In this article, you will learn everything you need to know about the Infinity Management module. Infinity Management is a deployment tool offered by HEIMDAL Security that will provide you the ability to deploy 3rd Party Applications within your organization and to keep the deployed pieces of software up to date.
1. Description
2. How does Infinity Management work?
3. HEIMDAL Encryption Tool
4. Patch & Asset Management - Infinity Management view
5. Patch & Asset Management - Infinity Management setup
DESCRIPTION
Infinity Management is a tool that can offer the possibility to silently deploy 3rd Party Applications that are not included in the list of 3rd Party Applications managed by HEIMDAL Security. Any applications that support silent installation commands (/I; /qn; /s; /update, etc.) can be deployed using the Infinity Management module. With this tool, you can deploy applications that have the following file extensions: .msi, .exe, .msp, or .zip.
HOW DOES INFINITY MANAGEMENT WORK?
Infinity Management is based on the 3rd Party Patch Management module and works only if the 3rd Party Patch Management module is turned ON. When the Patch & Asset Management - 3rd Party Patch Management module is enabled, the HEIMDAL Agent checks the Windows Registries paths (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall) to see what are the 3rd Party Applications installed on the endpoint(s) and reports their status in the HEIMDAL Dashboard (it identifies an application using the DisplayName and DisplayVersion properties from the application's GUID registries).
Infinity Management can be used to:
A. Automatically install a 3rd Party Application that is not managed by HEIMDAL Security;
B. Automatically update a 3rd Party Application that is already added in the Infinity Management module;
C. Allow the users to manually install a 3rd Party Application that is made visible in the HEIMDAL Agent.
HEIMDAL Encryption Tool
The Heimdal Encryption Tool is an application you will use to encrypt the installer(s) (with the AES256 algorithm) you want to deploy in your organization with Infinity Management. You need to encrypt the applications you want to deploy for security reasons.
To encrypt a 3rd Party Application, you need to download and install the HEIMDAL Encryption Tool (which can be downloaded from the HEIMDAL Dashboard -> Products -> Patch & Asset Management -> Infinity Management -> View Private Patching Storage -> Download HEIMDAL Encryption Tool).
Run the HEIMDAL Encryption Tool, browse for the file that follows to be encrypted, and press ENCRYPT.
The encrypted file will be generated in the same path location as the original file or in the output path (if selected) with the .enc extension. You can encrypt a file by selecting the File Path option or multiple files in a folder by selecting Folder Path.
PATCH & ASSET MANAGEMENT - INFINITY MANAGEMENT view
The Infinity Management view displays a list of all your 3rd Party Applications that are configured for deployment inside your organization, while the Software Asset Management view displays a list of all the software licenses that are detected on the endpoints in your organization.
A. Infinity Management
On the top, you see a statistic regarding the number of Apps included, and the Occupied size out of a total of 1,000 TB.
Below the statistics, you see a search field that allows you to search between the configured applications, the Add New App and View Private Patching Storage buttons and the list of 3rd Party Applications.
To add a 3rd Party Application to Infinity Management you need to upload the encrypted installer to your Private Patching Storage and create the new application in the Infinity Management view.
B. Software Asset Management
On the top, you see a statistic regarding the number of Apps included, and the Occupied size out of a total of 1,000 TB.
In this view, you get information about the Application Name, Publisher, Type, Quantity, Maximum number of Endpoint Licenses, Maximum number of Server Licenses, Total Price Endpoints, Total Price Servers, Discovered Endpoints, Discovered Servers, License Key, and the Expiration Date. Clicking the Application Name will redirect you to the SAM Details page where you can edit the license information. The primary properties of a SAM item are the Application Name and the Alias. The Alias property represents a list of expressions used for automatically discovering assets by their name. Since multiple assets may be part of the same license (only having different versions), multiple assets may match the same Software Assets Management item. Since the same software can be bought from multiple publishers in multiple ways, in the editor (SAM Details page) there is a “Details” tab granting the possibility to input multiple license details concerning multiple publishers. The Create New License functionality allows you to add a new license for a specific application. The SAM view is available if Software Asset Management and Infinity Management are enabled in the Group Policy settings.
PATCH & ASSET MANAGEMENT - INFINITY MANAGEMENT setup
To add a 3rd Party Application to Infinity Management you need to upload the encrypted installer to your Private Patching Storage and create the new application in the Infinity Management view.
A. Preparing, encrypting and uploading the installer
1. To encrypt an installer that follows to be deployed in your organization, you need to use the HEIMDAL Encryption Tool (which can be downloaded from the Private Patching Storage). This tool allows you to encrypt .msi, .msp, .exe, .zip files that are going to be uploaded to the Private Patching Storage. In order to go smooth with the encryption process, make sure the filename of the file(s) you are trying to encrypt doesn't include special characters (like [ ] { } # =) and doesn't extend to more than 50 characters. Once encrypted, the file will get the .enc extensions (e.g. setup.exe.enc)
2. After encrypting the file, you can access the Private Pathing Storage, available in the Products -> Patch & Asset Management -> Infinity Management -> View Private Patching Storage section. Here you see a list of all the encrypted files (if any added previously) and the remaining size of your storage.
3. Upload the encrypted file to your Private Patching Storage by pressing the Upload File button and by importing the file. Once uploaded, the file will be displayed in the list of uploaded files.
B. Creating the new application
1. Once the installer of the 3rd Party Application is uploaded to the Private Patching Storage, you can create the application in Infinity Management, by going back to the Infinity Management view and by hitting the Add New App button.
Fill in the following fields:
- Application Name - name of the application;
- Architecture - Both, x64 or x86. This field is used by the HEIMDAL Agent to discover a 3rd Party Application in the Windows Registries paths HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (usually 64-bit applications) and HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall (usually 32-bit applications). The applications are identified by the DisplayName and DisplayVersion properties from the application's GUID registries);
- Custom Expressions (the custom expression must match the Application's name, just like it is displayed in Control Panel - Programs and Features) - This field tells the HEIMDAL Agent what's the name of the application and how to identify it when it is installed on the computer. You can specify multiple custom expressions to match an application by its name and you can also exclude the name of an application that might have a similar name. Use the Custom Expressions Helper for more examples.
2. Once the Application is configured, you need to press the Add Patch button to configure the patch.
- Private Patches - select the encrypted file from the dropdown menu;
- Version - Specify the version number (the version number must be identical with the one version number displayed in Control Panel - Programs and Features); The version must have the standard format of x.x.x.x (1.1.21, for example) - only numbers separated by dots [.]; the agent will NOT be able to detect versions that contain other symbols or that have other formats, like 16.4-2, ad 8.0.1, 1.73.(3123), etc.;
- Checksum SHA512 - The checksum SHA512 is filled in automatically when the user selects the encrypted file in the Private Patches dropdown. In case you upload a file larger than 1 GB, the automatic filling in of this field might be slowed down. If this happens, we recommend you manually add the Checksum SHA512 from the HEIMDAL Encryption tool;
- Checksum MD5 - The checksum MD5 is filled in automatically when the user selects the encrypted file in the Private Patches dropdown. In case you upload a file larger than 1 GB, the automatic filling-in of this field might be slowed down. If this happens, we recommend you manually add the Checksum MD5 from the HEIMDAL Encryption tool;
- Type - Default or Archive (default is Default, while Archive is meant for .zip files). In case you select the Archive type, you need to make sure you archive the files directly (and not the folder containing them). After archiving them, make sure you mention the executable file that needs to run after the extraction (performed by the Heimdal Agent) in the Entry File Name field;
- Install Arguments - Specify the silent installation argument (usually MSI Installers use /qn while EXE Installers use /S or /SILENT, but these differ from one application to another and this is better to contact the developer of the application);
- Applies to specific version - you can select an older version of the application (if already configured) or you can click the Applies to all upper versions tickbox;
- Before Install - allows you to perform specific operations before installing the 3rd Party Application:
Uninstall Specific Version - uninstall a specific version or all previous versions (this usually works for MSI Installers);
Execute script - Infinity Management allows you to run Command-Prompt command lines before installing the application or after installing the application (in case you are required to run specific batch scripts before/after installing the application); - After Install - allows you to perform specific operations after installing the 3rd Party Application:
Skip Post-Event Script if Patch Fails: if enabled, this cancels the execution of the script below in case the application install/update fails;
Execute script - Infinity Management allows you to run Command-Prompt command lines before installing the application or after installing the application (in case you are required to run specific batch scripts before/after installing the application);
IMPORTANT
In case you are trying to run reg (e.g. reg delete, reg add) command lines in the BEFORE/AFTER INSTALL, you need to add the /reg:64 parameter at the end of the command line because the Heimdal Agent is running a 32-bit process and the command line does not recognize a 64-bit Windows Registry path.
e.g. To delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP key from the Windows Registry, you need to run the command line below:
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP /f /reg:64
3. Select the Operating System(s) where you want the deployment of the 3rd Party Application to be available and press Save Patch. Once you save a patch, you can always come back and disable it by pressing the Disable button.
If you want to deploy the configured 3rd Party App to a Windows Server endpoint, you must know that the Windows versions are built on the same OS platforms as the Windows PC versions and are the equivalent of the following:
- Windows Server 2008 R2 (32-bit) - Win7 x86;
- Windows Server 2008 R2 (64-bit) - Win7 x64;
- Windows Server 2012 (32-bit) - Win8 x86;
- Windows Server 2012 (64-bit) - Win8 x64;
- Windows Server 2012 R2 (32-bit) - Win81 x86;
- Windows Server 2012 R2 (64-bit) - Win81 x64;
- Windows Server 2016 (32-bit) - Win10 x86;
- Windows Server 2016 (64-bit) - Win10 x64;
- Windows Server 2019 (32-bit) - Win10 x86;
- Windows Server 2019 (64-bit) - Win10 x64;
- Windows Server 2022 - Win10 x64.
4. After saving the patch, press the Save button to complete the configuration.
When a new patch version is available for a configured application, you can always come back to Infinity Management, access the 3rd Party Application and add a new patch, which will get a higher version number than the existing patch(es). In case you want to disable a patch from the list of patches, you can click on the specific patch and press the Disable button. Don't forget to press the Save button on the Application Definition window.