Ivanti Blog: Posts by

How Consolidating Your Tech Stack Drives DEX Outcomes

Thu, 29 Jun 2023 15:25:35 Z

Every month, it seems that a new “must use” tool hits the market. What ends up happening is IT teams are gifted a hodge-podge of tools — snowballing into unnecessary frustration and increased workloads.

“The issue is there are so many technologies and ways you can have this experience, and it is very easy to fall into a trap of having too many tools and that will dilute your experience and lead to frustration. We have information on multiple SharePoint sites, Teams, Yammer, Service Now, One Drive and who knows what else exists, so we have a very bad experience as you do not know where to find things, and if you do not follow any of those channels, you will miss stuff. Pick your standard and do not fall into the trap of implementing the flavor of the month.”

- Team Lead, Emerson Electric Co

Growing digital environments with too many disparate tools has created a scenario where optimizing digital experiences across various devices and locations is falling short, preventing your organization’s ability to effectively adapt to Everywhere Work.

When laying the foundation for an improved digital employee experience (DEX), consolidating your tech stack is a crucial component.

Why unmanaged tools and assets are hurting your DEX

Some organizations have reported their digital transformation being accelerated by three to five years since 2020. Unlike a few years ago, assets no longer live just in the office. They are scattered across the globe and increasing in quantity. Recent reports show the average employee uses 2.6 devices to get their job done.

But with more assets come more problems. 45% of employees have experienced more tech issues since 2020, with the average employee running into 3.67 endpoint issues a day.

This volume of daily issues means that valuable insights are growing fast and in different places.

Being able to navigate this complex environment in a timely manner to address all issues proactively poses a challenge when your tools and systems don't talk to each other.

A more complex environment without the proper tools has IT and security professionals feeling the heat. 73% report an increased workload since their organization adopted hybrid/remote work. In fact, nearly 1 in 3 IT and security professionals report losing at least one team member due to burnout.

And these types of work environments aren’t going away anytime soon. According to our Everywhere Work research:

71% of office workers want to work either hybrid (with control over which days they come to the office) or remote.
66% of employees say they have experienced no negative side effects due to remote work.
71% of C-Suite admit hybrid working has had a positive impact on employee morale.

Some organizations are already taking action. A recent survey conducted by EMA, found that a resounding 86% of respondents are looking to consolidate asset-related tools and 18% are actively planning to manage all asset types on one platform.

“Centralization is critical. Having too many tools is an issue for us.”

- System Administrator, CFCU Community Credit Union

Consolidating your tech stack lays the groundwork for automation, which helps decrease workloads and ultimately deter digital burnouts for your IT and security teams. With technology becoming more entwined with the daily operations of employees, making sure you provide efficient ways to manage, secure and support this environment for your IT teams is crucial to delivering improved experiences.

Space for video

Benefits of consolidating your tech stack

Consolidating your tech stack aids DEX initiatives in many ways, including: 

1. Reducing complexity for your IT staff

It's time to kick manual processes and inefficient workloads to the curb. Connecting and simplifying your organization’s workflows streamlines and automates your IT environments. This removes unnecessary complexity and enables improved experiences for your IT teams.

2. More responsive and efficient IT support

28% of employees wish for a more responsive service desk. When IT has all the information in a single place, they can address and resolve tickets quicker and more effectively.

3. Preventing issue before they happen

Quickly resolving issues and, ideally, preventing issues in the first place, creates betterexperiences. Research shows it can take up to 20 minutes for workers to refocus on a task. When you simplify your tech stack and enable access to valuable insights in one place, preventing issues becomes a breeze. You get to keep employees out of the service queue and focused on their jobs, reclaiming thousands of hours of lost productivity across your organization.

When looking to create better employee experiences in the Everywhere Work era, consolidating your tech stack is a step you can’t afford to skip. Simplifying and streamlining your IT structure makes life easier for your IT and security teams — freeing up their time to understand employee sentiment, track and optimize experiences over time and prevent issues before they occur.

To learn more about DEX, watch our on-demand webinar to get A step-by-step guide to planning and measuring digital employee experience.

DEX's Role in Bringing Generations Together

Thu, 11 May 2023 09:00:00 Z

Key takeaways

There are four generations in the workforce – each expecting something else from technology.
Organizations need to find a balance between technological innovations and comfortable tools for all generations.
By integrating accessibility into technologies and methodologies, organizations can build work environments that work for everyone.
Organizations should consider implementing automation and AI to improve their digital employee experience and bring generations together.

Download the Digital Employee Experience Report and explore research results.

