Groups are the key organizational unit for Kaspersky Lab application management,
and you create groups and subgroups to organize managed systems. Kaspersky Lab
calls the collection of groups the "logical network." Within a Group
you’ll find folders for policies, group tasks, and administrative servers.
In large implementations, the Administration servers folder lets you assign
a slave server to service the group. Group tasks let you configure and schedule
activities such as applying software and protection updates to clients and scheduling
system scanning. The Policies folder is the container for named policies.
The Network:Domains folder contains domains, workgroups, and computers discovered
on the network and configurable by IP scan, network browsing, and AD interrogation.
Move systems from the Network folder structure to the groups that make up your
logical network, which you create under the Groups folder. When you delete a
computer from a group, it shows back up under the Network folder. For each domain,
you can configure a group into which the administration server will automatically
place newly discovered systems and apply the policies associated with that group.
A named policy seen in the administration console holds all the settings for
an installed product, such as Anti-Virus 6.0 for Workstations. Policies can
be marked active or not, and can be cut, copied, and pasted to the Policies
folders for other groups. Policies are inherited down through the logical network.
By default, inherited policies don’t display in the Policies folder of
subgroups, a default that you can change from the right-click menu of any Policies
folder. Two event-based types of policies are possible: a mobile user policy,
applied when a user disconnects from the network; and an event-enabled policy,
applied when a virus outbreak event occurs. Multiple instances of policies for
the same application might occur within the same group, either explicitly or
by inheritance. I’m not sure what happens when you have two normal (not
event-driven) active policies for the same application in the same folder, though
I was able to create such an instance.
Tasks management is similar to policy management. Tasks are inherited down
the logical network, and inherited tasks are not displayed by default.
The documentation that I saw was useful, although I got the impression it
was incomplete: There was no Administration Kit Users Guide, for example. Fortunately,
the administrative console’s Help documentation was thorough and very
useful, and I relied on it for much of my testing.
Final Analysis
The Kaspersky Administration Kit is a capable product. Combined with Anti-Virus
6.0 for Workstations, which I used as a review application, it offers a broad
scope of threat detection and protection that I haven't discussed. The structure
of the management console occurred to me as less than ideal. For larger organizations
I think the verbosity of the console tree would become cumbersome. My perspective
is that displaying the Policies, Group tasks, and Administration servers folders
under each group is unnecessary. However, these are minor issues. The core functionality
is broad in scope and includes features (such as monitoring the activity of
Office products) you won’t find in many other products.
Kaspersky
Lab Open Space Security with Administration Kit 6.0, Anti-Virus 6.0 for
Workstations, and Anti-Virus 6.0 for Servers
PROS: Flexible,
easily understood policy structure using a named policy approach; policy
and task inheritance through the group structure is clean; effective system
discovery and simple manual assignment to groups
CONS: Limited
automatic assignment of new systems to policy groups—might designate
only one policy group for each domain or workgroup computers belong to;
inelegant console organization
RATING: 4 out of 5
PRICE:
For Anti-Virus 6.0 for Workstations and Anti-Virus 6.0 for Servers;
10 nodes: $35 per node; 100 nodes: $22.50 per node; 1,000 nodes: $16 per
node; contact vendor for volumes greater than 1,000 nodes
RECOMMENDATION:
A competent management structure, but the console layout is unimpressive.
CONTACT: Kaspersky Lab
http://www.kaspersky.com
(781) 503-1800
|
McAfee ePolicy Orchestrator 3.6.1
McAfee's ePolicy Orchestrator (ePO) comprises a number of components. ePO Server
manages policies, handles events, orchestrates tasks, and coordinates software
and protection updates. ePO uses SQL Server databases to store information about
the logical managed system structure, represented by the ePO console’s
console tree. ePO consoles can be installed locally and remotely, allowing administrators
flexibility in management. An ePO agent resides on each managed system, enforcing
policies, reporting events, and retrieving updates. A rogue system detection
sensor, installed on one or two systems on each subnet, listens to broadcast
messages to detect the presence of systems without an ePO agent, initiating
a configurable action when one is detected. A master repository, maintained
on the ePO server, obtains all updates according to a designated schedule. The
ePO server distributes updates to strategically placed update repositories throughout
the network. Depending on the network, you can choose to make update repositories
available via HTTP, FTP, or Universal Naming Convention (UNC) file-sharing protocols,
or to promote a managed system to SuperAgent status, caching updates for the
benefit of other local systems. McAfee also supports manually maintained repositories
to protect isolated networks from physically introduced threats.
By default, agents check the ePO server once every hour for updates. When
necessary, the server administrator can request immediate communication from
agents—for example, to effect an immediate policy change.
Within ePO policies are sets of configuration settings for a particular software
application, and they can be designated for assignment to a location in the
console tree. Appropriate policies are sent to client agents, which check the
client’s status periodically (every 5 minutes by default) for compliance,
and reinstate and report any out-of-compliance conditions. Events reported to
the ePO server are handled according to notification rules you set up and can
include notification messages, ePO-based tasks such as agent deployment, and
running any external program.
McAfee suggests organizing your console tree for efficient policy deployment
and supports multiple levels of groupings. McAfee calls the first level Sites;
below Sites are Groups. Grouping similarly configured systems is recommended.
A special Lost and Found group (essentially a holding area for systems requiring
manual placement) is created for the directory and for each site and contains
discovered systems when their placement within the directory structure can’t
be determined. By default, policies are inherited down throughout the directory
structure and can be overridden at any point.
Console security is provided by two types of McAfee user IDs: administrators
and reviewers. Global Administrators have full access; Site Administrators can
manage their own site and view other sites. Similarly, Global Reviewers can
view, but not alter, the settings of all sites, and Site Reviewers can view
their own site only.
Prev. page
1
2
[3]
4
5
6
7
next page 
