Transcription
App Portal / App Broker2017 R2 SP1Release NotesMay 2018Introduction . 2Changes in SP1. 2Support for Microsoft Edge Browser for Device Detection using Web Extensions. 2Deploying WebExtensions in Microsoft Edge . 5System Center Configuration Manager Deployment Status ID Mapping to Final Success or Failure Statuses. 5Ability to Change Computer Mappings that App Portal Utilizes for Casper . 6New Features. 7Target Device No Longer Required when Requesting General Catalog Items. 7Detailed Applications Installation Status from System Center Configuration Manager . 9New Computer Discovery Method: WebExtensions . 10Deploying WebExtensions to All Computers in a Network.12Deploying WebExtensions in Firefox (Windows).12Deploying WebExtensions in Windows Chrome (Windows) .12Important Information . 13End-of-Life Support for System Center Configuration Manager 2007 . 13Resolved Issues. 14App Portal / App Broker 2017 R2 SP1 . 14App Portal / App Broker 2017 R2 . 16Upgrading to App Portal 2017 R2 . 17Applying the 2017 R2 Service Pack 1 to App Portal 2017 R2 . 19System Requirements . 20Environment Requirements . 20Client Requirements. 22Server Requirements. 23Supported Deployment Technologies . 24Supported ITSM Systems . 26Supported Cloud Applications . 27Legal Information . 27App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)1
Important If upgrading from a previous version to App Portal 2017 R2, read Upgrading to App Portal 2017 R2before beginning the upgrade. In addition, because App Portal 2017 R2 no longer supports System CenterConfiguration Manager 2007, if you are still planning on using System Center Configuration Manager 2007, it isrecommended that you remain on App Portal 2017 R1 or earlier.IntroductionApp Portal enables IT managers to enforce continual software license compliance and control softwaredeployment, while increasing employee satisfaction and the efficiency of application software delivery. Theuniversal enterprise app store ensures that governance is in place to check license availability, obtain properapprovals, and reclaim licenses that are no longer used.Automated workflow and approvals streamline the process of self-service requests for desktop, mobile, andcloud applications. Integration with Application Readiness and software deployment systems rapidly deliverenterprise software and operating systems to employee's devices, reducing the burden on IT and managing theenterprise application lifecycle from request to reclamation.AppBroker software for ServiceNow and AppBroker software for BMC leverage asset management data fromFlexNet Manager Suite, including product use rights, to ensure proper governance and compliance over therequest and installation of software. But with AppBroker, instead of using the App Portal end user interface,employees request software directly in the ServiceNow or BMC MyIT self-service portal.Changes in SP1This section describes the new features included in App Portal / App Broker 2017 R2 SP1. Support for Microsoft Edge Browser for Device Detection using Web Extensions System Center Configuration Manager Deployment Status ID Mapping to Final Success or Failure Statuses Ability to Change Computer Mappings that App Portal Utilizes for CasperSupport for Microsoft Edge Browser for DeviceDetection using Web ExtensionsComputer Discovery Method: WebExtensionsApp Portal has several computer discovery methods to determine a user’s computer name. In App Portal 2017R2, a new discovery method using web extensions was added that included supported in Chrome for Windows(version 29 and higher) and Firefox for Windows (version 50 and higher). With the release of App Portal 2017R2 SP1, support for using web extensions as the computer discovery with Microsoft Edge (version 41 andhigher) has also now also been added.Note Because Internet Explorer does not support web extensions, you will need to continue to use a computerdiscovery method in App Portal other than web extensions if you plan on using Internet Explorer.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)2
To enable this functionality, App Portal has added a WebExtensions option to the Computer discoverymethod drop-down list (on the General tab of the Site Management Settings Web Site view).Note If WebExtensions is selected, an administrator must ensure that the respective WebExtensions installerhas been deployed and installed on each user’s machine. A link to the installer is provided in the descriptionprovided next to the Primary computer discovery method field. The installer is only available to administratorsbecause it requires an install as administrator and also because an administrator needs to enter the correct AppPortal web URL as part of the install process. For additional information, refer to Deploying WebExtensions to AllComputers in a Network.As background, when a user visits App Portal, App Portal is aware of the context of who the user is but thedevice is initially unknown. The previous options available in App Portal each had its own limitations, asdetailed in the following table.Table 1 Discovery Methods App Portal uses to Identify Device of User accessing App PortalComputer discoverymethodLimitationsActiveXOnly fully supported in Internet Explorer. Also, moving forward Microsoft hasdropped support for ActiveX in their Edge browser.Reverse DNSThis is a slow process and unreliable particularly if connected through VPN orwirelessly.SCCMAssumes System Center Configuration Manager is updated and assumes DataSync is complete.Active DirectoryRetrieves only computers managed by the user.The way App Portal utilizes Microsoft Edge, Chrome for Windows, and Firefox for Windows web extensions is asfollows. Enterprise users of Chrome, Edge, and Firefox have web extensions installed that communicate withthe host application installed on the client machine. The host application relays the user’s machine name tothe browser extension which in turn relays the information to App Portal. From here, App Portal sends theinformation to the App Portal Application Server where further processing can then be done. This gives AppPortal the machine name.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)3
