SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
Download as PPTX, PDF0 likes4,103 views
The document outlines the management and security of Symantec Endpoint Protection Manager (SEPM) servers, highlighting tasks such as managing server connections, maintaining security through digital certificates, and configuring various server settings. It also covers managing administrator accounts, database maintenance, and disaster recovery techniques. Key functionalities include importing/exporting settings, controlling log entries, and ensuring performance through regular database maintenance.
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
- 1. MODULE 18: PERFORMING SERVER AND DATABASE MANAGEMENT 1
- 2. MANAGING SEPM SERVERS You can centrally manage all types of servers from the Admin page in the Symantec Endpoint Protection Manager Console. The Admin page, under View Servers, lists the following groupings: ■ Local Site The console on the local site, databases, replication partners, such as other consoles whose databases replicate, and optional Enforcers ■ Remote Sites The console on any remote site, databases, replication partners, such as other management servers whose databases replicate, and optional Enforcers 2
- 3. MANAGING SEPM SERVERS Starting and stopping the management server service When you install Symantec Endpoint Protection Manager, the last step of the Server Configuration Assistant includes a console check box (selected by default). If you leave the check box selected, the console automatically starts. The management server runs as an automatic service. If it did not start automatically, you can start it (and later stop it) by using Services from the Administrative Tools from the Start menu. 3
- 4. MANAGING SEPM SERVERS Deleting selected servers You may have uninstalled multiple installations of Symantec Endpoint Protection Manager. However, they might still display in the management server Console. In this situation, you must delete the connections. The most common occurrence of this situation is when you use a Microsoft SQL database with multiple management servers connected to it. If one management server is uninstalled, it still appears on the other consoles. You need to manually delete the servers that are no longer connected. 4
- 5. MANAGING SEPM SERVERS Exporting and importing server settings You may want to export or import settings for a Symantec Endpoint Protection Manager. Settings are exported to a file in xml format. 5
- 6. MAINTAINING SERVER SECURITY All of the servers for which you can establish a connection require you to configure third-party passwords in the Symantec Endpoint Protection Manager. The third-party passwords are automatically saved in the database that you created when you initially installed the management server. You are typically prompted to provide the third-party password during the configuration of the following types of servers: ■ Email servers ■ Directory servers ■ RSA servers ■ Proxy servers 6
- 7. MAINTAINING SERVER SECURITY Granting or denying access to remote Symantec Endpoint Protection Manager consoles You can secure the main console by granting or denying access to those computers on which a remote console is installed. By default, all consoles are allowed access. Administrators can log on to the main console locally or remotely from any computer on the network. 7
- 8. MAINTAINING SERVER SECURITY Digital certificates are the industry standard for authenticating and encrypting sensitive data. If you want to prevent the reading of information as it passes through routers in the network, you need to encrypt the data. Therefore you need a digital certificate that uses the HTTPS protocol. As part of this secure procedure, the server identifies and authenticates itself with a server certificate. 8
- 9. MAINTAINING SERVER SECURITY Symantec uses the HTTPS protocol for the communication between all the servers, clients, and optional Enforcers in a network. You must also enable encryption on Symantec Endpoint Protection Manager so that the server identifies and authenticates itself with a server certificate. If you do not enable this option, then the installation of a digital certificate is not effective. 9
- 10. MAINTAINING SERVER SECURITY The management server supports the following types of certificate: ■ JKS keystore file (.jks) A Java tool that is called keytool.exe generates the keystore file. Symantec supports only the Java Key Standard (JKS) format. The Java Cryptography Extension (JCEKS) format requires a specific version of the Java Runtime Environment (JRE). The management server supports only a JCEKS keystore file that is generated with the same version as the Java Development Kit (JDK) on the management server. The keystore must contain both a certificate and a private key. The keystore password must be the same as the key password. It is usually exported from Internet Information Services (IIS). ■ PKCS12 keystore file (.pfx and .p12) ■ Certificate and private key file (DER and PEM format) Symantec supports unencrypted certificates and private keys in the DER or the PEM format. PKCS8-encrypted private key files are not supported. 10
