Network Security Scanner & Patch Management Software
Vulnerability Management over the Internet
Consider scenarios where you have to manage
Security Manager Plus is powered with an agent that can be used to manage such systems, where maintaining a dedicated network tunnel is not feasible; therefore allowing the communication over the internet. The only prerequisite is that the Security Manager Plus Agents should be able to contact the Security Manager Plus Server over the web (using HTTP).
Here is an example to illustrate how a Service Provider can setup Security Manager Plus Agents in the HTTPS mode to manage systems in different geographical locations.
A Service Provider, say SerPro Inc., in Washington, has a requirement to manage systems for 2 of his enterprise clients - BNF Bank in Texas and Colt Freightliners in New York, who are situated in different locations in the USA. These 2 networks are in are interconnected in any way, and neither are they accessible from the SerPro network.
The Security Manager Plus Server will reside in the SerPro network in Washington. The Security Manager Plus Agents (in HTTPS mode) will be deployed in the systems in these 2 client networks spread across the US. The agents will contact the Security Manager Plus Server over the internet and fetch patch management tasks that need to be performed. On task completion they will report back to the Security Manager Plus Server with the status update. Thus the systems in these independent enterprise networks will be managed by a single console with just internet accessibility.
Setting Up Security Manager Plus Server in the Service Provider Network
1. On a system which is in the Internet Data Center (IDC), with a public IP address
Security Manager Plus Server can be installed on a server in the IDC of the service provider. This server must have a unique public IP address and must be accessible over the web. Port 6767 (default web server port of Security Manager Plus server) must be open to allow Security Manager Plus agents to communicate to this server.
Administrators can login to the web interface of Security Manager Plus from any location to view and perform patch management tasks.
2. On a system in the internal network of the service provider, with internet access via a NAT/PAT router
Security Manager Plus can be installed on a system with an internal IP address, within the SerPro network. The NAT router in the service provider IDC will have the public IP address for external internet traffic, and this will redirect all traffic to and from the internal IP addresses. The NAT router must be configured (mapping in the routing table) in such a way that it routes all HTTP (web) traffic coming through port 6767 (default web server port of Security Manager Plus server) to the internal IP address of the system which has Security Manager Plus Server installed.
The SMP agents will have the external IP of the SerPro NAT router configured as the SMP Server name and will establish contact over the web on port 6767 (default). The NAT router at SerPro will take care of redirecting the requests/responses to the internal IP address of the SMP Server machine.
Setting Up Security Manager Plus Agents at the customer sites
This process is very much simple and does not involve any major configurations at the customer sites.
Differences between Security Manager Plus Agent in HTTPS mode and TCP mode
Refer to the documentation for more information on Security Manager Plus Agent Installation, Setup and Configuration.