1.1 Understanding the Secure Configuration Manager Components

The Secure Configuration Manager environment includes three primary components (Core Services, consoles, and the database), security agents, and compliance evaluation tools (Security Checkup Results Viewer and Secure Configuration Manager Dashboard). You can install the components, agents, and the Secure Configuration Manager Dashboard on separate computers.

Secure Configuration Manager deploys agents to collect information, stores information in a central database, and displays reports in the Secure Configuration Manager consoles. Secure Configuration Manager Core Services manages communication among the components.

Secure Configuration Manager includes the components listed in the following table.

Component

Description

Agents

Receive requests from Core Services and run commands or respond by returning data, status, or results. Agents run platform-specific software locally on assets throughout your enterprise.

Core Services

Communicates between agents, the database, and consoles to perform the following functions:

  • Manage interaction between agents and consoles

  • Authenticate requests to the agents

  • Receive data from agents and store it in the database

  • Log product activity, security checkup results, and configuration data in the database

Database

Stores product configuration data and results from security checkup reports in Microsoft SQL Server format.

Web console

Serves as a browser-based interface for Secure Configuration Manager so you can perform the following functions:

  • Get a high-level view of your IT assets, including the status of their health, compliance, and risk to your enterprise security

  • Create dynamic reports that combine the results of multiple policy templates and endpoints

  • View and manage endpoints and groups

  • Execute security checks and run policy templates so you can perform a granular assessment of specific groups and endpoints

  • Create and apply saved lists for security check parameters

  • Create and apply exceptions to assessment results

  • Create and apply tags to endpoints and policy templates

  • View the status of jobs

  • Launch the Dashboard without having to log in again

NOTE:With the introduction of Secure Configuration Manager 7.0, this console replaces some functionality provided by the Windows console.

Windows console

Serves as the original interface for Secure Configuration Manager so you can perform the following functions:

  • View, add, remove, and group your IT assets

  • Execute security checks and run policy templates

  • Create and apply saved lists for security check parameters

  • Create and apply exceptions to assessment results

  • Manage jobs

  • Filter information

  • Control automatic AutoSync updates

  • Configure product settings

  • Modify, import, and export security checks and policy templates

NOTE:With the introduction of Secure Configuration Manager 7.0, the Web console replaces some of the console’s functionality. Further references to this console will be prefaced with “Windows”.

Dashboard

Provides a Web-based overview of your environment’s compliance enables executives and managers to:

  • View the overall compliance of your IT assets

  • Perform a granular assessment of specific groups and computers

  • View the overall posture and trends of security compliance at a single glance

Includes the Analytics Database and Dashboard website.