- 11. COMMUNICATING WITH OTHER SERVERS Establishing communication between Symantec Endpoint Protection Manager and email servers If you want to use email notification, you need to configure the email server on Symantec Endpoint Protection Manager. 11
- 12. COMMUNICATING WITH OTHER SERVERS Setting up a connection between an HTTP proxy server and Symantec Endpoint Protection Manager If you support an HTTP proxy server in the corporate network, you need to connect the HTTP proxy server to Symantec Endpoint Protection Manager. You can use the HTTP proxy server to automatically download LiveUpdate contents. 12
- 13. COMMUNICATING WITH OTHER SERVERS Configuring Symantec Endpoint Protection Manager to use RSA SecurID Authentication If your corporate network includes an RSA server, you need to install the software for an RSA ACE Agent on the computer on which you installed Symantec Endpoint Protection Manager and configure it as a SecurID Authentication client. 13
- 14. MANAGING ADMINISTRATORS You can use administrator accounts to manage Symantec Endpoint Protection Manager. Administrators log on to the Symantec Endpoint Protection Manager console to change policy settings, manage groups, run reports, and install client software, as well as other management tasks. The default account is a system administrator account, which provides access to all features. You can also add a more limited administrator account, for administrators who need to perform a subset of tasks. 14
- 15. MANAGING ADMINISTRATORS When you install the Symantec Endpoint Protection Manager, a default system administrator account is created, called admin. The system administrator account gives an administrator access to all the features in Symantec Endpoint Protection Manager. To help you manage security, you can add additional system administrator accounts, domain administrator accounts, and limited administrator accounts. Domain administrators and limited administrators have access to a subset of Symantec Endpoint Protection Manager features. 15
- 16. MANAGING ADMINISTRATORS You choose which accounts you need based on the types of roles and access rights you need in your company. For example, a large company may use the following types of roles: 16
- 17. MANAGING ADMINISTRATORS 1. An administrator who installs the management server and the client installation packages. After the product is installed, an administrator in charge of operations takes over. These administrators are most likely system administrators. 2. An operations administrator maintains the servers, databases, and installs patches. If you have a single domain, the operations administrator could be a domain administrator who is fully authorized to manage sites. 17
- 18. MANAGING ADMINISTRATORS 3. An antivirus administrator, who creates and maintains the Virus and Spyware policies and LiveUpdate policies on the clients. This administrator is most likely to be a limited administrator. 4. A desktop administrator, who is in charge of security and creates and maintains the Firewall policies and Intrusion Prevention policies for the clients. This administrator is most likely to be a domain administrator. 18
- 19. MANAGING ADMINISTRATORS 5. A help desk administrator, who creates reports and has readonly access to the policies. The antivirus administrator and desktop administrator read the reports that the help desk administrator sends. The help desk administrator is most likely to be a limited administrator who is granted reporting rights and policy rights. 19
- 20. MANAGING ADMINISTRATORS Adding an administrator account As a system administrator, you can add another system administrator, administrator, or limited administrator. As an administrator within a domain, you can add other administrators with access rights equal to or less restrictive 20
- 21. MANAGING ADMINISTRATORS Configuring the access rights for a limited administrator If you add an account for a limited administrator, you must also specify the administrator's access rights. Limited administrator accounts that are not granted any access rights are created in a disabled state and the limited administrator will not be able to log on to the management server. 21
- 22. MANAGING ADMINISTRATORS Changing the authentication method for administrator accounts After you add an administrator account, the user name and password are stored in the Symantec Endpoint Protection Manager database. When the administrator logs on to the management server, the management server verifies with the database that the user name and password are correct. However, if your company uses a third-party server to authenticate existing user names and passwords, you can configure Symantec Endpoint Protection Manager to authenticate with the server. 22
- 23. MANAGING ADMINISTRATORS Changing the password for an administrator account For security purposes, you may need to change the password for another administrator's account. The following rules apply to changing passwords: ■ System administrators can change the password for all administrators. ■ Domain administrators can change the password for other domain administrators and limited administrators within the same domain. ■ Limited administrators can change their own passwords only. 23
