KeyServer Reports
Overview
KeyServer's reports allow administrators to summarize
usage and audit information, and view internal data in hundreds of ways. The
reports are supported by KeyServer's various databases, which are also accessible
externally through the KeyServer ODBC driver, ksODBC, using any reporting tool.
Report Categories
- Audit - Reports that list programs deployed
on each computer or products that contain these programs.
- Chart - Histograms of concurrent usage or
logins.
- Configuration - Reports that show basic configuration - association between objects, e.g. Programs in a Product.
- Denial - Reports summarizing program
Denial events.
- Login - Summaries of who logged in where,
and for how long.
- Miscellaneous - Reports that may be useful
for very specific situations.
- Node Locked - Reports that compare
deployment and usage data to policy configuration data.
- Purchase - Reports that deal with Purchase data.
- Summarize - General Summaries of
configuration and usage.
- Usage - Two-level usage summaries of
program or policy usage.
Programs displayed in reports
Generally speaking, all reports will ignore data from programs which are
not part of any product. So, even if a program
used to be in a Product in the past, and a Policy caused usage information to be recorded for the program, usage reports will
not select launch and quit events if the program now has no product. Presumably if a program has been removed from a product, an administrator
has decided that the program is not interesting, so
reports should not show information on usage of the program. In addition,
while Audit related reports will show data for programs which are merely Utility components of products, Usage related reports will only show programs which are Application components, since that is the only configuration which can generate new usage data. One exception to
this rule is the Event Dump report, which is designed solely to show an
exhaustive list of all events in KeyServer's usage database. Another exception is the Audit Verbose (COMP x prog) and Audit Verbose (PROG x comp) reports, which show audit data even for programs with no product.
Computer Login types displayed in reports
Most reports will show data from all computers. However, Audit related
reports will only show data for computers which are
currently Dedicated, Leased, or Imported.
Naming Conventions
The report names are meant to be short, yet understandable and meaningful. We
use the following standard abbreviations:
- comp - Computer
- div - Division
- fix - Hotfix
- fldr - Program Folder
- plcy - Policy
- prch - Purchase
- prod - Product
- prog - Program
- user - User
- pool - Policy Pool (e.g. the name of the Group used as an
access restriction for a policy pool - configured in the details of a
custom policy)
- path - Path
- sn - Serial Number
These abbreviations are used within parenthesis following the name of
various reports. If there is only one term, the report will usually generate a flat
list. For example, "Histogram (PROG)" indicates a list of programs.
If there are two terms in parenthesis, the first term (CAPS font) indicates
the summary (header) records. Below the expansion icon for each summary
record, the detail records (lower case font) are listed. For example,
"Usage (COMP x plcy)" indicates a usage summary, where summary lines
are computers, and detail lines are policies - "under
each computer, list in detail the policies that were used". In some cases, there may be a third level of detail, but this will not be referenced in the report name.
Audit reports
installed programs
RUN Audit (COMP x prog)
RUN Audit (COMP x sn)
RUN Audit (PATH x prog)
RUN Audit (PROG x comp)
RUN Audit (PROG x path)
RUN Audit (PROG x sn)
RUN Audit (SN x comp)
RUN Audit (SN x prog)
RUN Audit Verbose (COMP x prog)
RUN Audit Verbose (PROG x comp)
These reports show which programs are installed on various computers.
When they are first completed, they are collapsed by default. This is because
they may contain huge amounts of information. You can expand any particular
group you want to look at by clicking on the expansion icon next to it, or you can
right-click in the report window and Expand All. The most basic of these reports are Audit (COMP x prog) and Audit (PROG x comp), and they simply show which computers have which programs installed. These two reports are typical in that they only include programs which are in products. The two Audit Verbose reports are identical except that they include all programs, even those which are not in any products. Other reports include only programs in products, and group audit entries by path or serial number.
- The "Name" column tells the name of the computer or program
variant (as named in the computer or programs window).
- The "Variant" column shows the masked version number for a
program or the complete KeyAccess version number for a computer.
- The "Status" column shows the Status icon for a program, just as it would appear in the main Programs Window.
- The "First Seen" column is used in detail lines to show when
a program was first discovered on each computer. In summary (header) lines
of Audit (COMP x prog), it shows the most recent audit date (using
italic font).
- The "Last Used" column shows the date when the program was
last used on a computer. In a summary line, it is the most recent of all the
times listed in the detail lines below (note that this information is
recorded as part of an audit, so if a computer has recently used the
program but has not since performed an audit, the recent usage will not
be reflected).
- The "Copies" column shows the number of copies of a
particular program which are installed on a particular computer (for
detail lines), and for group lines, shows the sum of the values in the
detail lines for that group.
- The "Identifier" column shows the Program identifier (for
the program family), or for a computer line, the last user of the
computer (in italic font).
The Audit (COMP x prog) report lists- under each
computer- all the programs that are currently installed on that computer. This is similar to
the information displayed when you select an individual computer and use its
context menu item, "Show Installs". However, the report only shows
program variants while the "Show Installs" context menu shows
variants which can be expanded to reveal individual distinct versions. This report has the advantage
of consolidating the audit for all computers (or a selected Division)
into a single window while supressing unnecessary distinct version details.
The Audit (PROG x comp) report lists- under each program- all the computers
where that program is currently installed. This is similar to the information displayed
for a single selected program using "Show Installs" from its context
menu. Note: in both cases the "programs" we are talking about here
are actually "program variants" - the same items that appear in the
Programs window. To list instead the computers where a fully specified version
is installed, use the "Version Installs" button in the program details
window rather than the "Variant Installs" button (which does the same
thing as "Show Installs").
baseline / delta programs
RUN Audit Baseline (COMP x prog)
RUN Audit Delta (COMP x prog)
The Audit Baseline (COMP x prog) report shows where programs were deployed
as of the "baseline" date. By default, the baseline date for each
computer is the time of first audit. This can be reset in the Computer Details
window. All of the other audit reports show current program deployment based
on all the most recent audit data available. You control how
"current" to maintain the audit data in the
"General Settings..." dialog from the Admin menu.
The Audit Delta (COMP x prog) report is conceptually the difference
between Audit (COMP x prog) and Audit Baseline (COMP x prog) - it shows what
programs have been installed, updated, or removed between the baseline audit
date and the current audit date.
Both of these reports have the same columns as the Audit (COMP x prog) and Audit (PROG x comp) reports, but they also have additional columns.
- The "Date Stamp" column shows the date which is most relevant
to that row of the report. For a computer, this shows the date of the
Baseline Audit on the computer. For a program in the Baseline report,
it shows the date when the program was discovered on the computer.
For the Delta report, it shows the date when a change was observed.
If the program was newly installed, this is the date when it was first
seen. If the program was uninstalled, this is the date when it was last seen.
- The "Change" column in the Delta report shows what has changed.
- "Installed" means that no version of the program
was in the Baseline Audit, but it has since been installed.
- "New Vers" means that there was some version of
the program in the Baseline Audit, but since then, another
version of the program has been installed as well.
- "Changed Vers" means that there was one version
of the program in the Baseline Audit, but since then, it was
deleted, and replaced by a different version of the program.
- "Deleted Vers" means that there were two or
more versions of the program in the Baseline Audit, and since
then, at least one has been deleted, but at least one is still
installed.
- "Deleted" means that one or more versions of
the program were in the Baseline Audit, but all copies of
the program have since been deleted.
- The "Version" column identifies a particular version within the
program variant. In the Baseline report, the highest numbered version
discovered on each computer is shown. In the Delta report, when a
program is added, deleted, or upgraded, the specific program version
is shown.
programs which are members of a product
RUN Audit Products (COMP x prod)
RUN Audit Products (PROD x comp)
These reports show audit information, organized by product. Instead
of simply showing where every program file is installed, they show where
any program within a certain product is installed. This allows you
to quickly see which computers might have certain products installed, and which products might be installed on a certain computer. Note that when a program is part of multiple products, these reports will attempt to determine which products are most likely installed, and will only display these products. For example, if all of teh Applications within a Suite product are installed on a computer, that suite will be listed, while the individual point products will not be listed.
- The "Name" column tells the name of the computer or product.
- The "Variant" column specifies which variant of the program is installed on the computer. For a Product it shows the version of the Product.
- The "Last Used" column tells when the program was
last used on the computer (note that this information is recorded as part of an audit,
so if a computer has recently used the program but has not since performed
an audit, the recent usage will not be reflected).
- The "Copies" column tells how many copies of the program
variant are installed on the computer.
All programs, even those that are not installed
RUN Audit Summary (PROG)
This report summarizes Audit information for all programs (even those not in products). It is similar to a fully collapsed Audit Verbose (PROG x comp) report, but there is one important difference. Audit Verbose (PROG x comp) only shows programs which are currently part of an audit of some computer. Audit Summary (PROG) shows ALL programs, regardless of whether they are currently
part of an audit. One additional difference is that Audit Summary (PROG) includes data from Dormant computers. Other audit reports exclude Dormant computers since they are less interesting and the audit data is older, but here for a summary they are included. This lets you identify programs which are no longer installed on any of your clients.
- The "Name" column tells the name of the program variant
(as named in the programs window).
- The "Variant" column shows the masked version number of the
program.
- The "Status" column shows the same Status as in the main Programs window.
- The "Last Used" column shows the date when the program was
last used on any computer (note that this information is recorded as part
of an audit, so if a computer has recently used the program but has not
since performed an audit, the recent usage will not be reflected).
- The "Copies" column shows the number of copies of the
program which are installed.
- The "Identifier" column shows the Program identifier.
- The "Active" column shows a checkmark if the program
is installed on any computers. This column is the default sort.
installed hotfixes
RUN Audit (COMP x fix)
RUN Audit (FIX x comp)
These reports show which hotfixes are installed on various computers.
The format is very similar to Audit (COMP x prog) and Audit (PROG x comp).
Chart reports - Daily reports
RUN Daily (PLCY)
RUN Daily (PROD)
RUN Daily (PROG)
RUN Daily Logins (DIV)
These reports let you see visually a usage pattern throughout the course of an "average" day. When the
report is run on usage data spanning several days, all of the 1 pm data is
averaged together for the 1 pm display, all the 2 pm data is averaged together
for the 2 pm display, etc. Each "bar" of the histogram represents 10 minute of the day. The right side of the window lists each object (policy, product, program, division), and when you click on one, a graph is drawn on the left side of the window. The Daily Logins (DIV) report shows graphs of users logged into computers within the various divisions.
- The black part represents the average (over the various days) of the maximum usage values during that hour of the day.
- The red part represents the average (over the various days) of the maximum queued values during that hour of the day.
- The first line of Daily (PLCY) says "KeyServer" and will show you a graph of "KeyServer usage" - that is, users logging on to the KeyServer, and logging off again.
- The horizontal axis labels the hours of the day from Midnight to Midnight.
- The name of the selected item on the right is displayed below the graph. If it is a program, it is followed by the version, and either M or W (Macintosh or Windows), and possibly K (Keyed).
- Peak usage and other summary statistics are calculated. For a policy, these statistics include the license limit and maximum length of the waiting queue (for the entire data set selected by the report).
Clicking on the graph (left) portion of "Daily (PLCY)" will
toggle between choosing the vertical axis to show the license total
(if not infinite), and showing only up to the peak usage. This is useful
if the license total is significantly higher than the peak usage, because
it magnifies the vertical differences.
Chart reports - Histograms
RUN Histogram (PLCY)
RUN Histogram (PROD)
RUN Histogram (PROG)
RUN Histogram Logins (COMP)
RUN Histogram Logins (DIV)
RUN Histogram Logins (USER)
These reports let you see visually a usage pattern over the specified time range. The right side of the window lists each object (policy, product, program, division), and when you click on one, a graph is drawn on the left side of the window. The Histogram Logins (DIV) report shows graphs of users logged into computers within the various divisions. Histogram Logins (COMP) and Histogram Logins (USER) are similar but group by Computer or User. Usually these are less interesting since they may simply show alternation between 0 and 1 logins.
- The black bars represent the maximum concurrent use during each time slice.
- If there is red drawn, that shows that there was a waiting queue for a policy.
- The first line of Histogram (PLCY) says "KeyServer" and will show you a histogram of "KeyServer usage" - that is, users logging on to the KeyServer, and logging off again.
- Below the histogram, the beginning and end time of the x-axis
are printed.
- Next, the name of the selected item on the right is displayed. If it is a program, it is followed by the version, and either M or W (Macintosh or Windows), and possibly K (Keyed).
- Next, there is a series of lines describing highlights of usage, such as peak usage. For the policy histogram, there are more lines, since policies can have a limit, and waiting queues.
Clicking on the histogram (left) portion of "Histogram (PLCY)"
will toggle between choosing the vertical axis to show the license total
(if not infinite), and showing only up to the peak usage. This is useful if
the license total is significantly higher than the peak usage, because it
magnifies the vertical differences.
The Histogram reports have many columns which are hidden by default.
These are the same columns which are shown in the Summarize reports.
Chart reports - Histogram Lease
RUN Histogram Lease (PLCY)
This report is much like Histogram (PLCY), but instead of charting policy usage over time, it charts allocations of the policy over time. So for a Lease or Node policy, this report gives the graph of the value that is restricted by the license limit. So while Histogram (PLCY) will give you a better sense of actual usage patterns, Histogram Lease (PLCY) will show you how close to the license limit you actually got over time.
Chart reports - Weekly reports
RUN Weekly (PLCY)
RUN Weekly (PROD)
RUN Weekly (PROG)
RUN Weekly Logins (DIV)
These reports let you see visually a usage pattern throughout the course of an "average" week. When the report is run on usage data spanning several weeks, all of the Monday data is averaged together for the Monday display, all the Tuesday data is averaged together for the Tuesday display, etc. Each "bar" of the histogram represents 1 hour of a day. The right side of the window lists each object (policy, product, program, division), and when you click on one, a graph is drawn on the left side of the window. The Weekly Logins (DIV) report shows graphs of users logged into computers within the various divisions.
- The black part represents the average (over the various weeks) of the maximum usage values during that part of the week.
- The red part represents the average (over the various weeks) of the maximum queued values during that part of the week.
- The first line of Weekly (PLCY) says "KeyServer" and will show you a graph of "KeyServer usage" - that is, users logging on to the KeyServer, and logging off again.
- The horizontal axis labels the days of the week starting with Sunday.
- The name of the selected item on the right is displayed below. If it is a program, it is followed by the version, and either M or W (Macintosh or Windows), and possibly K (Keyed).
