Available only in the Windows console.
Many of the servers in your environment host more than one endpoint, such as the operating system and a database instance. When you register a Windows computer with Secure Configuration Manager, only the endpoint representing the operating system gets registered with Core Services. You can manually add the other endpoints to the managed asset, or you can configure Secure Configuration Manager to regularly probe managed assets for undiscovered endpoints.
As your organization grows and changes, you might need to add endpoints that you want to assess. For example, you might install a database on a managed asset or add a network device to your environment.
Log in to the Windows console.
In the left pane, click IT Assets.
In the IT Assets tree pane, expand Agents and select the appropriate folder.
In the content pane, right-click the agent to which you want to add the endpoint, and then click Add Endpoint.
Click Next.
(Optional) To find an existing system on which to add an endpoint, click Existing Systems. Select a system and click OK.
In the Name field, type a name for the endpoint.
Select the appropriate endpoint type from the Endpoint Type field, such as Windows Machine or Active Directory, or accept the default endpoint type.
Click IP Lookup to look up the IP address of the endpoint or type the IP address into the IP Address field. Secure Configuration Manager supports IPv4 and IPv6 addresses.
(Optional) To add more information about the computer that you are adding as an endpoint, update the optional property fields. Some endpoint types might have a subset of the following optional property fields.
|
Field |
Description |
|---|---|
|
Contact Email |
Email address of the contact person. |
|
Contact Name |
Name of the contact person. |
|
Database Port |
Port that the agent is using to communicate with Core Services, if you are adding a database endpoint. |
|
Importance |
Criticality level of the endpoint. |
|
Instance Name |
Name of the database instance, if you are adding a database endpoint. |
|
Is DHCP Client |
Whether this computer has its IP address dynamically assigned by a DHCP server. |
|
License Type |
Product for which you are licensing this endpoint. |
|
Location |
Location of the computer hardware. |
|
Major Version |
Major version of the operating system. Secure Configuration Manager automatically updates this information when registering Windows, SQL Server, NAS Server, IIS, and Active Directory endpoints. Not available for Lightweight UNIX or Oracle systems. |
|
Minor Version |
Minor version of the operating system. The list of available minor versions depends upon the selected major version. Secure Configuration Manager automatically updates this information when registering Windows, NAS Server, and Active Directory endpoints. Not available for SQL Server, IIS, Lightweight UNIX, or Oracle systems. |
|
Notes |
Descriptive notes about the computer. Not available for Lightweight UNIX, UNIX, or Oracle systems. |
|
Service Pack |
Microsoft Service Pack applied to the Windows operating system. Not available for NAS servers. |
|
Time Zone |
Time zone in which the physical computer on which the endpoint is located is found. An endpoint computer can be in a different time zone than the Core Services computer or the managing agent. |
|
Use |
The purpose of the endpoint computer. |
(Optional) To add the endpoint to a group, complete the following steps:
Select the Add Endpoint to a Group check box.
Click Groups.
Select an existing group to which you want to add the endpoint, or create a new group.
(Optional) To create a new group, enter the new group name and description, and then click Create New Group.
Click Finish to return to the Define Endpoint window.
(Optional) To add more than one endpoint, click Add Endpoint. Repeat Step 7 through Step 11 for each endpoint that you want to add.
Click Finish.
When you add a server to your asset map, Secure Configuration Manager automatically recognizes the operating system as an endpoint. However, that server might have more endpoints that can be managed and assessed. You can configure Secure Configuration Manager to automatically discover the following types of endpoints referred to as application endpoints, on your managed assets:
Internet Information Services (IIS)
Microsoft SQL Server
Oracle (UNIX)
Oracle (Windows)
By default, the Application Endpoint Discovery setting in the Core Services Configuration Utility is enabled, which allows Secure Configuration Manager to automatically discover application endpoints. When you register a new asset, Core Services instructs the agent managing that asset to run a check that looks for application endpoints. You can also schedule a job that continuously looks for unmanaged application endpoints on currently managed assets. For more information about jobs that discover application endpoints, see Scheduling the Discovery Process.
Adding a discovered endpoint follows the same process as manually adding endpoints, except you start from IT Assets > Discovered Systems.
Log in to the Windows console.
In the left pane, click IT Assets > Discovered Systems.
