Cloud Enabled Management
-
Upload
shahid-wahab-nawab -
Category
Documents
-
view
13 -
download
2
description
Transcript of Cloud Enabled Management
![Page 1: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/1.jpg)
1
Cloud-‐enabled Management
![Page 2: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/2.jpg)
Agenda
Managing in the Cloud 2
Why Cloud-‐enabled Management? 1
Scenarios 2
SMP Internet Gateway 3
Supported Func?onality 4
Installa?on 5
![Page 3: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/3.jpg)
Disclaimer!
This informa?on is about pre-‐release soBware. Any unreleased update to the product or other planned modifica?on is subject to ongoing evalua?on by Symantec and therefore subject to change.
This informa?on is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.
3
3 Managing in the Cloud
![Page 4: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/4.jpg)
Why CEM?
• IT admins want: – 100% visibility for the systems in the environment and what is installed on all of them
– 100% Patch compliance – Consistent soBware delivery rollouts (up-‐to-‐date soBware/AV)
• Reality? – Not knowing how many systems are actually there – Unsure about the soBware usage within the company
– Low Patch compliance
– SoBware version inconsistency across the environment
Managing in the Cloud 4
![Page 5: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/5.jpg)
5
Mobile Devices
Cloud Services
Mobile Workforce
By 2015, over
37% of the global workforce will work outside the corporate
firewall
Laptops are consistently outselling
desktops since 2008
54% of businesses use SaaS
Why is it geIng harder for IT Admins?
Managing in the Cloud
CEM helps increase manageability (“Managed endpoint is a secure endpoint”)
![Page 6: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/6.jpg)
Covered Scenarios
• Enterprises – Travelling employees
– Employees working from home
– Mainly laptops
• Highly distributed companies – Telecommu?ng employees/Home office
• Managed Service Providers (MSP) – No VPN link from customer to the service provider
Managing in the Cloud 6
![Page 7: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/7.jpg)
Cloud-‐enabled Management (CEM)
• Allows managing endpoints over Internet • Does not require a VPN connec?on to the SMP Server
• Does not require exposing management servers to the Internet
• Provides enhanced security for communica?ons
• Built-‐in into the Agent
Managing in the Cloud 7
![Page 8: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/8.jpg)
Cloud-‐enabled Agent
Managing in the Cloud 8
Internal External DMZ
Agent Internet Gateway
Internal Firewall
External Firewall
Gateway blocks un-trusted connections
Secure connection No VPN required
Symantec Management
Platform
Internet
![Page 9: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/9.jpg)
Managing Through the Cloud
Managing in the Cloud 9
Customer Site B
Internet
SMP Internet Gateway
Symantec Management
Platform
CEM SSL Tunnel
HTTPS
Remote Package Server
Customer Site A
CEM SSL Tunnel
Remote Package Server
![Page 10: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/10.jpg)
SMP Internet Gateway
• Placed in the Demilitarized Zone (DMZ) • Faces the Internet • Protects the SMP Server and Site Servers
– That are located on the internal network • Blocks untrusted clients • Routes trusted clients to the management servers
• Single Gateway can serve mul?ple SMP and Site Servers
Managing in the Cloud 10
![Page 11: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/11.jpg)
SMP Internet Gateway -‐ scalability
• Internet Gateway can handle up to 3,000 concurrent connec?ons: – Translates into up to 60,000 CEM-‐enabled nodes
• Hardware requirements: – Preferably physical box, 8GB RAM, 40GB HDD and dual-‐core CPU – VM-‐based IG offers lower scalability, but s?ll sufficient for a fully-‐loaded NS
Managing in the Cloud 11
![Page 12: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/12.jpg)
SMP Internet Gateway architecture -‐ examples
Managing in the Cloud 12
![Page 13: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/13.jpg)
OperaYng Systems Support
• Managed endpoints – Windows – No UNIX/Linux support now (Mac support upcoming)
• SMP Internet Gateway – Windows Server 2008 R2 SP1 (64-‐bit) • .NET Framework 3.5 SP1 • Two NICs
Managing in the Cloud 13
![Page 14: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/14.jpg)
Agent communicaYon in CEM mode
Managing in the Cloud 14
hhps://Gateway:443
Agent cer?ficate for IG IG cer?ficate
• Internet Gateway is listening on port 443 • NS Agent site is configured on port 4726
hhps://NS:4726
hhps://NS:443 IG redirects requests to Agent Site port 4726 Agent cer?ficate for NS
![Page 15: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/15.jpg)
ConnecYvity – AutomaYc ConnecYvity Switching
• Endpoint is on the internal network – Communicate to the SMP Server directly
• Endpoint is on the Internet (no VPN) – Communicate to the SMP Server via Internet Gateway
• Endpoint is on the VPN – Communicate to the SMP Server directly
Managing in the Cloud 15
![Page 16: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/16.jpg)
ConnecYvity – Load Balancing
Managing in the Cloud 16
• Agents can switch between gateways • Automa?c load-‐balancing using round-‐robin algorithm
• All gateways are treated equally • Automa?c failover • Inaccessible gateways are marked as bad and skipped for a registry configurable ?meout
• At least two gateways are recommended for fault-‐tolerance
![Page 17: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/17.jpg)
CEM Security hardening
• Unnecessary Agent communica?on is disabled in CEM mode – Power management ?ckle is disabled
– Mul?cast is disabled
– CTA ?ckle is disabled • Secure Apache HTTP Server configura?on
– Cer?ficate usage is enforced – Only manually added hosts and ports are allowed into internal network
• Server Agent Trust – CEM Agent web site – Provides access to only agent web pages – Requires SSL and cer?ficates – CMDB resource updates are restricted for events coming to CEM web site
17 Managing in the Cloud
![Page 18: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/18.jpg)
ITMS – What is Supported?
• Managed SoBware Delivery • Quick Delivery (non real-‐?me)
• Hardware Inventory • SoBware Inventory • Server Inventory • App Metering
• Patch Inventory • Patch Management Policies
• Basic Client Tasks
Managing in the Cloud 18
![Page 19: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/19.jpg)
ITMS – Limited or No Support
• Ini?ally no support: – Monitor Solu?on – Deployment Solu?on
• Limita?ons: – SoBware Portal – Remote and Agentless Management (OOB/RTSM)
– Real-‐?me tasks and jobs execu?on
Managing in the Cloud 19
![Page 20: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/20.jpg)
CEM ConfiguraYon
1. Download and install SMP Internet Gateway (IG) 2. Generate IG security cer?ficate + point IG to the SMP
Server(s)
3. Configure IG on SMP Server(s) + enable clients to work over CEM
4. Op?onal: create and distribute offline Agent package
• Pre-‐requisite – SMP Server and clients are communica?ng over HTTPS
Managing in the Cloud 20
![Page 21: Cloud Enabled Management](https://reader034.fdocuments.in/reader034/viewer/2022051419/55cf9aba550346d033a317dd/html5/thumbnails/21.jpg)
Thank you!
Copyright © 2010 Symantec CorporaYon. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corpora?on or its affiliates in the U.S. and other countries. Other names may be trademarks of their respec?ve owners. This document is provided for informa?onal purposes only and is not intended as adver?sing. All warran?es rela?ng to the informa?on in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The informa?on in this document is subject to change without no?ce.
Thank you!
Cloud-‐enabled Management 21