About the
Data Center Security: Server Advanced
infrastructure

Data Center Security: Server Advanced
includes the following components:
  • The Unified Management Console and the server components
  • The agent components that provide intrusion prevention and detection on physical or virtual computers
  • The Security Virtual Appliance (SVA) that provides agentless anti-malware protection for VMware guest VMs running Windows
The management server and the Java console run on Windows operating systems. The agents run on Windows and UNIX operating systems. The SVA is configured with VMWare NSX or vShield by using the Unified Management Console.
The management server and the Java console run on Windows operating systems. The agents run on Windows and UNIX operating systems. The SVA is configured with VMWare NSX by using the Unified Management Console.
The management components of
Data Center Security: Server Advanced
can be installed on one system or in a distributed model. Agents are generally deployed to every supported host to be monitored and protected, including the management server, the Java console, and the SQL server database. Remote monitoring can extend file integrity monitoring and log monitoring functionality to systems where no native agent exists. For example, such systems include mainframe zLinux, AS 400, VAX, or VMS systems.
The following diagram displays the
Data Center Security: Server Advanced
environment setup:
Key components of
Data Center Security: Server Advanced
Component
Description
DCS Security Virtual Appliance (SVA)
The DCS SVA provides agentless anti-malware security services and network security for VMware guest virtual machines.
The SVA is deployed as the Datacenter Protection Service from the vSphere web client, after registering the service with the NSX Manager or vShield Manager.
The SVA is deployed as the service from the vSphere web client, after registering the service with the NSX Manager.
DCS SVA's reputation based exoneration capabilities minimizes the convictions of false positives.
For information on deploying and using the SVA see the
Symantec Data Center Security: Server Implementation Guide Integration with VMware NSX and vShield
.
The DCS SVA is a closed system that should not require access under normal use by users. If you are encountering a problem with the SVA, contact Symantec Technical Support for guidance and instructions on the appropriate next steps.
Data Center Security: Server Advanced
agent for behavior control
The
Data Center Security: Server Advanced
agent for behavior control provides the following capabilities:
  • Intercepts the system calls to enforce prevention policies
  • Contains multiple detection sensors for monitoring system change events and log files
  • Contains the tools for configuration and diagnostic support
  • Downloads the policies and settings from the management server and uploads events and status information to the management server
  • Natively supports a wide variety of Windows, UNIX and Linux servers and workstations
  • Supported on VMware guest systems for detection and prevention with any of the operating systems that are natively supported
  • Can be used to remotely monitor another host without a native agent, but note that only detection features are available in this mode
See the http://www.symantec.com/docs/DOC8924 for more information on the supported operating systems, and agent features supported on each operating system.
Management Server
The management server is based on Tomcat Application Server software.
The management server provides the following capabilities:
  • Secure communications with agent and console
  • Bulk event file storage management for efficient archival storage of all logged events
  • Store policies in a central location and provides an integrated, scalable, flexible, agent, and policy management infrastructure.
  • Alert processing (SMTP, SNMP, file), data purging, and other management functions
  • Coordinate policy distribution, and manages agent event logging and reporting.
The management server supports high availability and scalability.
Unified Management Console
The Unified Management Console (UMC) is a web console that lets you register, configure, and manage various features and products in Data Center Security.
Unified Management Console is installed when you install the Management Server. Unified Management Console does not require any additional infrastructure.
To login to your
Unified Management Console
, access
https://<server ip address>:8443/webportal
and use your administrator credentials.
You can also use your smart card to login to your
Unified Management Console
. Using your Smart Card for authentication in
Symantec Data Center Security: Server Advanced
Database
The database provides the following capabilities:
  • Accessible through JDBC/ODBC.
  • Stores the policies, agent information, and real-time actionable events.
  • Lets you configure encrypted communications between the database and the management server.
Predefined Detection and Prevention policies
The predefined Detection and Prevention policies provide the following capabilities:
  • Best practice policy content for operating system protection of Windows, Linux, and UNIX.
  • Common use case templates for creating customer-specific rules.
  • Easy policy configuration interface.
  • Flexible administration of the policies that are applied to agents.
Predefined Anti-malware and network security policies
Data Center Security: Server
provides out-of-the-box anti-malware and network security policies to protect your virtual environment against malware. The
Security Virtual Appliance
provides three types of policies as follows:
  • Network security policies are used for specifying settings to monitor Network traffic. You can configure these policies to detect, log, and block the network threats.
  • Antivirus policies are the policies that provide basic level and advanced level protection from malware.
    For example, antivirus policies can be configured to provide protection to the guest virtual machines from malicious virus attacks.
  • Configuration policies are predefined configuration settings that are applicable to the
    Security Virtual Appliance
    .
    For example, configuration policies define the behavior of a
    Security Virtual Appliance
    and can generate events if any changes are made to the configuration settings of a
    Security Virtual Appliance
    and its services, and when the settings of scheduled scans and LiveUpdate server are changed.
Key points to remember about the ports and the communication flow in
Data Center Security: Server Advanced
are as follows:
  • Data Center Security: Server Advanced
    requires very few ports.
  • All ports are configurable, except the port 8443. The Unified Management Console uses port 8443.
  • Agents can communicate readily within a network address translation environment. A network address translation environment initiates connections to the management server to transmit events and download policy updates or configuration updates.
When you deploy
Data Center Security: Server Advanced
in your environment, you must ensure that the proper communications and connectivity are available for the following components:
  • Unified Management Console
    to Management Server
  • Server to database
  • Agents to Management Server
  • Security Virtual Appliance to Management Server
Agents continue to monitor and enforce security even if network outages occur between the agents and the server environment. In fact, you can also configure the agent to operate in a standalone or an unmanaged mode.
If network outage occurs between the
Security Virtual Appliance
and the NSX Manager,
Security Virtual Appliance
uses the default policies to continue monitoring and enforcing anti-malware security on the guest virtual machines.
You can deploy
Data Center Security: Server Advanced
components on physical systems and in virtualized environments. A virtualized ecosystem such as the one supported by VMware has many parts. Its parts include management infrastructure, virtual guest machines, and hypervisors that span a variety of operating systems. To protect this heterogeneous environment,
Data Center Security: Server Advanced
relies on specific policies and enforcement agents that are appropriate to each component to be secured. The components include ESX, ESXi, and vCenter.
For more information about
Data Center Security: Server Advanced
, refer to the
Symantec Data Center Security: Server Advanced Overview Guide
.