1E Features
An overview of 1E features and enhancements. The page provides a brief overview of each feature and links to other pages with more detail.
Installation
1E provides a setup wizard that installs all the separate parts of the 1E platform using their individual installers. It is used to validate a server prior to running the installers, and supports a range of configurations as described in 1E configuration options.
1E Client installers are also provided for Windows and packages for supported non-Windows OS.
Introducing 1E Client Deployment Assistant is a wizard that assists Configuration Manager with deployment of 1E Client and other 1E Client agents, guiding you through common settings for clients and deployments.
1E Endpoint Troubleshooting features
Endpoint Troubleshooting gives you the ability to investigate, remediate issues and manage operations across all your endpoints in real time. For more information, please refer to Using 1E Endpoint Troubleshooting.
Here's an overview of the features available in the Endpoint Troubleshooting application.
Questions, actions and their responses
Endpoint Troubleshooting lets you directly question connected devices to retrieve responses, run actions, and get real-time information from them. The Endpoint Troubleshooting front-end capabilities ensure fast querying, investigation, and remediation.
The questions, responses and actions feature includes:
Graphical display of response information
Instruction impact assessment
Response history.
Note
For more information on Instructions and their responses, please refer to:
Exporting data from 1E Endpoint Troubleshooting
Results visible in Endpoint Troubleshooting can be exported to files containing comma-separated values (CSV) or, in the case of the Export all option on the instruction response page, tab-separated values (TSV), and results can be marked for export at the point of asking a question to automate the process. Endpoint Troubleshooting lets you export the data on a number of pages to CSV files:
Instruction history
Responses - you can export a single page or all results once the Instruction has finished gathering responses - these can then be used for auditing purposes or to drive external programs
Drill-down responses
Device information.
Note
For more information on exporting data from Endpoint Troubleshooting, please refer to:
Coverage, question filters, view filters and follow-on instructions
Questions and responses can be tailored to focus on specific ranges of devices through the use of coverage and filters:
Coverage acts first to let you restrict the devices that will be asked a given question
Question filters act before devices have responded to narrow the responses that are sent
View filters act after the responses have been sent to focus the responses presented to the user and to determine the input into the follow-on instructions
The responses to initial questions can be further refined by asking follow-on questions or actions, allowing questioners and actioners to focus in on the results they want to see.
Note
For more information on coverage, question filters, view filters and follow-on instructions, please refer to:
Approval workflow
To enhance the safety of running actions in the 1E system, there is an approval workflow that ensures that every 1E action requires the approval of designated approvers before it can be run. To make it even safer, someone with approval permissions cannot approve their own action.
When an attempt is made to run an action, the 1E approval workflow sends an email and a notification to all the approvers associated with the action. Any of the approvers may approve or reject the request to run the action.
Note
For more information on the Approval workflow, please refer to:
Authentication
Users must provide their user credentials when attempting to run an action, this prevents unauthorized access by a third party attempting to make use of an unattended computer.
Actions can also be configured to require two-factor authentication. This is where the user attempting to run an action is challenged to enter a unique, one-time authorization code that has been sent to them by an alternative method such as email or a registered mobile.
Task-based organization for accessing and scheduling instructions
1E provides a way of accessing the questions and actions that is organized around the way that network administrators typically interact with their network. This interface also lets you run the Instruction using a schedule.
The Endpoint Troubleshooting→Instructions→Tasks page in Endpoint Troubleshooting provides a structured view of the instructions defined in the DEXPack. It also lets you schedule the tasks so they can be run in the future or according to a particular schedule.
Using task groups
The benefit of using Tasks lies in the task group structure that is defined in the DEXPack. It is this structure that enables you to focus in on specific task areas to find the particular instruction that you want.
For example you may be interested in instructions related to particular software vendor's products. Depending on the Instructions that you have uploaded to your 1E system you may see the following structure:
At the top-level there is a Software Vendors task group whose children are 1E and Microsoft.
Underneath the 1E task group there is a Tachyon group that contains Configuration, Diagnostics and Verification groups as well as a couple of Instructions.
