Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
R E V I E W  
Policy Enforcers

  May 29, 2003
  By Mike Fratto


>> continued from previous page

Configuresoft Enterprise Configuration Manager 4.0 with Security Update Manager 2.0
TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 BindView Development Corp. bv-Control 7.2 and Policy Operations Center 4.2
arrow
 Configuresoft Enterprise Configuration Manager 4.0 with Security Update Manager 2.0
arrow
 Pedestal Software SecurityExpressions 3.0
arrow
 Symantec Enterprise Security Manager 5.5
arrow
 PoliVec Security Policy Automation Suite (Builder 2.6, Scanner 3.5, Enforcer 1.1)
arrow
 NetIQ VigilEnt Security Manager 4.0
arrow
 Computer Associates eTrust Policy Compliance 7.4
arrow
 How We Tested
arrow
 Report Card

Configuresoft has some useful and unique features, but a big drawback is its Windows-centric focus. Sure, Windows has won the desktop, but as we all know, there's a whole lot of Unix and yes, NetWare, deployed. Enterprise Configuration Manager (ECM) provides the base functionality for device discovery, management and reporting, while Security Update Manager (SUM), which is licensed separately, provides patch reporting and updating. ECM is a powerful monitoring tool. That power comes at a price, though--the system is difficult to learn--but if you're an all Windows shop, ECM and SUM combined is a strong choice.

Unique to the products tested, SUM provides detailed patch and service-pack discovery and can deploy patches (though not service packs) to end systems. More important, SUM will display any dependencies that must be satisfied prior to the deployment of patches, such as a service-pack level. We ran SUM against our test computers and discovered many missing patches. We selected all the machines that needed patching and deployed everything in one fell swoop. SUM downloaded the patches from Microsoft's site and installed each one successfully.

ECM runs data collection through DCOM (Distributed Component Object Model) agents on target hosts and dumps collected data back to a database. All report generation is run against the database, not live on the hosts, so make very sure your database is current before running reports. Luckily, ECM can collect subsets of data as needed. Further, careful hardware planning is needed for the database: In our 100 host test bed, Configuresoft recommended a SQL server with dual PIII CPUs, 2 GB of RAM, RAID 3 and a 27-GB database partition. That's beefy.


Lesson learned: ECM is really just a fancy front end for SQL queries. Once we realized that, many features made sense. For example, hosts can be placed into multiple groups automatically based on features/functions discovered on the hosts. We created a primary domain controller group, an FTP server group and an Exchange server group. We defined the filters for groups based on the features of each, and the groups were populated automatically. In reality, when we selected a group, ECM issued a SQL select command--the filter is just a "where" clause specifying the relevant records.

ECM comes with numerous predefined reports as well as an Explorer-like interface that we expanded node by node to show the targets that matched our criteria. Building reports takes a bit of work because of the all the data available. Also, many of the selections have drop-down lists derived from discovered data. Much of the learning process involves understanding where specific device information is kept. As with Pedestal's product, external programs can be launched on the targets through Visual Basic scripts to do custom discovery.

Enterprise Security Manager 4.0 with Security Update Manager 2.0, Configuresoft, (719) 447-4600. www.configuresoft.com


start top  BindView Development Corp. bv-Control 7.2 and Policy Operations Center 4.2 Pedestal Software SecurityExpressions 3.0 

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers