1

C|oud-enab|ed Management
Agenda
Managlng ln Lhe Cloud 2
Why Cloud-enabled ManagemenL? 1
Scenarlos 2
SM lnLerneL CaLeway 3
SupporLed luncuonallLy 4
lnsLallauon S
D|sc|a|mer!
1hls lnformauon ls abouL pre-release soware. Any unreleased updaLe Lo Lhe
producL or oLher planned modlcauon ls sub[ecL Lo ongolng evaluauon by
SymanLec and Lherefore sub[ecL Lo change.
1hls lnformauon ls provlded wlLhouL warranLy of any klnd, express or lmplled.
CusLomers who purchase SymanLec producLs should make Lhelr purchase
declslon based upon feaLures LhaL are currenLly avallable.
3
3 Managlng ln Lhe Cloud
Why CLM?
- l1 admlns wanL:
100 vlslblllLy for Lhe sysLems ln Lhe envlronmenL and whaL ls lnsLalled on
all of Lhem
100 aLch compllance
ConslsLenL soware dellvery rollouLs (up-Lo-daLe soware/Av)
- 8eallLy?
noL knowlng how many sysLems are acLually Lhere
unsure abouL Lhe soware usage wlLhln Lhe company
Low aLch compllance
Soware verslon lnconslsLency across Lhe envlronmenL
Managlng ln Lhe Cloud 4
S
Mob||e
Dev|ces
C|oud
Serv|ces
Mob||e
Workforce
8y 2013, over
37
of Lhe global workforce wlll
work ouLslde Lhe corporaLe
rewall
Laptops
are conslsLenLly ouLselllng
deskLops slnce 2008
S4
of buslnesses use SaaS
Why |s |t gemng harder for I1 Adm|ns?
Managlng ln Lhe Cloud
CLM he|ps |ncrease manageab|||ty ("Managed endpo|nt |s a secure endpo|nt")


Covered Scenar|os
- LnLerprlses
1ravelllng employees
Lmployees worklng from home
Malnly lapLops
- Plghly dlsLrlbuLed companles
1elecommuung employees/Pome omce
- Managed Servlce rovlders (MS)
no vn llnk from cusLomer Lo Lhe servlce provlder
Managlng ln Lhe Cloud 6
C|oud-enab|ed Management (CLM)
- Allows managlng endpolnLs over lnLerneL
- uoes noL requlre a vn connecuon Lo Lhe SM Server
- uoes noL requlre exposlng managemenL servers Lo Lhe lnLerneL
- rovldes enhanced securlLy for communlcauons
- 8ullL-ln lnLo Lhe AgenL
Managlng ln Lhe Cloud 7
C|oud-enab|ed Agent
Managlng ln Lhe Cloud 8
Internal External DMZ
Agent Internet
Gateway

Internal
Firewall

External
Firewall

Gateway blocks un-
trusted connections
Secure connection
No VPN required
Symantec
Management
Platform


lnLerneL
Manag|ng 1hrough the C|oud
Managlng ln Lhe Cloud 9
Customer Site B
Internet
SMP Internet Gateway


Symantec
Management
Platform
CEM SSL Tunnel


HTTPS

Remote Package
Server


Customer Site A
CEM SSL Tunnel


Remote Package
Server


SM Internet Gateway
- laced ln Lhe uemlllLarlzed Zone (uMZ)
- laces Lhe lnLerneL
- roLecLs Lhe SM Server and SlLe Servers
1haL are locaLed on Lhe lnLernal neLwork
- 8locks unLrusLed cllenLs
- 8ouLes LrusLed cllenLs Lo Lhe managemenL servers
- Slngle CaLeway can serve muluple SM and SlLe Servers
Managlng ln Lhe Cloud 10
SM Internet Gateway - sca|ab|||ty
- lnLerneL CaLeway can handle up Lo 3,000 concurrenL
connecuons:
1ranslaLes lnLo up Lo 60,000 CLM-enabled nodes
- Pardware requlremenLs:
referably physlcal box, 8C8 8AM, 40C8 Puu and dual-core Cu
vM-based lC oers lower scalablllLy, buL sull sumclenL for a fully-loaded
nS
Managlng ln Lhe Cloud 11
SM Internet Gateway arch|tecture - examp|es
Managlng ln Lhe Cloud 12
Cperanng Systems Support
- Managed endpolnLs
Wlndows
no unlx/Llnux supporL now (Mac
supporL upcomlng)


- SM lnLerneL CaLeway
Wlndows Server 2008 82 S1 (64-blL)
- .nL1 lramework 3.3 S1
- 1wo nlCs
Managlng ln Lhe Cloud 13
Agent commun|canon |n CLM mode
Managlng ln Lhe Cloud 14
hups://CaLeway:443
AgenL cerucaLe for lC
lC cerucaLe
- lnLerneL CaLeway ls llsLenlng on porL 443
- nS AgenL slLe ls congured on porL 4726
hups://nS:4726
hups://nS:443 lC redlrecLs requesLs Lo AgenL SlLe porL 4726
AgenL cerucaLe for nS
Connecnv|ty - Automanc Connecnv|ty Sw|tch|ng
- LndpolnL ls on Lhe lnLernal neLwork
CommunlcaLe Lo Lhe SM Server dlrecLly
- LndpolnL ls on Lhe lnLerneL (no vn)
CommunlcaLe Lo Lhe SM Server vla lnLerneL CaLeway
- LndpolnL ls on Lhe vn
CommunlcaLe Lo Lhe SM Server dlrecLly
Managlng ln Lhe Cloud 1S
Connecnv|ty - Load 8a|anc|ng
Managlng ln Lhe Cloud 16
- AgenLs can swlLch beLween gaLeways
- AuLomauc load-balanclng uslng round-
robln algorlLhm
- All gaLeways are LreaLed equally
- AuLomauc fallover
- lnaccesslble gaLeways are marked as
bad and sklpped for a reglsLry
congurable umeouL
- AL leasL Lwo gaLeways are
recommended for faulL-Lolerance
CLM Secur|ty harden|ng
- unnecessary AgenL communlcauon ls dlsabled ln CLM mode
ower managemenL uckle ls dlsabled
MulucasL ls dlsabled
C1A uckle ls dlsabled
- Secure Apache P11 Server congurauon
CerucaLe usage ls enforced
Cnly manually added hosLs and porLs are allowed lnLo lnLernal neLwork
- Server AgenL 1rusL - CLM AgenL web slLe
rovldes access Lo only agenL web pages
8equlres SSL and cerucaLes
CMu8 resource updaLes are resLrlcLed for evenLs comlng Lo CLM web slLe
17 Managlng ln Lhe Cloud
I1MS - What |s Supported?
- Managed Soware uellvery
- Culck uellvery (non real-ume)
- Pardware lnvenLory
- Soware lnvenLory
- Server lnvenLory
- App MeLerlng
- aLch lnvenLory
- aLch ManagemenL ollcles
- 8aslc CllenL 1asks
Managlng ln Lhe Cloud 18
I1MS - L|m|ted or No Support
- lnlually no supporL:
MonlLor Soluuon
ueploymenL Soluuon
- LlmlLauons:
Soware orLal
8emoLe and AgenLless
ManagemenL (CC8/81SM)
8eal-ume Lasks and [obs execuuon
Managlng ln Lhe Cloud 19
CLM Conhguranon
1. uownload and lnsLall SM lnLerneL CaLeway (lC)
2. CeneraLe lC securlLy cerucaLe + polnL lC Lo Lhe SM
Server(s)
3. Congure lC on SM Server(s) + enable cllenLs Lo work over
CLM
4. Cpuonal: creaLe and dlsLrlbuLe oMlne AgenL package
- re-requlslLe - SM Server and cllenLs are communlcaung over
P11S
Managlng ln Lhe Cloud 20
1hank you!
Copyr|ght 2010 Symantec Corporanon. A|| r|ghts reserved. SymanLec and Lhe SymanLec Logo are Lrademarks or reglsLered Lrademarks of SymanLec Corporauon or lLs amllaLes ln
Lhe u.S. and oLher counLrles. CLher names may be Lrademarks of Lhelr respecuve owners.

1hls documenL ls provlded for lnformauonal purposes only and ls noL lnLended as adveruslng. All warranues relaung Lo Lhe lnformauon ln Lhls documenL, elLher express or lmplled,
are dlsclalmed Lo Lhe maxlmum exLenL allowed by law. 1he lnformauon ln Lhls documenL ls sub[ecL Lo change wlLhouL nouce.
1hank you!
Cloud-enabled ManagemenL 21