The history stores configurations as they are uploaded to the mGuards. Variable permissions and template inheritance relations are not part of the history.
mdm keeps track of mGuard device configurations in the configuration history. Whenever a change is made to a device, template, or VPN group configuration, a new history entry is automatically created for each device that changes as a result.
Each device has its own independent history. When a device is deleted, its associated history is deleted as well.
|
The history stores configurations as they are uploaded to the mGuards. Variable permissions and template inheritance relations are not part of the history. |
8.1The configuration history dialog
To access a device’s configuration history, select the device in the device overview table and activate the Show Device Configuration History option in the context menu. This opens the configuration history dialog which contains a list of history entries for the selected device.
Figure 8-1 The configuration history dialog
|
Configuration history dialog |
||
|---|---|---|
|
Range selection |
Since a device may have a large number of history entries, not all entries are automatically loaded from the mdm server when the dialog is opened. By changing the criteria in the Range Selection field and clicking the Apply button, the history entries matching the specified critera can be loaded. 
|
|
|
|
All Entries |
Loads all history entries associated with the device. 
|
|
|
Time Range |
Loads all entries which have been created during a time range. The time range must be specified: –If a lower bound, but not an upper bound is specified, all entries newer than the lower bound are loaded. –If an upper bound, but not a lower bound is specified, all entries older than the upper bound are loaded. –If both a lower and an upper bound are specified, all entries created during the time interval given by the bounds are loaded. Times are specified as an ISO date (YYYY-MM-DD where YYYY is the year, MM is the month of the year between 01 and 12, and DD is the day of the month between 01 and 31) optionally followed by an ISO time (hh:mm:ss where hh is the hour according to the 24-hour timekeeping system, mm is the minute and ss is the second). For example, a quarter past 4 p.m. and 20 seconds on December 22nd, 2010 would be written as 2010-12-22 16:15:20. Alternatively, click on the |
|
|
Last Entries |
Loads the latest (i.e. newest) entries. The number of entries must be specified. |
|
Configuration history table columns |
The configuration history table contains the following columns (see below). 
|
|
|
|
Selection A, B |
The checkboxes in the A and B columns are used to “activate” either one or two history entires. The activated history entries are used when an action is performed; please refer to the sections below for more details. –Check the checkboxes A and B in the same row to activate the corresponding history entry. Check the checkboxes A and B in different rows to activate two history entires. 
|
|
|
Status U |
The U column shows the upload status, if the configuration corresponding to the history entry has been uploaded to an mGuard or exported for pull config. Please refer to Chapter 6.3.1 for a list of available upload status and their meanings. One additional upload status is available in the configuration history dialog:
The configuration corresponding to the history entry has not been uploaded to an mGuard or exported for pull config. 
|
|
|
Status V |
The V status indicates whether or not the configuration corresponding to the history is valid. A configuration is not valid if a None value in a template has not been overridden, so that the configuration cannot be uploaded to an mGuard. Please refer to Chapter 6.1 for more information. 
|
|
|
Creation Date |
The date and time when the configuration history entry was created. |
|
|
Version |
The firmware version that was set for the device when the configuration history entry was created. |
|
|
Creator |
The username of the user who made the change to a device, template, or VPN group configuration that caused the configuration history entry to be created. |
|
|
Upload Date |
The date and time when the configuration corresponding to the history entry was uploaded to an mGuard or exported for pull config. Empty if the configuration has not been uploaded or exported. |
|
|
Uploader |
The username of the user who initiated the upload or export. Empty if the configuration has not been uploaded or exported. |
|
|
Target |
–If the configuration has been uploaded, the address to which it has been uploaded. –If the configuration is exported, the name of the file to which it has been exported. Otherwise empty. |
Filtering and sorting the table
The header of the table can be used to sort the table entries. A click on a header of a column will activate the (primary) sort based on this column. This is indicated by the arrow in the column header. A second click on the same header will reverse the sort order. Clicking on another column header activates the sort based on this new column, the previously activated column will be used as secondary sorting criterion.
The first row of the table accepts the input of regular expressions (please refer to Chapter 11, Regular expressions), which can be used to efficiently filter the table entries. Filtering based on regular expressions is not used for columns that do not contain text (columns U or V).
Since the A and B columns do not contain information, but are used to activate history entries, they cannot be used for filtering or sorting.
Detail information
Double clicking on a row in the configuration history dialog opens a dialog which displays detail information about the configuration history entry. In particular, if the configuration has been uploaded, the messages received from the mGuard while applying the configuration are shown.
