Understanding assets and asset elements
An asset is any hardware appliance or software installation that can be managed by OMS. An asset element is the main functional part of an asset with which a user interacts, such as a probe instance, business group, or device group.
For this section, it is important to understand the distinction between an asset and asset element.
An asset communicates the properties that uniquely identify it the first time it connects to OMS. OMS retrieves information about any available asset elements.
Who may use an asset is controlled through the permission policy of the asset group and through user group membership. When an asset may be upgraded is controlled through its upgrade policy. For this reason, you may want to have your asset groups contain only assets or only asset elements.
Because an asset or asset element may be a member of only one asset group, you must decide how to organize your assets and asset elements. Typically, you do not want to mix assets and assets elements in the same asset group. When you place an asset in a group you automatically grant access to all of its underlying asset elements. Most end users need access to only the underlying asset elements. Moreover, most end users do not need to upgrade the software version of an asset. An asset element cannot be upgraded by itself—only the asset may be upgraded. In other words, asset elements are upgraded only when an asset's software version changes. By keeping assets separate from asset elements in your asset groups, as an OMS administrator you have more granular control over the objects in your Observer Platform environment.
This image shows five asset groups and three user groups. The assets in New York and Chicago are updated together but separately from the asset in London because it is in a different asset group. Multiple asset groups and even individual asset elements can be in a user group (orange user group). An asset group can be in multiple user groups (red asset group).
 
Figure 4: OMS Relationships
OMS Relationships Low ResOMS Relationships Low Res
 
Assets are the two most recent major versions of:
Asset
Asset Elements
Observer
Probe instances
GigaStor and Observer probes
Probe instances
Apex
Business groups
OI
Device groups
Matrix
N/A
How to add an asset
Add assets before they are deployed so that when they come online they can be used immediately.
Prerequisite(s):  
The asset must be running.
You must know the IP address or DNS name.
 
Note: The asset name, probe ID, version, operating system, CPU, memory, and serial number (if a hardware appliance) are automatically retrieved from the asset and cannot be modified.
To add an asset:
1. Starting in the dashboard, click Auth > Assets.
2. Click the new icon .
3. Select an asset type.
4. Type a description.
5. Type the IP address or DNS name of the asset.
6. Choose an asset group.
7. Click Asset Elements.
8. For each asset element choose an asset group.
9. Click the accept icon .
 
The asset is created when the Saved asset notification appears on the screen. The automatically retrieved information is reported after the asset connects to OMS for the first time.
Note: With or without the help of OMS, each Observer Platform product requires a license to operate fully. See Understanding asset licenses and licensing for details.
 
 
Next, assign a license to the asset.
 
Asset settings
Values of several common characteristics that uniquely identify an asset appear in Asset settings.
 
Asset type
The asset type must be specified.
Asset name
The name of the asset, which is reported to OMS.
Only v17 or newer assets will report an initial value. A name is not shown until the first time the asset connects.
Description
Asset descriptions are optional and displayed in the Assets table.
Descriptions are especially useful when creating and maintaining groups.
Asset IP/DNS
The IPv4 or IPv6 address or host name of the asset.
Probe ID
The unique probe ID generated during installation of the asset, which it reported to OMS.
Asset enabled
If selected, users can access this asset. If cleared, users cannot access this asset.
Even if selected (enabled), user actions on the asset are limited by the permission policy of the user group.
Asset group
Sets which asset group this asset belongs to.
If set to 'None', this asset does not belong to any asset group.
Operating System
The operating system installed in this asset, which it reported to OMS.
Only v17 or newer assets will report a value.
CPU
The processor installed in this asset, which it reported to OMS.
Only v17 or newer assets will report a value.
Memory
The total installed memory (RAM) of this asset, which it reported to OMS.
Only v17 or newer assets will report a value.
Serial Number
The serial number of this asset, which it reported to OMS.
Only v17 or newer assets will report a value.
 
How to delete an asset
Deleting an asset removes it from OMS and the asset is no longer managed.
To delete an asset:
1. Starting in the dashboard, click Auth > Assets.
2. Select one by clicking a table row.
3. Click the garbage can icon .
4. Click Yes to confirm the deletion.
 
You successfully deleted an asset. The asset has been removed from OMS and is no longer managed.
 
How to apply a license to an asset
An asset requires a license before it can be used.
The Licenses screen is divided into a list of unassigned licenses on the left and a list of assets on the right. Both lists are sortable. The licenses are grouped by product. Any license in the list can be assigned to an asset in one of two ways. It can be manually applied using the procedure described here or an asset can request a license if a user attempts to automatically add an asset. The Assets section lists the name, IP address, license type, and license number. If the license number is blank the asset is currently unlicensed and cannot be used.
Note: With or without the help of OMS, each Observer Platform product requires a license to operate fully. See Understanding asset licenses and licensing for details.
To manually assign a license to a product follow these steps.
1. Starting in the dashboard, click Version > Licenses.
2. Select the license you want to apply. Adding a license is an easy drag-and-drop operation from the list of available licenses onto the asset in the Assets list.
If you want to remove a license from an asset, reverse the process. Select the asset's license and drag-and-drop it to the list of available licenses.
 
The asset is licensed and can be used immediately.
 
