Embed Size (px)
DESCRIPTION
Georgia Technology Authority 3 3 Secure Data Transfer No VPN Requirement Smart Bandwidth Management Secure Data Transfer No VPN Requirement Smart Bandwidth Management Dell Modular Services Architecture Dell Modular Services are delivered from a secure, global data center network Customer Environment Network Operations Centers Dell Global Center Network Relay Point Desktop Laptop Tablet NOC Data Center NOC Agent Confidential – For Internal Use Only
Citation preview
Agency Introduction to DDM
Dell Desktop Manager (DDM) Implementation
Georgia Technology Authority
2
Dell Desktop Manager (DDM) Implementation• Goal
▪ Implement a single Desktop Management Console for all in scope agencies that provides software distribution, patch management, antivirus, asset inventory, remote control and data encryption to agency computing devices.
▪ Implement an agent that will report hardware and software inventories and aid in delivering services such as AV and Data Encryption for all Win/Tel network connected client systems
▪ Utilize collected data to scope technology refresh efforts and reduce duplicated effort
• Benefits▪ Aid in distribution of packaged applications (Software Distribution)▪ Provide Anti-virus support and reporting ▪ Enable Patch compliance▪ Report on Software License compliance▪ Unified Asset Management
Georgia Technology Authority
33
Secure Data TransferNo VPN Requirement
Smart Bandwidth Management
Dell Modular Services ArchitectureDell Modular Services are delivered from a secure, global data center network
Customer EnvironmentNetwork Operations
CentersDell Global
Center Network
Relay Point
Desktop
Laptop
Tablet
NOCData
Center
DataCenter Data
Center DataCenter
DataCenter
NOC
NOCAgent
Confidential – For Internal Use Only
Georgia Technology Authority
4
Key Benefits:
Discover, inventory, track and manage distributed desktop and notebook computers to help reduce total cost of ownership while improving security, risk management, and compliance.
Dell Asset ManagementContinuous control and visibility for distributed assets
Comprehensive asset discovery & tracking
Agent-less discovery of hardware components
Set policies, find exceptions
Simplified architecture planning
Automatically discover, collect, and track distributed desktops and notebooks.
Remotely scan and inventory Windows devices, providing visibility without introduction to that agent.
Use policies and reports to identify security problems, and help enforce enterprise standards.
Evaluate assets for hardware refresh or major software upgrades to help reduce costs and improve success rate.
Works over the internet – doesn’t require mobile or remote assets to be connected to internal network or VPN.Visibility into remote assets
Value Proposition:
4
Georgia Technology Authority
5
Key Benefits:
5
Help ensure security by automating patch management process for Microsoft® Windows®, and a variety of third-party applications.
Patch ManagementCentralize and automate patch management
Help ensure patch compliance
Automate analysis, specify policies for deployment & distributions. Manage patches based on your IT needs.
Force deployment of patches to all managed computers whether or not they are on the corporate network.
Set policies that govern bandwidth usage at client or network level; control bandwidth consumption for one or all devices.
As an optional service, Dell can remotely administer and monitor patch distribution based on best practices.
Works over the internet – doesn’t require mobile or remote assets to be connected to internal network or VPN.
Value Proposition:
Patch-as-a-Service
Flexible, customer- defined policy- based patch management
Policy driven Bandwidth Management
Simplified management of distributed environments
Georgia Technology Authority
66
Anti-Malware & Virus ManagementImprove security by enforcing virus and malware definition updates
Protect your PCs and help ensure end-point security by centrally deploying Symantec® and McAfee® anti-virus software and updates for distributed desktop and notebook computers– whether or not they are on the corporate network.
Protect your network by enforcing compliance on devices before they return to the corporate network.
Works over the internet – doesn’t require mobile or remote assets to be connected to an internal network or VPN.
Centrally monitor virus and malware infections, track update compliance, and identify known vulnerabilities.
Centrally activate and track administrative scans on devices when needed to enable virus identification and quarantine.
Centrally install software and upgrades without user involvement.
