Before delving into an evaluation, you should review information about the primary components and terminology in Secure Configuration Manager.
|
For more information about the... |
See... |
|---|---|
|
Purpose of and interaction among the database, console, Core Services, and agent |
|
|
Application of systems, agents, endpoints, and groups |
|
|
Tools that enable you to audit your IT assets |
|
|
Tools that enable you to evaluate your IT assets |
The Secure Configuration Manager Installation Guide provides detailed requirements and steps for installing Secure Configuration Manager. When determining the setup for your evaluation environment, consider how that setup might affect a smooth upgrade to a production environment:
If your production environment contains fewer than 50 computers, you can install the database, console, and Core Services on one server.
If your production environment contains fewer than 50 computers and you want to audit resource-heavy data, such as entitlements for files and shares for all users, install the database and Core Services on separate computers. In a data-rich environment, the database requires more disk space.
If your production environment contains more than 50 computers, install the database and Core Services on separate computers. In an environment supporting a large number of endpoints and agents, the database requires more disk space and server resources.
NOTE:
For optimal Core Services performance, you must install a console on the Core Services computer. You do not need to use that console for any operational work.
You can install a console on more than one computer so multiple console users can audit and evaluate separate groups of managed systems.
You do not need to install a Windows agent at this time. The setup program always installs a Windows agent on the Core Services computer. This tour walks you through deploying the agent to other computers.
Use the NetIQ UNIX Agent Manager to deploy additional UNIX agents in your trial environment. You can add the UNIX systems manually or enable Secure Configuration Manager to discover them. For more information, see Managing (Discovered) UNIX and Linux Systems.
Secure Configuration ManagerWhen you complete the installation process, you can begin exploring the console. To start the console, you must know the administrator user name and password you provided during installation.
When you start the Secure Configuration Manager console, you can select from a list of common tasks, as well as click one of the navigation buttons. The following definitions describe the window items and their associated content in the console:
Allows you to view and manage security agents, endpoints, and systems. Displays the built-in managed groups of endpoints as well as My Groups, a container where you can group endpoints to match your organizational needs. For more information, see Section 2.0, Building Your Asset Map.
Displays containers that enable you to view, define, and run policy templates, security checks, and tasks. For ease of use, policy templates are organized in logical groups, such as Best Practices, Bulletins, and Regulations. Security checks are organized according to agent and endpoint types, such as UNIX, Windows, and SQL Server. The Task Suites and Custom Tasks containers enable you to create and run sets of reports and actions. For more information, see Section 6.0, Configuring Assessment Options and Creating Custom Tasks.
Lists the systems discovered on your network as well as the unmanaged endpoints on your currently managed systems, depending on the settings for discovery. For ease of use, systems and endpoints are organized by the type of asset, such as SQL Server or UNIX computers. For more information, see Discovering Unmanaged Assets in Your Environment and Discovering Endpoints on Managed Assets.
Displays report status and lets you view reports. Select a report in the Completed folder to display details or the current status of the report. You can organize completed reports into custom containers under My Reports. For more information, see Viewing Assessment Results and Customizing the Job Queues.
Allows you to view and manage alerts that are generated when a Secure Configuration Manager or an agent detects certain events or conditions on a managed endpoint. For example, upon installation, an alert announces that Secure Configuration Manager has discovered a new Windows domain. For more information, see the Help.
Allows you to view and export a log of the tasks performed by console users and administrators in Secure Configuration Manager, such as logging on and off, adding exceptions, and modifying checks and policy templates. For more information, see Section 14.0, Setting Security on the Secure Configuration Manager Console.
Displays the containers for computer baseline management. Baselines allow you to identify and track changes to your computers. The Criteria and Collection containers are a list of defined baseline sets and a list of defined baseline collections. The Management container is a list of the pre-defined checks for managing baselines. For more information, see Section B.0, Working with Baselines.
Displays the containers for exception management. Exceptions are temporary waivers you can create to prevent unnecessary security check report violations. The Exceptions container is a list of exceptions. The Saved Lists container is the list of values that can be used as a filter or exclusion list when running a security check or policy template. For more information, see Excluding Data from Report Results.
Secure Configuration ManagerProvides administrators access to Console Users, Console Roles, and Authentication Sources. Enables you to set the password policy for console accounts. For more information, see Section 14.0, Setting Security on the Secure Configuration Manager Console.
When you install Secure Configuration Manager, the setup program creates an administrator account that can access all product functionality. However, if several individuals in your organization want to participate in this evaluation, you might want to assign an account to each person. In this way, you control who can access Secure Configuration Manager and which activities each user can perform. For example, you can specify whether a console role can deploy agents or run a delta report. You can use the built-in roles or create new ones, and then assign console users to the appropriate roles. Once you create console accounts, you can configure a password policy to protect the accounts against security attacks. You can also instruct Secure Configuration Manager to check user credentials against an external authentication source.
|
For more information about... |
See... |
|---|---|
|
Creating console user accounts |
|
|
Creating or assigning console roles |
|
|
Using external authentication to validate console users |
|
|
Configuring the password policy settings |