The following sections contain information to help you secure access to your ZENworks Endpoint Security Management server:
Physical access to the Management Server should be controlled to prevent access by unauthorized parties. Measures taken should be appropriate to the risks involved. There are multiple available standards and guidelines available, including NIST recommendations, HIPAA requirements, ISO/IEC 17799, and less formal collections of recommendations such as CISSP or SANS guidelines. Even when a given regulatory frameworks is not applicable, it may still act as a valuable resource and planning guide.
Disaster Recovery and Business Continuity mechanisms to protect the Management Server should be put in place to protect the server if an organizational risk assessment identifies a need for such steps. The mechanisms best used will depend on the specifics of the organization and its desired risk profile, and cannot be described in advance. There are multiple available standards and guidelines available, including NIST recommendations, HIPAA requirements, ISO/IEC 17799, and less formal collections of recommendations such as CISSP or SANS guidelines.
The Management Server can be further protected from unauthorized access by restricting network access to it. This may take the form of some or all of the following:
Restricting incoming connection attempts to those IP addresses from which a valid access attempt might be expected
Restricting incoming connection attempts to those ports and protocols from which a valid access attempt might be expected
Restricting outgoing connection attempts to those IP addresses to which a valid access attempt might be expected
Restricting outgoing connection attempts to those ports and protocols to which a valid access attempt might be expected.
Such measures can be imposed through the use of standard firewall technology.
High Availability mechanisms for the Management Server should be put in place if an organizational risk assessment identifies a need for such steps. There are multiple alternative mechanisms for building high availability solutions, ranging from the general (DNS round-robining, layer 3 switches, etc.) to the vendor specific (the Microsoft web site has multiple resources on high availability web services). Those implementing and maintaining an Endpoint Security Management solution should determine which class of high availability solution is most appropriate for their context. Note that the Management Server has been architected to function in non-high-availability situations, and does not require High Availability to provide its services.
The Management Service launches immediately following installation, with no reboot of the server required. The Management Console is used to manage the data on the Management Service. See Section 5.3.1, Infrastructure and Scheduling for more details.