Underneath the Microsoft task group is the Configuration Manager task group containing Instructions related to that product.
Note
For more information on using Task groups to access and schedule Instructions, please refer to:
Inventory and connectivity
The Devices page in the Endpoint Troubleshooting shows you all the devices that have connected with 1E and their current connection status. There are two views provided that let you research the devices: the devices table and the devices dashboard, please refer to The Devices Table and The Devices Dashboard for more details.
Note
For more information on inventory and connectivity, please refer to:
1E Endpoint Automation features
The Endpoint Automation application gives you the ability to ensure device compliance with enterprise IT policies. For more information please refer to the Using 1E Endpoint Automation section of this documentation.
Policies and Rules
The Endpoint Automation state of a device is enforced by the 1E client at the device. One or more policies are deployed to devices according to the management groups the devices belong to. Each policy consists of one or more rules that are either check rules or fix rules.
Rule | Explanation |
---|---|
Check | Allow you to verify that a device has a particular state, such as a registry key having a specific value. You can then view summary and detail reports which show devices that are compliant and not compliant with the check rules. |
Fix | Allow you to define a desired state for the device and then enforce that state. For example, you could mandate that a registry key exists and contains a specific value. Again, you can report on the application of these fix rules to devices. |
For an explanation of management groups, please refer to the Management Groups page. Management groups allow devices to be flexibly grouped, based on management group rules. This means you can easily administer devices based on, for instance, their Active Directory Organizational Unit, or their operating system version, or any other criteria supported by the management group rules.
Note
For more information on policies and rules please refer to:
The 1E Endpoint Automation Overview page
The Overview page lets you view the current state of your enterprise in terms of the devices and policies that have been defined and applied. It consists of a number of charts that let you monitor the state in real-time.
Note
For more information on the Endpoint Automation Overview page please refer to:
1E Endpoint Automation Reports
The Endpoint Automation application provides three reports that let you view the details for the currently defined Policies, Rules and Devices. The information in these reports is consolidated into the Guaranteed State Overview page charts.
Note
For more information on the Policies, Rules and Devices reports pages please refer to:
Exploring devices
Endpoint Automation provides a Devices page where you can view the currently connected devices. On this page you can also select one or more of the devices and click an Explore button that launches the Explorer application. You can then run an instruction using the selected devices as the coverage for the instruction.
Note
For more information on exploring devices please refer to:
Device Criticality
Device criticality is an attribute of a device that defines its importance within an organization. The default definition in 1E has these settings:
Undefined (or not set)
Non-critical
Low
Medium
High
Critical.
At present, criticality settings do not affect the primary operation of Endpoint Automation. However, it is possible to use 1E to set device criticality and to view it within Endpoint Automation.
1E also supports the use of the criticality setting when defining coverage for an instruction. For example, you can target an instruction to be sent only to devices whose criticality is not Critical.
Settings features
The Settings application lets you configure 1E system and application settings. For more information please refer to Using Settings.
Here's an overview of the features available in the Settings application.
Instructions, product packs, Instruction sets and permissions
1E lets you investigate your network using questions and actions, which are collectively known as Instructions.
You can load Instructions into 1E, either individually or using a DEXPack, which is essentially a zip file containing one or more Instructions. 1E comes with a range of pre-framed questions and actions in the form of DEXPacks, providing extensive out-of-the-box capabilities that can be extended as new and updated DEXPacks are made available.
1E permissions for the Instructions are handled using Instruction sets. You create Instruction sets, then define roles which specify particular permissions on those sets and then assign the roles to users. Each Instruction is only allowed to reside in one Instruction Set, which associates it with a role and thereby the users that have that role and can run the Instruction. The roles have associated Management groups that determine the devices that users with the role have access to.
When Instructions are loaded into 1E they are placed in the default Unassigned Instruction Set, so you must move them into previously created Instruction sets before they can be run.
Note
For more information on uploading product packs into 1E and managing Instruction sets, please refer to:
Connectors
Connectors are used to connect to other 1E and third party systems and populate repositories. When more than one connector to different data sources are used, the information from those different data sources is de-duplicated and normalized into a single cohesive view that is then stored in a repository. In this way you can use the data from different sources to augment each other and build a better picture of "what's out there?".
For example, you can sync inventory data from Configuration Manager into an inventory repository, which will fetch information about your Windows devices. You could then augment that with inventory data synced from 1E platform which could include information about non-Windows devices where the 1E client has been installed.
Note
For more information on connectors, please refer to:
The following connectors are supported:
BigFix connector — Connects to a BigFix Inventory database server.
BigFixInv connector — Connects to a BigFix Inventory database.
File Upload connector — Uploads inventory data from a folder containing tab (TSV) and comma (CSV) separated value file(s).
Intune connector — Connects to an Intune application and collects inventory and usage data.
Microsoft Office 365 connector — Connects to an Office 365 application in InTune and pulls in inventory and usage data.
OpenLM connector — Connects to an OpenLM database server.
Oracle LMS connector — Connects to Oracle LMS and queries it for inventory information.
ServiceNow connector — Connects to a ServiceNow instance to import basic inventory data into SLA Platform.
System Center Configuration Manager connector — Connects to a Configuration Manager database and pulls in inventory and usage data.
1E connector — Connects the 1E and SLA components to support Management group and 1E Powered Inventory features. The 1E Powered Inventory feature uses instructions to fetch inventory data from 1E clients, and is a prerequisite for Patch Success.
vCenter connector — Connects to a vCenter server and pulls in inventory data.
Windows Server Update Services connector — Connects to a WSUS database and pulls in patch data.
Repositories
Repositories are used by applications to process and store information. For example the Patch Success application uses both an inventory and a BI repository to process the information needed to report on how successful patching is in your enterprise. Normally a connector is used to connect a data source to an appropriate repository.
Tip
Repositories are also useful when you want to segregate different types of data. For example, you could have one inventory repository for Configuration Manager inventory data, and another one for BigFix data. Alternatively, you can have connectors to different inventory sources pushing data into one repository. Any Management Groups that you create will span all the repositories you have.
Device Tags
Device Tags are generally associated with Endpoint Troubleshooting and can be used when setting coverage to target Instructions to particular devices, but they can also be used to define Management Groups optionally used by all applications.
Device Tags must be defined by a Full Administrator before they can be used to tag devices or used to set the coverage of Instructions.
This is done from the Settings→Configuration→Custom properties→ Device Tags page, which can be viewed by users with the Full Administrator role.
Note
For more information on managing and using Device Tags, please refer to:
Software Tags
Using Software Tags allows you to create custom labels and associate them with the software titles you have deployed in your estate.
You can do this from the Settings→Configuration→Custom properties→Software Tags page, which can be viewed by users with the Full Administrator role.
Using Software Tags allows you to create custom labels and associate them with the software titles you have deployed in your estate. An administrator with either the Full Administrator or Group Administrator role can set Software Tags in their environment, they can also create Management Groups based on the tag name and value. For details about configuring 1E users, Roles, and Management Groups refer to the Permissions Menu pages.
In short, you can work with Software tags by:
Creating your Software Tag.
Associating the new tag with a software title.
Creating a Management Group based on the Software Tag name and Tag value rules (This step can be run anytime before evaluation).
Evaluating the new Management Group by running a Basic Inventory Consolidation.
If an administrator adds or modifies Software Tags or associations, they will have to run the Management Group evaluation report again to see the updated devices reflected in Inventory.
Schedules
Schedules can be created to execute specific operations on repositories in 1E so that they are kept up to date with their data sources and processing. These operations include:
Syncing data sources to repositories using connectors
Processing the BI data cube.
Repository schedules are different to Instruction schedules that can be set in Endpoint Troubleshooting.
Consumers, Applications, Components and Providers
There are pages in the Settings application for each of these. They are described in the following table:
Configuration objects | Description |
---|---|
Consumers | These can access 1E using the 1E Consumer API. To enhance the security of the 1E system. Only consumers that have been registered on the Settings→Configuration→Consumers page will be allowed to access 1E. |
Applications | Features of that are hosted in the 1E Portal. Applications are generally Consumers as they need to interact with 1E using the 1E API. These are available on the Switch App menu. |
Components | These form part of SLA and cannot be changed or altered by a user. These can be viewed using the Settings→Configuration→Components page. |
Providers | These are components that can be configured to provide a particular operation in SLA. These can be viewed and configured using the Settings→Configuration→Provider configuration page. |
Note
For more information on Consumers, Components and Providers, please refer to:
Information pages
Information on your 1E license is available, as well as the ability to re-activate it following an update.
You can view information on the 1E system information for the Consumer, Coordinator, Background channel, Core and Switch.
Monitoring log files
The monitoring pages let you view how 1E is performing its tasks. Four key log pages are provided:
Page | Description |
---|---|
Process log | Whenever you execute a sync or process a repository the steps are displayed here. This page is updated in real-time and shows the status of each step as it happens. |
Sync log | The results of performing a sync are displayed here. |
Infrastructure log | Information on the 1E infrastructure is displayed here, such as: license status and instruction workflow. |
Audit information log | This page displays information on the Instructions that have been run in Endpoint Troubleshooting. This includes the instruction text and the user that requested it. |
Note
For more information on monitoring please refer to:
Defining users and roles
1E users or groups can be added from your IdP. They can be assigned roles that determine what aspects of 1E they can access. Custom roles can be created that let you associate particular permissions on particular Instruction sets for particular management groups.
Note
For more information on users and roles please refer to:
Management groups
Management groups use inventory-based rules to define groups of particular devices, they are implemented in SLA and then made available to 1E applications and other consumers. After a management group is defined, each time the inventory is updated the device membership of the groups is re-evaluated by applying the management group's rules to the new inventory.
Custom roles can be created that tie particular Instruction sets to particular management groups. This means you can not only set the permissions for users to access the Instructions in specific Instructions sets, you can also determine which devices they can target using those Instructions.
Once defined, management groups can then be used to set the coverage for Instructions in Endpoint Troubleshooting and also which devices can be targeted by particular users. Management groups are also used by other applications to determine which devices are being targeted.
Note
For more information on management groups, please refer to:
Uploading Instructions into 1E and creating Instruction sets
You determine the capabilities of Endpoint Troubleshooting by uploading Instructions from DEXPacks into 1E. DEXPacks are either provided with the release or downloaded from the 1E Exchange. Once the Instructions have been uploaded into 1E you then need to put them into Instruction sets. The Instruction sets can then be associated with custom roles to determine the permissions applied to the Instructions. The custom roles are then applied to users to determine which Instructions each user has access to.
Note
For more information on uploading product packs into 1E and managing Instruction sets, please refer to:
Inventory Insightsfeatures
The Inventory Insights app captures data from different sources, then consolidates, normalizes and stores it in Inventory repositories. The Inventory Insights app is also used to view and export inventory, and manage associations.
Inventory Insights uses connectors to capture software, hardware and other data from sources such as 1E, Configuration Manager, Big Fix and vCenter where it is consolidated, de-duplicated and normalized. Normalization uses software and hardware entries in The 1E Catalog.
An empty repository called Default Inventory is provided out-of-the box. You can optionally create additional inventory repositories to partition data by source, time periods, or other purpose. To populate a repository, you must use one or more inventory connectors, and either manually sync the data or schedule a sync. For more detail, please refer to Repositories page and Schedules page in Settings.
Inventory repositories are used by the following applications:
Introducing Patch Success - reports on and ensures successful patching of your enterprise
Introducing Application Migration - automates the migration of applications during a Configuration Manager OS deployment
Introducing AppClarity - manages entitlements, compliance and reclaiming unused software
Any application - if you need it to use Management Groups.
Consumer applications
Applications are categorized as follows:
Configuration - applications required to configure 1E platform and required by all other applications
Client - applications that communicate with devices in real-time
Inventory – applications that use inventory features.
