Skip to main content

1E 9.x (on-premises)

Settings features

The Settings application lets you configure the 1E system and application settings. For more information please refer to the Using Settings section of this documentation.

Settings features
Instructions, DEXPacks, Instruction sets, and permissions

1E lets you investigate your network using questions and actions, which are collectively known as Instructions.

You can load Instructions into 1E, either individually or with a DEXPack, which is essentially a zip file containing one or more Instructions. 1E comes with a range of pre-framed questions and actions in the form of DEXPacks, providing extensive out-of-the-box capabilities that can be extended as new and updated DEXPacks are made available.

1E permissions for the Instructions are handled using Instruction sets. You create Instruction sets, then define roles that specify particular permissions on those sets, and then assign the roles to users. Each Instruction is only allowed to reside in one Instruction Set, which associates it with a role and thereby the users that have that role and can run the Instruction. The roles have associated Management groups that determine the devices that users with the role have access.

When Instructions are loaded into 1E they are placed in the default Unassigned Instruction Set, so you must move them into previously created Instruction sets before they can be run.

For more information on uploading product packs into 1E and managing Instruction sets, please refer to Instruction sets page.

Server software

Category

Product

Notes

Server OS

  • Windows Server 2022

  • Windows Server 2019

  • Windows Server 2016

For more detail about configuration of servers, please refer to Windows Server requirements.

Only 64-bit server OS are supported. The server must be domain-joined.

This version of 1E requires the server OS to be English because of a Known issues with certain regional settings.

If TLS 1.0 is disabled, then please ensure you follow the steps in If TLS1.0 is disabled to add registry entries, for the 1E Catalog Update Service to successfully connect to the 1E Cloud Catalog.

Note

This list shows only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client .

Please refer to Constraints of Legacy OS regarding the end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Refer to Support for Microsoft Rapid-Release Cycle on https://support.1e.com/ for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

SQL Server and SQL Server Analysis Services (SSAS)

  • SQL Server 2019

  • SQL Server 2017

  • SQL Server 2016 SP3

For more detail, please refer to SQL Server requirements.

Standard and Enterprise editions of these versions of SQL Server and SQL Server Analysis Services (SSAS) are supported.

SQL Server 2016 RTM is not supported due to some issues, which are resolved by SP3.

Note

1E only supports AlwaysOn Availability Groups on SQL Server Enterprise Edition. Please refer to High Availability options for SQL Server for HA options and their requirements.

Note

If you intend to integrate with third-party business intelligence products such as Power BI, you must install the Enterprise edition of SSAS as per their requirements.

A SQL Server database instance is required for the following databases:

  • 1ECatalog

  • ContentDistribution (optional - required for Nomad)

  • SLA-BI (optional - required for Patch Success)

  • SLA-Data

  • SLA-Integrate

  • SLA-Shared

  • TachyonExperience (optional - required for Tachyon Experience)

  • TachyonMaster

  • TachyonResponses

SLA Inventory databases

1E Server Setup can install the above databases on separate SQL Server instances, however SLA-Data, SLA-Integrate, and SLA-Shared must exist on the same instance.

A SQL Server Analysis Services (SSAS) instance installed in Multidimensional mode is required for SLA Business Intelligence.

SLA Business Intelligence

SLA Business Intelligence (BI) is only required for the Patch Success application.

Together, the SLA Platform and BI installers create the following:

  • A database called SLA-BI on the SQL Server database instance.

  • A MOLAP cube called SLA-BI on the SSAS instance.

  • A linked server for the SLA databases to get data from the SLA-BI database and then from the SLA-BI cube.

  • A linked server for the SLA-BI database to get data from the SLA databases.

  • A datasource definition used by the SLA-BI cube to connect to the BI database.

If the SLA databases, BI database, or SSAS instance for BI, are on different SQL Servers then the BI installer enforces the use of a SQL login on each instance. If they are on the same SQL Server then the installer gives you a choice of using integrated security (domain user account) or a SQL login.

However, if you are installing all the components using 1E Server Setup instead of their individual installers, then you are not given the choice. 1E Server Setup always uses integrated security. Contact your 1E Account Team if your scenario requires the above-mentioned databases to be on different SQL Servers. This affects different servers, not different instances.

All SQL Server instances must be configured with the following:

  • A case-insensitive, accent-sensitive collation which is SQL_Latin1_General_CP1_CI_AS by default,

  • Allow remote connections to this server enabled.

All SQL Servers should be configured with the SQL Server Browser service running in order for the BI installer to select from a list of instances.

SQL Server Management Studio is required to review the configuration and edit settings in 1E database tables.

If installing SQL Server locally, note:

  • SQL Server 2016 and 2017 require .NET Framework 4.6 or later

  • SQL Server setup requires PowerShell 2.0.

For the latest information about SQL Server prerequisites, please refer to http://go.microsoft.com/fwlink/?LinkId=622999.

Microsoft Endpoint Configuration Manager

  • MECM CB 2303

  • MECM CB 2211

  • MECM CB 2207

  • MECM CB 2203

  • MECM CB 2111

  • MECM CB 2107

1E uses Configuration Manager for the following optional apps and features:

Content Distribution provides the following Content Distribution features for Configuration Manager:

Content Distribution requires the Content Distribution web service to synchronize with the Configuration Manager database. For standalone primary site environments, permissions are automatically assigned to the service account of Content Distribution's web application pool service (by default Network Service) using the ConfigMgr_DViewAccess localgroup native to Configuration Manager.

For a CAS, this group is not created natively therefore additional steps are required to allow access. Please refer to Preparation: Microsoft Endpoint Configuration Manager preparation.

Web Server

  • IIS 10

See Windows Server roles and features for details about required Web Server roles and features.

Runtime libraries

  • Visual C++ 2013 Redistributable

  • Visual C++ 2015-2019 Redistributable

  • ASP.NET Core Framework 3.1

  • .NET Framework 4.8

See Windows Server roles and features for details about required .NET Framework roles and features. To know supported combinations of OS and .NET Framework, please refer to: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies.

  • Windows Server 2022 has .NET Framework 4.8 installed by default.

  • Windows Server 2019 has .NET Framework 4.7.2 installed by default.

  • Windows Server 2016 has .NET Framework 4.6.2 installed by default.

ASP.NET Core Hosting Bundle is required only for the Content Distribution. It is not included with the Operating System, and must be downloaded and installed separately. If it not already installed, 1E Server Setup will attempt to automatically download version 3.1.11 and install it. Alternatively you can download it, or a later version, and install it yourself. For more detail please refer to ASP.NET Core Hosting Bundle,.

Installers include and automatically installs the redistributable packages for Visual C++ 2013 and Visual C++ 2015-2019. The Coordinator (licensing module on the Master Stack), and Switch (on Response Stack) are written in C++ using Visual Studio 2013 and 2019, therefore require the runtime (x64) versions of these packages. Other server components use .NET Framework.

SQL BCP is required by the Export All feature described in Exporting data from Endpoint Troubleshooting, and must be installed on each Tachyon Response Stack server (specifically the servers which have the Tachyon Core installed). BCP uses ODBC, which requires Microsoft ODBC Driver versions 13.1 and 17 and Visual C++ 2017 Redistributable to be installed first. Please refer toP SQL BCP for more detail.

Other software

  • PowerShell

PowerShell is required by 1E installer during installation.

Browsers

Latest version of:

  • Google Chrome

  • Microsoft Edge (Chromium)

  • Mozilla Firefox

A browser is not a prerequisite for installation of 1E servers but is required to use and administer the 1E platform. The administration is performed via the 1E portal and can be on a remote computer.

These browsers are supported on all OS platforms which the browser vendor supports.

The Portal and any API should be added as a trusted site. This is especially important when running scripts that may produce unexpected errors.

Please review Known Issues Using 1E.

Note

Microsoft legacy browsers

Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version) because Microsoft no longer supported them since 2021. We recommend you use Google Chrome, Firefox, or Microsoft Edge Chromium browser.

Connectors

Connectors are used to connect to other 1E and third party systems and populate repositories. When more than one connector to different data sources is used, the information from those different data sources is de-duplicated and normalized into a single cohesive view that is then stored in a repository. In this way, you can use the data from different sources to augment each other and build a better picture of "what's out there?".

For example, you can sync inventory data from Configuration Manager into an inventory repository, which will fetch information about your Windows devices. You could then augment that with inventory data synced from 1E which could include information about non-Windows devices where the client has been installed.

Note

For more information on connectors, please refer to:

The following connectors are supported:

Repositories

Repositories are used by applications to process and store information. For example, the Patch Insights application uses both an inventory and a BI repository to process the information needed to report on how successful patching is in your enterprise. Normally a connector is used to connect a data source to an appropriate repository.

Tip

Repositories are also useful when you want to segregate different types of data. For example, you could have one inventory repository for Configuration Manager inventory data, and another one for BigFix data. Alternatively, you can have connectors to different inventory sources pushing data into one repository. Any Management Groups that you create will span all the repositories you have.

Note

For more information on managing repositories, please refer to:

Device Tags

Device Tags are generally associated with Endpoint Troubleshooting and can be used when setting coverage to target Instructions to particular devices, but they can also be used to define Management Groups optionally used by all applications.

