manage around 1000 endpoints / 100 servers. Also, I've tried establishing contact with the BaaS team a few times with no success. Do you have an email contact to share for MSP partner relationships? Regards Guillaume
  • Create New...