Novell ZENworks Endpoint Security Management 3.5 Manuale Utente
ZENworks® ESM 3.5
Administrator’s Manual
11
ESM Overview
ESM consists of five high-level functional components: Policy Distribution Service,
Management Service, Management Console, Client Location Assurance Service, and the
ZENworks Security Client. The figure below shows these components in the architecture
Management Service, Management Console, Client Location Assurance Service, and the
ZENworks Security Client. The figure below shows these components in the architecture
Figure 2 : ESM Architecture
The ZENworks Security Client (ZSC) is responsible for enforcement of the distributed security
policies on the endpoint system. When the ZSC is installed on all enterprise PCs, these endpoints
may now travel outside the corporate perimeter and maintain their security, while endpoints inside
the perimeter will receive additional security checks within the perimeter firewall.
policies on the endpoint system. When the ZSC is installed on all enterprise PCs, these endpoints
may now travel outside the corporate perimeter and maintain their security, while endpoints inside
the perimeter will receive additional security checks within the perimeter firewall.
Each Central Management component is installed separately, the following components are
installed on servers which are secured inside the corporate perimeter:
installed on servers which are secured inside the corporate perimeter:
•
Policy Distribution Service is responsible for the distribution of security policies to
the ZSC, and retrieval of reporting data from the ZSCs. The Policy Distribution Ser-
vice can be deployed in the DMZ, outside the enterprise firewall, to ensure regular
policy updates for mobile endpoints
the ZSC, and retrieval of reporting data from the ZSCs. The Policy Distribution Ser-
vice can be deployed in the DMZ, outside the enterprise firewall, to ensure regular
policy updates for mobile endpoints
•
Management Service is responsible for user policy assignment and component
authentication; reporting data retrieval, creation and dissemination of ESM reports;
and security policy creation and storage
authentication; reporting data retrieval, creation and dissemination of ESM reports;
and security policy creation and storage
•
Management Console is a visible user interface, which can run directly on the server
hosting the Management Service or on a workstation residing inside the corporate fire-
wall with connection to the Management Service server. The Management Console is
used to both configure the Management Service and to create and manage user and
group security policies. Policies can be created, copied, edited, disseminated, or
deleted using the editor
hosting the Management Service or on a workstation residing inside the corporate fire-
wall with connection to the Management Service server. The Management Console is
used to both configure the Management Service and to create and manage user and
group security policies. Policies can be created, copied, edited, disseminated, or
deleted using the editor
•
Client Location Assurance Service provides a cryptographic guarantee that ZEN-
works Security Clients are actually in a defined location, as other existing network
environment parameters indicate
works Security Clients are actually in a defined location, as other existing network
environment parameters indicate