In addition to the WebExtensions being added as an option the Primary computer discovery method dropdown list, the following fields have also been added to support the new WebExtensions option: Secondary computer discovery method—If the Primary computer discovery method fails, thesecondary discovery method will be used. If the Secondary computer discovery method fails, thefallback discovery method will be used.Note If WebExtensions and Active X Control are selected as primary and secondary discovery methodsrespectively, then you should enter a fallback discovery method in the Fallback computer discovery methodfield to account for a scenario where the primary and secondary discovery methods may not be notapplicable. WebExtensions Computer discovery timeout (in seconds)—If WebExtensions is the Primary Computerdiscovery method selected, the administrator can set a timeout period using this option that sets thetimeout period to use before reverting to the secondary or fallback computer discovery methods.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)4
Deploying WebExtensions in Microsoft EdgeThe following procedure provide steps that an I.T. Administrator needs to take in order to get App PortalWebExtensions successfully deployed to all computers in their network so that you do not have to grant installpermissions to your Enterprise users.TaskAdministrators that are deploying App Portal WebExtensions.msi to enterprise user machines need toperform following steps1.Enable Sideloading in the respective client machines where web extension are to be installed. To do that,go to Start Settings Update & Security For developers and then under the Use developer featuressection, choose the Sideload apps radio button.2.Administrators that are deploying App Portal WebExtensions.msi to enterprise user machines need toprovide their respective Uniform Resource Identifier (URI) in the APPPORTAL CHROME UPDATES URIproperty. App Portal sets the default value of this property to s/UpdateXML.aspx. Administrators need to swap localhost with their respective AppPortal host name.System Center Configuration Manager DeploymentStatus ID Mapping to Final Success or Failure StatusesIn App Portal 2017 R2 SP1, we have enabled a mechanism where Administrator can configure the Success orFailure status IDs mapping for application respectively. When the App Portal tries to get the latest status fromSystem Center Configuration Manager (SCCM), based on the mappings it will mark the request to final Successor Failure status respectively. This will make the status available instantly based on mappings, instead ofwaiting for Catalog or Global level timers.As part of App Portal 2017 R2 release, we had the capability to configure the Status IDs (see DetailedApplications Installation Status from System Center Configuration Manager). In this release we are extendingthese configuration settings and mark the application requests to corresponding final status.If SCCM returns new ID other than what is configured by Administrator, then App Portal will dynamically addthat new ID and which will mark final status based on default mapping from SCCM.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)5
Ability to Change Computer Mappings that App PortalUtilizes for CasperA new Casper Machine Name Configuration area has been added to the Casper tab of the Site Management Settings Deployment view. This provides a means for you to change user computer mappings that AppPortal utilizes for Casper. By default, App Portal maps to Casper using email addresses. Changing the mappinglets you map to Casper with UserName Or FullName Or DisplayName. In some environments, the user namehas a unique ID which helps uniquely identify each user. If you enter additional properties in the CasperMachine Name Configuration section and a sync is performed, the Macintosh machine name will getappended with the additional properties and the entire string will be treated as a machine name. For example: If the Macinstoch machine name is MacABC and you have configured an additional property asmac address then the machine name will be the entire string: MacABC; 0C:4D:E9:CD:EC:C4. If you have configured the additional property as serial number,udid then the machine name will looksimilar to the following:MacABC; C07NG0W4DWYL; AEB468FF-904B-5D76-8167-392761E942CD.Note When checking out Casper catalog items, the mapping to Casper must be considered when specifying themachine name. Consider the following steps:1.Select the Enable request to manual list? option for a Casper catalog item.2.On the resulting Choose Target panel of the Checkout view (available for requesters who have beenassigned the Request to Manual list), select the Add machine names or user IDs manually option.3.On the Checkout screen where you Enter Target Devices/Users, enter the Macintosh name in the formatthat corresponds to the currently configured mapping to Casper.When additional properties are specified in the Additional properties for device sync field of the CasperMachine Name Configuration section (in the Casper tab of the Site Management Settings Deployment view), then the machine name must be entered as the entire string in a format such asMacABC; 0C:4D:E9:CD:EC:C4 or MacABC; C07NG0W4DWYL; AEB468FF-904B-5D76-8167-392761E942CDdepending on the additional properties you specified.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)6
