OCS features

Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator keep track of the computers configuration and software that are installed on the network. OCS Inventory is able to detect:

• Type - Physical machine, Virtual machine
• Logical drives / partitions - Logical drive letter, Type (removable, hard drive, cd-rom, network, RAM...), File system (FAT, FAT32, NTFS...), Total size in MB, Free space in MB.
• Operating System - Detailed information (4.0.1381 for NT4, 4.10.2222 for 98 SE...), User information (Service Packs for NT/2000/X), Registered company, Registered owner, Registered product ID)
• Software - extracted from the registry as shown in the "Add/Remove software" control panel applet: Name, Publisher, Version, Language, Installation name, Architecture (32 or 64), Hotfix list.
• Display monitors - Manufacturer, Caption, Description, Type, Serial number.
• Computer description
• All active devices on the network, such as switch, router, network printer and unattended devices

OCS Inventory NG Architecture

OCS Inventory NG uses an agent, which runs the inventory on client computers, and a management server, which centralizes inventory results, allow viewing inventory results and network devices detected, and creating deployment packages.

Communications between agents and management server are done using HTTP/HTTPS protocols. All data are formatted in Zlib compressed XML to reduce network traffic average.

Management server contains 4 main components:

• Database server - stores inventory information.
• Communication server - which will handle HTTP or HTTPS communications between database server and agents.
• Deployment server - which store all package deployment configuration (require HTTPS!)
• Administration console - which will allow administrators to query the database server through their favorite browser.

OCS Inventory NG Plugins

OCS Inventory NG offers the possibility to extend the functionalities with plugins.

On the agent side, a plugin can be as simple as a VBS script under Windows or shell script under Unix, retrieving data to enhance inventory (like retrieving MS Office key or scheduled jobs) or a bit more complex, a DLL under Windows or Perl module under Unix, adding agent completely new capacity.

On the server side, you can also create plugins to store new data in the database using Perl plugin into Communication Server, and display them into Administration Console using PHP plugin. These plugins can also control agent execution tasks.

OCS Inventory NG Recources

• Main documentation page - http://wiki.ocsinventory-ng.org/index.php/Documentation:Main
• Server installation /info - http://wiki.ocsinventory-ng.org/index.php/Documentation:Server
• Agent installation / info (Linux) - http://wiki.ocsinventory-ng.org/index.php/Documentation:UnixAgent
• Plugin development example - http://wiki.ocsinventory-ng.org/index.php/Plugins:Crontab

OCS Inventory NG CERN extension

The extension collects additional data which CERN is interested in.

• OS_ID - every OS has an unique ID which is generated on agent's first run and it is saved in [path to OCS config folder]/id.conf file. If the file is deleted then new ID will be generated.
• ARCHITECTURE - OS identification (32/64 bit).
• BOOT_TIME - OS boot time
• LOCATION - computer location - building, floor, room. If the agent does not have access to LanDB and cannot send the location then the server fills it in.

SSO configuration:

• http://shapeshed.com/journal/setting_up_mod_ssl_on_apache_centos_52/
• http://linux.web.cern.ch/linux/scientific5/docs/shibboleth.shtml
• Shibboleth configuration for ocs (httpd.conf):

<Location /ocsreports>
    #########################################################
    # The modules only work using HTTPS
    SSLRequireSSL
    AuthType shibboleth
    ShibRequireSession On
    ShibRequireAll On
    ShibExportAssertion Off
   
    ### ShibUseHeaders On
    ### Uncomment above line if you want shibboleth to
    ### use also old-style request headers
    ### may be required for use with Tomcat, or to
    ### allow easy migration of older applications.
    ### It is strongly recommended not to use above
    ### option in order to improve security.
   
    Require valid-user
    Require ADFS_GROUP "ocs-cern-dde_teledeploy", "ocs-cern-admin", "ocs-cern-ladmin", "ocs-cern-sadmin"
    ##########################################################
</Location>

4 e-groups have been added ( https://e-groups.cern.ch/e-groups/EgroupsSearchForm.do ).

• "ocs-cern-dde_teledeploy", "ocs-cern-admin", "ocs-cern-ladmin", "ocs-cern-sadmin"

These groups correspond to OCS groups with the same names. OCS privileges for these groups can be modified in OCS-> User section -> Administer Profiles tab .

Important (!):

• CERN OCS e-groups should start with 'ocs-cern-' and end with OCS group name
• Currently OCS has 4 groups: 'dde_teledeploy' (Teledeploy Requesters) , 'admin' (Administrators), 'ladmin' (Local Administrators), 'sadmin' (Super Administrators)
• Each user must be added to only 1 (one) e-group. If user is added to several groups then he will get rights from the last found group (it may be a different group every login).

More info:

• CERN extension uses ncm-ocsagent for configuration.
• For OCS version 1.3 the epel package was used. For OCS version 2 we build our own from sources.
• All custom code can be downloaded from linuxsoft SVN repositories

OCS Inventory NG Gotchas

• All database tables/fields have to be created in uppercase. OCS is case sensitive.
• Sometimes database changes take very long time (1.3 to 2.0 update took 1 day). Sometimes it is better to drop the database and start from scratch (all active clients will report within 1-2 days)