- 24. MANAGING THE DATABASE Symantec Endpoint Protection supports both an embedded database and the Microsoft SQL Server database. If you have more than 5,000 clients, you should use a Microsoft SQL Server database. Symantec Endpoint Protection Manager automatically installs an embedded database. The database contains information about security policies, configuration settings, attack data, logs, and reports. 24
- 25. MANAGING THE DATABASE After you install Symantec Endpoint Protection Manager, the management server may start to slow down after a few weeks or a few months. To improve the management server performance, you may need to reduce the database storage space and schedule various database maintenance tasks. 25
- 26. MANAGING THE DATABASE Scheduling automatic database backups You can schedule database backups to occur at a time when fewer users are logged on to the network. You can also back up the database at any time. 26
- 27. MANAGING THE DATABASE Scheduling automatic database maintenance tasks After you install the management server, the space in the database grows continually. The management server slows down after a few weeks or months. To reduce the database size and to improve the response time with the database, the management server performs the following database maintenance tasks: ■ Truncates the transaction log. The transaction log records almost every change that takes place within the database. The management server removes unused data from the transaction log. ■ Rebuilds the index. The management server defragments the database table indexes to improve the time it takes to sort and search the database. 27
- 28. MANAGING THE DATABASE Increasing the Microsoft SQL Server database file size If you use the Microsoft SQL Server database, periodically check the database size to make sure that the database does not reach its maximum size. If you can, increase the maximum size that the Microsoft SQL Server database holds. 28
- 29. MANAGING THE DATABASE Exporting data to a Syslog server To increase the space in the database, you can configure the management server to send the log data to a Syslog server. When you export log data to a Syslog server, you must configure the Syslog server to receive the logs. 29
- 30. MANAGING THE DATABASE Specifying how long to keep log entries in the database To help control hard disk space, you can decrease the number of log entries that the database keeps. You can also configure the number of days the entries are kept. 30
- 31. MANAGING THE DATABASE Clearing log data from the database manually You can perform a manual log sweep after backing up the database, if you prefer to use this method as part of routine database maintenance. If you allow an automatic sweep to occur, you may lose some log data if your database backups do not occur frequently enough. If you regularly perform a manual log sweep after you have performed a database backup, it ensures that you retain all your log data. This procedure is very useful if you must retain your logs for a relatively long period of time, such as a year. You can manually clear the logs, but this procedure is optional and you do not have to do it. 31
- 32. DISASTER RECOVERY TECHNIQUES Reinstalling or reconfiguring Symantec Endpoint Protection Manager If you need to reinstall or reconfigure the management server, you can import all your settings by using a disaster recovery file. You can reinstall the software on the same computer, in the same installation directory. You can also use this procedure to install an additional site for replication. The Symantec Endpoint Protection Manager creates a recovery file during installation. The recovery file is selected by default during the reinstallation process. 32
- 33. DISASTER RECOVERY TECHNIQUES Generating a new server certificate If you reinstall Symantec Endpoint Protection Manager on a different computer, you must generate a new server certificate. If the original computer is corrupted or you upgrade the management server from a previous version, you must reinstall Symantec Endpoint Protection Manager on a different computer. To reinstall Symantec Endpoint Protection Manager on a different computer, you install the management server as if for the first time, rather than with the recovery file. 33
- 34. DISASTER RECOVERY TECHNIQUES Restoring the database If the database gets corrupted or you need to perform disaster recovery, you can restore the database. To restore the database, you must first have backed it up. You must restore the database using the same version of Symantec Endpoint Protection Manager that you used to back up the database. You can restore the database on the same computer on which it was installed originally or on a different computer. The database restore might take several minutes to complete. 34
Editor's Notes
- #28: By default, the management server performs these tasks on a schedule. You canperform the maintenance tasks immediately, or adjust the schedule so that itoccurs when users are not on their computers.
- #34: You reinstall the database settings on a different computer by using the databasebackup and restore utility. However, the server certificate that the newmanagement server uses does not match the existing server certificate in therestored database. Because client-server communication uses the server certificate,you must generate a new server certificate.