Applies_ToNS 7 and to NS 6.x to NS 7
SummaryThis document lists functions that are new in Symantec Management Platform 7 and provides a description of each.

What's new in Symantec Management Platform 7 

Symantec Management Platform version 7.0 has changed considerably from Notification Server 6.0, its immediate predecessor. This topic introduces the new or enhanced features of the Symantec Management Platform.

The following table lists the major new features in version 7.0 of the Symantec Management Platform and provides a description of each.

Table 1                  New features of Symantec Management Platform 7.0

Replication is the one-way transfer of data between two Symantec Management Platforms. The Replication framework provides the foundations for Hierarchy (described below).
Replication lets you copy the following between Symantec Management Platform servers:
  • Configuration and management items, such as reports, Resource Targets, policies, and tasks.
  • Resources, such as computers, users, and packages. When you replicate resources you can verify the data that is replicated by specifying a data verification percentage in the rule.
  • Events, such as software-delivery execution.
  • Security settings, such as roles, privileges, and permissions.
Replication in Symantec Management Platform 7.0 replaces Inventory
Forwarding and Package Replication Solution in Notification Server 6.
Notification Server 6.0 provided limited support for managing multiple servers. By enabling Inventory Forwarding, users could define relationships between individual Notification Servers to facilitate centralized data gathering and reporting.
However, this technology did not allow configuration and security data to also traverse these same relationship structures to assist with managing the system as a whole.
Due to the lack of centralized management capabilities among multiple Notification Servers, customers were required to repeat the same administrative tasks on each of their servers order to initiate a global task or operation.
In version 7.0, the new Hierarchy technology reduces the total cost of ownership (TCO) of managing Symantec software and solutions across multiple Symantec Management Platforms. Hierarchy reduces the TCO by supplementing the Symantec Management Platform with centralized management capabilities. Any solution can use Hierarchy features.
Hierarchy defines the information flows across multiple Symantec Management Platforms in an enterprise. You can use Hierarchy to define collections of Symantec Management Platforms that share common configuration settings and data. Hierarchy can distribute and synchronize any changes that are made to the shared configuration settings and data.
Simply stated, Hierarchy lets you manage your Symantec solutions across multiple Symantec Management Platforms from a central location. Hierarchy is build on Replication and uses it to copy and synchronize shared objects and data between Symantec Management Platforms within the same hierarchical structure. Then, at scheduled intervals, each server within a hierarchy synchronizes objects and data with its immediate parent and immediate children.
Organizational Views and Groups
The resource security model has changed significantly for Symantec Management Platform 7.0.
Resources, which includes all computers, users, and everything else that is defined in the Configuration Management Database (CMDB) or in the resource model, now obtain all of their permission grants from the Organizational Views and Organizational Groups to which they belong. This replaces the Notification Server 6.0 implementation, which required securing both standard collections and resource folders.
A few exceptions, such as packages, are resources but are also items that
appear in the Symantec Management Console folder structure. The security
options for these items are disabled in the folder structure. Security for these
is set in the same way as it is set for other resources.
An Organizational View is a hierarchical grouping of resources (which are clustered as Organizational Groups). This grouping reflects a real-world structure, or “view,” of your organization. For example, IT administrators may want to create Organizational Views to group resources by geographical location, by department, or by network structure. As in the real world, a resource can (but is not required to) appear only once in an Organizational View.
Users (usually IT administrators) set up security by assigning the appropriate permissions for each security role on each Organizational View and on the Organizational Groups within each view. A permission that is assigned to an Organizational Group applies to all resources in that group and, by default, applies to all of its child groups. Users then place resources into groups to take on the security settings of those groups. This task can be automated using Automation Policies. Users cannot assign permissions directly to a particular resource
Permission grants on a resource are accumulated across Organizational Views. The permissions that a security role has on a particular resource is the union of all the permissions that the resource has been assigned through the Organizational Groups to which it belongs.
Collections, as used in Notification Server 6.0, have been replaced by Filters and Resource Targets in the Symantec Management Platform 7.0. Filters are used in conjunction with Organizational Groups and Organizational Views to create Resource Targets, or groupings of resources.
A Filter (sometimes referred to as a Resource Filter) is a dynamic definition of a set of resources in the CMDB. The resources can be grouped by some specified parameters, and they may also be explicitly included in, or excluded from, a Filter.
A Filter typically isolates only one aspect of a resource (such as operating system, free disk space, RAM, etc.); for example, “Windows computers” or “computers with 1 GB or more of RAM.” Since each Filter specifies only oneconcert to target resources for specific actions. These subsets are referred to as Resource Targets. To create a Resource Target, an IT administrator uses Filters with Organizational Groups to identify the resources to which a task or policy applies. aspect of a resource, multiple Filters are used in
A Filter does not contain any specific resources. All resources are contained in the Organizational Groups that are set up in Organizational Views. A Filter operates on specific Organizational Views or groups to identify the resources (as Resource Targets) that are to be acted upon. Consequently, Filters are portable and can be applied to any Organizational Views or groups, and they can be used with other Filters.
Filters are used primarily in the following two ways:
  • As the basis upon which reports are built.
  • To include resources in or exclude resources from a Resource Target. Resource Targets are the definitions used to specify which resources will be acted upon by policies and tasks.
Resource Targets
A Resource Target, usually known as a Target, is a framework that lets you apply tasks and policies to a dynamic collection of resources. A Target consists of at least one Organizational View or group and a number of Filters. The Filters refine the available resources to identify those that you want to target. The Organizational View or group acts as a security Filter. It ensures that the policy or task is applied only to resources that the user’s security role has permission to work with.
The list of resources targeted by a Target is cached in the CMDB. The Target is evaluated against the scope of the current user. Only the resources that appear in the Organizational View or group and in the Filters are returned. The Target includes only the resources to which the current user has Read access. Resources outside the current user’s scope are never visible.
Two types of Resource Targets can be applied to a policy or task:
  • Autogenerated Targets. These Targets have not been explicitly named and saved. Autogenerated Targets are used only by the policy or task in which they are created. These Targets can be modified when the user modifies the policy or task, but they cannot be applied to any other policies or tasks.
  • Named Targets. These are Targets that have been explicitly saved as named Resource Targets. Named Targets can be used by any number of tasks and policies, and they can be modified by any user who has the appropriate permissions.
Report framework
The Symantec Management Platform 7.0 Reporting framework is a completely new extensible framework that replaces the Notification Server 6.0 infrastructure. 
Notification Server 7.0, the central piece of the Symantec Management Platform 7.0, provides reports that give you information about your managed computers and the Notification Server configuration.
Most Symantec solutions provide reports that present information specific to that solution. Considerable changes have been made to the reporting framework in Notification Server 7.0.
The changes include the following:
  • Chart view. A chart view lets the user view the results of a report in a graphical format. You can create and modify the chart views that you want to include in a report. A number of chart types are available, including Bubble, Column, Doughnut, Pie, and Point.
The functionality used in chart views is provided by a third-party charting tool
set. For full descriptions of charting components, refer to the documentation
  • Enhanced data export functionality. The report data export functionality (accessed via the Save As option in the report results page) lets a user save the report results in the following formats:
    • File. Spreadsheet (.csv) file, HTML file, and XML file types are supplied with Notification Server. Symantec solutions can provide options for additional file types.
    • Static Filter
    • Snapshot
    • Web part
  • Data snapshots and the ability to produce trend reports. The data snapshot functionality lets you save and retrieve the results of previously run reports. This functionality is particularly important for scheduled reports, and it also enables report trending.

    Saved reports can also be reused (rather than re-created), which would decrease the response times and enhance Symantec Management Platform performance. You can create trend reports over the snapshots of a report.

    A trend report shows the changes that have occurred over a period of time, rather than the “point-in-time” results of most reports. Successful trending is subject to consistency in the scope and parameter values across all of the reports that are involved.
  • Report Drilldowns. A report drilldown is an action that is performed when the user clicks on an item in the report results. Drilling down into an item opens the appropriate view, which may be another report or the Resource Manager. 

    You can add drilldowns to a report to enable the user to obtain additional information through the report results. For each drilldown, you can specify the view on which the drilldown is available and how the user triggers the drilldown. You can also specify the action that is performed and the parameters to use in the action. You can set up multiple drilldowns for a report to perform different actions on different types of resources.
  • Report Query Builder for creating resource reports. When you create a resource report, you can write the resource query SQL yourself, or you can use the Query Builder to build the appropriate query.

    A resource query is based on the tables that are available in the CMDB. The Query Builder is a user-friendly tool that provides a standard template and lets you select the tables and fields that you want to use. It helps you define the query to suit your requirements, and you do not need advanced SQL skill. The resource query is converted to SQL automatically, and the SQL is run on the CMDB to extract the appropriate resources.
Site Servers
The Symantec Management Platform can host several types of middleware components, such as Package Servers and Task Servers. These middleware components are not separate physical devices but are services installed on site servers—computers other than the Symantec Management Platform computer.
These components act as the first point of contact for the Altiris Agents, providing services such as sending packages and tasks to managed computers, thus reducing the load on the Symantec Management Platform.
A Symantec Management Platform middleware component is referred to as a site service. Any computer that hosts a site service is known as a site server. A site server can host one or more site services, such as the task service and package service.
Previous versions of the Symantec Management Platform (known then as the Altiris Notification Server) included a management infrastructure for Package Servers. In Symantec Management Platform 7.0, this infrastructure has been enhanced and made generic enough to be used by other types of site services.
The Symantec Management Platform provides an extensible framework for the deployment, configuration, and ongoing maintenance of site services.
The following site services are provided with the Symantec Management Platform:
  • Package Service: Allows you to serve up Software Delivery packages and patches to the Altiris Agent on managed computers.
  • Task Service: Lets you distribute your jobs and tasks to the Altiris Agent on managed computers. It also collects task and job status information and forwards it to the CMDB.
Task Server changes
In the Symantec Management Platform version 7.0, a Task Server is a site service that can run on a site server or on the Symantec Management Platform server. This is different from Notification Server 6.0, where the task service ran on a dedicated Task Server.
Notification policies have been replaced by automation policies. An automation policy specifies automated actions to perform on client computers or the Symantec Management Platform server.
An automation policy can be triggered to execute either on a schedule or by the arrival of a system message, such as a resource being merged or a computer being discovered.
Once triggered, an automation policy collects data, such as by running a report, a query, or from the message that triggered it. It then passes this data onto a task, which can be run on the Symantec Management Platform computer or on targeted managed computers. The automation policy can be configured to run the task once using the collected data as a whole, or it can run the task once for each row in the collected data.
For example, an IT administrator can create an automation policy that generates a weekly report about all new computers added to a network and e-mails the report to certain other IT administrators.
Each solution that defines automation policies specifies its own criteria for the type of conditions that lead to the actions being initiated.

Symantec Management Platform 7.0 preserves existing notification policies in
a read-only state. Users are advised to move them into automation policies.
User-based policies
User-based policies are now supported. An IT administrator can apply policies to specific users or groups of users. When a user logs on to a managed computer, the Altiris Agent will request any policies that apply to that user.
Any relevant policies will be cached on the managed computer for the next time the user logs on.

A policy for a single user can be cached on multiple computers. User-based policies are featured on all supported operating systems.
Maintenance windows
Maintenance windows are a new feature in Symantec Management Platform 7.0.
A maintenance window is a scheduled time and duration when maintenance operations can be performed on a managed computer. A maintenance operation is one that changes the state of a computer, causes it to restart, or interferes with a user’s ability to operate the computer; for example, installing software and operating system patches or running a virus scan.
Using maintenance windows lets the Symantec Management Platform IT administrator schedule maintenance work on managed computers with minimal impact on workflow and productivity. Also, the administrator can schedule maintenance work on critical servers at different times so that no two servers are ever restarted at the same time. A maintenance window can be scheduled for certain times, such as daily, weekly, or monthly. The maintenance window can be available indefinitely or restricted to a particular date range.
Calendar view
The Calendar view is a new feature in Symantec Management Platform 7.0.
The Calendar lets users view the Symantec Management Platform schedule information and is included in both the Symantec Management Console and in a managed computer’s Resource Manager.

The scheduled items that the user can view in the Calendar include tasks running on the Symantec Management Platform, policies, automation policies, shared schedules, blockout periods, maintenance windows, and Notification Server internal schedules.

Items appear as appointment-style blocks to provide a visual representation of all impending tasks and jobs. Symantec solutions can also add scheduled items to the Calendar.
The Altiris Agent schedules now support multiple time zones.
An Altiris Agent schedule can now be set to run simultaneously across multiple time zones. The new options are found in the scheduling options of various tasks and jobs, with the choice to run at server time, client time, or universal time.
Management Console enhancements
Symantec Management Platform 7.0 provides a standardized and customizable Management Console.
The Symantec Management Console has a new look and feel for Symantec Management Platform 7.0. The new Console has a customizable navigation system with new controls, a new user interface, and a new tree structure.
All of the Symantec Management Console pages have been updated to the new format.


What's Next?

If you are new to solution development, you should read About Software Development Kits. From there, your jumping-off point for solution development is the Altiris Solution Overview.

If you are familiar with solution development, proceed with the Altiris Solution Overview for examples and procedures to help you develop a basic solution. Refer to the remaining topics shown in the navigation tree for examples and procedures pertaining to those topics.