About the
Data Center Security: Server Advanced
components

Data Center Security: Server Advanced
includes the management server, agents, the
Security Virtual Appliance
, and the
Unified Management Console
. The agent components provide intrusion prevention and detection on physical or virtual computers, while the
Security Virtual Appliance
provides agentless anti-malware protection for VMware guest VMs running on Windows. The management server,
Unified Management Console
, and Java console run on Windows operating systems. The agents run on Windows and UNIX operating systems. The
Security Virtual Appliance
is a virtual appliance. The
Security Virtual Appliance
is deployed into VMWare NSX or vShield using the
Unified Management Console
.
Data Center Security: Server Advanced
includes the management server, agents, the
Security Virtual Appliance
, and the
Unified Management Console
. The agent components provide intrusion prevention and detection on physical or virtual computers, while the
Security Virtual Appliance
provides agentless anti-malware protection for VMware guest virtual machines running on Windows. The management server,
Unified Management Console
, and Java console run on Windows operating systems. The agents run on Windows and UNIX operating systems. The
Security Virtual Appliance
is a virtual appliances. The
Security Virtual Appliance
is deployed into VMWare NSX using the
Unified Management Console
.
The management server and the Java console can be installed on one system or in a distributed model. Agents are generally deployed to every supported host to be monitored and protected, including the management server and SQL server database. Remote monitoring can extend file integrity monitoring and log monitoring functionality to systems where no native agent exists. For example, such systems include mainframe zLinux, AS 400, VAX, or VMS systems.
The following diagram displays the
Data Center Security: Server Advanced
environment setup:
Key components of
Data Center Security: Server Advanced
Component
Description
Security Virtual Appliance
The
Security Virtual Appliance
provides agentless anti-malware security services for VMware guest virtual machines.
The
Security Virtual Appliance
is deployed as the Datacenter Protection Service from the vSphere web client, after registering the service with the NSX Manager.
Security Virtual Appliance
's reputation based exoneration capabilities minimizes the convictions of false positives.
For information on deploying and using the
Security Virtual Appliance
see the
Data Center Security: Server Advanced
Implementation Guide Integration with VMware NSX
.
Data Center Security: Server Advanced
agent for behavior control
The
Data Center Security: Server Advanced
agent for behavior control provides the following capabilities:
  • Intercepts the system calls to enforce prevention policies
  • Contains multiple detection sensors for monitoring system change events and log files
  • Contains the tools for configuration and diagnostic support
  • Downloads the policies and settings from the management server and uploads events and status information to the management server
  • Natively supports a wide variety of Windows, UNIX and Linux servers and workstations
  • Supported on VMware guest systems for detection and prevention with any of the operating systems that are natively supported
  • Can be used to remotely monitor another host without a native agent, but note that only detection features are available in this mode
See the http://www.symantec.com/docs/DOC8924 for more information on the supported operating systems, and agent features supported on each operating system.
Management server
The management server is based on Tomcat Application Server software.
The management server provides the following capabilities:
  • Secure communications with agent and console.
  • Bulk event file storage management for efficient archival storage of all logged events.
  • Store policies in a central location and provides an integrated, scalable, flexible, agent, and policy management infrastructure.
  • Alert processing (SMTP, SNMP, file), data purging, and other management functions.
  • Coordinate policy distribution, and manages agent event logging and reporting.
The management server supports high availability and scalability.
Database
The database provides the following capabilities:
  • Accessible through JDBC/ODBC
  • Stores the policies, agent information, and real-time actionable events
  • Lets you configure encrypted communications between the database and the management server
Predefined Detection and Prevention policies
The predefined Detection and Prevention policies provide the following capabilities:
  • Best practice policy content for operating system protection of Windows, Linux, and UNIX.
  • Common use case templates for creating customer-specific rules
  • Easy policy configuration interface
  • Flexible administration of the policies that are applied to agents
Predefined Anti-malware policies
Security Virtual Appliance
provides out-of-the-box anti-malware policies to protect your virtual environment against malware.
Security Virtual Appliance
provides two types of policies as follows:
  • Antivirus policies are the policies that provide basic level and advanced level protection from malware.
    For example, antivirus policies can be configured to provide protection to the guest virtual machines from malicious virus attacks.
  • Configuration policies are predefined configuration settings that are applicable to the
    Security Virtual Appliance
    .
    For example, configuration policies define the behavior of a
    Security Virtual Appliance
    and can generate events if any changes are made to the configuration settings of a
    Security Virtual Appliance
    and its services, and when the settings of scheduled scans and LiveUpdate server are changed.
Unified Management Console
The
Unified Management Console
lets you register, configure, and manage various features and components in
Data Center Security: Server Advanced
.
See the
Symantec Data Center Security: Server, Monitoring Edition, & Server Advanced Planning and Deployment Guide
for detailed information on planning a
Data Center Security: Server Advanced
deployment in an enterprise environment, and installing the
Data Center Security: Server Advanced
components. The
Symantec Data Center Security: Server, Monitoring Edition, & Server Advanced Planning and Deployment Guide
also provides information on the system requirements for installing the product components.
See the http://www.symantec.com/docs/DOC8924 for information on the supported operating systems, and agent features supported on each operating system.