- Peak usage and other summary statistics are calculated. For a policy, these statistics include the license limit and maximum length of the waiting queue (for the entire data set selected by the report).
Clicking on the graph (left) portion of "Weekly (PLCY)" will
toggle between choosing the vertical axis to show the license total
(if not infinite), and showing only up to the peak usage. This is useful if
the license total is significantly higher than the peak usage, because it
magnifies the vertical differences.
Configuration reports
RUN Config (PLCY x pool)
RUN Config (PLCY x prod)
RUN Config (PROD x plcy)
RUN Config (PROD x prch)
RUN Config (PROD x prog)
RUN Config (PROG x prod)
The Configuration reports are very simple. Each one shows the relationship between two different objects in KeyConfigure. Config (PLCY x pool) shows the pools within each policy (most policy types only have a single pool). Config (PLCY x prod) shows what products are managed by each policy. Config (PROD x plcy) shows what policies apply to each product. Config (PROD x prch) shows all the purchases for each product. Config (PROD x prog) shows the programs which make up each product. Config (PROG x prod) shows the products which each program is part of. The columns should be self explanatory.
Denial reports
RUN Denials (COMP x prog)
RUN Denials (DIV x prog)
RUN Denials (PROG x comp)
RUN Denials (PROG x div)
RUN Denials (PROG x user)
RUN Denials (USER x prog)
These reports simply show which programs were denied
(a user tried to run the program, but was denied because they need a license and could not get one), and how many times they were denied. These reports always involve programs, since that is what gets denied.
- The "Name" column tells the name of the program / computer /
division / user.
- The "Variant" column only applies to program lines. It shows the significant digits of the program variant, and also
indicates whether the program is keyed.
- The "Type" column indicates the platform for a computer. It is empty for program, division and user lines.
- The "Count" column tells how many times the program was denied.
- The "Last Denied" column tells when the most recent denial
occurred.
Login reports
RUN Logins (COMP x user)
RUN Logins (DIV x comp)
RUN Logins (DIV x user)
RUN Logins (USER x comp)
RUN Logins (USER x div)
These reports summarize Login information. They show who logged in from where,
and for how long.
- The "Name" column shows the name of the computer, division,
or user.
- The "Type" column shows the client platform: Windows or
Macintosh.
- The "Total Time" column shows the total login
time (hours:minutes). For a summary line, it is the total login time for all the
detail lines listed below the expansion icon. For a detail line,
it is the total login time for that particular detail record.
- The "Total Count" column shows the number of sessions
(logout events) which are summarized on the line.
- The "Avg Time" column shows the average login
time per week (hours:minutes). If the report is on less than half a week, this
field shows "N/A", since an average would be misleading.
- The "Avg Count" column shows the average number of
sessions per week. If the report is on less than half a week, this
field shows "N/A", since an average would be misleading.
- The "Last Session" column shows the time of the last
logout. This does not give you any information on a currently active
session, if any.
Logins OS Percent reports
RUN Logins OS Percent (COMP x user)
RUN Logins OS Percent (DIV x comp)
RUN Logins OS Percent (DIV x user)
RUN Logins OS Percent (USER x comp)
RUN Logins OS Percent (USER x div)
These reports are identical to the standard Logins reports except that they have additional columns describing what percent of logins occured as different platforms. This is useful for understanding how “Dual Boot” comptuers are being used. Note that Virtual Computers have their own computer records in KeyConfigure, and there is no easy way to correlate which Virtual Computers are being run on which Physical computers. The standard columns show percents by duration. For example if “Total Time” is 4:00 and “% Mac” is 25%, then the logins totalled 4 hours, and 1 hour of this was on Mac. There are optional columns which will show percents of counts. For example, if “Total Count” is 10 and “# % Mac” is 60%, then there were 10 total logins and 6 logins on mac.
Miscellaneous reports
Duplicate reports
RUN Duplicate MACs (COMP)
RUN Duplicate Names (COMP)
These reports are similar to the Hardware report, but only show computer
records which may be Duplicates. Duplicate computer entries occur when
a single client computer is unreliable in recognizing hardware properties
such as MAC address. KeyAccess on that computer may start out using one
computer ID, but then be forced to switch IDs when the hardware properties
appear to have changed.
Duplicate MACs (COMP) looks for multiple computers where the MAC address is identical. Duplicate Names (COMP) looks for multiple computers where the Name is identical. At sites where computer names are guaranteed to be unique (based on central deployment or domains), the name based report should be good at identifying duplicate records. But for a site where computer names are not unique, the results are not so meaningful.
If the reports give the message "No data to report on", it means that your
data does not contain any duplicate computer entries.
If the data in a column is displayed in bold, then the computer ID for
the computer is based on that piece of data. For example, if the MAC
column for a particular computer is in bold, then the computer ID is
the letter "N" plus the MAC address. If the value is also
dimmed (medium grey instead of black), then the computer record doesn't
actually have a value recorded for this property, but it is displayed
in the report since it can be inferred from the computer ID.