Understanding auto-adding assets and licenses
Having assets automatically added to OMS reduces the upfront configuration necessary for the OMS administrator.
Two common scenarios, both of which are equally valid, make sense under different circumstances.
If you already have several existing Observer Platform products and now you want to centrally manage them, then configure assets to submit their licenses when they request to be managed by OMS. As assets connect to OMS for the first time, they are added to OMS. There is little for you as the OMS administrator to do other than to add the asset to an asset group. However, depending on the configuration of your Global Asset Policy, these assets might be automatically assigned to an asset group. There is nothing more you need to do in these cases.
If you do not have any existing Observer Platform products or you acquired several new assets and you are deploying them simultaneously, then preload the asset licenses into OMS. Whenever an asset connects for the first time, it requests a license and to be added, which OMS issues and grants. As assets come online, as an administrator, you may need to add the asset to an asset group. However, depending on the configuration of your Global Asset Policy, these assets might be automatically assigned to an asset group. There is nothing more you need to do in these cases.
Unlike in previous versions, after an asset is managed by OMS it is permanently managed by OMS unless the asset is deleted (not disabled) from OMS. There is no option on the local asset that allows a user to remove the asset from OMS management.
This table describes the process of what happens when a users requests to automatically add an asset.
Table 4. Auto-Adding An Asset
If the asset1
Then2
Already exists in OMS and is licensed
1. OMS verifies the asset's ID and its license. It is already managed by OMS.
Already exists in OMS and is not licensed
1. OMS verifies the asset's ID.
2. The asset requests a license from OMS.
a. If a license for that asset type exists, a license is issued and the asset is now managed by OMS.
b. If no license for that asset type is available, the request is rejected. The asset cannot be used.
Does not exist in OMS and is licensed
1. The asset requests to be added.
2. OMS verifies the license from the asset and adds the license to the managed licenses.
3. OMS adds the asset to its assets list. The asset is now managed by OMS.
Does not exist in OMS, is not licensed, and a license exists
1. The asset requests to be added and a license.
2. The asset requests a license from OMS.
a. If a license for that asset type exists, a license is issued. OMS adds the asset to its assets list. The asset is now managed by OMS.
b. If no license for that asset type is available, the request is rejected. The asset cannot be used.
Does not exist in OMS, is not licensed, and no license exists for it
1. The asset requests to be added and a license.
2. The request is rejected. The asset cannot be used.

1 Only probes, GigaStor, and Observer are supported for automatically adding assets.

2 Assumes user has the right to auto-add assets and licenses (separate permissions).

How to automatically add an asset
Having assets automatically add themselves is the simplest way to get started.
Prerequisite(s):  
User must have the Auto-Add Asset user right assigned to it.
Only Observer and probes (GigaStor and Observer) can automatically be added
 
1. Choose one:
If you are opening an asset for the first time it will be in demo mode. Start the software and choose License by OMS.
If the software is already licensed, click the File tab. Select Managed by OMS.
2. Type the DNS name or IP address of the OMS system.
3. Type your user name and password.
A request is sent to OMS. If authenticated, a success notification appears and the asset is added.
4. Close and restart the software.
Any shared filters and protocol definitions are synchronized.
 
The asset can now be used according to the permissions set in the Default Policy.
 
How to determine who has rights to use an asset
Use AuthFlow to see the relationship between assets, asset groups, user groups, and assets.
Troubleshooting who has rights to an asset is very easy to do when you can visually see the relationships (or lack thereof).
1. Starting in the dashboard, click Auth > AuthFlow.
2. Select the asset and drag it to the dashboard.
3. Use the relationship lines to determine if the user has access to the asset through its user group directly or through an asset group.
 
The dashboard updates showing you all of the relationships between users, user groups, asset groups, and individual assets.
 
Figure 5: Asset relationships
OMS Authflow Relationships [Low Res]OMS Authflow Relationships [Low Res]
 
 
Understanding the Global Asset Policy
The Global Asset Policy controls all core functionality of OMS. How you use OMS in your organization is entirely dependent on these settings.
The Global Asset Policy can be modified at System > Settings.
Authenticate & authorize users using OMS
If selected, all assets managed by OMS will prompt users with a secure login when applications, like Observer, are launched. The login prompt expects a user name and password that has been configured in OMS. Because OMS can authenticate users with third-party authentication services like Active Directory, an example would be to use your Active Directory credentials here (if OMS is configured to do so and your user name has been imported).
Synchronize user protocol definitions through OMS
Synchronizing user protocol definitions is an important step in ensuring that all assets understand the traffic on your network. This is especially important when analysing captures and trending data from other areas of the organization or custom applications. It is highly recommended that protocol definitions remain shared.
Get list of Probe Instances available for redirection from OMS
If selected, all probe instances that a user has permission to redirect, or even see, will appear to them when redirection is attempted. Clearing this setting ensures that no remote probe instances are shown. Probe instances local to the asset being interacted with are shown only.
Share filters with OMS
To share capture filters between assets, this setting must be enabled. The filters that users create and save become synchronized between all assets, so the work of creating filters does not need to be duplicated by multiple people.
Manage licenses with OMS
OMS can manage all of the licenses for your assets. This includes storage of the licenses; the ability to assign them to assets remotely; and the ability to remove them from assets remotely. If your organization does not use this feature, each asset must be manually licensed in that product, such as inside Observer.
Auto-add assets and licenses
For ease of administration, OMS can automatically create and apply the appropriate license to an asset the first time it connects. This option is especially useful when a large number of new assets need to be added to OMS; just ensure the new asset is set to be managed by OMS.
Cache OMS logon credentials
If selected, managed assets will cache OMS user credentials for a set number of hours. During the configurable number of hours, users can continue to log on and use managed assets if OMS has become unavailable. For the greatest prevention of OMS downtime, consider using a failover configuration.
Assign auto-add assets to Asset Group
If Auto-add assets and licenses is selected and a new asset is automatically added, the asset is placed into this asset group.
Number of hours to cache OMS logon credentials
This sets how many hours that OMS user credentials are cached by managed assets. This option only appears when Cache OMS logon credentials is selected.