Medulla Step-by-Step User Guide

Get started with Medulla with ease. This visual guide walks you step by step through the tool’s daily use, whether you’re new to Medulla or want to take your skills to the next level.
With clear explanations, screenshots, practical examples, and essential reminders, explore each feature with confidence—free of unnecessary jargon, but with the efficiency you need.

Chapter 1: Table of Contents

Chapter 1: Table of Contents

Table of Contents

Table of Contents

Chapter 1: Table of Contents

Getting Started with Medulla

The Kiosk Module

Understanding Entities and Users

Managing computers

Imaging – Create and deploy images

Package deployment

Logs, monitoring, and auditing

Manage updates

Backups

History

Administration

MDM

CVE - View Security Vulnerabilities in Your Fleet

 

Case studies

Chapter 2: Getting Started with Medulla

Chapter 2: Getting Started with Medulla

How to log in to Medulla

To access Medulla’s features, you must log in with your credentials. This step ensures the security of your data and personalized access.  

Login Steps

image.png

Choose your language

On the login page, select your preferred language from the dropdown menu. The default language is French, but you can change it if necessary.

Enter your username

Enter the username or email address you provided when creating your account.

Enter your password

In the Password field, enter your personal password. Make sure it is spelled correctly: uppercase and lowercase letters are distinguished.

Confirm the login

Click the "Log In" button to access your user account.

For security reasons, avoid saving your password on shared devices.

If you have trouble logging in, contact your organization’s technical support

Chapter 2: Getting Started with Medulla

Dashboard

image.png

The Medulla dashboard allows you to monitor the real-time status of your infrastructure using customizable widgets. You can move, resize, and arrange the widgets as you wish. Each widget also has a button to show or hide it, depending on your needs.

Some widgets include dynamic charts for a better understanding of the data, updating in real time.

The following widgets allow you to create static groups directly so you can perform actions on them by clicking: 

Inventory Widget, Operating System, Online Machines, Antivirus

Available Widgets 

Widgets are organized by category and allow you to view various information about your infrastructure. Here are the main categories:

General

image.png

Information provided 
Customization 

This widget can be moved wherever you like, and it is resizable to display more or less information depending on your needs. You can also hide it using the toggle if you don’t need to see this information all the time.

Graphical representation 
The General widget includes a line chart forCPU usage and a pie chartforRAM usage, allowing for a quick and intuitive visualization of system resource usage. The RAM chart shows the distribution of free and used space, while the CPU load chart helps you monitor server performance in real time.

image.png

Online machines

Information provided 
Customization 

This widget can be moved and resized as you like. The toggle allows you to show or hide it according to your preference.

Graphical representation 

Pie chart to visualize the distribution of online and offline machines.

image.png

Inventory

Information provided 
Customization

The widget is customizable and can be moved and resized. You can also hide it if you don’t need it.

Graphical representation

A pie chartdisplays the items in the inventory and highlights those requiring an update, providing an overview of the inventory’s status

In summary, the Dashboard is your centralized hub for managing and monitoring the status of your IT infrastructure. It is designed to be flexible and responsive, providing an overview of the performance of your machines and resources, while allowing you to react quickly to any alerts or necessary updates.

With this set of tools and graphical visualizations, the Dashboard gives you optimal control to manage your systems efficiently, while providing a clear and detailed view of your entire IT environment.

Chapter 2: Getting Started with Medulla

Updating Medulla via the interface

In the Medulla dashboard, an "Update Medulla" widget is available:

This widget allows you to:

On the widget, click the Check for Updates button.

image.png

A popup will appear asking you to confirm the update, with backup requirements. 

image.png

There are 2 buttons on the popup 

When you click Start Update, the pop-up displays: 

image.png

Once the update is complete, Medulla will force a logout from the interface.

Once you reconnect to Medulla, still within the Updates widget, please click the "Restart Medulla Services" button.

image.png

The session will be terminated; you will then need to reconnect to the interface.

Click the "Regenerate Agents" button.

image.png

The page will then display the following screen: 

image.png

Chapter 3: Kiosk

Chapter 3: Kiosk

Kiosk

image.png

When you arrive at theKiosk interface’s main page, you are immediately directed to the Profile List section, located in the center of the page. This is the first thing you will see upon arriving at this page.

The Profile List Section

This section is located in the center of the screen and displays all user profiles that have already been created. Depending on the number of existing profiles, you will see different information:

Existing Profiles 

If profiles have already been created, each profile will appear in a list with information such as:

image.png

No profiles created

Don’t worry—creating a profile is quick and easy. Follow the steps below to add a new profile in Kiosk. We’ll walk through it together, step by step.

Click here to see...

Chapter 3: Kiosk

Add a profile

image.png

To create a new profile, start with the section on the left side of the page.

image.png

Steps for creating a profile

Click "Add Profile"

You will find a link labeled “Add a profile.” Click on it to access the profile creation page.

Fill out the creation form

Once on the page, you’ll see the form to fill out in the center of the screen. This is where you’ll set up your profile information.

Information to provide

  1. Profile name
    Enter a name for the profile. This name will then appear in the list of profiles.
    Examples: User1, HRProfile.

  2. Profile status
    Select the profile status when creating it:

    • Active: The profile will be immediately operational.

    • Inactive: The profile will be created but will remain inactive (it will need to be activated later).

  3. Manage packages (associated applications)
    There are two sections for managing applications:

    • Available packages: List of applications you can add.
      Use the “Search by name…” field to search for a specific application.

    • Authorized packages: List of applications already added to the profile.
      To add an application, select it from “Available packages.” It will then be added to “Authorized packages.”

  4. Application sources
    At the bottom of the form, choose the source(s) of the applications to associate:

    • Entity

    • LDAP

    • Group

    • OR User
    • Or Machine

Finalization

Once all the information has been entered, click the “Create” button to confirm the creation of the profile. The new profile will then be added to the Profile List, visible in the center of the home page.

When adding packages to a Kiosk profile, it is essential that an inventory be associated with the package.
Without this association, the packages cannot be assigned.

When deploying packages via Convergence, they must also be linked to an inventory.
Without this link, the deployment cannot be performed.

Chapter 3: Kiosk

Medulla Kiosk

Once profiles have been created in the Medulla interface, users whose computers are connected to Medulla will see an icon representing the Medulla logo in their system tray: image.png

image.png

Double-click the icon to open the kiosk and view the applications that the Medulla administrator(s) have made available:

You can also right-click and then click the "Open" button: 

image.png

image.png

Next, the user simply selects the relevant package and clicks the "Install" button.

The user then has several options available: 

image.png

You can schedule a deployment date and time, then click the "Later" button (e.g., Today at 5 p.m.); at that time, the deployment will be carried out on the date and time scheduled by the user.

Or click "Now" to start the deployment immediately.

image.png

The user will then see the "Install" button change to "Install in Progress. "

Once the "Install" action has been clicked, the Medulla agent will send the installation request to the Medulla server, and the server will handle the installation as a normal deployment.

In the Medulla console, the administrator will find the deployment in the Audit tab with the command name followed by @Kiosk@, which identifies deployments via the kiosk.

image.png

The user will see their kiosk window change to display the "Launch" button and the "Delete" button, which allows them to remove the program. 

image.png

Chapter 4: Entities

Chapter 4: Entities

Managing Entities in Medulla

image.png

This section guides you through managing entities within Medulla. You will learn how to view existing entities, add new ones, assign users to them, and download tagging agents directly based on the entities.

Entities in the Medulla module are provisioned directly in the GLPI or ITSMNG backend.

The Entity List Section

Located in the center of the screen, this section displays all entities registered in your Medulla environment.

image.png

Root Entities.

By default, a root entity is created in Medulla. This root entity can contain child entities and users within the root entity as well as within the child entities.

The following information is displayed for each entity:

Add a Sub-Entity

To create a sub-entity, click the image.png   on the parent entity's row, then give it a name and click the "Create Entity" button.

No users registered

If no users have been added yet, the users section will show a count of 0, as shown in the screenshot above.

Medulla Agent

By default (on-premise or classic configuration), we provide a global agent for Medulla; entity management per workstation is handled via GLPI.

However, if you wish to benefit from automatic assignment of machines to entities directly via the agent, it is also possible to generate specific agents per entity. This option is not enabled by default, but we can assist you in setting it up if it meets your needs.

If you choose to have one agent per Entity as explained in this post, you will find the "Download an agent" buttons in the actions for an entityimage.png 

. Select the Windows or Linux agent, then click Submit to download the relevant agent.

image.png

It will directly link the workstation to the entity configured in the downloaded agent.

Chapter 4: Entities

Add an entity and create users

image.png

The button above opens the menu for creating a sub-entity of the root entity.

To create a new entity in Medulla, simply fill in the following field and then click the Create Entity button

image.png

Go to the user creation page for an entity.

In the side menu bar on the left side of the screen, click the button 

image.png

Click the “Add a user” link to open the creation page.
The form will appear in the center of the screen.

Fill out the Creation Form

Here are the fields to fill out

Then click the "Create New User" button to confirm the user's creation.

image.png

Edit an existing user

image.png

You can edit an existing user’s information at any time by clicking the button in Entity Management:

image.png

Modify MMC Permissions

To adjust a user’s access rights in Medulla, you can modify their MMC rights (also known as ACLs— Access Control Lists).

Currently being redesigned.

If they do not have permissions for a module (for example, “Imaging”), they will not be able to view the logs associated with that module in the history, even if access to the history is authorized.

Chapter 5: Computers

Chapter 5: Computers

Computers

image.png

This section is dedicated to the comprehensive management of all IT devices in Medulla. Whether you want to monitor, organize, or interact remotely with your machines, everything is centralized in a user-friendly and intuitive interface.

Computer management in Medulla is based on a centralized interface accessible via the XMPP View. From this interface, you have access to all the features needed to monitor machine status, perform targeted searches, apply filters, and perform various actions on your computers—all in real time.

XMPP View of Computer Workstations

The XMPP View is the heart of workstation management in Medulla. It allows you to monitor the connection status of each machine in real time and interact with them. This module centralizes information and available actions for complete control of your IT infrastructure

Filters and Workstation Selection

At the top of the page, you have three radio filters to select computers based on their connection status:

These filters are useful for quickly and efficiently managing machines based on their availability.

Filtering by Entity

The “All My Entities” menu allows you to filter computers based on their assignment to a specific entity. This filter is particularly useful in multi-entity environments, allowing you to segment your fleet based on departments or organizational structures.

Global Search

Using the “Search all fields” search field, you can search for a machine by entering a keyword. This search field applies to all fields visible in the table, such as the machine name, IP address, operating system, or associated entity.

Actions Available on Devices

Under each computer workstation in Medulla, you have several actions available for remote management and control. These actions include advanced features such as machine inventory, monitoring, remote control, and much more. For a detailed view of each function, consult the Admin section, which covers these options in depth.

Here is an overview of the available actions:

image.png GLPI Inventory Tracking and management of hardware and software configurations via integration with GLPI.

image.pngMonitoring Real-time monitoring of machine performance.

image.pngRemote Control : Directaccess to machines to perform troubleshooting or maintenance tasks.

image.pngBackup: Access to the Medulla backup module for user workstations.

image.pngSoftware Deployment : Remoteinstallation or updating of software.

image.pngImaging Management Deployment and managementof system images.

image.pngXMPP Console: Verify machine connectivity and interact in real time via XMPP.

image.pngEditing Configuration Files: Modify configuration files remotely.

image.pngQuick Actions: Launch actions and commands via the XMPP protocol.

image.pngDelete machine 

All GLPI Computers

image.png

This section displays only the computers that have been synchronized withGLPI via the automated inventory. Here, you can view all machines registered in the GLPI system and check their status.

Features:

If no devices appear here, it means that the GLPI inventory has not yet been configured or that the machines have not been synchronized

Chapter 5: Computers

All groups

Favorite Groups

Once computer groups have been created, you can mark some of them as favorites for quick access.

Favorite groups are useful for:

All Groups

image.png

This section displays all available computer groups in your Medulla instance. This allows you to manage all groups centrally and perform large-scale actions, such as:

It also allows you to perform a range of large-scale actions, such as deploying software, installing updates, remotely restarting machines, or exporting reports to CSV format

Add a group

Medulla offers several ways to structure and organize your IT infrastructure through a flexible group system. When creating a group, you can choose from several methods:

Creating a dynamic group

image.png

Dynamic groups allow you to automatically target machines based on predefined criteria. These groups update automatically as soon as a machine meets or no longer meets the selected criteria.

Modules available for creating a dynamic group:

Dynamic groups are particularly useful in constantly evolving environments or for automated targeted deployment

Creating a static group

image.png


Static groups are created manually by explicitly selecting the machines to include. Unlike dynamic groups, the composition of a static group does not change automatically. You will need to add or remove machines as needed.

Functionality:

Typical use cases:

Static groups are ideal for one-time scenarios or specific monitoring tasks

Creating a static group from an import

image.png

If you already have a list of machines (in CSV or Excel format), you can easily create a group from this file.

Creation steps:

This method is ideal if you are retrieving information from an external system or a structured Excel spreadsheet.


Chapter 5: Computers

Network Wake-up

image.png

Wake on LAN (WOL) is a handy feature that allows you to remotely power on machines that are turned off, provided they are configured to accept this command.

How does it work?

Accessible from the Medulla main menu, this feature displays a list of machines compatible with Wake on LAN. This allows you to take remote control and manage the power-up of workstations without having to physically move to them.

Information available for each machine:

Prerequisites:

Wake-on-LAN relies on proper BIOS/UEFI configuration of the machines. Ensure this feature is enabled on the machines before attempting to wake them remotely.

Typical uses:

Benefits of Wake on LAN:

This feature relies on the workstations’ BIOS/UEFI settings (Wake-on-LAN must be enabled

Typical use 

Chapter 5: Computers

List of uninventoried machines

image.png

This section allows you to quickly identify machines that are not properly inventoried in Medulla. These may be machines that have never reported information, or machines that have been offline for too long.

Objective:

Overview:

When you access this page, a table appears listing all machines with inventory anomalies. Here is the information available in this table to help you diagnose and resolve these issues:

Table columns:

Typical use cases:

Helpful tip:

If a machine appears in this list but no longer appears in "All Computers, " this may mean that it has been disconnected for a long time or that its XMPP/GLPI agent is misconfigured. You can then take the necessary steps to resolve the issue (reinstalling the agent, deleting the entry, etc.).

Chapter 5: Computers

Monitoring alerts

image.png

This section centralizes all alerts generated by the monitored machines in your Medulla environment. It allows you to track, in real time or later, hardware or software incidents detected by the monitoring agents deployed on your machines.

Objective

Alert History

When no alerts are currently active, you can view the history of past events. This includes resolved alerts, ensuring complete traceability of incidents and actions taken on your machines.