New FeaturesThis section describes the new features included in App Portal / App Broker 2017 R2. For changes in 2017 R2SP1, see Changes in SP1. Target Device No Longer Required when Requesting General Catalog Items Detailed Applications Installation Status from System Center Configuration Manager New Computer Discovery Method: WebExtensionsTarget Device No Longer Required when RequestingGeneral Catalog ItemsIn App Portal 2017 R2, General catalog items no longer require a device target. This lets a user submit Generalcatalog item requests even if there are no devices defined for the user making the request, or when submittingGeneral catalog item requests on behalf of a user that has no devices defined. Previously, App Portal required atarget machine even for a General catalog request.As part of this functionality, a new Choose Target Users for Request on Behalf Panel has been added to AppPortal / App Broker. On the Choose Target Users for Request On Behalf Panel panel of the Checkout Wizard,the user is prompted to search for and specify the target users of the General catalog item request.Figure 1: Choose Target Users for Request on Behalf Panel / Checkout WizardApp Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)7
The Choose Target Users for Request On Behalf panel is displayed when requesting a General catalog item onbehalf of another user. Examples of this scenario include requesting a General catalog item when a requesterwho has the Request on Behalf role selects the Search for people or computers or Search using accountattributes option on the Choose Target panel, and it is also displayed when a requester who has direct reportsdefined in the data source (such as Active Directory) selects the People who report to me option on theChoose Target panel. For requests of Software catalog items the Choose Target Devices/Users for RequestOn Behalf Panel appears, or for requests that contain a General catalog item and a Software catalog item withRequest on Behalf enabled on both, the selection panel that appears first is the Choose Target Devices/Usersfor Request On Behalf Panel.The following table explains when these three options are displayed on the Choose Target panel:Table 2 Choose Target Panel “Request on Behalf” Option Requirements“Request on Behalf” Option onChoose Target PanelConditions Required to Be MetSearch for people or computersThe Enable request on behalf? option must be selected for one of thecatalog items in the cart.Search using accountattributesThe Enable request to AD property? option must be selected for one ofthe catalog items in the cart.People who report to meThe Enable request to AD manager? option must be selected for one ofthe catalog items in the cart.Also, the requester must have direct reports defined in the data source(such as Active Directory).The Choose Target Users for Request on Behalf panel is divided into two grids. The top grid is used to search and locate target users. The bottom grid contains the selected target users.Search for targets using the Filter By field: User Name. When searching using account attributes, you areprompted to select a property and a value to generate the list of possible target devices/users. Enter a valueand click Search to generate the list of possible target users.Once the record is located, select the checkbox and select the Add Selected Records button at the bottom ofthe top grid. After you have selected all targets, click Next to continue.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)8
Detailed Applications Installation Status from SystemCenter Configuration ManagerDetailed application deployment status from System Center Configuration Manager is now provided in AppPortal.Note In order to see deployment status information, the Allow users to see detailed deployment status optionmust be checked on the My Requests Options area of the Catalog Behavior tab of the Web Site view. By defaultthis option is turned on and is now applicable to packages and applications.Application deployment status from System Center Configuration Manager is displayed in the following areasof App Portal: On the Status pop-up dialog box (which opens when you click the Pending Deployment icon in theStatus column of the My Requests tab): The Status column of the Status tab of the Request Details dialog box: In a new SCCM Enforcement Status for Application grid available on the ConfigMgr tab in SiteManagement Settings Deployment:App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)9
New Computer Discovery Method: WebExtensionsApp Portal has several computer discovery methods to determine a user’s computer name. In App Portal 2017R2, a new discovery method is now supported in Chrome for Windows (version 29 and higher) and Firefox forWindows (version 50 and higher) using web extensions. Support for using web extensions as the computerdiscovery with Microsoft Edge will be added 2017 R2 SP1 (see Support for Microsoft Edge Browser for DeviceDetection using Web Extensions). In addition, because Internet Explorer does not support web extensions, youwill need to continue to use a computer discovery method in App Portal other than web extensions if you planon using Internet Explorer.To enable this functionality, App Portal has added a WebExtensions option to the Computer discoverymethod drop-down list (on the General tab of the Site Management Settings Web Site view).Note If WebExtensions is selected, an administrator must ensure that the respective WebExtensions installerhas been deployed and installed on each user’s machine. A link to the installer is provided in the descriptionprovided next to the Primary computer discovery method field. The installer is only available to administratorsbecause it requires an install as administrator and also because an administrator needs to enter the correct AppPortal web URL as part of the install process. For additional information, refer to Deploying WebExtensions to AllComputers in a Network.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)10
As background, when a user visits App Portal, App Portal is aware of the context of who the user is but thedevice is initially unknown. The previous options available in App Portal each had its own limitations, asdetailed in the following table.Table 3 Discovery Methods App Portal uses to Identify Device of User accessing App PortalComputer discoverymethodLimitationsActiveXOnly fully supported in Internet Explorer. Also, moving forward Microsoft hasdropped support for ActiveX in their Edge browser.Reverse DNSThis is a slow process and unreliable particularly if connected through VPN orwirelessly.SCCMAssumes System Center Configuration Manager is updated and assumes DataSync is complete.Active DirectoryRetrieves only computers managed by the user.The way App Portal utilizes Chrome for Windows or Firefox for Windows web extensions is as follows. Enterpriseusers of Chrome and Firefox have web extensions installed that communicate with the host applicationinstalled on the client machine. The host application relays the user’s machine name to the browser extensionwhich in turn relays the information to App Portal. From here, App Portal sends the information to the AppPortal Application Server where further processing can then be done. This gives App Portal the machine name.In addition to the WebExtensions being added as an option the Primary computer discovery method dropdown list, the following fields have also been added to support the new WebExtensions option: Secondary computer discovery method—If the Primary computer discovery method fails, thesecondary discovery method will be used. If the Secondary computer discovery method fails, thefallback discovery method will be used.Note If WebExtensions and Active X Control are selected as primary and secondary discovery methodsrespectively, then you should enter a fallback discovery method in the Fallback computer discovery methodfield to account for a scenario where the primary and secondary discovery methods may not be notapplicable. WebExtensions Computer discovery timeout (in seconds)—If WebExtensions is the Primary Computerdiscovery method selected, the administrator can set a timeout period using this option that sets thetimeout period to use before reverting to the secondary or fallback computer discovery methods.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)11
Deploying WebExtensions to All Computers in a NetworkThe following procedures provide steps that an I.T. Administrator needs to take in order to get App PortalWebExtensions successfully deployed to all computers in their network so that you do not have to grant installpermissions to your Enterprise users. Deploying WebExtensions in Firefox (Windows) Deploying WebExtensions in Windows Chrome (Windows)Deploying WebExtensions in Firefox (Windows)There are two options to deploy WebExtensions in Firefox for Windows to all computers in your network: Option 1—To deploy WebExtensions in Firefox for Windows, an I.T. administrator needs to create an ActiveDirectory Group Policy that allows for auto-install without giving the user the ability stop it. Mozilla'sdocumentation can be found here: ensions/Alternative distribution options/Add-ons in the enterprise#Firefox settings. Therefore, within theActive Directory Group Policy, an I.T. administrator needs to set extensions.autoDisableScopes to theirdesired preference. Option 2 (Recommended by Mozilla)—An I.T. administrator should deploy Firefox ESR (ExtendedSupport Release) within their enterprise. This can be downloaded and installed from s/all/Deploying WebExtensions in Windows Chrome (Windows)Administrators that are deploying App Portal WebExtensions.msi to enterprise user machines need toprovide their respective Uniform Resource Identifier (URI) in the APPPORTAL CHROME UPDATES URI property.App Portal sets the default value of this property to s/UpdateXML.aspx. Administrators need to swap localhost with their respective App Portalhost name.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)12
