• Active Directory
  • Application
  • Desktop & Mobile
  • Help Desk
  • Network
  • Server
  • IT Security
  • MSP
  • On-Demand
 
 
Device Management, made easy
Manage control and secure your workstations, mobile
devices and tablets
 
 
Help Desk for Everyone
IT Help Desk Software and Customer Support Software
 
 
Protect Your IT. Save Your Business
Build a secure fortress with our security management solutions
 
 
MSP
Manage services faster, with multi-tenanted, ITIL-ready, and unified RMM solutions
 
 
On-Demand Solutions
IT Help Desk, Active Directory, and Operations Management from the Cloud
 
Remote Vulnerability ManagementHome » Features » Remote Vulnerability Management

Vulnerability Management over the Internet

Consider scenarios where you have to manage

  • systems that are spread across different geographical locations or offices over the internet (applicable primarily to Service Providers)
  • laptops that are often disconnected from the network (mobile users on the move)
  • systems situated behind a NAT/PAT firewall or router (systems in different branches of an enterprise)

Security Manager Plus is powered with an agent that can be used to manage such systems, where maintaining a dedicated network tunnel is not feasible; therefore allowing the communication over the internet. The only prerequisite is that the Security Manager Plus Agents should be able to contact the Security Manager Plus Server over the web (using HTTP).

Enterprise Setup

Here is an example to illustrate how a Service Provider can setup Security Manager Plus Agents in the HTTPS mode to manage systems in different geographical locations.

A Service Provider, say SerPro Inc., in Washington, has a requirement to manage systems for 2 of his enterprise clients - BNF Bank in Texas and Colt Freightliners in New York, who are situated in different locations in the USA. These 2 networks are in are interconnected in any way, and neither are they accessible from the SerPro network.

Vulnerability Management over the Internet

The Security Manager Plus Server will reside in the SerPro network in Washington. The Security Manager Plus Agents (in HTTPS mode) will be deployed in the systems in these 2 client networks spread across the US. The agents will contact the Security Manager Plus Server over the internet and fetch patch management tasks that need to be performed. On task completion they will report back to the Security Manager Plus Server with the status update. Thus the systems in these independent enterprise networks will be managed by a single console with just internet accessibility.

Setting Up Security Manager Plus Server in the Service Provider Network

1. On a system which is in the Internet Data Center (IDC), with a public IP address

Security Manager Plus Server can be installed on a server in the IDC of the service provider. This server must have a unique public IP address and must be accessible over the web. Port 6767 (default web server port of Security Manager Plus server) must be open to allow Security Manager Plus agents to communicate to this server.

Administrators can login to the web interface of Security Manager Plus from any location to view and perform patch management tasks.

2. On a system in the internal network of the service provider, with internet access via a NAT/PAT router

Security Manager Plus can be installed on a system with an internal IP address, within the SerPro network. The NAT router in the service provider IDC will have the public IP address for external internet traffic, and this will redirect all traffic to and from the internal IP addresses. The NAT router must be configured (mapping in the routing table) in such a way that it routes all HTTP (web) traffic coming through port 6767 (default web server port of Security Manager Plus server) to the internal IP address of the system which has Security Manager Plus Server installed.

The SMP agents will have the external IP of the SerPro NAT router configured as the SMP Server name and will establish contact over the web on port 6767 (default). The NAT router at SerPro will take care of redirecting the requests/responses to the internal IP address of the SMP Server machine.

Setting Up Security Manager Plus Agents at the customer sites

This process is very much simple and does not involve any major configurations at the customer sites.

  • Access the web interface of the SMP Server in SerPro using the public IP address : https://<publicIP>:6767/
  • Login and download the SMP Agents (Windows) from the Admin tab
  • Copy and install the SMP Agents on systems that need to be managed
  • Provide the public IP address of the SMP server machine as Server Name to the agent during installation
  • If web access from the SMP Agent machine happens via a proxy server, this can be configured during installation or later from the System Tray Icon of SMP Agent
  • Start the agent at the end of the installation screen
  • Login to the web interface of SMP, visit the Assets tab and see your agents listed there

Differences between Security Manager Plus Agent in HTTPS mode and TCP mode

S.No Description Security Manager Plus Agent
in HTTPS Mode
Security Manager Plus Agent
in TCP Mode
1 Usage scenario To manage systems in remote locations without a dedicated network connection (over internet), systems in the LAN, laptops that are often disconnected from the network To manage systems in the LAN, systems with restricted access, systems accessible over a VPN tunnel
2 Communication protocol HTTP (Over the web) Port to port (TCP)
3 Security Data encrypted. Communication secured using SSL over HTTP (HTTPS) Data encrypted. Communication secured using SSL over TCP.
4 Server to Agent communication port
(To be opened in the firewall, if any)
None 9005 (Agent listens in this port. Configurable)
5 Agent to Server communication ports
(To be opened in the firewall, if any)
6262, 6767
(Server web ports - default, but configurable)
9004 (Server listens in this port for agent. Configurable)
6 SMP Server location SMP Server can be installed in an internal network and the Agent in an external network, provided the IP & port mapping are done in the NAT. The external IP address can be used by the Agent SMP server must be located so that a TCP connection can be established by the Agent to the server
7 Agent Configurations required External IP address of the SMP Server
SMP server's HTTP and HTTPs ports
Proxy server info (if present)
Polling interval for agent
Name/IP address of the SMP Server
SMP Server's TCP port
8 Communication Flow between Server and Agents One-way (Agent polls Server) Two-way
9 Response time of Agent At every agent poll interval Instant (no polling!)
10 Operating System supported Windows only Windows only

Refer to the documentation for more information on Security Manager Plus Agent Installation, Setup and Configuration.

Network Security Scanner & Patch Management Software trusted by

  •  
  •  
  •  
  •  
  •  
  •