Consider scenarios where you have to manage
- systems that are spread across different geographical
locations or offices over the internet (applicable primarily
to Service Providers)
- laptops that are often disconnected from the network (mobile
users on the move)
- systems situated behind a NAT/PAT firewall or router (systems
in different branches of an enterprise)
Security Manager Plus is powered with an agent that can
be used to manage such systems, where maintaining a dedicated
network tunnel is not feasible; therefore allowing the communication
over the internet. The only prerequisite is that the Security Manager Plus
Agents should be able to contact the Security Manager Plus Server over
the web (using HTTP).
Enterprise Setup
Here is an example to illustrate how a Service Provider can
setup Security Manager Plus Agents in the HTTPS mode to manage systems
in different geographical locations.
A Service Provider, say SerPro Inc., in Washington, has a
requirement to manage systems for 2 of his enterprise clients
- BNF Bank in Texas and Colt Freightliners in New York, who
are situated in different locations in the USA. These 2 networks
are in are interconnected in any way, and neither are they
accessible from the SerPro network.
The Security Manager Plus Server will reside in the SerPro network in
Washington. The Security Manager Plus Agents (in HTTPS mode) will be
deployed in the systems in these 2 client networks spread
across the US. The agents will contact the Security Manager Plus Server
over the internet and fetch patch management tasks that need
to be performed. On task completion they will report back
to the Security Manager Plus Server with the status update. Thus the
systems in these independent enterprise networks will be managed
by a single console with just internet accessibility.
Setting Up Security Manager Plus Server in the Service Provider Network
1. On a system which is in the Internet Data Center (IDC),
with a public IP address
Security Manager Plus Server can be installed on a server in the IDC
of the service provider. This server must have a unique public
IP address and must be accessible over the web. Port 6767
(default web server port of Security Manager Plus server) must be open
allow Security Manager Plus agents to communicate to this server.
Administrators can login to the web interface of Security Manager Plus
from any location to view and perform patch management tasks.
2. On a system in the internal network of the service
provider, with internet access via a NAT/PAT router
Security Manager Plus can be installed on a system with an internal
IP address, within the SerPro network. The NAT router in the
service provider IDC will have the public IP address for external
internet traffic, and this will redirect all traffic to and
from the internal IP addresses. The NAT router must be configured
(mapping in the routing table) in such a way that it routes
all HTTP (web) traffic coming through port 6767 (default web
server port of Security Manager Plus server) to the internal IP address
of the system which has Security Manager Plus Server installed.
The SMP agents will have the external IP of the SerPro NAT
router configured as the SMP Server name and will establish
contact over the web on port 6767 (default). The NAT router
at SerPro will take care of redirecting the requests/responses
to the internal IP address of the SMP Server machine.
Setting Up Security Manager Plus Agents at the customer sites
This process is very much simple and does not involve any
major configurations at the customer sites.
- Access the web interface of the SMP Server in SerPro using
the public IP address : https://<publicIP>:6767/
- Login and download the SMP Agents (Windows) from the Home
tab
- Copy and install the SMP Agents on systems that need to
be managed
- Provide the public IP address of the SMP server machine
as Server Name to the agent during installation
- If web access from the SMP Agent machine happens via a
proxy server, this can be configured during installation
or later from the System Tray Icon of SMP Agent
- Start the agent at the end of the installation screen
- Login to the web interface of SMP, visit the Systems tab
and see your agents listed there
Differences between Security Manager Plus Agent in HTTPS mode and
TCP mode
S.No |
|
HTTPS Mode |
TCP Mode |
1 |
Usage scenario |
WAN,LAN |
LAN,VPN |
2 |
Communication protocol |
HTTP (Over the web) |
Port to port (TCP) |
3 |
Security |
Data encrypted. Communication secured using SSL over
HTTP (HTTPS) |
Data encrypted. Communication secured using SSL
over TCP. |
4 |
Ports to be open for the Agent in the firewall (if any) |
None. Web access (HTTP) must be allowed. |
9005 (default, but configurable) |
5 |
Ports to be open for the Server in the firewall (if any) |
6767 (SMP server web port - default,
but configurable) |
9004 (default, but configurable),
6767 (for patch download) |
6 |
SMP Server location |
Can be located in an internal network with IP & port
mapping done to the NAT's external IP address |
Located in the internal network |
7 |
Agent Configurations required |
External IP address of the SMP Server, SMP server web port
& proxy server info (if required), polling interval for agent |
Name/IP address of the SMP Server, SMP Server TCP port |
8 |
Communication Flow between Server and Agents |
One-way (Agent polls Server) |
Two-way |
9 |
Response time of Agent |
Agent's poll interval |
Instant (no polling!) |
10 |
Operating System supported |
Windows only |
Windows & Linux |
Refer to the documentation for more information on Security Manager Plus
Agent Installation, Setup and Configuration.
|