The "Dup?" column lets you sort apart the computers according
to what type of entry this report has guessed that they are. If this
column is empty for a particular computer, it means that this computer
record is almost certainly still in use, and should not be deleted. In Duplicate Names (COMP), if
the column contains a question mark (?), then this row shares the computer
name with another entry, but has a distinct MAC address. This means that
the computer could be a duplicate entry which should be deleted, or it
could be a unique entry which simply has the same computer name.
For these rows, you should sort by name, and compare this row to other
rows with the same name, to see if other hardware properties match or
are distinct. If the column contains a red "x", then this row
is almost certainly a duplicate and should be deleted. Not only does it
share the computer name with another entry, it also has the same MAC
address (or the other entry has a MAC address and this entry has no
known MAC address).
These reports are intended to be used in order to identify and delete
duplicate computer entries. After running the report, it is recommended
that you create a new computer division, to temporarily move duplicates
into. Then sort the report by the "Dup?" column. Scroll to
the bottom and select all the computers with an "x" in that
column, then drag them to the new division. Now you can filter the main
computers window to show only those computers in the new division,
select them all, and cut them (delete them). Alternatively you can set them to either Dormant or Excluded, so they will no longer take up a KeyServer seat.
Event Dump
RUN Event Dump
Event Dump is the most detailed report on usage information. As such, it
is probably not generally that useful, but is extremely valuable in certain
situations. It shows, in chronological order, one line for every single event
which KeyServer records. All events relate to Server startup/shutdown,
Computer audit, client activity, Program launch/quit, and
Policy usage.
Caution: on a KeyServer supporting thousands of clients with heavy usage
data going back several months, the Event dump might require several gigabytes
of memory space to hold perhaps many millions of event records. In order to
avoid virtual memory thrashing, you should always run the Event Dump report
on a limited data set. Restrict to a specific time period of interest, and/or
select a specific Computer, Program, or Policy. Use its context menu to run
the report - this will download events concerning only the selected item.
- The "Name" column shows a name which is associated with
the event. For server events, it is simply "KeyServer"
(the name as configured in KeyConfigure appears in the "User" column).
For logon/logoff events, it is the computer name. For programs, it is the
program variant name. For policies, it is the policy name. This name,
and the icon next to it, shows what details window will be opened when
you double-click that line in the report.
- The "Vers" column shows the version of the KeyServer
process, the version of KeyAccess which was used to log on/off, the
version of a program, or the license total and type of a policy.
- The "Event" column shows a short name for the event type.
For program events, the icon for the program action is also shown.
Note that the icon may not agree with the event type. The event type was
recorded when the event occured, while the icon simply tells the current
action for the program. For example, you may see a gray diamond for a logged
launch event. This simply means that at the time of the event, the program
was Logged, but now it is Ignored.
- The "Why" column shows a short description of why the
event occurred.
- The "Product" column shows the name of the relevant product. This field has a value for launch and quit events.
- The "Policy" column shows the name of the relevant policy,
in the case of program launch events, and shows time at which the event
began, for all "end" type events (shutdown/logoff/quit/return).
- The "When" column shows when the event occurred. This is
the column on which the entire report is sorted by default.
- The "User" column shows the name of the user who
triggered the event.
- The "Address" column shows the address of the computer
on which the event occurred, at the time at which it occurred.
- The "Computer" column shows the name of the computer
on which the event occurred.
- The "Extra" column shows the name of the group which
enabled the usage event, if there was one.
This report can be given any of the five types of parameters
(computer/product/program/policy/user). Regardless of parameter type, server
events are always shown.
- If a computer is the parameter, all events on that computer are shown (user events, policy events, program events, audit events).
- If a program is the parameter, all events of that program are shown (only launch/quit events).
- If a product is the parameter, all events of that product are shown (only launch/quit events).
- If a policy is the parameter, all events pertaining to that policy are shown (policy events, and program events which were recorded because of the policy).
- If a user is the parameter, all events for that user are shown (logon events, policy events, program events, audit events).
Under a few conditions, lines will be highlighted in red. These are events
where something is wrong. These are the specific conditions:
- The policy no longer exists. In this case,
"Policy Not Found" will appear in either the "Name"
column (for a policy event), or the "Policy" column
(for a program event).
- The program is no longer known to the KeyServer (it has been manually
deleted, or the programs table was deleted entirely).
"Program Not Found" will appear in the "Name" column.
- This is a server startup event, and there is no server shutdown
event in between the last startup event and this one. Thus, the server
must have crashed at some point in between.
Hardware
RUN Hardware
This report is similar to the Computers Window, but shows many more
attributes of each computer. All of the information displayed can be
seen in each individual Computer Details Window, but this report allows
all of the information to be seen at once, and will sort the computers
by any of the attributes which are displayed.
