Trend Micro OfficeScan 7
Trend Micro is close to releasing a major upgrade to its product line, but for
this review, I worked with the currently available version of OfficeScan. OfficeScan
7 Client/Server edition is a tiered threat-management system. It has an integrated
Web-based management console that operates under Microsoft IIS or Apache Web
servers. With OfficeScan, Trend Micro includes a license to use Control Manager,
its premium Web-based management console. Although Control Manager requires
IIS (Trend Micro is working to relax that restriction), it provides the ability
to manage other Trend Micro security products under a single umbrella console.
Trend Micro also offers Control Manager in an Enterprise Edition, which adds
support for a cascading server structure and a reporting system for managed
clients and child servers.
Architecture
OfficeScan protects desktops, mobile systems, and servers from viruses, Trojans,
worms, hackers, and network viruses in addition to spyware and mixed threat-attacks.
Its architecture is multi-tiered. Control Manager and OfficeScan install on
a Windows server. Control Manager uses a SQL Server (MSDE by default) database
to store client information. An agent on client systems communicates with the
OfficeScan server to report its status and to determine where to download updates.
Optionally, you can configure a client agent to cache updates from the OfficeScan
server for distribution to other local clients within designated IP address
ranges. Alternatively, you can configure child OfficeScan distribution servers
at remote sites. When laptops and other mobile systems fail to connect to the
OfficeScan server—as they would when away from the office—you can
configure them to connect to Trend Micro servers to get available updates. The
ability to install second-tier OfficeScan servers allows OfficeScan with Control
Manager to serve large multisite organizations.
On clients, the Control Manager agent includes a single Communicator, which
coordinates communication with managed servers. OfficeScan installs an agent
for each Trend Micro product installed on a client.
Server requirements are minimal: Windows 2003 or Win2K Server, IIS, and Java
Runtime. Trend Micro also supports OfficeScan under NT 4.0. The Control Manager
console offers you several options to deploy the agent, including using a third-party
facility to deploy an agent MSI package, Group Policy, or a direct remote deployment.
Server components require an x86 or IA64 OS; client components are supported
on x86, x64, and IA64 systems. OfficeScan includes support for users of Cisco
NAC 2.0 and supports deployment of the Cisco NAC agent.
Installation
I installed Control Manager 3.5 and OfficeScan Corporate Edition 7.3 on a Windows
2003 system. Installation guides for both products clearly describe the system
requirements, planning guidelines, and detailed installation procedures. Installation
took a couple of hours, including time during which I scanned the documentation,
but proceeded with few surprises. I needed to install a Control Manager agent
with OfficeScan before Control Manager would recognize OfficeScan's presence
on the same server, a requirement that wasn’t clear until I had a conversation
with Trend Micro technical support. Control Manager makes use of a SQL Server
database and offers to install MSDE as an alternative.
Security Features
Console access is configurable to require Secure Sockets Layer (SSL) and HTTP
Secure (HTTPS) communications. Control Manager supports use of both AD domain
user IDs and Trend Micro user IDs to authenticate console access. You can assign
one of three access levels to an ID: Administrator, Power User, or Operator,
and can assign each user granular access rights to the various hierarchy levels
of your organization’s Trend Micro products and product servers to accommodate
decentralized management.
Console Features
Two consoles were relevant for this review: the Control Manager console and
the OfficeScan console. When I first spoke with Trend Micro, I was told that
administrators could use the Control Manager console in lieu of the OfficeScan
console. Technically, that may be true—because you have the ability to
drill in to the OfficeScan console from the Control Manager console, as Figure
5 shows. Because of the limited screen area, I found it easier simply to
use the OfficeScan console for most OfficeScan-related tasks and use the Control
Manager console only when needed. Control Manager does add a number of features,
most notably a reporting function that greatly enhances your ability to report
which threats are being detected, where they are coming from, and the general
status of managed systems.
Logging into Control Manager displays the home page, a status summary of all
product versions, and recent threat detection. Five top-level menu choices—Home,
Services, Products, Reports, and Administration—are listed across the
top of the home page. Much of the configuration will occur on the Administration
pages. Companies using many Trend Micro products that span many servers will
be able to organize them in a hierarchical structure within Control Manager.
In this environment, Control Manager lets you view all servers from one location,
create reports. and log into individual servers to administer the product each
hosts.
After I completed the installation of Control Manger, OfficeScan, and a patch
update for each, I continued as the Control Manager Installation Guide suggested,
by creating another administrative user and initiating a manual download of
all updates. Then, from the OfficeScan console, I completed OfficeScan’s
post-installation configuration: modifying default scan settings, global client
settings, and client privileges. Scan settings determine what, when, and how
threat scanning will occur. Client privileges determine how clients can modify
the operation of the virus scan. The Global Client Settings-Grouping rule is
an important one: With it, you decide whether to ask OfficeScan to group clients
by NetBIOS domain name, AD domain, or DNS domain.
Deploying OfficeScan to clients is the next step, and Trend Micro offers the
full range of alternatives, including remote deployment from the OfficeScan
console and a client-initiated deployment from an OfficeScan Web page. Remote
deployment to Windows XP systems requires that XP's Simple File Sharing be disabled
to allow the OS to pass to the client the administrative credentials required
for installation; Windows Firewall on the XP client musn't prevent the connection.
The console made deployment easy, allowing me to drill into the domain, select
clients, supply credentials, and initiate the install. On the client, three
Trend Micro services appeared: a listener, a firewall, and a scanner.
Organizing clients and managing policies wasn’t as direct as I found
with other products. In addition to the default domain-oriented groups that
OfficeScan created, I was able to add other groups to the client tree structure.
Unlike Control Manager's ability to create a multi-tiered structure organizing
trend Trend Micro products and servers, OfficeScan doesn't support creating
subgroups of existing groups when organizing computers for policy management.
After selecting a group, you have two ways to apply policy settings: by directly
changing the settings on panes accessible from the Scan Options and Client Privileges
menu, and by exporting the policy settings to a file from another appropriately
configured group, then importing them to the group that you want to configure.
The ability to export a group's policy settings to a file can be viewed as a
form of named policy settings, albeit much less elegant than the named-policy
facilities that some of the other products implement.
Prev. page
1
2
3
4
5
[6]
7
next page 
