Consider scenarios where you have to manage
Security Manager Plus is powered with an agent that can be used to manage such systems, where maintaining a dedicated network tunnel is not feasible; therefore allowing the communication over the internet. The only prerequisite is that the Security Manager Plus Agents should be able to contact the Security Manager Plus Server over the web (using HTTP).
Here is an example to illustrate how a Service Provider can setup Security Manager Plus Agents in the HTTPS mode to manage systems in different geographical locations.
A Service Provider, say SerPro Inc., in Washington, has a requirement to manage systems for 2 of his enterprise clients - BNF Bank in Texas and Colt Freightliners in New York, who are situated in different locations in the USA. These 2 networks are in are interconnected in any way, and neither are they accessible from the SerPro network.
The Security Manager Plus Server will reside in the SerPro network in Washington. The Security Manager Plus Agents (in HTTPS mode) will be deployed in the systems in these 2 client networks spread across the US. The agents will contact the Security Manager Plus Server over the internet and fetch patch management tasks that need to be performed. On task completion they will report back to the Security Manager Plus Server with the status update. Thus the systems in these independent enterprise networks will be managed by a single console with just internet accessibility.
1. On a system which is in the Internet Data Center (IDC), with a public IP address
Security Manager Plus Server can be installed on a server in the IDC of the service provider. This server must have a unique public IP address and must be accessible over the web. Port 6767 (default web server port of Security Manager Plus server) must be open to allow Security Manager Plus agents to communicate to this server.
Administrators can login to the web interface of Security Manager Plus from any location to view and perform patch management tasks.
2. On a system in the internal network of the service provider, with internet access via a NAT/PAT router
Security Manager Plus can be installed on a system with an internal IP address, within the SerPro network. The NAT router in the service provider IDC will have the public IP address for external internet traffic, and this will redirect all traffic to and from the internal IP addresses. The NAT router must be configured (mapping in the routing table) in such a way that it routes all HTTP (web) traffic coming through port 6767 (default web server port of Security Manager Plus server) to the internal IP address of the system which has Security Manager Plus Server installed.
The SMP agents will have the external IP of the SerPro NAT router configured as the SMP Server name and will establish contact over the web on port 6767 (default). The NAT router at SerPro will take care of redirecting the requests/responses to the internal IP address of the SMP Server machine.
This process is very much simple and does not involve any major configurations at the customer sites.
|S.No||Description||Security Manager Plus Agent
in HTTPS Mode
|Security Manager Plus Agent
in TCP Mode
|1||Usage scenario||To manage systems in remote locations without a dedicated network connection (over internet), systems in the LAN, laptops that are often disconnected from the network||To manage systems in the LAN, systems with restricted access, systems accessible over a VPN tunnel|
|2||Communication protocol||HTTP (Over the web)||Port to port (TCP)|
|3||Security||Data encrypted. Communication secured using SSL over HTTP (HTTPS)||Data encrypted. Communication secured using SSL over TCP.|
|4||Server to Agent communication port
(To be opened in the firewall, if any)
|None||9005 (Agent listens in this port. Configurable)|
|5||Agent to Server communication ports
(To be opened in the firewall, if any)
(Server web ports - default, but configurable)
|9004 (Server listens in this port for agent. Configurable)|
|6||SMP Server location||SMP Server can be installed in an internal network and the Agent in an external network, provided the IP & port mapping are done in the NAT. The external IP address can be used by the Agent||SMP server must be located so that a TCP connection can be established by the Agent to the server|
|7||Agent Configurations required||External IP address of the SMP Server
SMP server's HTTP and HTTPs ports
Proxy server info (if present)
Polling interval for agent
|Name/IP address of the SMP Server
SMP Server's TCP port
|8||Communication Flow between Server and Agents||One-way (Agent polls Server)||Two-way|
|9||Response time of Agent||At every agent poll interval||Instant (no polling!)|
|10||Operating System supported||Windows only||Windows only|
Refer to the documentation for more information on Security Manager Plus Agent Installation, Setup and Configuration.