Information available in the history:

If alerts are logged, the table will display the following:

Note: If the table is empty, it means that no alerts have yet been detected or recorded in your environment.

Recommendations

Before making any changes, it is recommended that you back up the existing file.

Apply changes carefully and test them on a small number of machines.

Contact your system administrator if you have any questions about a setting.

Chapter 5: Computers

Custom Quick Action

image.png

The Custom Quick Action section allows you to create and manage automated actions that will be executed remotely on your machines. These actions can include specific scripts or commands, thereby facilitating bulk management and the automation of administrative tasks across multiple workstations simultaneously.

Overview

Once in this section, you will see a list of all custom quick actions already configured for the root user. If no actions have been created yet, an empty table will appear, allowing you to add custom commands.

The table contains the following information:

Create a new custom quick action

image.png

To create a new custom quick action, simply click the "Create a custom quick action" button at the top of the page. This will take you to a form where you can define the settings for your new command.

Custom Quick Action Creation Form

The form is divided into several essential fields:

Once all fields are filled in, simply click "Validate" to save and activate the action. The action will now be available in the list of custom commands and can be executed on the target machines.

Verification: Before running an action on a large number of machines, test it on a single machine to ensure it works as expected.

Documentation: It is recommended that you clearly describe each quick action so that all users can understand its purpose and effects.

Security: Commands can have a significant impact on systems. Ensure that only authorized and necessary actions are executed.

Chapter 5: Computers

Delete a computer

To delete a device, simply go to the Computer view, select the device you want to delete, go to the actions on the right, and click the "Trash" button. image.png

Chapter 6: Imaging I

Chapter 6: Imaging I

Imaging

image.png
This section is dedicated toverifying the status of the imaging server, an essential step before deploying a system or creating a reference image.

The imaging server is a central component of Medulla: it allows a system image (a sort of complete "copy" of a computer) to be sent to one or more workstations. If this server is unavailable or malfunctioning, no imaging-related operation can be completed.

This is why it is recommended to systematically check its status before performing any such action.

Accessing the Imaging Server Status

When you click on the Imaging Server Status tab, you are immediately taken to the page where the pre-selected entity is neither private nor public; we will therefore refer to it as "General." 

"General" Entity with Server Offline

This means that the imaging server linked to the "General" entity is inactive. You will not be able to deploy images to the machines in this entity

Understanding the Displayed Information

Selected Entity

At the top of the page, you must selectthe relevantentity.
Entities correspond to logical groupings, often used to separate environments (e.g., services, departments, locations).

entityselection.png

Examples of entities:

Why it matters:

 
Each entity can be linked to a separate imaging server. It is therefore crucial to verify the status of the server for the entity you wish to use.

Server Status

For the selected entity, a visual indicator shows the current status of the server.

Three statuses may appear:

"Private" entity with connection error

Even if the server appears to be accessible, communication is not working.
The deployment will fail upon launch because the connection between Medulla and the server is broken.

image.png

"Public" entity with successful connection 

publicentittstat.png

If there are no errors and the server is online, this means the server is active and ready for use; it will therefore display various statistics as shown with the "Public" entity above. 

In this case, it will display various information:

Before performing any imaging operation, verify that you are on the correct entity and that the server status is listed as “Available.”
If the status is "Offline" or "Connection Error, " do not proceed and notify the administrator or support.

Chapter 6: Imaging I

Manage masters

mastergestionpublic.png
A master is a complete system image created from a configured workstation. It serves as a template for quickly and consistently deploying an environment to other machines.

Before any deployment, it is essential to know which masters are available and how to use them.

Reading the displayed information

Each master is presented as a line containing several elements:

Use a master for deployment

The master system will be automatically installed on the target workstations, without requiring manual intervention on each machine.

Actions available for each image

For each master, you can perform several operations:

Before using a master, verify that it matches the desired configuration, including the operating system, version, and installed software. Only delete a master if you are certain it is no longer in use, as this action is irreversible. If you are unsure which image to choose or what action to take, it is recommended that you contact your technical support representative for guidance.

Chapter 6: Imaging I

Manage startup services

servicegestion.png

Boot services allow machines to boot an image from the network (via PXE, for example).

To configure 

You can 

Chapter 6: Imaging I

Default startup menu

image.png

This section allows you to choose between automatic or manual behavior when machines start up.

Access 

Available options 

You can edit each option to adjust:

Chapter 6: Imaging I

Post-imaging scripts

postimagingscript.png

Allows you to automate actions after an image is deployed (such as installing software or configuring the network).

To create/edit a script 

MountSystem
CopySysprep (the name of your sysprep without parentheses)
CopyRunAtOnce
CopyAgent
CopyDrivers
UseOEMBiosLicence (if you are using Windows OEM licenses)

Here is what the post-install script options do:

MountSystem: copies the master image to the machine, mounts the partition(s), and detects the mount points for the various operations.
CopySysprep: retrieves the registered hostname from the PXE (the MAC/hostname association), adapts it in the answer file, and copies it to the Windows image under a generic name, unatended.xml.
CopyRunAtOnce: copies the setupcomplete.cmd file, which will be executed on the final Windows reboot. This file primarily serves to delete the unatended.xml file, which likely contains a user with domain join permissions.
CopyAgent: copies the Medulla-Agent-windows-FULL-latest.exe agent; it is also possible to pass a parameter to select the agent to deploy.
CopyDrivers: Copies the default drivers required by Windows 10.
UseOEMBiosLicence: Copies the license present in the BIOS and enters it into the post-installation sysprep file.

Chapter 6: Imaging I

How Imaging Works

Imaging consists of several parts:

Master Creation
We provide a pre-built and prepared master image, Windows 11 25H2.
To download and create the master, you can run the following command:
import_master.sh

Creating a sysprep
To create a sysprep, go to Medulla and "Sysprep Answer File Manager," then follow the steps to create the sysprep file you want.

Creating a post-install script
The master created in the previous step requires a post-install script.
Post-install scripts enable various actions that accompany the master deployment; by default, we ask you to create a post-install script with the necessary options. Please refer to the documentation to create and fill it out, and to understand the different options.

Profile
Create a new profile, associate it with the previously created post-install script, select 0 in the script field, and click Validate.
Then associate the profile with a master.

Deploying a master
Boot the computer you want to deploy via PXE (it must already be registered), then select the master with its associated profile and let the master deployment proceed.


For each step, you can refer to the relevant sections on the other pages of this documentation.
 
 
 
 
 
 
---
OPTIONAL
For further information, if you really want to create a highly customized master:
 
Registration
For the machine to be recognized by Medulla, it must be registered.
When booting the machine via PXE on the network, the "register" option appears; you must select it to register the machine.
Here, either the machine is already present in GLPI and the menu displays its name directly, or you can enter the machine’s name during registration.

Image capture
Once the machine is properly registered, you will see the "backup" option in the menu to save the computer's image in order to create a master.
Some prerequisites for capturing an image correctly:
  • First, you must back up a computer running a fresh copy of Windows straight out of the box. Then, when you boot it up, you must skip the OOBE (Out of Box Experience, the questions during Windows installation)
  • Make sure there is no "pending reboot"; here is the command to check for one:
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -ErrorAction SilentlyContinue

  • You can then perform some basic Windows configurations if needed, such as creating a user account, etc.
  • Run the prepare-master.ps1 script found here:
/var/lib/pulse2/imaging/postinst/winutils/prepare-master.ps1

This script checks for Windows updates, removes non-essential applications, and disables BitLocker if the C: drive is encrypted; it also optimizes the image size by deleting temporary files and cleans up the Windows component store.