Applications that are included in the 1E Platform license
Application | Purpose | Type |
---|---|---|
View and export inventory, and manage associations. It uses the SLA databases. | Inventory, configuration | |
Configure and monitor platform features. It uses the 1E Master database. | Configuration | |
Ensure endpoint compliance to enterprise IT policies. It uses the 1E Master and Responses database. | Client | |
Investigate, remediate issues and manage operations across all your endpoints in real-time. It uses the Content Distribution Master and Responses database. | Client |
Applications that require a license
Application | Purpose | Type |
---|---|---|
Manage software license compliance, License Demand Calculations, license entitlements, and for reclaiming unused software. It uses the SLA databases. | Inventory | |
Intelligently automate the migration of applications during a Configuration Manager OS deployment. It uses the SLA databases. | Inventory | |
Manage content distribution across your organization using a centralized dashboard. It uses the Content Distribution database. 1E Client requires 1E and Content Distribution features to be enabled on all clients. Content Distribution replaces the Content Distribution features of ActiveEfficiency Server, which is deprecated. Legacy Content Distribution clients continue to be supported by direct communication with the Content Distribution API, whereas Content Distribution 8.x clients communicate with the Content Distribution API via the proxy feature on Response Servers. 1E Setup is used to install Content Distribution, and the Content Distribution app, and no longer installs ActiveEfficiency. Content Distribution uses Content Distribution for the following features:
| Client | |
Reports on and ensures successful patching of your enterprise. It uses the SLA and BI databases. Requires SLA Business Intelligence to be installed by 1E Setup, as described in 1E Business Intelligence above. It also needs connectors to get meta-data for patches from whichever of the following that you use to approve patches:
| Inventory | |
Measure performance, stability and responsiveness for applications and devices to assess user experience across your enterprise. It uses the 1E Master and Experience Analytics databases. | Client |
The 1E Client
The 1E Client provides functionality to 1E. On Windows devices, the 1E Client provides client features and modules for other 1E products. On non-Windows devices, the 1E Client only provides 1E features.
1E enables rapid response to instructions using the 1E Client, which supports the retrieval of information, running actions and device tagging. The 1E Client can also be extended to support additional features. On Windows OS, the 1E Client is installed as a service, with a small footprint.
Supported Platforms
All 1E Client features are supported on the following Windows OS:
Windows
Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows 11 CB 21H2
Windows 10 CB 21H2
Windows 10 CB 21H1
Windows 10 CB 20H2
The zip for 1E Client for Windows is available for download from the 1E Support Portal, https://1e.my.site.com.
Professional and Enterprise editions are supported for Windows 10 and Windows 11.
All versions are provided with 32-bit & 64-installers, and can be installed on physical and virtual computers.
Note
This list is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client .
Please refer to Constraints of Legacy OS regarding the end of mainstream support.
For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.
Please refer to https://support.1e.com/ for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.
The Tachyon client features of 1E Client are supported on the following non-Windows OS:
macOS
macOS Monterey 12.0
macOS Big Sur 11.0
macOS Catalina 10.15
macOS Mojave 10.14
Linux
CentOS Stream 8
Debian 10.4
Fedora 34
Red Hat Enterprise Linux 7.9
Red Hat Enterprise Linux 8.5
SUSE Linux Enterprise 15.2
Ubuntu 18.04
Solaris
Please use 1E Client 5.2
Other versions of these non-Windows OS should work but have not been tested by 1E.
1E Client packages for other Linux distributions can be requested, including Raspbian for Raspberry Pi.
The 1E Client for Linux supports the following architectures:
Linux variations on Intel 64-bit platforms
1E Client packages for Linux are included in the non-Windows zip available for download from the 1E Support Portal, https://1e.my.site.com.
1E Client supports only 1E features on non-Windows devices.
1E Client is not available for Solaris, please use 1E Client 5.2 instead.
The 1E Client 5.2 for Solaris supports for the following architectures:
Solaris on Intel 64-bit and SPARC platforms
1E Client 5.2 package for Solaris is included in the non-Windows zip available for download from the 1E Support Portal, https://1e.my.site.com.
1E Client supports only 1E features on non-Windows devices.