For the first time in history, there are four generations in the workforce:

Baby Boomers (1946 to 1964).
Generation X (1965-1980).
Millennial (1981-1996).
Generation Z (1997-2012).

This puts organizations in a unique situation – how do you make the correct adjustments for such a wide-ranging workforce? We are interacting with tech in nearly every aspect of our lives. And each generation has their own preferences, expectations and drivers for using tech.

Workers of all generations have struggled to adapt to remote and hybrid work environments, finding themselves in an uphill battle to build positive interactions with new tools and devices. This has been exacerbated by the rapid pace of technological development.

“DEX is great, but I believe we should also leave some space to the older generations who are not so familiar with new technologies and can function more efficiently in traditional environments.”

- Ivanti Innovator

By 2030, one in every five Americans will be of retirement age, with 65% of Boomers planning on working past the retirement age of 65. By 2050, people in the European Union aged 75-84 years will expand by 56.1%. Employment rates for people aged 50-69 are also expected to rise to 65% in 2035, with 12% of office workers already being 59 years or older. This can’t be overlooked as it points to more diversity in how workers interact with their technology and what they expect from their employers.

For example, Millennials in a Gartner report rated socialization and passion as strong motivators for working at an organization, giving it the highest rating of five. Meanwhile, Baby Boomer and Gen X rate these two categories at one and three, respectively.

Even though a large portion of the workforce is still over the age of 50, Gen Z is projected to make up 27% of the workforce by 2025. This growing dichotomy means that employees, even if they work for the same company or on the same team, will have vastly different work methods and expectations from their employers.

Inclusivity is the key to tapping into new growth in this era of Everywhere Work. Investing in your digital employee experience (DEX), which equips your employees with the right tools, is a great start.

The correct investment helps to foster improved workflows and help with talent retention. On top of that, the tools it brings to your organization, such as 360-degree monitoring of devices and automatic self-healing of devices, offer you the necessary insights to identify how to bridge generational divides.

A flexible and scalable employee experience for everyone

Organizations need to balance adopting technological innovations and making sure all generations can stay productive and comfortable with the tools they use. Because at the end of the day, a great digital employee experience works for everyone – regardless of their age. But, just like Albert Einstein’s saying, “everything is relative,” a “great” experience is different for everyone.

What works well for one generation may not translate equally to another. You need to make sure your IT team can cater to all their needs and monitor trends to adjust and inform your strategy and investment. For example, Gen Z and Millennials, who’ve been surrounded by tech their entire lives, might not be inclined to seek support. They’ll opt for resolving it themselves.

This type of DIY culture can eventually snowball into shadow IT – a risk growing globally. In fact, our Everywhere Work report shows there’s been a 26% increase in shadow IT because of remote work environments. In some countries, like Germany, there’s been an astounding 45% increase in shadow IT.

That’s why basing it on the context of the user and noting specific preferences and expectations, thanks to heightened levels of automation and AI, opens the door for more personalized support for all generations.

While it’s important to keep generational differences in mind, it’s equally important not to fall victim to stereotyping – sometimes referred to as unconscious bias. Rather, get a gauge directly from your employees and look at what areas need to be addressed.

Our research found that 14% of workers say their organization doesn’t even collect employee feedback on a regular basis. With 26% of employees saying they’d quit their job partly because of the tools available, taking no action isn’t an option. Asking for direct feedback from your employees is key. Additionally, you can augment this by measuring your users’ DEX score and sentiment on a continuous basis.

A common cause of employee frustration stems from lost work and interrupted momentum. In fact, 42% of office workers have spent their own money on hardware and software to help stay productive and ease frustration for themselves.

When workers lack the necessary tools to work effectively, their productivity and morale suffer. This is highlighted in a recent Harvard Business Review study where only 28% of employees feel connected to their organization’s mission. And this can lead to a mass exodus. According to our Everywhere Work report, 25% of office workers say they switched jobs in the last year because they didn’t feel engaged with the values and culture of their company.

Seeing what works for employees and what areas need to be addressed is key to improving your organization’s DEX and putting your employees in a position to succeed.

Integrate accessibility into your technologies and methodologies

As you head towards improving your digital employee experience, assessing how to make your technology flexible and scalable for everyone is a step in the right direction.

Some examples of improving accessibility can include:

Going beyond post-ticket surveys and collecting sentiment via interactive automation bots.
Offering audio options.
Tracking and optimizing experiences over time.
Implementing automation to reduce workloads and solve problems before they impact users.

Organizations have an opportunity to be trailblazers in how they run their digital employee experience initiatives. Not only will improving your DEX build work environments that cater to each employee’s needs, increase productivity levels and align them with the goals of your organization, it will help bridge generational divides – making your organization more inclusive and productive.