  • Reboot the machine.

Creating a master
Once you have captured your image in the previous step, you can find it in the Imaging menu of the machine on which you just performed the capture.
Go to "All GLPI Machines," click the "Imaging Menu" action for the relevant machine, then "Images and Masters," where you will find the captured image.
Click on the captured image to convert it into a master, give it a name (label), then click "Validate and Convert to Master".

Chapter 7: Imaging II

Chapter 7: Imaging II

Imaging profiles

Medulla features imaging profile management. These profiles allow you to associate a master with one or more postinstall configurations, enabling you to link the master and the profile either to specific machines, to imaging groups, or to apply it directly at the server level.

This simplifies the deployment of workstations via Medulla’s imaging module.

How do I create a profile for a machine and associate it with a master?

Click on Add a Profile.

Fill in the fields: 

In the Order section, select the post-installations you want to associate with the profile and arrange them in the order of execution from 0 to 10 (0 being the first step and 10 the last).

Click Save once you are finished.

image.png

Once the profile is validated, follow the steps below depending on how you want to associate your profile:

Associate a master with a profile on a machine:

In the Computers tab, click the left-hand menu: All GLPI Computers.

image.png

Select your machine and click the Imaging button: image.png

image.png

In the interface above, we have no master associated with the machine. To associate a master and a profile with this machine, follow the steps below: click on Image and Masters

image.png

In the Available Masters section, click the Next button on the line of the master you want to select:  image.png
A pop-up will appear as shown in the example below: 

You can make your selection and click Confirm.

image.png

After that, the row changes and displays a small green checkmark in the " Added to Startup Menu" field: 

image.png

Return to the Startup Menu tab;

Click the "Edit" button for the master you just added:  image.png

Check the profile you want to associate with the master for this machine: In my example, I selected the OfficeProfile.

Then click "Confirm."

image.pngimage.png

The master is now associated with one or more post-installations.

Next, boot your machine via PXE, and Medulla will automatically offer the master with the associated profile.

You can perform the same steps on an imaging group or via the default boot menu of the imaging server.

Chapter 7: Imaging II

Add a profile

addprofile.png

A profile allows you to associate post-installation actions with a master and to add this profile to the machine’s boot menu when booting the machine via PXE.

Accessing and editing a profile

From the management interface, you can:

List of available post-installation actions

Here are the actions that can be configured in the desired order.
All are disabled by default; you must select them manually if you wish to apply them:

Using the profile

This profile will then be associated with a deployment task, so that the selected steps are automatically applied after installation.

Chapter 7: Imaging II

List of profiles

image.png

Displays all user profiles created for imaging.

Side menuList of profiles

Central area displaying profiles 

Chapter 7: Imaging II

Imaging Configuration

Allows you to adjust the global settings of the imaging environment (e.g., servers used, policies, etc.)

imagingconfigpartI.png

imagingconfigpartII.png

Side menu: Imaging Configuration

Modify the necessary settings

Warning: this section can affect the entire environment → intended for experienced administrators only.

Chapter 7: Imaging II

Sysprep Response File Manager

Allows you to manage the response files used during automated Windows installation.

At the top of the page, you can select the OS, the version, and whether sysprep should take OEM into account:

image.png

Then fill in the necessary information.

sysprepgestionpartI.png

sysprepgestionpartiII.png

To use it 

These files contain silent installation settings (machine name, language, product key, etc.)

At the top of the page, you will find the list of Sysprep files:

image.png

Chapter 7: Imaging II

Imaging groups

Displays all existing imaging groups.

image.png

Add an imaging group

Create an imaging group to organize your deployments.

image.png

image.png

Steps 

 This group will then appear in the list of available groups.

Chapter 8: Packages

Chapter 8: Packages

List of available packages

image.png


Package deployment allows you to install, uninstall, or perform specific actions on multiple remote workstations in a centralized and automated manner. It is a key feature for managing an IT infrastructure, offering speed, consistency, and precise tracking.

This section displays all packages ready for use in deployments.

Access 

Side menu List of packages

Displayed content 

Each line in the list displays 

Available functions 

This allows for quick and organized browsing of available deployment tools.

Chapter 8: Packages

Add a new package

AjoutPackages1-3.png

image.png

image.png

Creating a package involves defining an action (installation, uninstallation, script, etc.) that will be deployed to one or more workstations. The creation form allows you to precisely configure the package’s behavior and its execution options.

From the main menu, go to the "Package" view, click"Add a package" to open the creation wizard.

Next, select the source of the files to be used in the package. Four options are available:

General information to provide 

Sharing 

SelectGlobal Packages to make the package visible across the entire platform, for all Entities.

Name 

Give the package a descriptive name, for example: Install_Chrome
Special characters and accented characters are not allowed.

Version 

Enter a version number, for example: 1.0.0.

Description

Briefly summarize the purpose of the package.

Operating System 

Select the target OS, for example:Windows.

Define the technical deployment details 

Transfer method 

Generally, use pushrsync (recommended).

Bandwidth Limitation  

Optional value to limit the transfer speed, e.g., 500Queuing 

Queuing

Choose between High PriorityorNormal Priority, depending on the urgency of the deployment.
The execution order (from the queue) of deployments is determined based on the priority selected when the package was created.

Launcher (Kiosk)

Specify the path to the executable file that should be launched after installation (e.g.,C:\Program Files\my_app\app.exe).

Only required for Kiosk mode, to run the previously installed software via a button available on the Kiosk.

Dependencies

If your application requires other components to function 

Search for and add the necessary dependencies from the available list (examples:Extract drivers, Medulla Agent).

The added dependencies will appear in the corresponding section.

Link to inventory 

Enable this option to allow tracking of the package after installation via the GLPI inventory.

You can add custom actions to the package, depending on your needs:
The package may include several steps depending on its lifecycle 
To interact with the end user 
Define the package’s behavior at the end of the process 
Once all sections have been configured and verified 

Click Add to save the package.

It will then be accessible from the library for use in a deployment rule or to be triggered manually.

Chapter 8: Packages

Packages on the waiting list

This section allows you to view packages that have been created or added but have not yet been sent to the target devices. It is primarily used to organize, verify, or delete pending actions before they are executed.

image.png

Access:

Side menu → Pending packages

Section contents:

Once on this page, a list of all packages in the queue is displayed with the following information for each entry:

Available actions:

Note: This page does not allow you to directly initiate a deployment, but it helps you monitor items still in the queue. Deployment is typically performed from a separate dedicated section or via an action triggered by a scenario or rule.

Chapter 8: Packages

List of deployment rules

Deployment rules allow you to schedule or restrict deployment based on specific criteria (time range, machine type, user group, etc.).

image.png

Access:

Available information:

Chapter 8: Packages

Add a custom rule

Creating a rule allows you to precisely define when and on which machines a package will be deployed.

image.png

Steps:

  1. Side menu → Add a rule
  2. Define the conditions:
    • Example: “Run every Monday at 9 a.m. on Windows 11 workstations in Building A”
  3. Associate this rule with one or more packages
  4. Save

The rule is now active and is automatically applied when its conditions are met.

Chapter 8: Packages

Launch a deployment and monitor its execution

Once your packages and rules are ready, you can begin deployment on the target machines.

Steps:

  1. Side menu → Package list
  2. Select a package
  3. Click on Run Action or Deploy

Real-time tracking:

In case of failure:

Conclusion

With this feature, you can centralize and automate all your software installations and system actions across your entire fleet. You save time, ensure consistency across workstations, and gain precise control over every deployment performed.

