IBM MSS f/ UTM MGD-DC1 Manuale Utente
Codici prodotto
MGD-DC1
INTC-7816-01 02/2008
Page 4 of 18
2.1.1
Data Gathering
During deployment and initiation, IBM will work with the Customer to deploy a new Agent or begin
management of an existing Agent.
management of an existing Agent.
2.1.2
Project Kickoff
IBM will send the Customer a welcome e-mail and conduct a kickoff call to:
●
introduce the Customer contacts to the assigned IBM deployment specialist;
●
set expectations; and
●
begin to assess the Customer requirements and environment.
IBM will provide a document called “Network Access Requirements”, detailing how IBM will connect
remotely to the Customer’s network, and any specific technical requirements to enable such access.
Typically, IBM will connect via standard access methods through the Internet; however, a site-to-site VPN
may be used, if appropriate.
remotely to the Customer’s network, and any specific technical requirements to enable such access.
Typically, IBM will connect via standard access methods through the Internet; however, a site-to-site VPN
may be used, if appropriate.
2.1.3
Assessment
Data Gathering
IBM will provide a form for the Customer to document detailed information for the initial setup of the Agent
and associated service features. Most of the questions will be technical in nature and help determine the
layout of the Customer network, Hosts on the network, and desired security policies. A portion of the
requested data will reflect the Customer organization, and will include security contacts and escalation
paths.
and associated service features. Most of the questions will be technical in nature and help determine the
layout of the Customer network, Hosts on the network, and desired security policies. A portion of the
requested data will reflect the Customer organization, and will include security contacts and escalation
paths.
Environment Assessment
Using the provided information, IBM will work with the Customer to understand the existing Customer
environment, and build a configuration and security policy for the Agent. If migrating from an existing
Agent to a newer Agent, IBM will use the configuration and policy on the existing Agent.
environment, and build a configuration and security policy for the Agent. If migrating from an existing
Agent to a newer Agent, IBM will use the configuration and policy on the existing Agent.
During this assessment, IBM may make recommendations to adjust the policy of the Agent or the layout
of the network to enhance security. IBM recommends that all Agents be deployed inline, at the network
perimeter. If an Agent does not include firewall capabilities, or is implemented with firewall capabilities
disabled, IBM recommends that the Agent be deployed behind a firewall. Placement outside the firewall
may require policy tuning to eliminate high volumes of false alarms and may limit IBM’s ability to
implement certain protection strategies.
of the network to enhance security. IBM recommends that all Agents be deployed inline, at the network
perimeter. If an Agent does not include firewall capabilities, or is implemented with firewall capabilities
disabled, IBM recommends that the Agent be deployed behind a firewall. Placement outside the firewall
may require policy tuning to eliminate high volumes of false alarms and may limit IBM’s ability to
implement certain protection strategies.
If the Customer chooses to deploy the Agent in a passive mode, the protection provided by the Agent will
be substantially decreased. Should the Customer choose to transition to an inline deployment at a later
date, this transition will require advance notice due to the extra effort that will be required.
be substantially decreased. Should the Customer choose to transition to an inline deployment at a later
date, this transition will require advance notice due to the extra effort that will be required.
IBM will work with the Customer to help determine an optimal Agent configuration based on the
Customer’s network and firewall configuration, and the most active worldwide threats (as determined by
the IBM Global Threat Operations Center). IBM may tune the policy to reduce the number of erroneous
alarms, if required.
Customer’s network and firewall configuration, and the most active worldwide threats (as determined by
the IBM Global Threat Operations Center). IBM may tune the policy to reduce the number of erroneous
alarms, if required.
Existing Agent Assessment
If IBM will be taking over management of an existing Agent, IBM must assess the Agent to be sure it
meets certain specifications. IBM may require the Agent software or Security Content to be upgraded to
the most current versions in order to provide the service. Other required criteria may include the addition
or removal of applications and user accounts.
meets certain specifications. IBM may require the Agent software or Security Content to be upgraded to
the most current versions in order to provide the service. Other required criteria may include the addition
or removal of applications and user accounts.
2.1.4
Implementation
Configuration at IBM
For Agents purchased through IBM at the time of deployment, much of the configuration and policy
setting will take place at IBM facilities. For existing Agents already in use, the Customer will have the
option to ship the Agent to IBM for configuration at IBM facilities.
setting will take place at IBM facilities. For existing Agents already in use, the Customer will have the
option to ship the Agent to IBM for configuration at IBM facilities.
Installation
While physical installation and cabling are a Customer responsibility, IBM will provide live support, via
phone and e-mail, and will assist the Customer with location of vendor documents detailing the
installation procedure for the Agent. Such support must be scheduled in advance to ensure availability of
a deployment specialist.
phone and e-mail, and will assist the Customer with location of vendor documents detailing the
installation procedure for the Agent. Such support must be scheduled in advance to ensure availability of
a deployment specialist.