1E Activity Record feature
1E clients capture certain types of event data in a local database (Persistent Storage) so that instructions can query later. Data is compressed and encrypted in a way that ensures a very low impact on device performance and security.
1E Activity Record is similar to Windows Task Manager and Perfmon. On Windows client devices 1E continuously captures events, which enables all significant events to be captured as they happen. Other OS use polling, which requires the polling frequency to be regular enough to ensure brief events are captured.
System status bar and notification area
1E includes a system status bar that displays the number of 1E instructions in progress and current and historical connectivity information for the total number of devices connected to 1E.
The notification area provides information on the logged on user or administrator and access to their notifications.
Certificates
1E uses certificates on the 1E Server and client devices to maintain the security of the system. Any custom Instructions must be code-signed with a certificate that has been registered in your 1E license before they can be run in 1E.
The certificates feature includes:
Support for Cryptographic Next Generation certificates
Upgrade to the latest version of OpenSSL v1.0.2h
Security to enforce 1E Client device certificates.
1E integration
1E can integrate with 3rd party products. It integrates seamlessly with Microsoft System Center Configuration Manager, it can use Content Distribution to add content download capabilities, provides a fully-featured consumer API and can even be used as a response delivery mechanism by 3rd party applications.
Consumer management
1E provides a dedicated page where the 3rd party consumers can be enabled and managed by 1E Consumer Administrators, as described on the Consumers page.
Microsoft System Center Configuration Manager console integration
Configuration Manager users can use all the features of 1E from within the Configuration Manager console.
Run questions and actions that target the devices in Configuration Manager collections.
1E Client integration with Content Distribution to enable efficient download of content
1E can leverage the features of the industry-respected Content Distribution to enable content to be downloaded to the 1E client device. Using Content Distribution provides the following benefits:
Significantly reduces the bandwidth required for delivering software
Small offices or sites connected via poor network links can receive software updates more reliably
Reduces the need for large numbers of Configuration Manager servers
Faster Configuration Manager implementations because fewer servers are required
Distribute software to home, mobile and remote office users
Low cost – easy to deploy
No new infrastructure or skills required
Reduces software distribution costs
The feature is a set-and-forget option on the 1E Client . By default, it is enabled and means that 1E will automatically use Content Distribution to download content if it is installed on the 1E Client device (Content Distribution is currently supported on Windows devices only). The prerequisites for using Content Distribution are given on Supported Platforms. The options for configuring Content Distribution integration are NomadContentDownloadEnabled and NomadContentDownloadTimeoutSecs in the 1E Client configuration file.
1E consumer API
1E implements a complete API for controlling the questions, answers, responses and workflows that implement the Tachyon features for third-party applications including ServiceNow.
The 1E API feature includes:
Consumer API versioning
Improved version and error reporting support in Consumer API
Extended RBAC API extensions for consumers
1E can offload responses directly to 3rd party applications
1E can be used as the means to gather data for 3rd party applications. Using its fast response time to gather the data, it then be configured to pass the data on without storing it locally. The offloading is configured for each consumer on the Consumers page. To use this feature, the consumer must be configured to use the offloaded responses data.
Telemetry
Telemetry helps 1E to continually improve your experience with 1E. Only summarized statistical information is collected, which enables 1E to see how customers use features of the application. No personally identifiable data is collected. 1E use this information to:
Understand how the product is being used to influence future development decisions
Plan supported platforms (OS, SQL etc. versions) over time
Deliver a smooth upgrade experience as we can focus testing on implemented scenarios
Improve system performance
Identify early warning signs of potential issues such as excessive growth of database tables, instruction failures etc. so we can pro-actively address them.
Server telemetry reports how the platform is used and data is compressed, encrypted and sent to 1E through email on a configurable schedule. Full details of the Server telemetry data sent to 1E is provided in Server telemetry data.
User Interface telemetry reports how the user interface is used, and data is sent directly from administrator browsers to the 1E Cloud.
Telemetry features are configurable using 1E Server Setup during installation or upgrade, and can be enabled or disabled as a post-installation task. 1E encourages customers to enable sending telemetry.