Date post: | 08-Feb-2016 |
Category: |
Documents |
Upload: | shahid-wahab-nawab |
View: | 14 times |
Download: | 2 times |
1
Cloud-‐enabled Management
Agenda
Managing in the Cloud 2
Why Cloud-‐enabled Management? 1
Scenarios 2
SMP Internet Gateway 3
Supported Func?onality 4
Installa?on 5
Disclaimer!
This informa?on is about pre-‐release soBware. Any unreleased update to the product or other planned modifica?on is subject to ongoing evalua?on by Symantec and therefore subject to change.
This informa?on is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.
3
3 Managing in the Cloud
Why CEM?
• IT admins want: – 100% visibility for the systems in the environment and what is installed on all of them
– 100% Patch compliance – Consistent soBware delivery rollouts (up-‐to-‐date soBware/AV)
• Reality? – Not knowing how many systems are actually there – Unsure about the soBware usage within the company
– Low Patch compliance
– SoBware version inconsistency across the environment
Managing in the Cloud 4
5
Mobile Devices
Cloud Services
Mobile Workforce
By 2015, over
37% of the global workforce will work outside the corporate
firewall
Laptops are consistently outselling
desktops since 2008
54% of businesses use SaaS
Why is it geIng harder for IT Admins?
Managing in the Cloud
CEM helps increase manageability (“Managed endpoint is a secure endpoint”)
Covered Scenarios
• Enterprises – Travelling employees
– Employees working from home
– Mainly laptops
• Highly distributed companies – Telecommu?ng employees/Home office
• Managed Service Providers (MSP) – No VPN link from customer to the service provider
Managing in the Cloud 6
Cloud-‐enabled Management (CEM)
• Allows managing endpoints over Internet • Does not require a VPN connec?on to the SMP Server
• Does not require exposing management servers to the Internet
• Provides enhanced security for communica?ons
• Built-‐in into the Agent
Managing in the Cloud 7
Cloud-‐enabled Agent
Managing in the Cloud 8
Internal External DMZ
Agent Internet Gateway
Internal Firewall
External Firewall
Gateway blocks un-trusted connections
Secure connection No VPN required
Symantec Management
Platform
Internet
Managing Through the Cloud
Managing in the Cloud 9
Customer Site B
Internet
SMP Internet Gateway
Symantec Management
Platform
CEM SSL Tunnel
HTTPS
Remote Package Server
Customer Site A
CEM SSL Tunnel
Remote Package Server
SMP Internet Gateway
• Placed in the Demilitarized Zone (DMZ) • Faces the Internet • Protects the SMP Server and Site Servers
– That are located on the internal network • Blocks untrusted clients • Routes trusted clients to the management servers
• Single Gateway can serve mul?ple SMP and Site Servers
Managing in the Cloud 10
SMP Internet Gateway -‐ scalability
• Internet Gateway can handle up to 3,000 concurrent connec?ons: – Translates into up to 60,000 CEM-‐enabled nodes
• Hardware requirements: – Preferably physical box, 8GB RAM, 40GB HDD and dual-‐core CPU – VM-‐based IG offers lower scalability, but s?ll sufficient for a fully-‐loaded NS
Managing in the Cloud 11
SMP Internet Gateway architecture -‐ examples
Managing in the Cloud 12
OperaYng Systems Support
• Managed endpoints – Windows – No UNIX/Linux support now (Mac support upcoming)
• SMP Internet Gateway – Windows Server 2008 R2 SP1 (64-‐bit) • .NET Framework 3.5 SP1 • Two NICs
Managing in the Cloud 13
Agent communicaYon in CEM mode
Managing in the Cloud 14
hhps://Gateway:443
Agent cer?ficate for IG IG cer?ficate
• Internet Gateway is listening on port 443 • NS Agent site is configured on port 4726
hhps://NS:4726
hhps://NS:443 IG redirects requests to Agent Site port 4726 Agent cer?ficate for NS
ConnecYvity – AutomaYc ConnecYvity Switching
• Endpoint is on the internal network – Communicate to the SMP Server directly
• Endpoint is on the Internet (no VPN) – Communicate to the SMP Server via Internet Gateway
• Endpoint is on the VPN – Communicate to the SMP Server directly
Managing in the Cloud 15
ConnecYvity – Load Balancing
Managing in the Cloud 16
• Agents can switch between gateways • Automa?c load-‐balancing using round-‐robin algorithm
• All gateways are treated equally • Automa?c failover • Inaccessible gateways are marked as bad and skipped for a registry configurable ?meout
• At least two gateways are recommended for fault-‐tolerance
CEM Security hardening
• Unnecessary Agent communica?on is disabled in CEM mode – Power management ?ckle is disabled
– Mul?cast is disabled
– CTA ?ckle is disabled • Secure Apache HTTP Server configura?on
– Cer?ficate usage is enforced – Only manually added hosts and ports are allowed into internal network
• Server Agent Trust – CEM Agent web site – Provides access to only agent web pages – Requires SSL and cer?ficates – CMDB resource updates are restricted for events coming to CEM web site
17 Managing in the Cloud
ITMS – What is Supported?
• Managed SoBware Delivery • Quick Delivery (non real-‐?me)
• Hardware Inventory • SoBware Inventory • Server Inventory • App Metering
• Patch Inventory • Patch Management Policies
• Basic Client Tasks
Managing in the Cloud 18
ITMS – Limited or No Support
• Ini?ally no support: – Monitor Solu?on – Deployment Solu?on
• Limita?ons: – SoBware Portal – Remote and Agentless Management (OOB/RTSM)
– Real-‐?me tasks and jobs execu?on
Managing in the Cloud 19
CEM ConfiguraYon
1. Download and install SMP Internet Gateway (IG) 2. Generate IG security cer?ficate + point IG to the SMP
Server(s)
3. Configure IG on SMP Server(s) + enable clients to work over CEM
4. Op?onal: create and distribute offline Agent package
• Pre-‐requisite – SMP Server and clients are communica?ng over HTTPS
Managing in the Cloud 20
Thank you!
Copyright © 2010 Symantec CorporaYon. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corpora?on or its affiliates in the U.S. and other countries. Other names may be trademarks of their respec?ve owners. This document is provided for informa?onal purposes only and is not intended as adver?sing. All warran?es rela?ng to the informa?on in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The informa?on in this document is subject to change without no?ce.
Thank you!
Cloud-‐enabled Management 21