ZENworks Endpoint Security Management consists of four high-level functional components:
Policy Distribution Service
Management Service
Management Console
Endpoint Security Client
The figure below shows these components in the architecture:
Figure 1-2 ZENworks Endpoint Security Management Architecture
The Endpoint Security Client is responsible for enforcement of the distributed security policies on the endpoint system. When the Endpoint Security Client is installed on all enterprise computers, these computers (endpoints) can now travel outside the corporate perimeter and maintain their security, while endpoints inside the perimeter receive additional security checks within the perimeter firewall.
Each Central Management component is installed separately, the following components are installed on servers that are secured inside the corporate perimeter:
Policy Distribution Service: Responsible for the distribution of security policies to the Endpoint Security Client, and retrieval of reporting data from the Endpoint Security Clients. The Policy Distribution Service can be deployed in the DMZ or outside the enterprise firewall, to ensure regular policy updates for mobile endpoints.
Management Service: Responsible for user policy assignment and component authentication; reporting data retrieval, creation and dissemination of ZENworks Endpoint Security Management reports; and security policy creation and storage.
Management Console: The visible user interface, which can run directly on the server hosting the Management Service or on a workstation residing inside the corporate firewall with connection to the Management Service server. The Management Console is used to configure the Management Service and to create and manage user and group security policies. Policies can be created, copied, edited, disseminated, or deleted using the Management Console.