You are on page 1of 21


C|oud-enab|ed Management
Managlng ln Lhe Cloud 2
Why Cloud-enabled ManagemenL? 1
Scenarlos 2
SMÞ lnLerneL CaLeway 3
SupporLed luncuonallLy 4
lnsLallauon S
1hls lnformauon ls abouL pre-release soûware. Any unreleased updaLe Lo Lhe
producL or oLher planned modlñcauon ls sub[ecL Lo ongolng evaluauon by
SymanLec and Lherefore sub[ecL Lo change.
1hls lnformauon ls provlded wlLhouL warranLy of any klnd, express or lmplled.
CusLomers who purchase SymanLec producLs should make Lhelr purchase
declslon based upon feaLures LhaL are currenLly avallable.
3 Managlng ln Lhe Cloud
Why CLM?
- l1 admlns wanL:
– 100° vlslblllLy for Lhe sysLems ln Lhe envlronmenL and whaL ls lnsLalled on
all of Lhem
– 100° ÞaLch compllance
– ConslsLenL soûware dellvery rollouLs (up-Lo-daLe soûware/Av)
- 8eallLy?
– noL knowlng how many sysLems are acLually Lhere
– unsure abouL Lhe soûware usage wlLhln Lhe company
– Low ÞaLch compllance
– Soûware verslon lnconslsLency across Lhe envlronmenL
Managlng ln Lhe Cloud 4
8y 2013, over
of Lhe global workforce wlll
work ouLslde Lhe corporaLe
are conslsLenLly ouLselllng
deskLops slnce 2008
of buslnesses use SaaS
Why |s |t gemng harder for I1 Adm|ns?
Managlng ln Lhe Cloud
CLM he|ps |ncrease manageab|||ty ("Managed endpo|nt |s a secure endpo|nt")

Covered Scenar|os
- LnLerprlses
– 1ravelllng employees
– Lmployees worklng from home
– Malnly lapLops
- Plghly dlsLrlbuLed companles
– 1elecommuung employees/Pome omce
- Managed Servlce Þrovlders (MSÞ)
– no vÞn llnk from cusLomer Lo Lhe servlce provlder
Managlng ln Lhe Cloud 6
C|oud-enab|ed Management (CLM)
- Allows managlng endpolnLs over lnLerneL
- uoes noL requlre a vÞn connecuon Lo Lhe SMÞ Server
- uoes noL requlre exposlng managemenL servers Lo Lhe lnLerneL
- Þrovldes enhanced securlLy for communlcauons
- 8ullL-ln lnLo Lhe AgenL
Managlng ln Lhe Cloud 7
C|oud-enab|ed Agent
Managlng ln Lhe Cloud 8
Internal External DMZ
Agent Internet



Gateway blocks un-
trusted connections
Secure connection
No VPN required

Manag|ng 1hrough the C|oud
Managlng ln Lhe Cloud 9
Customer Site B
SMP Internet Gateway

CEM SSL Tunnel


Remote Package

Customer Site A
CEM SSL Tunnel

Remote Package

SMÞ Internet Gateway
- Þlaced ln Lhe uemlllLarlzed Zone (uMZ)
- laces Lhe lnLerneL
- ÞroLecLs Lhe SMÞ Server and SlLe Servers
– 1haL are locaLed on Lhe lnLernal neLwork
- 8locks unLrusLed cllenLs
- 8ouLes LrusLed cllenLs Lo Lhe managemenL servers
- Slngle CaLeway can serve muluple SMÞ and SlLe Servers
Managlng ln Lhe Cloud 10
SMÞ Internet Gateway - sca|ab|||ty
- lnLerneL CaLeway can handle up Lo 3,000 concurrenL
– 1ranslaLes lnLo up Lo 60,000 CLM-enabled nodes
- Pardware requlremenLs:
– Þreferably physlcal box, 8C8 8AM, 40C8 Puu and dual-core CÞu
– vM-based lC oñers lower scalablllLy, buL sull sumclenL for a fully-loaded
Managlng ln Lhe Cloud 11
SMÞ Internet Gateway arch|tecture - examp|es
Managlng ln Lhe Cloud 12
Cperanng Systems Support
- Managed endpolnLs
– Wlndows
– no unlx/Llnux supporL now (Mac
supporL upcomlng)