Improving diversity, equity and inclusion (DEI) is something C-suites can’t avoid. 56% of full-time employees say having an ethnically, racially or culturally diverse workforce is very important to them – with Gen Z and Millennial employees valuing it more than Gen X and Boomers.

Improving your digital employee experience efforts can also aid in DEI efforts by:

Building clearer connections to specific business outcomes.
Maximizing data-driven decision making.
Providing a consolidated view of DEI technology programs.

Not only does DEX create environments where employees have a choice in how they work, it breaks barriers that’ve been ingrained into traditional work settings – paving the way for a more diverse and inclusive workplace.

If you’d like to learn more about DEX, explore our eBook and watch our webinar for a step-by-step outline.

The Role of DEX in Talent Retention

Tue, 04 Apr 2023 17:04:26 Z

Key takeaways

The average knowledge worker uses 2.6 devices to get their jobs done and runs into an average of 3.67 digital endpoint issues a day.
Research shows that almost a third of employees quit a job within the first six months.
87% of HR professionals say improving retention rates are among their highest priorities in the next five years.
Thanks to digital burnouts and better job opportunities, 20% of HR professionals are expecting a decrease in employee retention rates, based on current trends at their organization.
By providing the right tools for their employees, organizations can increase talent retention and reduce the risks of work-related stress and digital burnouts.

Download the Digital Employee Experience Report and explore research results.

Recruiting talent to your organization is one thing, keeping said talent is a different beast. Everywhere Work has given the workforce an increased sense of power in choosing where and how they work.

As a result, retaining employees has become a challenge for organizations. Research has shown that 31% of employees quit a job within the first six months and France experienced record-high turnover in 2021, with a rate of 24.20%. This massive employee shift, sometimes called the “great resignation”, is a worldwide phenomenon.

Recent reports are showing:

38% of Australian workers intend to leave their current employer during the next 12 months.
The US saw 5.9 million total separations in July 2022 – 20% higher than pre-pandemic levels.
The Netherlands had 1.9 million people start a new job at the beginning of 2022 – 400,000 more than at the same time in 2021.
45% of US employees are currently looking for a better position elsewhere.

Knowledge workers’ expectations have changed in the age of Everywhere Work; especially when it comes to the technology they use day-to-day. The average employee now uses 2.6 devices to get their job done and 49% of employees are frustrated with their current tools – with 26% even contemplating leaving their job partly because of it.

Therefore, a proper investment in your Digital Employee Experience (DEX) process and tools can help you both recruit and keep talent, as well as align them with the goals of your organization.

The value of DEX across your organization

Talent retention has become a topic no organization can escape. An overwhelming 87% of HR experts consider improving retention rates to be among their highest priorities in the next five years.

“I think ‘Attracts and retains talent’ has an edge at the moment since good employees are hard to come by in the current job market!”

- Mick Verbunt, System Engineer / Workspace Engineer, ACA IT Solutionsty

Over the past few years, businesses have reassessed embracing user-centric approaches to IT. In particular, the “modern management theory” postulates that job satisfaction predicates workforce productivity, rather than financial compensation. Applying this principle to the present day, the use of IT requires digital technology to serve the workers, rather than the other way around.

Today, the type and usability of the technology businesses offer to employees are chief factors for attracting and retaining a talented workforce. According to research, 41% of businesses reported they had lost IT workers because they were unhappy with having to perform excessive workloads.

Rather than focusing on delivering “user-centric” technology that solely targets the goal of making workers productive, modern management approaches address the broader objective of enhancing employee experiences to elevate both productivity and job satisfaction.

Deter digital burnouts

Everywhere Work hasn’t been just a bed of roses. It has created an always-on environment where workers can’t “plug out.” Unrestricted access to the internet and their work devices has caused a spike in digital burnouts.

Digital burnouts, a contributing factor to mental health conditions like depression and anxiety, are costing UK organizations over 15 million days of lost work. HR professionals estimate up to 50% of their annual turnover is caused by digital burnouts. In fact, 20% of organizations are predicting a decrease in talent retention based on current trends.

When workers experience digital burnout, they find themselves disengaged from the goals of their organization. That’s further confirmed by research saying only 28% of employees feel connected to their company's mission.

By providing the right tools for their employees, organizations can be proactive in reducing work-related stress and digital burnouts, leading to a more engaged and invigorated workforce. When workers feel more in line with their organization’s goals, productivity will increase.

What value do higher retention rates have?

