You can choose one of the following deployment types based on the size of your IT environment.
For small enterprises of 50 computers or fewer, you can install all Secure Configuration Manager components on one computer. You can then install additional Windows consoles on other computers as needed. For most console users, you do not need to install the Windows console. Rather, give them the URL to access the Web console from a supported browser.
For larger enterprises, install Core Services, the Dashboard, and the databases on separate computers. The infrastructure for the Web console is installed with Core Services, so most console users simply need the URL to access the Web console from a supported browser. However, you might want to install the Windows console on additional computers for those console users who need to manage agents and other Secure Configuration Manager components. For more information, see Recommended Server Setup.
NetIQ does not recommend or support installing Secure Configuration Manager components on domain controllers for the following reasons:
When you create a local group on a domain controller, the end result is a domain group. The local group needed to handle authentication is not created.
This configuration can also cause performance issues because the domain controller is very busy even if you do not install Secure Configuration Manager components on that computer.
You also have the option to install Core Services on multiple computers. In this configuration, you can install Core Services and the Secure Configuration Manager database on a computer or install the database on a computer, and install Core Services in other computers and enable them to connect to the database.
Having multiple Core Services allows you to divide managed resources, or endpoints, into managed groups based on business units or other organizational needs. Resources managed by one Core Services computer are completely separate from resources managed by a different Core Services.
This configuration might be appropriate if your organization needs to maintain a high level of internal security. For more information, see Multiple Core Services Requirements.
Depending on the agents you are deploying, you might be able to share registered agents between Core Services. For more information, see Working with Multiple Core Services
To install Secure Configuration Manager in the multiple Core Services setup, contact Technical Support.
In a typical environment, you might install Secure Configuration Manager on several servers. The following are sample scenarios. Note that the recommendations place the Windows agent on all Windows servers. In most environments, you install the Secure Configuration Manager database on a separate server from the other components.
Install similar components, such as the databases, on the same server.
|
Computer setup |
Component setup |
|---|---|
|
Server 1 |
Core Services, includes Web console Windows console Windows agent Dashboard (website infrastructure) |
|
Server 2 |
Databases
Windows agent |
|
Other servers in your environment |
Security Agents (UNIX or Windows) and AutoSync Client |
Install the Dashboard components on servers separate from Core Services.
|
Computer setup |
Component setup |
|---|---|
|
Server 1 |
Core Services, includes Web console Windows console Windows agent |
|
Server 2 |
Secure Configuration Manager database Windows agent |
|
Server 3 |
Dashboard components
Windows agent |
|
Other servers in your environment |
Security Agents (UNIX or Windows) and AutoSync Client |
Install Core Services, the Dashboard components, and the databases on separate servers.
|
Computer setup |
Component setup |
|---|---|
|
Server 1 |
Core Services, includes Web console Windows console Windows agent |
|
Server 2 |
Secure Configuration Manager database Windows agent |
|
Server 3 |
Dashboard (website infrastructure) Windows agent |
|
Server 4 |
Analytics Database Windows agent |
|
Other servers in your environment |
Security Agents (UNIX or Windows) and AutoSync Client |