Device Tags must be defined by a Full Administrator before they can be used to tag devices or used to set the coverage of Instructions.

This is done from the Settings→Configuration→Custom properties→ Device Tags page, which can be viewed by users with the Full Administrator role.

Software Tags

Using Software Tags allows you to create custom labels and associate them with the software titles you have deployed in your estate.

You can do this from the Settings→Configuration→Custom properties→Software Tags page, which can be viewed by users with the Full Administrator role.

Using Software Tags allows you to create custom labels and associate them with the software titles you have deployed in your estate. An administrator with either the Full Administrator or Group Administrator role can set Software Tags in their environment, they can also create Management Groups based on the tag name and value. For details about configuring 1E users, Roles, and Management Groups refer to the Permissions Menu pages.

In short, you can work with Software tags by:

  1. Creating your Software Tag.

  2. Associating the new tag with a software title.

  3. Creating a Management Group based on the Software Tag name and Tag value rules (This step can be run anytime before evaluation).

  4. Evaluating the new Management Group by running a Basic Inventory Consolidation.

If an administrator adds or modifies Software Tags or associations, they will have to run the Management Group evaluation report again to see the updated devices reflected in Inventory.

Schedules

Schedules can be created to execute specific operations on repositories in 1E so that they are kept up to date with their data sources and processing. These operations include:

  • Syncing data sources to repositories using connectors

  • Processing the BI data cube.

Repository schedules are different from Instruction schedules that can be set in Endpoint Troubleshooting.

Note

For more information on setting schedules, please refer to:

Consumers, Applications, Components, and Providers

There are pages in the Settings application for each of these. They are described in the following table:

Configuration objects

Description

Consumers

These can access 1E using the 1E Consumer API. To enhance the security of the 1E system, only consumers that have been registered on the Settings→Configuration→Consumers page will be allowed to access 1E.

Applications

Features of 1E that is hosted in the 1E portal. Applications are generally Consumers as they need to interact with 1E using the 1E API. These are available on the Switch App menu.

Components

These form part of SLA and cannot be changed or altered by a user. These can be viewed using the Settings→Configuration→Components page.

Providers

These are components that can be configured to provide a particular operation in SLA. These can be viewed and configured using the Settings→Configuration→Provider configuration page.

Note

For more information on Consumers, Components, and Providers, please refer to:

Information pages

Information on your 1E license is available, as well as the ability to, reactivate it following an update.

You can view information on the 1E system information for the Consumer, Coordinator, Background channel, Core and Switch.

Note

For more information please refer to:

Monitoring log files

The monitoring pages let you view how 1E is performing its tasks. Four key log pages are provided:

Page

Description

Process log

Whenever you execute a sync or process a repository the steps are displayed here. This page is updated in real-time and shows the status of each step as it happens.

Sync log

The results of performing a sync are displayed here.

Infrastructure log

Information on the 1E infrastructure is displayed here, such as license status and instruction workflow.

Audit information log

This page displays information on the Instructions that have been run in Endpoint Troubleshooting. This includes the instruction text and the user that requested it.

Note

For more information on monitoring please refer to:

Defining users and roles

1E users or groups can be added from AD. They can be assigned roles that determine what aspects of 1E they can access. Custom roles can be created that let you associate particular permissions on particular Instruction sets for particular management groups.

Note

For more information on users and roles please refer to:

Management groups

Management groups use inventory-based rules to define groups of particular devices, they are implemented in SLA and then made available to 1E applications and other consumers. After a management group is defined, each time the inventory is updated the device membership of the groups is re-evaluated by applying the management group's rules to the new inventory.

Custom roles can be created that tie particular Instruction sets to particular management groups. This means you can not only set the permissions for users to access the Instructions in specific Instructions sets, but you can also determine which devices they can target using those Instructions.

Once defined, management groups can then be used to set the coverage for Instructions in Endpoint Troubleshooting and also which devices can be targeted by particular users. Management groups are also used by the Patch Insights and Endpoint Automation applications to determine which devices are being targeted.

Note

For more information on management groups, please refer to:

Uploading Instructions into 1E and creating Instruction sets

You determine the capabilities of Endpoint Troubleshooting by uploading Instructions from product packs into 1E. DEXPacks are either provided with the release or downloaded from the 1E Exchange. Once the Instructions have been uploaded into 1E you then need to put them into Instruction sets. The Instruction sets can then be associated with custom roles to determine the permissions applied to the Instructions. The custom roles are then applied to users to determine which Instructions each user has access to.

Note

For more information on uploading product packs into 1E and managing Instruction sets, please refer to: