About the Data Center Security: Server Advanced infrastructure
Data Center Security: Server Advanced
infrastructureData Center Security: Server Advanced
includes the following components:- The Unified Management Console and the server components
- The agent components that provide intrusion prevention and detection on physical or virtual computers
- The Security Virtual Appliance (SVA) that provides agentless anti-malware protection for VMware guest VMs running Windows
The management server and the Java console run on Windows operating systems. The agents run on Windows and UNIX operating systems. The SVA is configured with VMWare NSX or vShield by using the Unified Management Console.
The management server and the Java console run on Windows operating systems. The agents run on Windows and UNIX operating systems. The SVA is configured with VMWare NSX by using the Unified Management Console.
The management components of
Data Center Security: Server Advanced
can be installed on one system or in a distributed model. Agents are generally deployed to every supported host to be monitored and protected, including the management server, the Java console, and the SQL server database. Remote monitoring can extend file integrity monitoring and log monitoring functionality to systems where no native agent exists. For example, such systems include mainframe zLinux, AS 400, VAX, or VMS systems.The following diagram displays the
Data Center Security: Server Advanced
environment setup:Component | Description |
|---|---|
DCS Security Virtual Appliance (SVA) | The DCS SVA provides
agentless anti-malware security services and network security for VMware guest virtual
machines. The SVA is deployed as the Datacenter Protection Service from
the vSphere web client, after registering the service with the NSX Manager or vShield Manager. The SVA is deployed as the service from
the vSphere web client, after registering the service with the NSX Manager. DCS SVA's
reputation based exoneration capabilities minimizes the convictions of false positives.
For information on deploying and using the SVA see the Symantec™ Data Center Security: Server Implementation Guide Integration with VMware NSX and vShield .The DCS SVA is a closed system that should not require access under normal use by users. If you are encountering a problem with the SVA, contact Symantec Technical Support for guidance and instructions on the appropriate next steps. |
Data Center Security: Server Advanced agent for behavior control | The Data Center Security: Server Advanced agent for behavior control provides the following capabilities:
See the http://www.symantec.com/docs/DOC8924 for more information on the supported operating systems, and agent features supported on each operating system. |
Management Server | The management server is based on Tomcat Application Server software. The management server provides the following capabilities:
The management server supports high availability and scalability. |
Unified Management Console | The Unified Management Console (UMC) is a web console that lets you register, configure, and manage various features and products
in Data Center Security. Unified Management Console is installed when you install the Management Server. Unified Management Console does not require any additional infrastructure. To login to your Unified Management Console , access https://<server ip address>:8443/webportal and use your administrator credentials. You can also use your smart card to login to your Unified Management Console . Using your Smart Card for authentication in Symantec Data Center Security: Server Advanced |
Database | The database provides the following capabilities:
|
Predefined Detection and Prevention policies | The predefined Detection and Prevention policies provide the following capabilities:
|
Predefined Anti-malware and network security policies | Data Center Security: Server provides out-of-the-box anti-malware and network security policies to protect your virtual environment against malware. The Security Virtual Appliance provides three types of policies as follows:
|
Key points to remember about the ports and the communication flow in
Data Center Security: Server Advanced
are as follows:- Data Center Security: Server Advancedrequires very few ports.
- All ports are configurable, except the port 8443. The Unified Management Console uses port 8443.
- Agents can communicate readily within a network address translation environment. A network address translation environment initiates connections to the management server to transmit events and download policy updates or configuration updates.
When you deploy
Data Center Security: Server Advanced
in your environment, you must ensure that the proper communications and connectivity are available for the following components:- Unified Management Consoleto Management Server
- Server to database
- Agents to Management Server
- Security Virtual Appliance to Management Server
Agents continue to monitor and enforce security even if network outages occur between the agents and the server environment. In fact, you can also configure the agent to operate in a standalone or an unmanaged mode.
If network outage occurs between the
Security Virtual Appliance
and the NSX Manager, Security Virtual Appliance
uses the default policies to continue monitoring and enforcing anti-malware security on the guest virtual machines.You can deploy
Data Center Security: Server Advanced
components on physical systems and in virtualized environments. A virtualized ecosystem such as the one supported by VMware has many parts. Its parts include management infrastructure, virtual guest machines, and hypervisors that span a variety of operating systems. To protect this heterogeneous environment, Data Center Security: Server Advanced
relies on specific policies and enforcement agents that are appropriate to each component to be secured. The components include ESX, ESXi, and vCenter. For more information about
Data Center Security: Server Advanced
, refer to the Symantec™ Data Center Security: Server Advanced Overview Guide
.