The Computers Window can in fact be customized to show additional values as well, but still, the Hardware report may be a convenient way to quickly see a long list of values for each computer.
If the data in a column is displayed in bold, then the computer ID for
the computer is based on that piece of data. For example, if the MAC
column for a particular computer is in bold, then the computer ID is
the letter "N" plus the MAC address. Most likely, almost all
of the computers will be using the same attribute for the computer ID.
If the value is also dimmed (medium grey instead of black), then the
computer record doesn't actually have a value recorded for this property,
but it is displayed in the report since it can be inferred from the computer ID.
Lease Simulator (PLCY)
RUN Lease Simulator (PLCY)
This report helps you determine how many copies of a license you would need if you changed the policy to a lease policy. When it runs, it looks at historical policy usage, and simulates what would have happened if the policy had already been a lease policy, and there were allocations of a lease, using different lease durations. You can run this report on any date range, but the longer the range you use, the more meaningful it will be. The format of the report is very simple - there are columns for various lease durations, so for each policy, you can see what the maximum allocation would have been assuming those different durations.
Path Browser
RUN Path Browser
The Path Browser report shows Programs organized in a path hierarchy based on the Sample Path where each Program was first discovered. While this sample path may not in fact be the common path that results from a standard install, it is often the standard path, and so the report mimics what you would see “on disk” if a single computer had all known programs installed on it.
Session Dump
RUN Session Dump
Session Dump lists a single line for every KeyAccess session with KeyServer. Columns display the Computer, User, time of Logon, time of Logoff, Duration, and Address.
Shadow
RUN Shadow
This report shows a list of shadows that served at some point in the
specified time period.
- The "Address" column shows the address of the shadow.
- The "Total Count" column shows how many times the shadow
served.
- The "Total Time" column shows how long the shadow
served for (hours:minutes).
- The "Avg Time" column shows how long the shadow
served, as an average per service interval (Total hours:mins / Total
count).
Suite reports
RUN Suite (PLCY x prog)
This report shows you a summary of policy usage, including program usage. The group headers are policies, and show usage summaries for each policy over the time period. The details are programs, and show usage summaries for the program, in the cases where it was enabled by the particular policy.
- The "Name" column shows the name of the policy, product, or program
- The "Variant" column shows the version of the program (with
the keyed symbol, if appropriate)
- The "Computers" column shows a distinct count of the number
of computers on which the policy or program was used.
- The "Total Time" column shows the total usage time
for the policy or program (hours:minutes).
- The "Total Count" column shows the number of times the
policy or program was used.
- The "Avg Time" column shows the average usage time
per week (hours:minutes). If the report is on less than half a week, this field show
"N/A", since an average would be misleading.
- The "Avg Count" column shows the average number of uses
per week. If the report is on less than half a week, this field shows
"N/A", since an average would be misleading.
If the same program is controlled by multiple policies, it may appear on multiple lines in the report, under different policies.
It is important to note that the header lines do not necessarily show a sum of the detail lines. They show a usage summary for the policy. So if it is a suite policy (one which controls multiple products), the policy
usage total may be less than the sum of the program usage totals, since
computers may have used multiple programs at the same time. Likewise if a policy controls a single product but the product is a suite product with multiple programs, the Suite (PLCY x prog) report may show multiple detail lines which don't add up to the group line. This is different from most reports, where instead each group line is a summary of the details below it.
Node Locked reports
RUN Node Locked (COMP x plcy)
RUN Node Locked (PLCY x comp)
These reports show information related to Node policies only. They show
where node-locks have been allocated, where programs which are controlled by
node-lock policies are installed, and where these two conditions do not
exactly correspond.
There are three basic cases which are represented in these reports.
- A computer has a node-lock allocated to it for a policy. It also
has at least one program which is controlled by the policy installed, and furthermore, that program has been used recently.
This is the "normal" case, where node-locks have been
allocated correctly.
- A computer has a node-lock allocated to it for a policy, but does
not have any programs installed which are in a product controlled by the policy.
This may happen if an administrator allocated node-locks manually, before
installing software on the computer, or if a computer used a program once,
but has since uninstalled the program. In this case, the node-lock is not necessary. In the same category are cases where the program is installed but has not been used in over 90 days. These are likewise candidates for removing the lock.
- A computer has a program installed which is in a product controlled by a node-lock
policy, but the policy has not been allocated to the computer. This
may happen if the program has been installed, but not yet used (or if a standard image installs the same program on all computers, regardless of whether it is needed on each computer). In these cases either the policy should be locked or the program should be uninstalled.
Both reports show exactly the same information, but organize it in
different ways. Since a single policy can control multiple products containing multiple programs, there is a third level of detail showing the program or programs that are actually installed that correspond to each particular policy/computer pair. The mid-level line (computer or policy) shows the status for that computer/policy pair. The top-level line shows an overall status for that computer or policy, which summarizes and generalizes the status of the mid-level lines below that top-level line. Note that these reports get "Last Used" information from audit and Node Locked records - they do not directly access usage data. The only time Usage events would differ significantly from the data used here is if a policy has been recently created.
- The "Name" column tells the name of the computer, policy, or program.
- The "Variant" column specifies which variant of a program
is installed on a computer.
- The "Issued" column shows how many policies are issued
(locked to computers).
- The "Limit" column shows the policy limit.
- The "Status" column shows the status for the line. For a top-level line, it is a summary which essentially indicates whether the configuration of that policy or computer needs any attention or whether it is correct as it is. For a mid-level line, it shows two pieces of information. First,
it may or may not have a checkmark icon in it. If it does, the policy is
locked to the computer. Second, it has a short string describing the
status of the policy allocation for the computer, and perhaps
suggesting what you may want to change about the policy allocation.
For a complete description of each status code, see the next section.
If this field is highlighted in red, it is one of the
"non-standard" cases, and you may want to change how
policies are allocated.
- The "Last Used" column tells when the program variant was
last used on the computer - this can help you decide which policies
to reallocate.
- The "Copies" column tells how many copies of the program
variant are installed on the computer.
Top-level Status strings:
- "OK" - this is the general category for top-level lines where everything seems to be configured properly.
- "Unclear" - this is the general category for top-level lines where a node-lock policy controls software which is also controlled by a non-node-lock policy. In such cases, it is hard to tell whether any given computer needs to have the Node policy locked, since it might be possible for it to also use the non-Node policy.
- "Optimize" - this is the general category for top-level lines where policies are allocated to computers that don't seem to be using them.
- "Reconcile" - this is the general category for top-level lines where policies are not allocated to computers even though software controlled by the policy is installed on those computer. Note that "Optimize" takes precedence over "Reconcile". That is, if some policy can be unlocked from some computers, and at the same time, other computers have the software installed, so it should be uninstalled, the Status for the policy will be "Optimize" - since this is the more interesting action to take. If the policy is Optimized, and then the report is run again, it will then show Reconcile.
- "Over-limit" - this is the general category for top-level lines where policies are set to Over-limit, and in fact have more copies Allocated than the configured Limit. This takes precedence over both "Optimize" and "Reconcile", since it is a state which should be corrected.
Mid-level Status strings:
- "locked" - this is the "normal" case for a mid-level line - the policy
is locked to the computer, and a program controlled by it is installed. This falls under the general category "OK".
- "locked other" - a program controlled by this policy is
installed, and this policy is not locked, but at least one other node-lock policy which controls the
same program IS locked on this computer. This falls under the general category "OK".
- "used non-node" - a program controlled by this policy is
installed, and this policy is not locked, but the computer has used a different, non-Node policy to control use of the program - so presumably the computer does not require the Node policy to be locked. This falls under the general category "OK".
- "licensed other" - a program controlled by this policy is
installed, and this policy is not locked to the computer. There is a non-Node policy which controls the same program, but it is unclear whether the computer has or could use the other policy. This case is complex enough that the admin should look at the policy configurations and decide which one is relevant to this computer. This falls under the general category "Unclear".
- "redundant lock" - a program controlled by this policy is
installed, this policy is locked to the computer, and in addition, another Node policy controlling the same program is also locked to the computer. One or the other policy should be unlocked since it is redundant. This falls under the general category "Optimize".
- "unlock" - the policy is locked to the computer,
but no programs controlled by the policy are installed. Or, the policy is locked but has not been used in over 90 days, and the computer is set to not audit, so it is not known whether or not the program is installed. If you are not
going to install the programs in the near future (and you know the program is not being run off a network volume), you could unlock the
policy from this computer. This falls under the general category "Optimize".
- "unlock / uninstall" - the policy is locked to the computer,
programs controlled by the policy are installed, but have not been used in over 90 days. Therefore, if you know the policy is no longer needed on this computer, you should unlock the computer, and uninstall the software from the computer. This falls under the general category "Optimize".
- "uninstall" - a program controlled by the policy is installed, but the policy is not locked. The audit shows that the program has not been used in the last 90 days, so the software should probably be uninstalled. This falls under the general category "Reconcile".
- "lock" - a program controlled by the policy is installed, but the policy is not locked. The audit shows that the program has been used recently, so the policy should probably be locked. You will generally only see this status if the program was recently changed to controlled, or if an admin has removed this computer manually from the node list for the policy. This falls under the general category "Reconcile".
- "lock somewhere" - this is exactly like "lock", except that there are two or more Node policies that control the program - so you may want to lock a different policy than the one you are looking at. This falls under the general category "Reconcile".
Purchase reports
RUN Purchases (PROD x prch)
Purchases (PROD x prch) is very similar to Config (PROD x prch). However, the Config report is merely listing purchases for a product, while the Purchases report is more suited for reporting on purchasing. It has some additional optional columns, and it can accept a time range will will limit the report to just the purchases made during that time range.