Value Proposition:
Simplified management of distributed environments
Force scans to control outbreaks
Network Protection and enforce compliance
Track infections, find vulnerabilities
Unattended install
Key Benefits:
Georgia Technology Authority
77
Dell Laptop Data EncryptionCentrally manage data encryption and data access for distributed computers
Value Proposition:
Key Benefits:
Laptop Data Encryption helps ensure that critical and sensitive data stored on laptop and desktop PCs will not fall into the wrong hands – even if the PC does.
Centrally enforce security policies for distributed clients.
Helps ensure data stored on laptops and desktops stays encrypted (256 bit AES) even if the PC leaves the network.
Encryption key is eliminated and data is made inaccessible under specific pre-set conditions.
Trace location of lost machines with user and network data.
No end user action required to encrypt or access data. Since applications and system files remain unencrypted, computer performance is not affected.
Intelligent encryption
Help locate lost laptops
Remote security management
Policy-based protection
Transparent to end users
Georgia Technology Authority
8
Comprehensive Laptop Data SecurityWhen a laptop is lost, the data becomes inaccessible
8
Georgia Technology Authority
9
DDM - Data PointsPage 1
1. What is the DDM doing? - The DDM will process hardware and software inventory requests on each asset. Anti-virus software and other Agency approved packages will be delivered via the tool. Sensitivity around network bandwidth is always our consideration and can be tailored to deliver install by TOD, and network bandwidth throttling can be used to manage utilization. The agent scans registry locations, file system, WMI database, and Add/Remove programs for software and hardware inventory.
Georgia Technology Authority
10
DDM - Data PointsPage 2
2. Network impacts - Each client heartbeats every 15 minutes. The network payload break down is the following:▪ 3 Kb for the SSL handshake▪ 1 Kb for the agent system information sent to the server▪ 2 Kb if there is nothing to do from the server to the agent▪ 1-20 Kb if the server sends a task for the agent
▪ What will be done to ensure network utilization is managed?
▪ DDM will be moving software over the wire, naturally, bandwidth utilization is always a concern. We mitigate the impact of consuming network bandwidth by using a “Relay Point” framework. Systems can be used to store applications and/or patches to then send to a local system on the network. Moving application data closer to the asset frees up the internet pipe.
Georgia Technology Authority
11
How Relay Points Work
Corporate Office10.10.1.0/24
• Adobe• Apple• Microsoft• RIM• Winzip• Sun• Apache• Real• Mozilla• VMWare• Citrix• Skype
Confidential – For Internal Use Only
Georgia Technology Authority
12
DDM – Data Points3. Security – No local data is changed to accommodate agent. A folder is
created on the c: (or other designated file system) to store control files related to the agent.
1. No PID information is inventoried from any asset2. The Asset data is stored in a Server cluster at Dell Corporate. In
the future PODS will exist through out the world.3. Data is sent over the network encrypted!
Georgia Technology Authority
13
DDM Technology ArchitectureClient Manager
Core Agent(SMA)
Additional Components
PatchManagement
AntiVirus
Data Encryption
Hosted Data Centers
Data Centers
Hosted Update Servers
HTTP / HTTPS
HTTP / HTTPS
CommunicationsServer Cluster
Databases
HTTP / HTTPS
Client Systems
Control Center
HTTP/HTTPS
Relay Point(optional)
RemoteAccess
Data Centers
SymantecLiveUpdateServersMcAffee
FTP / HTTP / HTTPS
HTTP
Secure Communications• All communication through secure connections over existing network infrastructure. Normally
network configuration changes are not necessary. • All communications secure/encrypted & originate from Agent to the Data Centers.
Georgia Technology Authority
14
DDM - DDM Data PointsPage 3
Summary plan for implementation
• Agency Discoveries – Completed!• Determine distribution mechanism (login script, URL or netscan or all )• Provide DDM Installer information to local Agency contacts (agent, Login
script, etc) – Completed!• Deploy Login script into Novell and/or Active Directory • Deliver agent installer to agency contacts and Pilot test on a few
agency chosen machines; prior to wider deployment• Provision Relay machines as needed per network capacity maps with
agency contacts assistance• Configure Patch Policy per Agency requirements• Communicate with end users on AV Installation • Deploy AV Package technology• Deploy Data Encryption Software to designated Laptop users
Georgia Technology Authority
15
