Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Distributed Network Manager => Topic started by: wpn on January 22, 2010, 08:22:30 PM

Title: [WISHLIST] ADNM V5
Post by: wpn on January 22, 2010, 08:22:30 PM
TOPIC START EDITED ON 29-6-2010

There are several things i like to see in the new ADNM version....
Since there is a total blank about the development (Vince, please hire a PR manager) i dont know if the development already started so hereby a few items i would like to see:

0 TOP) Be able to choose where the mirror files are stored!  (comply with the new way of 2008/win7 about the program files directory where programs only should be installed and not have data written) This includes making it possible to put on a network share....

1) Domain integratration for Windows where the computer catalog automaticly is buildup like the structure of the Organisational Units in Active Directory, instead of manually recreate the complete structure by hand and having to drag and drop the discovered computers in the appropriate container...

2) Apply settings in the style of Group Policies (ala GP in AD). That way its easier to maintain settings and see which AV Policy is applied to which container....

3) Windows integration with AD for usage/login rights of ADNM console. So we dont have to give every user a seperate username/password for login in the console and all the rights have to be set just 1 time inside the console to the appropriate AD groups that are divined in Active Directory

4) special integration for mobile devices possible? no experience with that now tho, but would be awesome to control the mobile device remotely... or when it is hooked up in the network (wifi/usb/bt) when the user is inhouse or hooked up with VPN or something....

5) Better support for different (read: new) operating systems since the current support for Win7 is there but thats because the support for Vista has been added early last year only (which is 2 years after the RTM release of the OS) maybe modular support for new OS, which would possibly be able to be used for linux (kernels) too

6) better documentation of ALL the features in the products and what certain settings do

7) better exchange integration, Avast is certified for Win7 because of a field trip to Redmond college.... this could also be done for Exchange and maybe sharepoint/MS SQL too?

8 ) i didnt really check into this one in the current ADNM but i would like to see PUSHING commands to the clients instead of the AMS waiting for the client to contact and notice a command....

9 ) make linux/mac clients managable via ADNM too (possibly port ADNM to linux/mac ?  a lot of work i know)

10 ) make the engine/program updates process go through the normal way like the virus definitions do, instead of the way its done now by going to the windows software window click on uninstall the program and choose the update button instead of the uninstall button
(thank you Yanto for the input)

11 ) during installation better support for SQL server databases. Right now you need to manually point to the databaseserver and databasename and pray2work, this could be better if the installer detects the databaseserver and the database instance that has been precreated by installing with namedspace in SQL. (WSUS can do this, why not Alwil, show MS who is boss!!)

12) have control over updates being rolled out to clients to test on a test machine before deployment (alla wsus)
     in this thread for example: http://forum.avast.com/index.php?topic=54699.0  there is an update that causes some exe file to be flagged as a virus while the file itself is legit (to  
     the extend that it is a file from IBM from a specific program) same example for the update couple weeks ago which falsely identified and removed key files
     this control could have several levels
      1) auto update
      2) auto download but wait for approval
      3) manual download and approve

13) Make the mobile (PDA/smartphone) version manageable via ADNM (tho the future of the mobile version is unsure at this moment)
     (thank you SPI for the input)

14) If the option to have a secondairy server will be available again in this new version, make it possible to change settings easy so that a slave server (that gets the updates from the first AMS server) can be promoted to a master server without having to do all kinds of tricks or have problems popping up at clients.

15) Make definition and program updates available in a zip file for offline updating (mostly for secure networks that aint allowed internet access)

anybody with more great ideas?
maybe Alwil (VLK?) has some input this time in this thread or make a special beta forum for this one like done with the new avast 5 beta forum

16) Dont give out licenses in the ADNM console, while the program is not installed on that computer.  Thnx to this thread i realised this wish: http://forum.avast.com/index.php?topic=57831.0

17) Make all management options accessible via one console

18) Add NAC support to avast. (Network Access Control (NAC) like Sophos or McAfee have it.)
(thank you Yanto for the input)

19)  This is a quoted collection from EDJ
Quote
- When you uninstall a netclient, it must be delete from the Computer Catalog.
- When a task is running in a netclient and the netclient is power off, ADNM must change the status of the task to "uncompleted" or something like this. Maybe, restarts the task when computer is on again.
- Automatic refresh, not F5.
- Console direct access from Internet, not opening ports. To give support to customers.
- Manual Mirror run from ADNM Console.
- Send an email alert when mirror is not updates in 24 hours.
- Improve reports.
- Can create MSI packages in a shared folder on other machine with a normal user.
- Improve time to install first mirror from Internet during installation.
- Improve access to remote virus chest to restore files, send infected files to ALWIL, etc.
- In PC properties a "Infected Files History".
- Can see the licenses number from the ADNM Console.
Thank you for the input EDJ....

20) See this message after a brainstorm from Scythe  http://forum.avast.com/index.php?topic=54073.msg512281#msg512281

21) (actually a nobrainer but:  ) Direct scanning of removable devices as in external harddisks and USB sticks and smartphones  (basicly anything that can act as a disk)

22) Installer ROLLBACK feature. When cancelling the installation the installed parts remain on the system. If the installer removes the installed parts after
pushing cancel, a potential problem of having a crippled installation will be eliminated (thus no need for the special avast removal tool for a failed installation).



I dont agree tho with the console being accessible directly from the internet without opening ports. This is possibly a huge security risk when the password used is not set or the standard one or an easy to guess password....  it means the people logging in have almost direct access to your complete infrastructure (they see ip adresses, dns names, they control new (un)deployments)
this kind of access should be controlled and limited with a secured line like VPN or via RDS. Offering remote support to several customers from your own workstation is efficient but it should not compromise network security, via a HTTPS (since i believe v5 will be webserver based) is not an option since a hacker is already too far onto the network (discovered what antivirus u use, have a webserver he could hack, stuff like that) to be save....

Quote
EDIT REASON:

< 27-01-2010 i will edit-in every point that people will put in the list, so that there will be one list complete at the start of the thread, so nobody has to scroll thru all the postings

28-01-2010 added point 12

18-02-2010 added point 13

xx-xx-2010 added point 14

10-03-2010 added point 15

30-03-2010 added point 16 and 17 and 18

19-04-2010 added point 19 (collection of points) and commentary/concern on one of the points

12-6-2010 added point 20 (the biggest explanation is for Scythe, there is another point on the bottom of the message)

28-6-2010 added point 21

29-6-2010 added point 22 coming from what i classify as a bug mentioned in this (http://forum.avast.com/index.php?topic=61137.0) thread (sorry Evangelists only
Title: Re: ADNM V5 [WISHLIST]
Post by: Yanto.Chiang on January 27, 2010, 03:58:25 AM
Hi WPN,

I agree with you, +1

My additional concerned is about engine updating for ADNM should be follow or same as like stand alone feature.
I don't know is there any reason between ADNM with standalone version is different?

Then hopefully ADNM will available for Linux or Mac version too...
Title: Re: ADNM V5 [WISHLIST]
Post by: Yanto.Chiang on January 27, 2010, 11:27:23 AM
ALWIL team,

Again my concern about avast 5.0, for platform support.

As like i posted at : http://forum.avast.com/index.php?topic=54279.0

Whether avast 5.0 will support for all platform (Win XP/Vista/7/2000/Server) in the future?

Because other AV vendor doesn't have any distinction to any platform of Windows based.
 
Title: Re: ADNM V5 [WISHLIST]
Post by: wpn on January 27, 2010, 05:50:47 PM
as extra point
8) make linux/mac clients managable via ADNM too (possibly port ADNM to linux/mac ?  a lot of work i know)

point from yanto
9) make the engine/program updates process go through the normal way like the virus definitions do, instead of the way its done now by going to the windows software window click on uninstall the program and choose the update button instead of the uninstall button

@yanto
the support will come, i dont doubt it....
the installer checks which version windows is reporting it is, and in the installer there is a probably a hardcoded line that says if the version is not between XX and YY (where YY is lower then the version Windows Server is reporting) then dont install and come up with a message...
i do believe the v5 products can install on server but the results are not tested or unpredictable and therefor not supported. Therefor my point 5, more modular support so that the support can come as an update or something and therefor be brought out to the open faster then 2 years after RTM of an OS.

ps: at point 5 i think its better to use the word  FASTER instead of BETTER support.
Title: Re: ADNM V5 [WISHLIST]
Post by: scythe944 on January 27, 2010, 09:13:33 PM
nice list wpn... couldn't have said it better myself.

I'm sure I can think of some additional things for the new version of ADNM, I'll post when I think of them.
Title: Re: ADNM V5 [WISHLIST]
Post by: Yanto.Chiang on January 28, 2010, 04:10:21 AM
Hi Wpn,

Nice information, if i have any additional information need to add your Whish List then will put in here again.

Anyway, i hope your wishes will be real by ALWIL team.
Title: Re: ADNM V5 [WISHLIST]
Post by: wpn on January 30, 2010, 07:52:09 PM
i welcome any input from you people, when u put it here i will edit it into the startpost

i wonder when this becomes a sticky thread :)
Title: Re: ADNM V5 [WISHLIST]
Post by: wpn on February 10, 2010, 12:50:08 PM
Since the blogposting states:

Quote
# avast! Server Edition (including the plug-ins) – this product will be released in v5 (or 5.1) in Summer 2010. It will be based on the new engine, and will also feature (among other things) a server-side antispam.
# ADNM – this is a bit trickier. As our primary focus (as a company) is consumer and SME, we decided that for v5, we will build a brand-new management system specifically designed for small/medium business. It will be much easier to use and will have some other great improvements. There will be a separate blog post on it shortly. It is scheduled to ship sometime this summer. For large accounts, this will not be a good solutions though. We’re still looking into ways on how to make the current ADNM work with avast v5.


there will be a brand new management system, ok
release is summer 2010, YES!!! :)

but is there even a closer time indication?
Will there be beta tests?
Will the old license file work or do we need to request a new one at sales?

How much of the WISHLIST posting in my first posting will be granted to it, since i can read between the lines that there has been a lot of developping already on the ADNM product....

my BIGGEST wish/demand is to be able to chose where the mirror files are saved. Right now its in a directory in the installation folder, but this is extremely unwanted.... because i either have to install the complete ADNM program on a seperate dynamic disk or risk the change that my C: drive will be pooped full and possibly crash....
i just want to see a seperation program data and usage data

thnx :D

maybe VLK can shed some light on it?
Title: Re: ADNM V5 [WISHLIST]
Post by: hall_31 on February 10, 2010, 07:15:04 PM
Quote
there will be a brand new management system, ok
release is summer 2010, YES!!! :)

Here's one that's not specific to ADNM, and a bit of a restatement of an earlier point, but there's absolutely no reason to distinguish between SBS and Windows Server proper.  I understand the goal is to segment the market between small and large organizations, but many small businesses DON'T use SBS, and shouldn't be penalized just because their Server doesn't have the words "Small Business" in it.  I can't find a single example of a competing solution that imposes this penalty.

Edit:

1) Also, the ability to define exclusions for a specific computer/group, since this doesn't currently seem to be possible.

2) Separate exclusion definitions for PUP/PUAs and Viruses.  Administrators may need to use PUP/PUAs to verify license compliance (verify registration keys), or to monitor network traffic, etc.  That doesn't mean I want the AV to ignore PUP/PUAs in every folder, or the AV to ignore if/when one of these PUP/PUAs has been infected.

3) (Again, not specific to ADNM) -- VM-friendly licensing terms, preferably including them at low or zero cost with a qualifying license on the host system.  Yes, it would probably be easy to circumvent any restrictions, but let's face it -- honest people will stay honest, and dishonest people will find a work-around no matter what you do.
Title: Re: ADNM V5 [WISHLIST]
Post by: av-outsource on February 11, 2010, 12:31:17 AM
We gave wishes for the new console in September/october last year. There will be a new console and its being worked on now, however i can not for confidential reasons give you information on it :-)


avosec.com
Title: Re: ADNM V5 [WISHLIST]
Post by: wpn on February 11, 2010, 03:30:33 PM
i read about some in the blog that VLK posted today

http://blog.avast.com/2010/02/11/avast-5-sbc-part-1/comment-page-1/#comment-3289
Title: Re: ADNM V5 [WISHLIST]
Post by: spi on February 18, 2010, 10:06:04 PM
Today lot of mobile user using PDA or Smartphone, why not make the PDA or Smartphone client manageable via ADMN
just make a wish :p

Title: Re: ADNM V5 [WISHLIST]
Post by: wpn on March 05, 2010, 09:57:13 AM
added point 14
Title: Re: ADNM V5 [WISHLIST]
Post by: Yanto.Chiang on March 08, 2010, 05:14:23 AM
Hi WPN,

If possible please added to your ADNM 5 Wish List for Network Access Control (NAC) like Sophos or McAfee have it.
Title: Re: ADNM V5 [WISHLIST]
Post by: scythe944 on March 08, 2010, 05:12:15 PM
While I understand that you would like NAC - type qualities built in to avast, you could use Windows services to do the same.  Take a look at these links:

http://technet.microsoft.com/en-us/network/cc983841.aspx

http://www.windowsnetworking.com/articles_tutorials/Understanding-new-Windows-Server-2008-Network-Policy-Server.html
Title: Re: ADNM V5 [WISHLIST]
Post by: Yanto.Chiang on March 09, 2010, 05:18:46 AM
Hi Scythe944,

As i know, avast! itself already have this features but only supported with Cisco NAC.

But what does i mean, if possible that avast! re-built with more comprehensive and full performance not only support with Cisco.

Cheers,
Title: Re: [WISHLIST] ADNM V5
Post by: scythe944 on April 14, 2010, 05:35:58 PM
I'd like them to add the ability for ADNM to automatically check for upgrades, and at least notify the user that they are available.

Also, I'm sick of MSDE and MS SQL in general.  The management tools for the free versions suck at best.

Can we use MySQL instead?  The free version should work just fine, and the management tools that are available for free are great.  They're easy to use and learn.  Plus, we wouldn't have the issue of having multiple services using the one sql database.  For instance, in a SBS server, you have sharepoint, WSUS, and sometimes Monitoring and Reporting all using one instance of MSDE (I think). If that database goes down, everything gets screwed up.
Title: Re: [WISHLIST] ADNM V5
Post by: Infratech Solutions on April 16, 2010, 11:15:09 AM
- When you uninstall a netclient, it must be delete from the Computer Catalog.
- When a task is running in a netclient and the netclient is power off, ADNM must change the status of the task to "uncompleted" or something like this. Maybe, restarts the task when computer is on again.
- Automatic refresh, not F5.
- Console direct access from Internet, not opening ports. To give support to customers.
- Manual Mirror run from ADNM Console.
- Send an email alert when mirror is not updates in 24 hours.
- Improve reports.
- Can create MSI packages in a shared folder on other machine with a normal user.
- Improve time to install first mirror from Internet during installation.
- Improve access to remote virus chest to restore files, send infected files to ALWIL, etc.
- In PC properties a "Infected Files History".
- Can see the licenses number from the ADNM Console.
Title: Re: [WISHLIST] ADNM V5
Post by: fairlane32 on April 16, 2010, 06:02:25 PM
I'd like them to add the ability for ADNM to automatically check for upgrades, and at least notify the user that they are available.

Also, I'm sick of MSDE and MS SQL in general.  The management tools for the free versions suck at best.

Can we use MySQL instead?  The free version should work just fine, and the management tools that are available for free are great.  They're easy to use and learn.  Plus, we wouldn't have the issue of having multiple services using the one sql database.  For instance, in a SBS server, you have sharepoint, WSUS, and sometimes Monitoring and Reporting all using one instance of MSDE (I think). If that database goes down, everything gets screwed up.

I totally agree. Remember the frustrations I had, and you helped me?  ;D

Automatically checking for updates and to be able to just download and install over the current version. Now THAT would be sweet. And of course,
all the stuff wpn said, (of which about half I couldn't understand  :o)

Title: Re: [WISHLIST] ADNM V5
Post by: scythe944 on April 19, 2010, 05:12:57 PM
- When you uninstall a netclient, it must be delete from the Computer Catalog.
- When a task is running in a netclient and the netclient is power off, ADNM must change the status of the task to "uncompleted" or something like this. Maybe, restarts the task when computer is on again.
- Automatic refresh, not F5.
- Console direct access from Internet, not opening ports. To give support to customers.
- Manual Mirror run from ADNM Console.
- Send an email alert when mirror is not updates in 24 hours.
- Improve reports.
- Can create MSI packages in a shared folder on other machine with a normal user.
- Improve time to install first mirror from Internet during installation.
- Improve access to remote virus chest to restore files, send infected files to ALWIL, etc.
- In PC properties a "Infected Files History".
- Can see the licenses number from the ADNM Console.


Nice list.  Don't really see the need for "Can create MSI packages in a shared folder..." but I'm sure the need may arise for some people.

I'd really like the Manual mirror run from the console, but you can do that just by typing mirror.exe in cmd prompt when you are in the Avast directory.  Still, it could be easier.
Title: Re: [WISHLIST] ADNM V5
Post by: Infratech Solutions on April 19, 2010, 05:18:38 PM
Quote
...but you can do that just by typing mirror.exe in cmd prompt when you are in the Avast directory

Yes, I know. But if you are manage several customer AMS servers and you have an avast! Console you don't have access to the cmd prompt in the servers or access to any directory, you only have access to the AMS Server and his options, even, you have no access to the AMS Maintenance Tools.   :-\
Title: Re: [WISHLIST] ADNM V5
Post by: scythe944 on April 19, 2010, 05:32:31 PM
I know, that's why I said "Still, it could be easier."

I agree with you, I was just letting you know that you could do it if you didn't know already.

Again, nice list!
Title: Re: [WISHLIST] ADNM V5
Post by: Infratech Solutions on April 19, 2010, 05:47:56 PM
Thanks scythe944 for your explains.

Our request are based in several year installing and managing ADNM in a lot of customers.
Title: Re: [WISHLIST] ADNM V5
Post by: scythe944 on May 24, 2010, 08:51:17 PM
Damn, I just thought of a good request, but I got caught answering some other topics while looking for this one, and forgot what it was!

Grr.  Oh well, this will bring this post back up on top and hopefully I can remember what it was soon, so that I don't have to search for this thread again!
Title: Re: [WISHLIST] ADNM V5
Post by: wpn on May 28, 2010, 12:18:39 AM
its the age i tell you :)  makes u forget things....

when its a really really good one, it will pop up again and u can post it :D
Title: Re: [WISHLIST] ADNM V5
Post by: scythe944 on June 01, 2010, 05:00:30 PM
Quote
its the age i tell you   makes u forget things....
I think I remember, but it's hard to word.  Anyway, I just had my 27th birthday a few days ago, so I don't think it's that... possibly related to the alcohol intake.  ;D

Anyway, I don't know if this has been said yet, but I think it needs to be said again if it has.

If a computer doesn't have avast installed, nor even a part of a domain, it shouldn't be counted in the license totals!

I understand that you can use active directory to pull computer names into the ADNM console, but if they're disabled, they shouldn't be added.  Discovered computers that are just on the network, shouldn't be added either.

Basically, the ADNM console should query computers after they are discovered to find out if they have:

1) Avast installed
2) A managed product
3) Check to see if the machine is active in the domain, or disabled.

I really don't see a point in having the ADNM console count a disabled computer as a licensed machine.  If ADNM finds a disabled computer, it should remove it from the database automatically, and re-assign the license to another machine if one becomes available.

I get so sick of managing "two active directories".  I have to find the computer name, remove it from active directory, then remove it from ADNM.

Hey, it might not be possible, but it sure is a wish.
Title: Re: [WISHLIST] ADNM V5
Post by: wpn on June 12, 2010, 10:25:41 PM
@scythe....  27th???  man u are way past expiration date ;)   i should know im turning 30 next month :P

what you actually mean is:
all discovered computers should be placed in a quarantined container inside ADNM. Inside this container they will NOT get a license appointed yet.
If the detected AD computer is present and active (turn on) on the network there should be a check to see if any Avast software is already installed. If the software is not installed or the installed software is not a managed client then the computer object should reside in the quarantined container to be approved by an administrator to get a license. If the software is a managed client then after approval the license should be given to the computer and the latest client software updates should be applied.

If the detected computer, during the scan for new computers, is found by IP scan (so therefor not yet found in AD) it should be checked in AD and if it is found in AD it should be checked on the status in AD (disabled or not) if it is disabled then there should not be a possibility to give a license to that station AT ALL.
This check should be done after it is found but BEFORE the check for software (no need to check installed software if the computer is not enabled in AD), maybe even put in a different container which is a default container that cant be deleted, a container called AD-DISABLED  (something like that)


this about right??



next to that: standard created containers (ADBNM system containers?) should NOT be able to be deleted!
Title: Re: [WISHLIST] ADNM V5
Post by: scythe944 on June 14, 2010, 04:49:03 PM
@scythe....  27th???  man u are way past expiration date ;)   i should know im turning 30 next month :P

what you actually mean is:
all discovered computers should be placed in a quarantined container inside ADNM. Inside this container they will NOT get a license appointed yet.
If the detected AD computer is present and active (turn on) on the network there should be a check to see if any Avast software is already installed. If the software is not installed or the installed software is not a managed client then the computer object should reside in the quarantined container to be approved by an administrator to get a license. If the software is a managed client then after approval the license should be given to the computer and the latest client software updates should be applied.

If the detected computer, during the scan for new computers, is found by IP scan (so therefor not yet found in AD) it should be checked in AD and if it is found in AD it should be checked on the status in AD (disabled or not) if it is disabled then there should not be a possibility to give a license to that station AT ALL.
This check should be done after it is found but BEFORE the check for software (no need to check installed software if the computer is not enabled in AD), maybe even put in a different container which is a default container that cant be deleted, a container called AD-DISABLED  (something like that)


this about right??



next to that: standard created containers (ADBNM system containers?) should NOT be able to be deleted!

lol... yeah, that's about right!