Employees bring the most value to an organization when they’re energized, motivated and willing to take on challenges and strategic projects. None of that can start without a great relationship with their devices and tools. And workers are vocal about it – our survey on digital employee experience found that 65% of employees and 71% of IT professionals said they could be more productive if they had different tools.

There are also financial factors to consider. It’s estimated that low retention rates will cost the US economy $430 billion in lost revenue by 2030 and replacing a trained employee can exceed their salary by up to 200%. In the UK, work-related stress is costing organizations over £5 billion annually. Improving your retention rates, through the correct investment in DEX, can maximize a company's profits up to four times.

“Between reducing risk and retaining our healthcare talent, we believe improving the DEX of our employees is very important for our business.”

- Robert Garza, Systems Architect, University Health System

Investing in DEX is no longer a question of “if” or “when”. The toll digital burnouts are taking on your teams are now clearly impacting organizations’ ability to attract and retain talent. Empower your teams with great tools that drive productivity and employee engagement.

Learn more about which areas to focus on first in our Getting started with DEX eBook.

Hounded by Cyber Security?

Mon, 22 Oct 2018 22:17:21 Z

On This Day

One of these latter moments happened during a recent weekend on a longer walk. Social media popped up to notify me that a decade ago I had posted reminding my social connections of the importance of patching (yes, I really am that interesting).

I recalled that I had been involved in a Sasser worm clean-up for a client of the company I worked for at the time. As I’m sure many reading this post will remember, Sasser was a self-propagating virus that could tear through unpatched Windows XP/2000 networks at lightning pace and cause frequent crashes and reboots.

Whilst my task of patching and securing the network on that day was unremarkable, it did occur to me both how much and how little some things have changed from a cyber security perspective over the last decade.

The Need to Patch

Even back in 2008, there was a consensus that patching was an important security prerequisite. It still is today. In fact, on their list of top 20 cyber security controls, the Center for Internet Security places Continuous Vulnerability Management (which includes patching) as the third most important thing you can do to secure your network after hardware and software asset discovery and control.

Yet, according to Forrester Research, in 2017 an estimated 24 percent of enterprises suffered at least one breach due to vulnerability exploits. And according to Gartner, 99 percent of the vulnerabilities exploited at the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident

Many of Ivanti’s customers use one of our market-leading patch products, which can help automate the patching of a vast array of applications and components across various operating systems. Concerning zero-day exploits, the research time from discovery to exploit is ever falling, which makes it more important than ever to have a robust vulnerability management program.

What Has Changed?

The cyber threat landscape has evolved dramatically over the last few years. This is due in part to increased opportunity and accessibility for nefarious threat actors. More and more of us are conducting business, finance, and leisure online across an ever-increasing array of devices and mediums. The demarcation point between home and work for many has all but gone, and the consumerisation of IT has ‘happened.’

Antivirus solutions, once hailed as the holy grail of cyber security, are still undeniably important. However, in 2018, they are not prioritised at the top of the Center for Internet Security (CIS) cyber security controls.

Malware creation frameworks have been commercialised, making powerful cyber weaponry available to organised criminals, which at one time would only have been the domain of hacktivists, nation states, or ‘script kiddies’ (the latter I can thank for my fight with the Sasser worm all those years ago).

Nation state-sponsored cyber-attacks are also no longer the realm of science fiction, with two such alleged attacks making news headlines just recently.

Defence-in-depth is hailed as the most effective cyber security strategy available today, with no point solution offering complete protection from the diverse and sophisticated threats faced in today’s world. It’s defense-in-depth with a solid strategy—layered defences that experts have prioritized as those most likely to protect against modern cyber-attacks.

This is a strategy that resonates strongly with us here at Ivanti. As well as the patch solutions mentioned above, we offer a strong portfolio of security solutions that work in concert to contribute to a robust cyber security posture.

The Next 10 Years

The next decade is likely to be an extremely eventful time in the cyber security space, with emerging technologies like blockchain, IoT, AI, 5G, and quantum computing (to name a few) providing a hint of the future challenges. That said, you can bet that Ivanti will continue to innovate at the bleeding edge to keep our customers secure and the world moving.

Here’s to the next 10 years.

Robin Rowe is a product manager at Ivanti focusing on security and cloud solutions. Based in the UK, Robin has also worked as a senior solutions engineer, data center project engineer, senior consultant, and customer support engineer.

Cybersecurity in a Consumer IoT World: Why Should I Be Worried?

Tue, 02 Oct 2018 23:11:00 Z

I’m a self-confessed geek and early adopter of new tech (when I can convince my long-suffering wife of its merits). Home automation has been something of a recent hobby.

When cooking, I can set a timer with my voice. When the countdown elapses, it triggers an audible alarm and the Wi-Fi light bulbs in my house will flash. If I fail to notice these, at some point the smart smoke alarms will send a notification to my smart watch to indicate that my dinner is on fire. I can then invoke plan B and order takeaway using my voice via my digital assistant.

Smart Devices – A Global Trend

Most folks I speak to (even outside the tech industry) have some form of smart devices in their home, whether it’s to stream or watch media, to keep an eye on their pets and property, or a wearable such as a smart watch.

Statistics show this is a global trend. In fact, within the next year the number of consumer-connected Internet of Things (IoT) devices is predicted to overtake the human population, currently at circa seven billion. By 2020, Gartner predicts the number of consumer IoT devices will have nearly doubled to almost 13 billion devices. See ZDNet article. Gartner also predicts that in the same timeframe, IoT will be in 95% of new electronic product design. See: Is IoT security being regulated?

Powering these devices are an array of sensors—microphones, cameras, GPS, accelerometers, health data, thermometers, and barometers to name a few. These are constantly gathering information from the environment to support their feature sets.

IoT Security Concerns

From a security perspective there are some obvious concerns:

Home networks don’t have the sophisticated firewalls and intrusion detection systems that enterprises generally have.
Consumers don’t always follow security best practices, such as changing default passwords.
IoT devices often have a rapid hardware lifecycle with little or no ongoing vulnerability mitigation provided by the vendor.
Consumers may have an assumption that security will be dealt with by the vendor.
Some IoT devices require manual patching, which many users will not do. (If it’s not broken, why fix it?)
Devices like webcams can require routing rules set up to allow access from the internet, which makes these devices a particularly easy target.
Teleworkers may use their home broadband/network, which may contain vulnerable or compromised IoT devices that could be an attack vector.

There have already been some high-profile IoT vulnerabilities disclosed or exploited, such as the Mirai botnet and this rather alarming automotive hack amongst others, but it’s likely these are just the tip of the iceberg.

IoT devices are designed and manufactured by a broad spectrum of vendors, ranging from the tiny crowd-funded startups through billion-dollar ‘unicorns’ to established enterprises. There are some 3,000 companies in the IoT space in North America alone. See Forbes article.

Security’s Varying Role

Security is likely to play a varying role across the spectrum of vendors, with new startups often needing to cut corners to get to market. Gartner predicts that by 2022, half of IoT security budget will be spent reactively (remediating faults and product recalls) rather than on proactive protections.

On the brighter side, there are steps underway toward implementing regulatory policy to define a minimum level of security for IoT devices. Of course, the big challenge will be achieving worldwide adoption and enforcement.

So what can we do in the meantime? Microsoft cited some cyber security statistics earlier this year that make for interesting reading. In particular, the following are very relevant to IoT:

Eighty-one percent of security incidents are caused by credential theft.
Seventy-three percent of users use password duplicates.
Ninety percent of login requests are from credential stuffing attacks.

Some basic approaches that can help are adopting a good password policy (at the very least, ensure you do not re-use passwords across different systems) and being generally risk aware.

It’s also important to keep devices up-to-date with any available security updates supplied by the IoT vendor. It’s worth noting that not all IoT devices can be patched, and for those that are patchable, it can be very difficult and requires technical knowledge to apply the update.

Finally, make sure your friends, family, and colleagues are aware of the potential security risks around IoT devices and encourage them to use good cyber hygiene practices to minimize their chances of becoming a victim of cyber-crime.

Kick Logon issues to the Kerb(eros). How to get ‘smart’ with your DataNow authentication

Mon, 07 Mar 2016 06:00:38 Z

*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

Smart card authentication is becoming increasingly popular in the Enterprise. This is mainly due to the increased security and user convenience they offer. They do require special consideration for software packages that leverage single sign-on (SSO) technology.

AppSense DataNow is no exception to this. The good news is that we support Kerberos single sign-on for the Windows client. In this blog, I’ll run through the considerations and configuration required for Kerberos support, so by the end you’ll be an SSO pro.

The first step is to choose which scenario(s) match your organisation’s requirements

NTLM SSO – Users log on to Windows with a Username and Password - In this mode, the DataNow Windows client will sign in silently at Windows logon from any internet enabled location. No additional appliance or infrastructure prerequisites required to support this mode. (note: this mode does not support smart-card logon) This is the recommended mode for most environments due to the lower complexity
Kerberos SSO – Users log on to Windows with a Username and Password and / or a with a Smart card. In this mode, the DataNow Windows client will sign in silently at windows logon from endpoints with internal network connectivity (ie. On the internal network, or connected by a VPN tunnel so they can acquire their Kerberos ticket granting ticket from the domain controller)
Mixed environment – Some smart-card enabled endpoints and some traditional password configured endpoints. DataNow supports logins from both types, but you need to specify the SSO type as part of the client configuration.

