Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Managing outside the firewall and learn what is new in ITMS 7.5
Joseph Carson Sr. Manager Product Management
Vlad Zelenjak
Sr. Manager Development
SYMANTEC VISION 2012
Welcome to Barcelona or Welcome Back!
EM B16 2
SYMANTEC VISION 2012
Tallinn, Estonia
EM B16 3
SYMANTEC VISION 2012
1-1 Sessions with Product Owners
EM B16 4
SYMANTEC VISION 2012
Agenda
EM B16 5
Why Cloud-enabled Management? 1
Scenarios 2
SMP Internet Gateway 3
Supported Functionality 4
Installation 5
SYMANTEC VISION 2012 6
This information is about pre-release software.
Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change.
This information is provided without warranty of any kind, express or implied.
Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.
Important Usage Information
EM B16
SYMANTEC VISION 2012
Why CEM?
• IT admins want:
– 100% visibility for the systems in the environment and what is installed on all of them
– 100% Patch compliance
– Consistent software delivery rollouts (up-to-date software/AV)
• Reality?
– Not knowing how many systems are actually there
– Unsure about the software usage within the company
– Low Patch compliance
– Software version inconsistency across the environment
EM B16 7
SYMANTEC VISION 2012 8
Mobile Devices
Cloud Services
Mobile Workforce
By 2015, over
37% of the global workforce will work outside the corporate
firewall
Laptops are consistently outselling
desktops since 2008
54% of businesses use SaaS
Why is it getting harder for IT Admins?
EM B16
CEM helps increase manageability (“Managed endpoint is a secure endpoint”)
SYMANTEC VISION 2012
Covered Scenarios
• Enterprises
– Travelling employees
– Employees working from home
– Mainly laptops
• Highly distributed companies
– Telecommuting employees/Home office
• Managed Service Providers (MSP)
– No VPN link from customer to the service provider
EM B16 9
SYMANTEC VISION 2012
Actively manage remote and disconnected users
Introducing Cloud-Enabled Management
Securely manage users anywhere on the internet
Eliminates the need for VPN
Agents automatically detect location
Secure trusted communications
Internet Gateway can support multiple servers
EM B16 10
1 Worldwide Mobile Worker Population 2011–2015 Forecast, IDC Research, December 2011
“By 2015, over 37% of the global workforce will be mobile.1”
Wall Street Journal
SYMANTEC VISION 2012
My Office – Patched, Managed and Secured by Symantec using CEM
EM B16 11
SYMANTEC VISION 2012
Cloud-enabled Agent
EM B16 12
Internal External DMZ
Agent Internet Gateway
Internal Firewall
External Firewall
Gateway blocks un-trusted connections
Secure connection No VPN required
Symantec Management
Platform
Internet
SYMANTEC VISION 2012
Managing Through the Cloud
EM B16 13
Customer Site B
Internet
SMP Internet Gateway
Symantec Management
Platform
CEM SSL Tunnel
HTTPS
Remote Package Server
Customer Site A
CEM SSL Tunnel
Remote Package Server
SYMANTEC VISION 2012
SMP Internet Gateway
• Placed in the Demilitarized Zone (DMZ)
• Faces the Internet
• Protects the SMP Server and Site Servers
– That are located on the internal network
• Blocks untrusted clients
• Routes trusted clients to the management servers
• Single Gateway can serve multiple SMP and Site Servers
EM B16 14
SYMANTEC VISION 2012
SMP Internet Gateway - scalability
• Internet Gateway can handle up to 3,000 concurrent connections:
– Translates into up to 60,000 CEM-enabled nodes
• Hardware requirements:
– Preferably physical box, 8GB RAM, 40GB HDD and dual-core CPU
– VM-based IG offers lower scalability, but still sufficient for a fully-loaded NS
EM B16 15
SYMANTEC VISION 2012
SMP Internet Gateway architecture - examples
EM B16 16
SYMANTEC VISION 2012
Operating Systems Support
• Managed endpoints
– Windows
– No UNIX/Linux support now (Mac support upcoming)
• SMP Internet Gateway
– Windows Server 2008 R2 SP1 (64-bit)
• .NET Framework 3.5 SP1
• Two NICs
EM B16 17
SYMANTEC VISION 2012
Connectivity – Load Balancing
EM B16 19
• Agents can switch between gateways
• Automatic load-balancing using round-robin algorithm
• All gateways are treated equally
• Automatic failover
• Inaccessible gateways are marked as bad and skipped for a registry configurable timeout
• At least two gateways are recommended for fault-tolerance
SYMANTEC VISION 2012
ITMS – What is Supported?
• Managed Software Delivery
• Quick Delivery (non real-time)
• Hardware Inventory
• Software Inventory
• Server Inventory
• App Metering
• Patch Inventory
• Patch Management Policies
• Basic Client Tasks
EM B16 21
SYMANTEC VISION 2012
CEM Configuration
1. Download and install SMP Internet Gateway (IG)
2. Generate IG security certificate + point IG to the SMP Server(s)
3. Configure IG on SMP Server(s) + enable clients to work over CEM
4. Optional: create and distribute offline Agent package
• Pre-requisite – SMP Server and clients are communicating over HTTPS
EM B16 23
SYMANTEC VISION 2012 24
Positive response from beta customers
“Solid, easy-to-implement”
“Very impressed!”
“This technology is a god-send, we really needed it”
“Download is VERY fast”
“Exciting evolution”
“Console UI is lightning-fast”
EM B16
SYMANTEC VISION 2012
Improving the administrative experience
7.5
What's New in 7.5 25
SYMANTEC VISION 2012
Free yourself from the office
Introducing New iOS Remote Access Console
• Consistent experience from the iPad to the Console
• Immediate access to summary and drill-down reports
• Quickly verify status of policies and tasks
• Remediate issues, including remote control
What's New in 7.5 26
SYMANTEC VISION 2012
We’re better when we work together
27
Be where your peers are! Free access to product extentions, articles, videos, experts, more... Connect how
www.symantec.com/connect
Signup for SEV Beta 2
https://symbeta.symantec.com/login.html
Download ITMS 7.5 Release Preview:
– Speak to your account rep for information or email Joseph Carson
SYMANTEC VISION 2012 Symantec Connect
Symantec | Connect – Business Community
Forums | Blogs | Articles | Videos | Events | Downloads | Ideas
1.1 million monthly visitors
4,000 new items each week
Get answers to technical questions
Contribute technical content
Earn rewards
symantec.com/connect
SYMANTEC VISION 2012
Other Important Sessions
What is New 29
• Wed 9:00 – EM B03 Endpoint Management State of the Union
• Thur 10:30 – Customer Session – ITMS and Endpoint - CSR
• Thur 11:45 – Customer Session – Northgate Managed Service
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
SYMANTEC VISION 2012
Agent communication in CEM mode
EM B16 31
https://Gateway:333
Agent certificate for IG
IG certificate
• Internet Gateway is listening on port 333
• NS Agent web site is configured on port 4725
• CEM Port is 4726
https://NS:4726
https://NS:4725 IG changes port to CEM port Agent certificate for NS