- SMÞ lnLerneL CaLeway
– Wlndows Server 2008 82 SÞ1 (64-blL)
- .nL1 lramework 3.3 SÞ1
- 1wo nlCs
Managlng ln Lhe Cloud 13
Agent commun|canon |n CLM mode
Managlng ln Lhe Cloud 14
AgenL ceruñcaLe for lC
lC ceruñcaLe
- lnLerneL CaLeway ls llsLenlng on porL 443
- nS AgenL slLe ls conñgured on porL 4726
hups://nS:443 lC redlrecLs requesLs Lo AgenL SlLe porL 4726
AgenL ceruñcaLe for nS
Connecnv|ty - Automanc Connecnv|ty Sw|tch|ng
- LndpolnL ls on Lhe lnLernal neLwork
– CommunlcaLe Lo Lhe SMÞ Server dlrecLly
- LndpolnL ls on Lhe lnLerneL (no vÞn)
– CommunlcaLe Lo Lhe SMÞ Server vla lnLerneL CaLeway
- LndpolnL ls on Lhe vÞn
– CommunlcaLe Lo Lhe SMÞ Server dlrecLly
Managlng ln Lhe Cloud 1S
Connecnv|ty - Load 8a|anc|ng
Managlng ln Lhe Cloud 16
- AgenLs can swlLch beLween gaLeways
- AuLomauc load-balanclng uslng round-
robln algorlLhm
- All gaLeways are LreaLed equally
- AuLomauc fallover
- lnaccesslble gaLeways are marked as
bad and sklpped for a reglsLry
conñgurable umeouL
- AL leasL Lwo gaLeways are
recommended for faulL-Lolerance
CLM Secur|ty harden|ng
- unnecessary AgenL communlcauon ls dlsabled ln CLM mode
– Þower managemenL uckle ls dlsabled
– MulucasL ls dlsabled
– C1A uckle ls dlsabled
- Secure Apache P11Þ Server conñgurauon
– CeruñcaLe usage ls enforced
– Cnly manually added hosLs and porLs are allowed lnLo lnLernal neLwork
- Server AgenL 1rusL - CLM AgenL web slLe
– Þrovldes access Lo only agenL web pages
– 8equlres SSL and ceruñcaLes
– CMu8 resource updaLes are resLrlcLed for evenLs comlng Lo CLM web slLe
17 Managlng ln Lhe Cloud
I1MS - What |s Supported?
- Managed Soûware uellvery
- Culck uellvery (non real-ume)
- Pardware lnvenLory
- Soûware lnvenLory
- Server lnvenLory
- App MeLerlng
- ÞaLch lnvenLory
- ÞaLch ManagemenL Þollcles
- 8aslc CllenL 1asks
Managlng ln Lhe Cloud 18
I1MS - L|m|ted or No Support
- lnlually no supporL:
– MonlLor Soluuon
– ueploymenL Soluuon
- LlmlLauons:
– Soûware ÞorLal
– 8emoLe and AgenLless
ManagemenL (CC8/81SM)
– 8eal-ume Lasks and [obs execuuon
Managlng ln Lhe Cloud 19
CLM Conhguranon
1. uownload and lnsLall SMÞ lnLerneL CaLeway (lC)
2. CeneraLe lC securlLy ceruñcaLe + polnL lC Lo Lhe SMÞ
3. Conñgure lC on SMÞ Server(s) + enable cllenLs Lo work over
4. Cpuonal: creaLe and dlsLrlbuLe oMlne AgenL package
- Þre-requlslLe - SMÞ Server and cllenLs are communlcaung over
Managlng ln Lhe Cloud 20
1hank you!
Copyr|ght © 2010 Symantec Corporanon. A|| r|ghts reserved. SymanLec and Lhe SymanLec Logo are Lrademarks or reglsLered Lrademarks of SymanLec Corporauon or lLs amllaLes ln
Lhe u.S. and oLher counLrles. CLher names may be Lrademarks of Lhelr respecuve owners.

1hls documenL ls provlded for lnformauonal purposes only and ls noL lnLended as adveruslng. All warranues relaung Lo Lhe lnformauon ln Lhls documenL, elLher express or lmplled,
are dlsclalmed Lo Lhe maxlmum exLenL allowed by law. 1he lnformauon ln Lhls documenL ls sub[ecL Lo change wlLhouL nouce.
1hank you!
Cloud-enabled ManagemenL 21