If you read my previous blog, you’ll have a good grasp of the requisite steps for the client side configuration from an SSO standpoint.

Kerberos Prerequisites
If you’re planning to use Kerberos SSO there are some additional steps required

The creation of an Active Directory ‘Pre-authentication’ account. This facilitates the following:

The acquisition of the Kerberos Keytab from a user account so that the server can trust the authorised user to access it
Pre-authentication checks
The determination of the ‘Service Principal’ used to access the DataNow appliance (As part of the ticket granting process)
The re-use of service tickets sent to the platform so that the service can access data on the user’s behalf via Kerberos Constrained Delegation.

This user account should be a standard (non-administrative) account with minimal privileges. The account should be secured with a complex password, and we recommend that to avoid platform reconfiguration with new credentials, that the password be configured to not expire (this is not a strict requirement however)

Ensure that DataNow has a valid DNS A record configured, and used by the connecting DataNow clients, eg datanow.mycompany.com

Ensure a reverse DNS (PTR) record and corresponding A record are present for any File servers servicing map points (these should be defined in the DataNow admin console as FQDN as opposed to via IP address)

Ensure that TCP/UDP 123 is open from the DataNow appliance to the Internet (this is used by Network Time protocol (NTP) to synchronise the appliance clock with an accurate time source which is an important Kerberos prerequisite. You should also check that your domain controller / file server and endpoint clocks are accurate. Chances are that if you’re already using smart cards, these should be fine.

From a domain controller, with administrative credentials run the following command:

[code]setspn –S http/dn.mycompany.com dnpreauth[/code]

Where dn.mycompany.com is the FQDN of your DataNow appliance as used by your clients and ‘dnpreauth’ is the name of your AD pre-authentication account created above.

This allows the Kerberos Ticket Granting server within AD to locate the key information associated with the user account and allow a token to be returned to the Windows client on the endpoints which are then used to access the DataNow appliance(s).

Following this step, an extra tab called ‘delegation’ will appear in the properties dialogue of the pre-authentication user account in Active Directory.

Navigate to this tab, and select ‘Trust this user for delegation to any service (Kerberos only)’
This ensures that the DataNow appliance has authorisation to utilise the Kerberos ticket forwarded to it by the DataNow client or web browser so that it can reuse the user identity to access file service resources.

The next step is to move on to the configuration of the DataNow Appliance(s). To do this you firstly need to log on to a DataNow appliance admin console at https://dn.mycompany.com:8443/config/kerberos

Enter the configuration details (This example is based on a single domain. In environments where users and network resources such as storage are in differing domains, these details will need to be added as required):
- Pre-auth user and password (created in step 1)
- The realm name - usually the DNS name of the domain in upper case e.g. MYCOMPANY.COM
- KDC - the FQDN of the Domain Key Distribution Centre (usually the same DNS name as the AD controller)(Note: if you are unsure of the KDC name try using
  nslookup __tcp.<domainFQDN>
  from a domain joined client to get the IP of the KDC, followed by
  ping -a <ip address>
  to get the canonical name of the KDC.)
- Default domain - the domain in lower case e.g. mycompany.com

Click update, then save:

To configure a domain-joined (and connected) Windows endpoint to use Kerberos SSO, use Environment Manager or Group Policy (with DataNow ADMX) to configure either:

Registry Key: HKLM\Software\AppSense\DataNow
Value Name: EnableSSO
Value Type: Reg DWORD
Value Data: 2
Or:
Registry Key: HKLM\Software\Policies\AppSense\DataNow
Value Name: EnableSSO
Value Type: Reg DWORD
Value Data: 2

Once the other pre-requisite settings have been applied you should be able to reboot the client endpoint and then see DataNow automatically log in with Kerberos SSO!

I hope this blog has been insightful – Please do not hesitate to comment below if you have any questions or feedback.

DataNow- Electing to Exclude

Thu, 26 Mar 2015 14:55:32 Z

*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

Today I’d like to talk about a couple of new, powerful features introduced in the DataNow 3.5 Windows client that offers administrative control over what data is allowed to sync (exclusions) and what data is excluded from being populated automatically in a user’s cache by default in automatic map points (electives).