8.2Viewing historic configurations
When a single history entry is activated in the configuration history dialog, the View button is enabled. Clicking on this button opens the History View Dialog which shows the historic configuration.
|
Although the History View Dialog looks similar to the Device properties dialog, the type of information that is visualized is different. History entries contain configurations as they are uploaded to the mGuards; variable permissions and template inheritance relations are not part of the history. |
Special values
In addition to the variable value (or Custom if the variable value cannot be displayed, e.g. password variables), two special values are used:
–Local indicates that the variable has no value known to mdm. The value is set by the user netadmin on the mGuard.
–Custom + Locally appendable is only applicable to table variables. It indicates that the user netadmin on the mGuard has the permission to append rows to the table.
8.3Comparison of historic configurations
When two history entries are activated in the configuration history dialog, the Compare button is enabled. Clicking on this button opens the History Comparison Dialog which shows a comparison of the two historic configurations.
|
Although the History Comparison Dialog looks similar to the Device properties dialog, the type of information that is visualized is different. History entries contain configurations as they are uploaded to the mGuards; variable permissions and template inheritance relations are not part of the history. |
Navigation tree
Different icons and colors in the navigation tree are used to visualize where and how the older and newer configuration differ:
–
Unchanged (black label)
The older and newer configuration are identical in the subtree below the node.
–
Modified (blue label)
Variables have changed between the older and newer configuration in the subtree below the node.
–
Added (green label)
The subtree has been added, i.e. it exists in the newer, but not in the older configuration.
–
Removed (red label)
The subtree has been removed, i.e. it exists in the older, but not in the newer configuration.
Configuration variables
If a variable has not changed between the older and newer configuration, its single value is displayed. Otherwise, if a simple variable has changed, its old value is displayed above its new value. In cases where the variable value cannot be displayed (e.g. password variables), the text Custom is used instead.
|
If the single value Custom is displayed for a password variable, this indicates that the password has not changed. However, if the value Custom is displayed twice, the password has changed between the older and the newer configuration. |
If a table variable has changed, the change is indicated by the background color of the changed row(s) and by a character in the “+/–” column:
–“+” indicator / green background
The row has been inserted, i.e. it exists in the newer, but not in the older configuration.
–“–” indicator / red background
The row has been deleted, i.e. it exists in the older, but not in the newer configuration.
–“M” indicator / blue background
The row has changed between the older and newer configuration. This indicator is only used for complex table variables (e.g. VPN connections); otherwise, a changed row is treated as a deletion of the row with the old contents followed by an insertion of a row with the new contents.
Special values
In addition to the variable value or Custom, two special values are used:
–Local indicates that the variable has no value known to mdm. The value is set by the user netadmin on the mGuard.
–Custom + Locally appendable is only applicable to table variables. It indicates that the user netadmin on the mGuard has the permission to append rows to the table.
8.4Reconstructing a device from a historic configuration
When a single history entry is activated in the configuration history dialog by checking the checkboxes in both the A and the B column, the Reconstruct Device button is enabled. Clicking on this button creates a new device in which all variables are set according to the historic configuration and opens the Device properties dialog for the reconstructed device.
|
Once created, the new device is no longer linked to the device from which it has been reconstructed. It is an independent device with an independent device history. |
Template assignment
If the device was assigned to a template when the history entry was created, and if that template still exists, and if the firmware version the device had when the history entry was created is equal to or newer than the current firmware version of the template, the template can be assigned to the reconstructed device:
If the template is assigned to the device, variables in the device are set to Inherited if their value (in the historic configuration) matches the value in the template (in its current state).
The report of changes allows it to obtain an overview how multiple devices have changed between two points in time. Select one or more devices in the device overview table and activate the Generate Report of Changes to Device Configuration option in the context menu. This opens the history reporting dialog.
Figure 8-2 The dialog to generate a report of changes to device configurations
Selection criteria
The two historic configurations to compare are selected by applying two selection criteria, one to select the older revision and one to select the newer revision, to each selected device individually. The following criteria can be chosen:
Oldest
The oldest device configuration.
Newest
The newest device configuration.
Newest Before
The newest device configuration prior to a date and time. The date and time is specified as an ISO date (YYYY-MM-DD where YYYY is the year, MM is the month of the year between 01 and 12, and DD is the day of the month between 01 and 31) optionally followed by an ISO time (hh:mm:ss where hh is the hour according to the 24-hour timekeeping system, mm is the minute and ss is the second). For example, a quarter past 4 p.m. and 20 seconds on December 22nd, 2010 would be written as 2010-12-22 16:15:20.
Alternatively, click on the 
icon to select the date from a calender.
Device configuration must have been uploaded or exported
The criterion can be combined with the others. If the checkbox is checked, only history entries pertaining to configurations which have been uploaded to an mGuard or exported for pull configuration are considered.
Generating the report
The report consists of an HTML file which can be viewed with any web browser. The name of the file to which to write the report is specified in the Report field. If the Open finished Report in Browser checkbox is checked, mdm automatically opens a web browser and loads the report.
icon to select the date from a calender.
Not uploaded 