In the content pane, right-click the endpoint that you want to add, and then click Manage.
Select the agent that you want to manage the endpoint, then complete the wizard for adding the endpoint.
For more information, see Adding Known Endpoints to an Agent.
(Optional) Add the endpoint to a group, as described in Step 11.
Click Finish.
Secure Configuration Manager enables you to assess the configuration of network devices attached to a Windows environment. It’s a two-step process to add network devices as endpoints. First, you add the network devices to the Network Device Endpoint Importer utility. Then you have the utility import the devices into Secure Configuration Manager.
The Network Device Endpoint Importer is a separate utility packaged with Secure Configuration Manger.
To launch the Network Device Endpoint Importer utility, go to Start > Secure Configuration Manager > Network Device Endpoint Importer.
Enter your Secure Configuration Manager login credentials.
Enter IP address and port number for Core Services.
Click Login.
Click File > New Endpoint or click the + option.
In the Endpoint Name field, specify a name for the endpoint that you want to add.
In the Endpoint Properties table, verify or specify the following required information:
|
Field |
Description |
|---|---|
|
Agent Name |
Select the Windows agent to which you want to add the network device endpoint. |
|
Endpoint Name |
(Optional) Specify a name for the endpoint, if you have not specified already in Step 2. |
|
Protocol |
Select the type of protocol used to connect with the network device - Telnet or SSH. |
|
Authentication Type |
This field is displayed only if you have selected SSH as the protocol. Select one of the following options:
|
|
Network Device Type |
Select the type of the network device for which you are configuring this endpoint. This drop-down list has following options:
|
|
IP Address |
Specify IP address of the network device. |
|
IP Port |
Specify the port through which the endpoint interacts with the network device. |
|
User Name |
Specify the user name to log in to the network device. |
|
Password |
This field is displayed only if you have selected Password as the Authentication Type. Specify the password of the network device. |
|
Key |
This field is displayed only if you have selected Key as the Authentication Type. Specify the private key file path. |
|
Expect Script Name |
This field is displayed only if you have selected Generic as the Network Device Type. Specify the name of the scripting file that interacts with the network device. |
NOTE:Some fields display default values. However, you can customize the values.
(Optional) Specify the following endpoint properties:
|
Field |
Description |
|---|---|
|
Passphrase |
This field is displayed only if you selected SSH as Protocol and Key as authentication type. Specify the passphrase for the private key file. |
|
Privilege Password |
This field is displayed only if you have selected IOS as the Network Device Type. Specify the privilege password of the network device. |
|
Contact Email |
Email address of the contact person. |
|
Contact Name |
Name of the contact person. |
|
Importance |
Criticality level of the endpoint. |
|
License Type |
Product for which you are licensing this endpoint. |
|
Location |
Physical location of the endpoint computer hardware. |
|
Version |
Version of the SQL Server database that the endpoint represents. |
|
Time Zone |
Time zone in which the endpoint computer hardware is located. |
|
Notes |
Descriptive notes about the endpoint. |
NOTE:Some fields display default values. However, you can update the values.
To register the endpoint with Secure Configuration Manager, select True in the Register field.
Alternatively, you can select Register All to register all the endpoints you have added.
(Optional) To add the endpoint to a group, select Add Endpoint to a Group option, and then select an existing group or type a new group name to which the endpoint should belong.
To easily add endpoints, you can do the following:
Save the configuration of endpoints you want to add in a .xml or a .csv file, and then load the configuration file by clicking File > Load Configuration and selecting the file.
Save the configuration of the endpoint you have added, by clicking File > Save Configuration. This saves the configuration of the endpoint in a .xml or .csv file. You can use the same configuration in the future while adding endpoints, by using the Load Configuration option.
NOTE:You can use the schema of the .xml file that you create here to create your own .xml files that contain endpoint configuration information. You can use these configuration information files to add network device endpoints in future.
Clone an endpoint by clicking the > button. This creates a new endpoint with the same configuration as the endpoint you are cloning. You can then modify the configuration of the clones endpoint as required. This makes it easy to add endpoints.
After you add network device endpoints in the Network Device Endpoint Importer utility, click Import All to import all the network device endpoints to Secure Configuration Manager. You can view the log messages pertaining to the import operation in the Log Messages area. On completing the import operation successfully, a confirmation message is displayed.