Chapter 9: Audit

Chapter 9: Audit

Individual and group tasks

 The ability to track and understand every action taken is crucial. The management system offers several views to explore past operations in detail, monitor ongoing tasks, identify errors, and collaborate effectively across teams.

The My Tasks section allows you to view all the actions you have initiated, whether they are in progress or completed.

image.png

Access:

Side menu → My Tasks

View:

Available information:

For each task:

Filters allow you to search for a task by name or user.

Task monitoring isn’t limited to your personal activity. With team views, you can track your colleagues’ operations, identify commonalities, and avoid duplication.

image.png

image.png

Access:

Side menu → My team's tasks or All users' tasks

Available sections:

image.png

image.png

image.png

This information allows you to cross-reference intervention data, identify recurring or critical operations, and act consistently within your department.

Chapter 9: Audit

Task Analysis

image.png

For each listed task, you can access acomplete description that includes:

This data is essential for:

To access these details, simply click the image.png

A Refresh button (with a configurable interval, default 5 minutes) keeps the view constantly updated.

image.png

This facilitates active management by allowing you to:


The audit and task management interface is a true retrospective and collaborative dashboard. It allows you to understand what was done, by whom, on which machine, and with what results. This traceability is essential for strengthening security, improving internal procedures, and ensuring reliable and controlled administration of your IT environment.

Group Deployment Analysis: 

When you open the group deployment, you’ll see an interface that displays the pie charts from the home screen.

You can then click on each pie chart segment to create a group based on the error type.

image.png

In the second section of the page, you’ll see details of the machines included in the group, along with summary information and two buttons that allow you to:

image.png

Deployment details for a machine: 

The deployment details include every action performed during the deployment phase.

The deployment process at Medulla is divided into three parts: 

image.png

image.png

image.png

image.png

image.png

image.png

Chapter 10: Updates

Chapter 10: Updates

How the WSUS update module works.

Medulla offers an effective solution to replace the WSUS (Windows Server Update Services) server. This guide explains how Medulla’s update module works.

How It Works: 

Update Source:

Medulla retrieves updates from the wsusscn2.cab file, a database maintained by Microsoft.
Medulla always uses the latest version of this database published by Microsoft.
Updates apply only to Microsoft products, with the exception of major operating system updates (for example, the transition from Windows 10 to Windows 11).

Update Classification:

Microsoft updates are classified by product to meet users’ specific needs.
Medulla supports the following classes:

image.png

image.png

image.png

To enable the desired updates: 

In the Updates module, click the button: 

Validate Microsoft products and select the relevant products.

image.png

Machine Status:
Each machine displays its update status, identified by Knowledge Base (KB) numbers.
Medulla determines the necessary updates for each machine based on the list of machine types, processors, etc.

Creating and Distributing Update Packages:
If necessary, Medulla creates an update package and makes it available.
Based on user-defined management rules, Medulla pushes these updates to the machines.

Product Management:
The selection of products to be included is managed in the database.
Simply request that a specific product be included, and it will be integrated into the update process.

Conclusion

Medulla simplifies and automates update management for Microsoft products, offering an efficient and customizable alternative to the WSUS server. By following this guide, you can configure and use Medulla to keep your systems up to date in the best possible way.


Chapter 10: Updates

Entity Compliance

Update management is a key factor in ensuring the security, stability, and consistency of your IT environment. Using the tools provided by the platform, you can precisely identify which entities need updating, track overall compliance, and take targeted, phased, and optimized action.

The Entity Compliance section provides a clear overview of the update status for each set of machines. It allows you to immediately identify entities at risk or requiring action.

image.png


Access:

Side menu → Entity Compliance

Table displayed:
Example:
Available actions:

This view is ideal for planning update campaigns, preparing audits, or measuring the effectiveness of your security policy.

Compliance Tracking

Update compliance is an indicator of your fleet’s health. The higher it is, the more protected and aligned your systems are.

Best practices:

Managing updates is not just about fixing issues. It is a proactive, continuous, and strategic process. With the compliance tools offered by the platform, you can:

Chapter 10: Updates

Entity Compliance Tracking

Update compliance is an indicator of the health of your IT infrastructure. The higher it is, the more protected and aligned your systems are.

Best practices:

Managing updates is not just about fixing issues. It is a proactive, continuous, and strategic process. With the compliance tools offered by the platform, you can:

Chapter 10: Updates

Manage update lists

Medulla’s update management module replaces Microsoft’s WSUS solution.

How it works: 

The Medulla server retrieves the list of updates—available based on the criteria defined during server installation or configuration—and makes them available to the various client machines managed in Medulla. Each client machine requests the updates it needs from the server; once the server has a complete list of each machine’s requirements, it downloads the relevant updates and makes them available to the clients. Each client workstation will then request the installation of the updates it needs based on the settings of the update lists (Manual Installation, Automatic Installation, or Block Updates).

This operating principle works on a per-entity basis. For each entity, you can manage different update lists.

How it works: 

In the interface, updates will appear on the "Manage Update Lists" page: 

image.png

By default, updates are added to the gray list, which corresponds to manual updates.

Several options are available:

image.png Enable for manual update

image.pngDisable for manual update

image.pngApprove for automatic update

image.pngBlock the update 

If you approve for automatic updates, this moves the update to the whitelist, and all client machines that need this update will then retrieve and install it.

If you click "Block update," the update is moved to the blacklist and will not be offered to any client workstations.

Chapter 10: Updates

Upgrading to major OS versions.

The update module in Medulla allows you to perform version updates directly from the Medulla interface via the Major Updates tab: 

image.png

By clicking the Major Updates button, you will see the compliance view and view machines sorted by entity.

For each entity, you will see information ranging from Windows 10 versions up to the update from Windows 10 to Windows 11.

image.png

Among the information provided are the number of machines, updates from Windows 10 to Windows 10, and updates from Windows 10 to Windows 11.

Medulla includes Microsoft’s prerequisites for upgrading to Windows 11.

In the image below, we can see that 4 machines do not meet Microsoft’s requirements for upgrading to Windows 11.

image.png

Among the actions available on this page: 

image.png This icon allows you to deploy available major updates. If, as shown here, it is grayed out, this means that no machine requires an update or that no machine meets the conditions to receive an update. 

image.png Details per machine in the entity (this provides a history for each machine).

image.png This action lists the machines that cannot be updated to Windows 11 until the prerequisites are met;

By clicking on the details per machine, you will see the following information: 

image.png


Chapter 10: Updates

Automatically approve whitelisted updates.

In Medulla’s WSUS module, an option allows you to automatically approve a type of update and thus automatically whitelist it.

Once whitelisted, these types of updates will be deployed to the machines that require them.

To do this: 

Click on the Updates tab in the Medulla interface, then click the button in the left-hand menu:  

image.png

Select the types of updates you want to automatically whitelist. Then click the "Confirm" button.

image.png

You will then be redirected to the page. 

image.png

You will then be able to see the updates automatically approved in the whitelist:

image.png

Chapter 10: Updates

Microsoft Product Validation

By going to the "Microsoft Product Validation" submenu, you can choose whether or not to validate a Microsoft product category for updating.

image.png

This system prevents your update module from being cluttered with products you do not wish to manage.

image.png

Simply check the boxes for the desired products and click the "Apply" button at the bottom of the page.

Chapter 11: Backup

Chapter 11: Backup

Enable backup

A good backup policy is the key to a resilient infrastructure. Whether due to hardware failure, human error, or an attack, a properly configured backup solution ensures you can quickly restore data and maintain business continuity without interruption.

Backups can be enabled on a per-user basis or via shared profiles. This allows you to precisely define what needs to be protected.

image.png

Access:

Main Menu > Profiles

Steps:

Once the backup is active, it runs automatically according to the defined schedule, without interrupting the user.

Chapter 11: Backup

Track backups

Real-time backup monitoring allows you to verify that all tasks have been executed correctly.

image.png

Access:

Main Menu > Reports 

Logs Menu → View technical messages and their occurrence times for each backup task.

In case of an error:

Chapter 11: Backup

Overall statistics

You have key metrics to assess the overall status of your backups.

image.png

Access:

Review > Global Statistics

Implementing a backup strategy is not just about preventing data loss—it’s about ensuring business continuity. With the platform, you can:

Chapter 12: History

Chapter 12: History

Access the logs

This chapter presents the various features related to system history via logs. Each section is described step by step to facilitate the viewing, analysis, and use of recorded events.

Objective: View the events recorded by each system component.

image.png

Steps:

  1. Open the administration interface.

  2. Click the Logs tab in the main menu.

  3. A list of modules appears, including:

    • inventory logs

    • backup logs

    • deployment logs

    • quick-action logs

    • download logs

    • kiosk logs

    • packaging logs

    • remote access logs

    • imaging logs

  4. Select the module whose logs you want to view.

  5. The events appear immediately in the table located below the "Log" heading for the selected log.

Chapter 12: History

Search and filter logs

To quickly extract specific events based on defined criteria to improve efficiency during analysis.

image.png

Steps:

  1. Define a search period

    • In the Start Date and End Date fields, specify the desired time range.

      • Example:

        • Start Date: 2025-04-14 00:00:00

        • End Date: 2025-04-14 23:59:59

  2. Select specific criteria (optional)

    • Open the Criteria dropdown menu to refine your search.

    • The available options are as follows:

      • inventory reception: events related to the receipt of machines

      • inventory requested: requested inventory

      • inventory deployment: recording during deployments

      • inventory planned: planned operations

      • inventory quick action: instant actions on equipment

      • inventory user: user activities

      • inventory machine: actions associated with a specific machine

      • inventory master: actions performed by a master account

      • inventory new machine: adding new machines

      • No criteria selected: displays all events without filtering

  3. Apply filters

    • Click the Filter logs button.

    • The table updates to display only the events that match your filters.

  4. Search for a keyword

    • In the Show field, you can choose the number of entries to display.

    • In theSearch field (top right of the table), enter a free-text string.

      • Example: guacamole, error, registered

  5. Adjust the display

    • In the Show X entries section, select how many rows should be visible per page.

      • Example: 20 for smooth reading.

Example of a combined filter:

To display all new machines registered between April 13 and April 14, 2025:

Chapter 12: History

Understanding the logs

To interpret the information contained in each line of the log.

Each entry in the table contains the following columns:

Example:

Date: 2025-04-15 08:38:29 User: master@pulse Who: rspulse@pulse/mainrelay Text: Machine registered

Tip: Group similar logs together to identify trends or sequences of operations (e.g., successive registrations, multiple deployments, etc.).

Chapter 12: History

Export logs

To save logs for external analysis, archiving, or sharing.

image.png

Steps:

  1. Apply your filters (by date, user, etc.) to isolate the desired logs.

  2. Click the Export button (or Export logs, depending on the interface).

  3. Choose the output format:

    • CSV: for processing in Excel or Google Sheets

    • PDF: for archiving or quick sharing

  4. The file is generated and downloaded automatically.

  5. Save it or transfer it as needed (report, audit, support, etc.).

The system history is a key tool for:

Regular and thorough use of logs helps to sustainably enhance the security and reliability of your infrastructure.

Chapter 13: Admin

Chapter 13: Admin

List of XMPP relays

XMPP relays are communication points between the various machines on your network.

image.png

Why this is useful:

This allows you to see all active connections and understand how machines communicate with each other.

Steps:

  1. In the menu, click “List of Relays”.

  2. A page opens with a list of relays.

  3. For each relay, you’ll see several pieces of information, such as:

    • The name (called JID)

    • The cluster it belongs to

    • The cluster description

    • The number of managed machines:

      • Total number of machines
      • Number of machines not inventoried online
    • Its classes 
    • Its MAC address, also known as the physical address 

    • The relay'sIP address

  4. You also have access to a number of quick actions. 
Tip:

You can search for a relay by typing a keyword into the search bar at the top of the list.

Chapter 13: Admin

Cluster List

Acluster is a group of relays that are grouped together to organize the network in a more logical way.

image.png

Why this is useful:

It helps you better manage your network, especially if you have different environments (e.g., test, production, etc.).

Steps:

  1. Go to the “Clusters List” section .

  2. You will see a list with:

    • The cluster name

    • Its description

    • The type (private or public)

    • The relays associated with it

Example:

A cluster named “Public-...” can contain all shared public relays.

By clicking the pencil icon in Actions, you can edit the cluster by following these steps: 

  1. Choose a cluster name
  2. Choose a description
  3. Select the relays outside the cluster to add to the cluster and vice versa
  4. Confirm 

image.png

Chapter 13: Admin

Create a cluster

Creating acluster allows you to better organize your relays according to your needs (for example, separating testing from production). This is exactly the same form as the edit form. 

image.png

Steps:

  1. Click “New Cluster” in the menu.

  2. Click the “Add a new cluster” button .

  3. Fill in the fields:

    • Clustername (e.g., "TestCluster")

    • Description (e.g., "Cluster for test relays")

  4. Select the relays you want to associate with it (a list will appear).

  5. Click “Confirm” to save.

Chapter 13: Admin

Manage rules

Rules allow you to automate certain network actions or behaviors.

image.png

Why this is useful:

For example, this can trigger an automatic check or apply specific settings based on defined conditions.

Steps:

  1. Click “Rules” in the menu.

  2. On the page, you can:

    • Change the priority order of existing rules by clicking the down arrow to lower it or the up arrow to raise it. image.pngimage.png

    • Add a new rule as neededimage.png

    • View the details of a rule 

    image.png

When you click the plus icon to add a new rule, the following form appears: 

image.png

Fill in the fields one by one: 

  1. Select the rule
  2. Select your relay
  3. Describe the subject
  4. Enter the regex to check 
  5. Validate 

Even if you’re not technically inclined, you can ask an administrator which rules are recommended for your environment.

Chapter 13: Admin

Quick Actions

image.png

Each XMPP relay has a setof quick actions that allow you to interact directly with the machines it manages. These actions are accessible from the list of relays and are designed to simplify common administration, diagnostic, or configuration tasks without requiring advanced technical knowledge.

Here is a detailed overview of each action, its purpose, and the procedure for using it.

1. View the list of installed packages

Purpose
View the software installed on the machines attached to a relay.

Procedure

image.png

  1. Click the "List of packages" button to the right of the relevant relay.

  2. A window opens displaying the installed software, along with their names and versions.

When to use

2. Reconfigure the machines connected to the relay

Objective
Automatically reapply the active configuration to machines connected to the relay.

Procedure

image.png

  1. Click "Reconfigure".

  2. Confirm the action if prompted.

  3. The machines will receive the current configuration again.

When to use

3. Change the relay on one or more machines (Switch function)

Objective
Move one or more machines from one relay to another.

Procedure

image.png

  1. Click "Switch" to the right of the original relay.

  2. Select the machines to move.

  3. Select the destination relay.

  4. Confirm to apply the change.

When to use it

4. Modify the configuration files

Objective
Manually modify the configuration files of a relay or its machines.

Procedure

image.png

  1. Click "Edit configuration files" (first gear icon)

  2. An editing interface opens.

  3. Make the necessary changes.

  4. Save the changes.

When to use it

Note: This operation directly affects the system. Use with caution.

5. View current or past quality assurance (QA) checks

Objective
View compliance, security, or quality tests performed on the machines.

Procedure

image.png

  1. Click "QA Launched".

  2. A window displays the list of tests run and their status (passed or failed).

When to use

6. Access system actions (advanced diagnostics)

Objective
To use diagnostic or remote intervention tools on a machine.

Procedure

image.png

  1. Click "Actions" next to the relay.

  2. Select one of the available options:

    • Reboot: Restart the machine.

    • Process: View running processes.

    • Disk usage: View the disk space used.

    • Agent version: View the version of the installed software agent.

    • Netstat: displays active network connections.

    • Console: opens a command-line interface.

When to use it

7. Banning a machine

Objective
Temporarily block a machine’s access to the system.

Procedure

image.png

  1. Click "Ban" next to the relay.

  2. Confirm the ban.

  3. The machine is isolated from the rest of the network.

When to use

8. Unbanning a machine

Objective
To lift the block applied to a previously banned machine.

Procedure

image.png

  1. Click "Unban".

  2. The machine regains its normal communication privileges.

When to use

9. Remote Access

Objective
To control a machine remotely as if you were physically in front of it.

Procedure

image.png

  1. Click "Remote Control".

  2. A remote session opens, allowing you to interact with the machine’s graphical interface.

When to use it

10. Manage relay rules

Objective
View, modify, or add operating rules specific to a relay.

Procedure

image.png

  1. Click on "Relay Rules" (last gear icon)

  2. From the interface:

    • View existing rules.

    • Edit or delete obsolete rules.

    • Add new rules as needed.

When to use it

Chapter 14: MDM

Chapter 15: CVE

Chapter 15: CVE

CVE Module (Concept and Principles)

Medulla has introduced a new feature that allows the inventory database to be compared with CVE search APIs based on three CVE database models: NVD (U.S.), CIRCL (Luxembourg), and EUVD (European Union).

This real-time comparison of the inventory database with these three databases enables the detection of all CVE-related anomalies and provides system administrators and security teams with visibility into vulnerabilities on workstations linked to applications that are out of date or need to be updated across the network.

This module allows you to perform the following actions: 

For each CVE reported in the module, we organize a ranking based on the severity priority of the vulnerability:

A banner at the top of the module page provides a summary and an overview of the status of security vulnerabilities across the fleet.

This banner displays: 

image.png

To access this module, click the security button:

image.png



Chapter 15: CVE

CVE operation

When you access the CVE module, it provides an overview of the CVEs across the infrastructure, their severity, and the number of affected machines.

By clicking on the CVE summary banner, you can create groups based on severity. You can also click the trash can button to exclude CVEs, machines, or groups from the CVE lists.

You can view the details of each CVE by using the CVE search APIs to retrieve information about the vulnerability and its impact.

You can sort this by entity, search for a specific CVE, or run a scan.

image.png

On the left-hand menu, you will find the different views: 

Chapter 15: CVE

Results view by machine

Result view by machine: 

image.png

In this view, you will see all machines affected by CVEs:

image.png

By clicking the button to view details, you’ll see the CVEs listed by application. You can drill down further by selecting a specific CVE—for example, Flatpak—if you want to see more information about that vulnerability. Just click the button in the actions menu. 

image.png

In this view, you’ll find the following information: 

Clicking the action button for CVE-2024-42472 will give me a complete view of the CVE taken directly from the CVE database

image.png

Chapter 15: CVE

Results view by entity

Results view by entity:

image.png

This view displays only the entity-based view and includes the following information: 

By clicking the "Details by Entity" button: You will see the details view by machine, showing only the machines in that entity.

image.png

Chapter 15: CVE

Results view by group

Results View by Group

image.png

This view displays only the machine group view and includes the following information:

By clicking the "Details by Group" button, you can view the details by machine, showing only the machines in that group. 

image.png

Chapter 15: CVE

View all CVEs

View all CVEs

image.png

Here you will find all CVEs and the following information:

When you click on "Details," you will see the CVE record that was displayed in the main view: 

image.png

Chapter 15: CVE

CVE settings.

In the settings menu, you will be able to configure 

image.png

 

Display filters: 

You can select display filters based on the following options: 

Software Filters: 

We can apply filters to the software we want to exclude from the list of CVEs. : 

image.png

CVE filters:

We will apply filters to the CVEs we want to exclude from the list: 

image.png

Vendor filters:

We will apply filters to the vendors we want to exclude from the CVE list.

image.png

Machine filters: 

We will set exclusions for the machines we want to exclude. To do this, simply click on the image.pngin the list of machines.

 

image.png

Group filters:

We will set exclusions for groups. To do this, simply click the button in the list of groups image.png.

image.png

 

 

Case Studies

Case Studies

Dynamic group with multiple criteria

To update applications, we can create a dynamic group using a combination of criteria:

For example, I want to create a dynamic group that contains Windows 11 Pro machines, a specific software, and a specific software version.

image.png

We add a section, "Installed Software," to our group: 

image.png

Then another section, "Software Version":

image.png

Next, we’ll save our group and orchestrate it by clicking “Go to Save Step.”

image.png


We’ll specify a Boolean operator in the sub-queries and then click “Save.”

Once my group is created, I can interact with it and initiate a deployment of a new version of Notepad++.

Case Studies

Application convergence (Positive convergence)

From the Medulla interface, you can deploy packages to a group, whether static or dynamic.

In the case of a dynamic group, you can enable application convergence.

What is application convergence? : 

Application convergence is a deployment task that repeats every 24 hours to verify that the package(s) you have defined for convergence are properly deployed; if a new workstation or an existing workstation in the group does not have the package installed, it will deploy that package.

In summary, application convergence allows you to maintain application compliance across your fleet.

How does it work? :

First, once in the Médulla interface, go to the Computers tab. In the left-hand menu, select the group for which you want to enable application convergence.

image.png

Click the Deployment button: image.png

You will then enter the menu that allows you to select the package you want to converge: 

image.png

 Click the Application Convergence button image.png

You will then enter the convergence scheduling menu: 

image.png

You can use the following available options: 

Command name:

Deployment interval:

Queue priority: 

Peer-to-peer deployment: 

Then click "Confirm" and convergence will be activated.

Once enabled, convergence will begin.

You can find information about the execution of your convergences in the Audit tab: 

image.png

Three entries in the left-hand menu allow you to track your convergences:

image.png


My Convergences:

Allows you to view the convergences scheduled by the current user of the session.

Convergences for All Users: 

If you have administrator rights, you can view all convergences that have been scheduled by Medulla users.

My Team's Convergences: 

Allows you to view the appointments scheduled by users who are in the same group as you. 

Case Studies

Application convergence (Negative convergence)

Negative convergence allows you to uninstall packages that have been installed in dynamic groups.

In the case of a dynamic group, you can enable negative convergence

What is negative convergence? : 

Negative convergence is an uninstallation task that repeats every 24 hours to verify that the package(s) you have defined for negative convergence are not deployed; if a new workstation or an existing workstation in the group has the package installed, it will uninstall that package.

In summary, negative convergence allows you to maintain application compliance across your fleet.

How does it work? :

First, once in the Médulla interface, go to the Computers tab. In the left-hand menu, select the group on which you want to enable negative convergence.

image.png

Click the Deployment button: image.png

You will then enter the menu that allows you to select the package you want to apply negative convergence to: 

image.png

 Click the Negative Convergence button image.png

You will then enter the convergence configuration menu: 

image.png

You can use the following available options: 

Command name:

Deployment interval:

Then confirm, and negative convergence will be activated.

Once activated, negative convergence begins.

image.png

Three entries in the left-hand menu allow you to track your convergences:

image.png

My Convergences:

Allows you to view the convergences scheduled by the current user of the session.

All Users' Convergences: 

If you have administrator rights, you can view all the convergences that have been scheduled by Medulla users.

My Team's Convergences: 

Allows you to view the appointments scheduled by users who are in the same group as you. 

Case Studies

Software deployment

Once you have created a package in Medulla (doc: Create a package), you can deploy it to any computer.

Go to the Computer > Deployment view (quick action) image.png OR, on a computer group, Deployment (quick action).

The list of packages available for deployment is displayed, along with a " image.png" button to start deploying the package:

image.png

The deployment will start immediately and be available in the Audit view: Audit

The " image.png" button allows you to customize the deployment launch:

image.png

To launch a positive convergence, go here: Positive Convergence

To launch a negative convergence, go here: Negative convergence

Case Studies

Create a package

In the Packages view, click Add Package in the left-hand menu.

image.png

You may or may not assign an installation (setup) file, and click "Upload pending files" if necessary.

Fill out the various sections.

You can add other packages as dependencies.

image.png

In the example above, I will enter the value for Launcher (Kiosk): "C:\Program Files\Notepad++\Notepad++.exe", if my package is intended for the Kiosk and to be installed in the default location "C:\Program Files\Notepad++\".

An auto-generated script allows you to silently run the installer file added earlier.

image.png

You can associate an inventory with the package using the "Associate Inventory" button, which will make it available in both Kiosk and Convergence.

Fill out the relevant section as follows (auto-completion will appear if other machines in your IT infrastructure have reported this software in their inventory):

image.png

To perform a negative convergence with this package, or to make the package uninstall available via the Kiosk, you must perform the following actions:

image.png

Many actions are possible within a package’s workflow.

Click "Validate".

The package is ready

Kiosk:

To add my application to the kiosk profiles and create a profile, click on this section of the documentation: Chapter 3: Kiosk

Convergence:

To deploy my package via Convergence, here is the Convergence deployment section: Convergence

Case Studies

Mastering via PXE

To master an image, follow the steps below: 

image.png

Type the machine name at the prompt: 

In our example, I used the machine gla-win-2. Press Enter, then answer the question with Y if the name is correct or N if it is incorrect and you need to make changes.

image.png

When the machine reboots, if you followed the steps in Imaging Profiles, simply select the master associated with the profile; or if you are using a standard post-install, you will see the master’s name along with the associated post-install.

Below, after the machine has been registered, you’ll see the menu with an additional line: 

image.png

Click on your master and wait a few minutes; your machine will reboot and come back up in the Medulla console.


image.png

Case Studies

Getting Started with Remote Access

image.pngRemote Access Direct access to machines to perform troubleshooting or maintenance tasks: 

This allows you to take control of the remote machine in three possible ways: 

Windows: 

When you click the button, a pop-up appears allowing you to choose which protocol you want to use: 

image.png

For VNC, by default, an authorization request is sent to the user, and the user must grant you permission.

If you need to temporarily disable the authorization request for a maintenance operation while the user is away from their workstation, you can do so for the duration of the session: 

Click the quick action button, uncheck the " Ask user approval " box, then click the take control button.

image.png

Remote access via CMD: 

CMD.png

Remote access via VNC: 

VNC.png

Remote access via RDP: 

RDP.png

Case Studies

XMPP Console

The Medulla solution is a client/server solution based on the XMPP protocol.

This protocol allows Medulla to provide users with an XMPP console, enabling them to execute non-interactive commands directly on workstations.

This console allows for initial diagnostics or retrieving information about the workstations from the server.

How to do it: 

Click on the console icon: image.png

The following screen appears:

image.png

Type your command and get the result instantly: 

image.png

Case Studies

Agent inventory

To view a machine's inventory, go to the Computer view.

Select the computer whose inventory you wish to view, then in the Actions menu to the right of the row, click the button: image.png

You will then see a tabbed panel displaying the complete inventory of a machine:

image.png

Case Studies

Imaging menus

Applies to: Medulla – Imaging
Version:5.4.3 or later
Environment: On-Premise / Private SaaS with imaging relay.
Category: Usage

This document focuses on the management and generation of imaging menus.

What is an imaging menu?

An imaging menu is a collection of services and masters associated with a machine, which can be used during a machine’s (network) boot sequence.
During a PXE boot, the machine requests its menu from its server. Several scenarios are possible:

The rest of the imaging process depends on the contents of this menu. 

There are different levels of menus:

The imaging server menus:

This menu is fixed. It consists of the following services:
- continue: This service allows you to start the machine normally.
- register: this service allows you to register a machine in the imaging system.

Each imaging server receives a default menu. This menu consists of the following services:
- `continue`: This service allows you to boot the machine normally.
- `backup`: creates a copy of the machine's disk in the imaging system.

This menu can be modified via the MMC interface.

Changes to the default menu do not affect the menus of machines or groups. For machines to benefit from changes to the default menu, it is necessary to perform a "reset" of the entity's menus.

Several services that can be added to the menu are available.

The page defining the services available in a menu is as follows:
MMC > Imaging > Manage Menu Services.

On this page, services are associated with the selected entity. Changing the entity modifies the list of services associated with that entity.

This section does not cover how to convert an image into a master.

Masters present on the imaging server can be associated with the default menu.

The page for associating masters with the default menu is as follows:
MMC > Imaging > Manage Masters.

The various services and masters associated with the default menu can be viewed on the following page:
MMC > Imaging > Default Startup Menu.

On this page, you can change the order of menu items. You can also modify settings specific to the associated items.

Currently, a menu must contain at least one service (or one image). Generally, the `continue` service is required for the menu to function.

The minimum service must have the following options enabled:

- Default enabled so that this service is selected by default
- Visible enabled so that this service is visible in the startup menu
- Default WOL enabled to prevent a traceback, even though I don’t know what this option is for.

A fix is being considered to prevent the removal of the last service from a menu.

A machine's menu is accessible from the following page:
MMC > Machines > action:Imaging Management.

This page is organized into three tabs:
- Startup Menu: This tab allows you to view and edit the menu.
- Menu Services: This tab allows you to associate services with the machine menu.
- Images and Masters: This tab allows you to associate masters with the machine menu.

A machine menu should not be empty. If it is, there are several possibilities:
- The machine copied an empty default menu (unlikely, since copying in this situation usually generates a traceback).
- An administrator has deleted all items from the machine's menu.

Basically, a group menu is similar to a machine menu. However, it is associated with an imaging group, not a specific machine.

To access it, go to the following page:
MMC > Imaging > All Imaging Groups > action:Imaging Management.

A group menu takes precedence over a machine menu. When you view a machine’s menu page, you may **not see** the header line indicating that the machine is part of a group.

In this case, the machine displays its own custom menu, not the group’s menu. This can cause confusion for the administrator.