Summarize reports
RUN Summarize (PLCY)
RUN Summarize (PROD)
RUN Summarize (PROG)
RUN Summarize Logins (DIV)
RUN Summarize Logins (USER)
These reports give an overall summary of configuration and usage statistics.
Unlike the Usage reports, they do not show information about where policies
and programs were used, but they do give overall summaries like maximum
Concurrent Usage.
- The first line of Summarize (PLCY) says "KeyServer"
and will show you a summary of "KeyServer usage" -
that is, users logging on to the KeyServer, and logging off again.
- The "Name" column shows the name of the product, program, policy, division, or user.
- The "Variant" column is only shown in Summarize (PROG) and
shows the version of the program variant
- The "Version" column is only shown in Summarize (PROD) and
shows the version of the product
- The "Type" column shows the type of the program or policy.
- Summarize (PLCY) has a "Limit" column which shows the policy
limit.
- The "In Use" column shows how many copies are in use as of the end of the time range used for the report. If you selected a time range ending "now", this value in Summarize (PLCY) should match what you can see in the Policies window.
- Summarize (PROG) has a "Deny" column which shows how many
times a program launch was denied.
- The "Max" column shows the Maximum number of copies that were
in use at any particular time (Maximum Concurrent usage)
- The "Total" column shows the Total number of launch / policy
checkout events for the product / program / policy
- The "Total Time" column shows the total amount of time (hours:minutes) of use. If copies are still in use, this reflects
usage up until the end of the time range for the report.
- Summarize (PLCY) has four additional columns which show the current
length of the waiting queue for the policy, the maximum length of the
queue, the total time spent on the queue, and the average time spent
on the queue.
Usage reports
RUN
(PLCY x comp) |
<> |
RUN
(COMP x plcy) |
|
RUN
(PROD x comp) |
<> |
RUN
(COMP x prod) |
|
RUN
(PROG x comp) |
<> |
RUN
(COMP x prog) |
|
RUN
(FLDR x comp) |
<> |
RUN
(COMP x fldr) |
RUN
(PLCY x div) |
<> |
RUN
(DIV x plcy) |
|
RUN
(PROD x div) |
<> |
RUN
(DIV x prod) |
|
RUN
(PROG x div) |
<> |
RUN
(DIV x prog) |
|
RUN
(FLDR x div) |
<> |
RUN
(DIV x fldr) |
RUN
(PLCY x pool) |
<> |
RUN
(POOL x plcy) |
|
RUN
(PROD x pool) |
<> |
RUN
(POOL x prod) |
|
RUN
(PROG x pool) |
<> |
RUN
(POOL x prog) |
|
|
|
|
RUN
(PLCY x user) |
<> |
RUN
(USER x plcy) |
|
RUN
(PROD x user) |
<> |
RUN
(USER x prod) |
|
RUN
(PROG x user) |
<> |
RUN
(USER x prog) |
|
RUN
(FLDR x user) |
<> |
RUN
(USER x fldr) |
These reports all summarize usage information for policies, products, or programs (actually "program variants"). Each report pair presents the same information but with the summary and detail fields interchanged.
The division reports (DIV or div) aggregate together information from
all the computers within each division.
The pool reports allude to the "pools" which can be set up
in a custom policy in order to enforce group membership requirements that
restrict access to each pool. Pool reports show which group requirement
allowed the usage of a policy, product, or program, either through a pool in a custom policy, or through a group scope for a policy. Any usage which did not require group membership shows up as "universal".
If you have not set up groups, group scopes on policies, or custom
policies with multiple pools, these "pool" reports will not be very
interesting since ALL usage would be detailed with a single line:
"universal".
- The "Name" column shows the name of the computer, division,
folder, policy, pool, product, program, or user.
- The "Variant" column only appears in reports that show
program usage, and contains the significant digits of the program variant
(with the keyed symbol, if appropriate).
- The "Version" column only appears in reports that show
product usage, and contains the version of the product.
- The "Type" column shows the type of a computer, program, or
policy. It is blank for divisions, folders, pools, products, and users.
- The "% Usage" column is only available in Usage reports
where the primary group is a policy, product, or program. It shows what percent
of the total usage time was contributed by each detail line. This could
be useful for billback.
- The "Total Time" column shows the total usage time (hours:minutes).
For a summary line, it is the total usage over all its detail lines.
For a detail line, it is the total usage for that particular line.
- The "Total Count" column shows the number of usage events
for each line. For a summary line, it is the sum of the counts for all
the detail lines that appear below its expansion icon.
- The "Avg Time" column shows the average usage time
per week (hours:minutes). If the report is on less than half a week, this field shows
"N/A", since an average would be misleading.
- The "Avg Count" column shows the average number of uses
per week. If the report is on less than half a week, this field shows
"N/A", since an average would be misleading.
- The "Last Used" column shows the last quit time for a
product or program, or the policy return time for a policy within the time range of
the report. This field will not reflect currently active usage of a
program (or product or policy) that has been launched but has not yet quit.