Important InformationEnd-of-Life Support for System Center ConfigurationManager 2007Because end-of-life support for System Center Configuration Manager 2007 (SCCM 2007) has been reached, AppPortal 2017 R2 has removed support for System Center Configuration Manager 2007. As a result of this change: App Portal Administrators and end users will no longer see references to System Center ConfigurationManager 2007. All references have been removed from the App Portal interface. For example, When youselect Settings under Site Management on the Admin tab, you will notice that the Deployment SCCM2007 subtab has been removed. All APIs that were exposed for System Center Configuration Manager 2007 have been removed.Important If you are still planning on using System Center Configuration Manager 2007, it is recommended thatyou remain on App Portal 2017 R1 or earlier.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)13
Resolved IssuesThis section lists the customer issues that were resolved in the following versions of App Portal / App Broker: App Portal / App Broker 2017 R2 SP1 App Portal / App Broker 2017 R2App Portal / App Broker 2017 R2 SP1The following table lists the customer issues that were resolved in App Portal / App Broker 2017 R2 SP1:IssueDescriptionIOJ-1874971If the status for a request does not change for 168 hours (the default value for the settingFailRequestsAfterHoursStatus), App Portal is not automatically failing the request forTask sequences.IOJ-1872892In some Mac environments, syncing occurs twice: once from SCCM and another timefrom Casper. Now, if there are Mac machines which are present in Casper but they aregetting synced first from System Center Configuration Manager (SCCM), App Portal willnot sync a second time from Casper.IOJ-1872854App Portal cannot add user to Security group of an External forest to a Catalog itemrequest.IOJ-1872100When canceling a request, devices are not being removed from static groups.IOJ-1871567Computer discovery is picking the first machine from list instead of giving user an optionto select the computer. For example, if a user logged in from a MAC machine then AppPortal is discovering the Windows machine instead of the MAC machine.IOJ-1871057Catalog items cannot be created for Casper.IOJ-1869989FlexNet Manager Suite connections are failing in multi-tenant environments.IOJ-1868506Catalog items with FlexNet Manager Suite UIDs are not opening if FlexNet Manager Suiteis down or under a heavy load.IOJ-1868046When customer clicks a status icon to get detailed application status. the status is notbeing returned.IOJ-1867368When an MSI's architecture is set to 64-bit, attempts to install the MSI to a 32-bit machineresults in an error message stating that “the package is not compatible with thisarchitecture.”IOJ-1866501When requests were configured to be cleaned up from collections, detailed statusmessages are not being displayed.App Portal / App Broker 2017 R2 SP1 Release Notes (May 2018)14
IssueDescriptionIOJ-1866263Catalog item pricing is not showing correctly when browser is localized to a differentlanguage.IOJ-1864850The My Requests details view does not get displayed after an upgrade.IOJ-1864843Devices are not getting cleaned from the collection on a successful install when thebrowser language is in non-English locale.IOJ-1864528In App Portal 2017 R2 if th FlexNet Manager Suite UID is set in the WD Webpackagestable to CheckFNMPLicensePosition 0 and CheckFNMPAdvanceLicense NULL, it stillattempts to connect to the FNMS ServerIOJ-1864522Starting in App Portal 2017 R2, General catalog items no longer require a device target.Prior to App Portal 2017 R2 SP1, there was no way to disable a feature. If yourenvironment requires disabling of this feature, contact Flexera Technical Support forassistance.IOJ-1859936Sync is failing with 'violation of unique key constraint' error for Casper devices, whendevices have the same name but different serial numbers.IOJ-1859860Casper computer sync fails if computer record has no name.IOJ-1858820App Portal SSO integration failure: After SSO integration with Azure Active Directory, AppPortal is not able to parse the SAML response generated by the Azure Active Directorywhen attempting to implement SAML.IOJ-1857577MyApps page does not display strings for English locale.IOJ-1857429In the Request From A Particular Target User report, all the catalog items are gettingdisplayed irrespective of the user clicked instead of showing only catalog items that arebased on the target user selected.IOJ-1857342WebExtensions support missing for Microsoft Edge browser. This has been added in 2017R2 SP1. See Support for Microsoft Edge Browser for Device Detection using WebExtensions.IOJ-1857012Get Machines List calls are failing intermittently resulting in users being unable tocheckout software.IOJ-1854184When attempting to use the UpdateCatalogImage method to update an existing icon,that icon does not get updated.IOJ-1850774Casper user computer mappings should have an option to be done through user names.IOJ-1817712AppPortal immediately issues Failed status instead of waiting for 168 hours thresholdtime set
Utilizes for Casper A new Casper Machine Name Configuration area has been added to the Casper tab of the Site Management Settings Deployment view. This provides a means for you to change user computer mappings that App Portal utilizes for Casper. By default, App Portal maps to Casper using email addresses. Changing the mapping