Exclusions- Why would you want to exclude data from being synced? A common use case of DataNow is to provide users with seamless offline access to their data from multiple platforms, and to ensure that any locally created data is automatically synced with the copy on the organization’s file servers. One way of doing this is to redirect the Windows user profile folders into the local DataNow cache.

This is great from the user’s perspective, since they can continue working in a familiar way with their Desktop/Document folders, but inevitably there will be some content that either the administrator will not want to sync back to the server (a user’s music or film library for example) or is backed up via another method (Outlook OST files for example). Some other file types, like in-use database files just don’t support being replicated by any file level sync product.

Earlier versions of DataNow 3.5 supported path/extension based exclusions for uploading files/folders.

DataNow 3.5 introduces advanced bi-directional client-side conditional exclusions based on regular expressions with new criteria that can be evaluated by type, age, size and path.

Let’s look at how it works.

DataNow 3.5 Exclusion Registry Keys

DataNow exclusions are controlled via four, new registry keys:

HKCU\Software\AppSense\DataNow\FilePolicy\Exclusions

HKCU\Software\AppSense\DataNow\FilePolicy\ExclusionOverrides

HKCU\Software\AppSense\DataNow\DeltaPolicy\Exclusions

HKCU\Software\AppSense\DataNow\DeltaPolicy\ExclusionOverrides

FilePolicy is concerned with file sync exclusions (and electives covered later in this post)

DeltaPolicy allows you to control which file types are excluded from ‘delta sync’ where we only sync portions of the file that changed.

We can build exclusion expressions based on combinations of:

File & Folder Paths
File Extension
File Age
File Size

By default, DataNow excludes certain temporary files from syncing to and from the server. For reference these are:

Files with the extension tmp, lnk, partial, crdownload, part and download
Office backup files starting with ~$
Excel temporary files
Open Office temporary files
The Recycle Bin

When any custom exclusion is defined in the registry, the implicit default exclusions are ignored (allowing for customization of this list if required). I’d recommend re-adding these with the following expression:

(Ext In [tmp lnk partial crdownload part download]) OR (Name == /~\\$./) OR (Name == /[0-9A-F]{8,8}/) OR (Name == /\\.~lock.#?/) OR (Name == /.*~/) OR (Path == /\\$Recycle.Bin$/)

This expression is added as a registry string value with an arbitrary name under the

HKCU\Software\AppSense\DataNow\FilePolicy\Exclusions

Example- To demonstrate the power of the new rule based exclusion expressions, take the following example, where you want to configure DataNow so that it will only sync files that are younger than 1 year AND under 100MB but NOT Word or excel files (these can sync regardless of size / age).

First configure the exclusion:

Registry Key: HKCU\Software\AppSense\DataNow\FilePolicy\Exclusions

Value Type: REG_SZ

Value Name: (arbitrary)

Value Data: Age > 1Y And Size > 100Mb"

This puts a blanket, bi-directional sync exclusion on files matching both of the above criteria (you could use the OR statement if you wanted to block either).

You can use the Exclusion Overrides key to add exceptions to all configured rules (these are evaluated last).

Registry Key: HKCU\Software\AppSense\DataNow\FilePolicy\ExclusionOverrides

Value Type: REG_SZ

Value Name: (arbitrary)

Value Data: Ext In [doc docx xls xlsx]

Files not modified in over a year will not be uploaded to the server. Files not modified in over a year present on the server, but not present locally, will not appear in listings.

Important note- One of the key challenges faced when applying exclusions to existing data, is how to address the relationship between the server and client side data once the exclusion is applied. We handle it as follows.

By default, if an exclusion is applied that matches in-sync data, we will ignore the exclusion for that data and continue to sync changes, invoked locally or out-of-band. If new content is created that matches the exclusion filter, then the exclusion will be applied.

If it is desired to override this behaviour and prevent any further sync activities with defined exclusions, there is a mechanism provided to allow this via the ‘insync’ property. This returns ‘true’ or ‘false’ depending on the sync state of the file, which is tracked in the local ADS metadata.

Great, so how do I do this?

The easiest way is to use an exclusion override that duplicates the exclusion rule and additionally adds the ‘insync’ flag and a ‘not’ statement.

E.g. if you had an existing exclusion defined to exclude .ISO files and .EXE files and wanted this exclusion to apply to existing data, you could add the following exclusion override:

Registry Key: HKCU\Software\AppSense\DataNow\FilePolicy\ExclusionOverrides

Value Type: REG_SZ

Value Name: (arbitrary)

Value Data: insync and not Ext In [exe iso]

Electives- To set the scene, in DataNow we have ‘automatic’ and ‘manual’ sync policies admins can apply to map points.

In the case of automatic map points, all content not matching an exclusion filter is synced between the map point and the local DataNow cache on the endpoint. Manual map points are not quite as straight forward. In this case, all locally created content syncs to the server and is ‘in-sync’ from that point forwards.

Server-side content is represented locally by a ‘ghost’ file which doesn’t consume any local disk space, but allows the user to see and interact with the file in the same location. This is only downloaded to the user cache on the first access by the user or their application.

Users always have flexibility and control over what content is stored in their local DataNow cache via the Explorer right-click menu option. Here they can opt to sync or unsync at any folder level in the map point hierarchy. This will in the case of selecting ‘sync’ subscribe to all content and sub-content, or in the case of ‘unsync’ revert local content to ‘ghost’ files.

So where do electives fit in?- Electives are synonymous with ‘Automatic’ map points, and offer a way to administratively override content from being synced down to a user endpoint by default on an automatic map point. The primary use-case envisaged is conservation of disk space on the endpoint and on-boarding bandwidth consumption by making file types the user is not expected to use download-on-demand.

Electives are defined in a similar way to exclusions, and we offer the same degree of granularity.

DataNow 3.5 Exclusion Registry Keys:

HKCU\Software\AppSense\DataNow\FilePolicy\Electives

HKCU\Software\AppSense\DataNow\FilePolicy\ElectiveOverrides

As per exclusions, we can build elective expressions based on combinations of:

File & Folder Paths
File Extension
File Age
File Size

Here’s an example of setting an Elective policy you could apply to an endpoint so that an automatic map point will download everything to an endpoint except for .ISO or .EXE files that are over 500MB and older than a year, unless they’re in a specific folder (\ImportantISOs) in which case they will be downloaded automatically:

Registry Key: HKCU\Software\AppSense\DataNow\FilePolicy\Electives

Value Type: REG_SZ

Value Name: (arbitrary)

Value Data: Ext In [iso exe] And Size > 500Mb And Age > 1Y

Here we’ve created a blanket elective rule to apply to all files with an extension of .iso or .exe

Registry Key: HKCU\Software\AppSense\DataNow\FilePolicy\ElectiveOverrides

Value Type: REG_SZ

Value Name: (arbitrary)

Value Data: Path == /ImportantISOs\\.*\..*/

I hope this blog provides some insight into these powerful, new features and how they can be used to sync the right data, keeping your end users happy and productive.

Ivanti Blog: Posts by

How Consolidating Your Tech Stack Drives DEX Outcomes

Why unmanaged tools and assets are hurting your DEX

Benefits of consolidating your tech stack

1. Reducing complexity for your IT staff

2. More responsive and efficient IT support

3. Preventing issue before they happen

DEX's Role in Bringing Generations Together

Key takeaways

A flexible and scalable employee experience for everyone

Integrate accessibility into your technologies and methodologies

The Role of DEX in Talent Retention

Key takeaways

The value of DEX across your organization

Deter digital burnouts

What value do higher retention rates have?

Hounded by Cyber Security?

On This Day

The Need to Patch

What Has Changed?

The Next 10 Years

Cybersecurity in a Consumer IoT World: Why Should I Be Worried?

Smart Devices – A Global Trend

IoT Security Concerns

Security’s Varying Role

Kick Logon issues to the Kerb(eros). How to get ‘smart’ with your DataNow authentication

DataNow- Electing to Exclude

HKCU\Software\AppSense\DataNow\FilePolicy\Exclusions

HKCU\Software\AppSense\DataNow\FilePolicy\ExclusionOverrides

HKCU\Software\AppSense\DataNow\DeltaPolicy\Exclusions

HKCU\Software\AppSense\DataNow\DeltaPolicy\ExclusionOverrides

(Ext In [tmp lnk partial crdownload part download]) OR (Name == /~\\$.*/) OR (Name == /[0-9A-F]{8,8}/) OR (Name == /\\.~lock.*#?/) OR (Name == /.*~/) OR (Path == /\\$Recycle.Bin$/)

HKCU\Software\AppSense\DataNow\FilePolicy\Exclusions

HKCU\Software\AppSense\DataNow\FilePolicy\Electives

HKCU\Software\AppSense\DataNow\FilePolicy\ElectiveOverrides

(Ext In [tmp lnk partial crdownload part download]) OR (Name == /~\\$./) OR (Name == /[0-9A-F]{8,8}/) OR (Name == /\\.~lock.#?/) OR (Name == /.*~/) OR (Path == /\\$Recycle.Bin$/)