Management Center

Management Center Security

The Ivanti Management Center can be implemented in a secure distributed environment with Active Directory integration, Secure Socket Layers (SSL) for encrypted communications, authenticated Management Server and database connections.

In this section:

Security Challenges

The security challenges for implementing the Management Center include:

  • System integrity — Attempts to tamper with configuration and agent packages distributed to managed machines through the introduction of malware or modifications to software packages undermine the security policies which the management software is required to implement.
  • Data confidentiality — Event and alert data is continuously relayed to the SQL database via the Management Server and could be vulnerable to the threat of access by unauthorized users.

Authentication and Authorization

Authentication using Active Directory integration ensures that Management Center and product software is only accessed or modified by authorized administrative users.

Connections from the Management Server to the database can be authenticated using Microsoft Windows authentication or Microsoft SQL authentication.

An appropriate certificate issued by a Certification Authority, following enterprise policy and procedure and installed on the Management Server, ensures the server can be validated before client connections are established. Client connections are from managed computers and computers hosting the Management Center console and product consoles.

Securing Communications using SSL

SSL provides confidentiality and integrity of communications to ensure sensitive data is accessible only by authorized users, including:

  • Event data
  • Agents and agent configuration data

If you are setting up SSL certificates on web servers using other supported operating systems and other versions of Microsoft SQL Server, see the following for further information: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht16.asp

Enable SSL Communications

SSL provides confidentiality and integrity of communications to ensure sensitive data is accessible only by authorized users, including:

  • Event data
  • Agents and agent configuration data

Set up Secure Socket Layers (SSL) for the Management Center, using a self-signed certificate.

You can run the Install Deployment Agent functionality within the console in small and medium scale enterprise environments to repair or modify the URL path for currently deployed Deployment Agents to change the http or https prefix and port number.

Setup SSL on IIS

  1. In Start All Programs Administrative Tools > Internet Information Services (IIS) Manager, select the <ServerName> node and in the IIS section click Server Certificates.
  2. Select Create Self-Signed Certificate in the Actions panel.
  3. Provide a friendly name for the certificate and click OK.
  4. Select the Default Web Site node and click Edit Bindings in the shortcut menu.
  5. Click Add and in the Type drop-down list select HTTPS.
  6. In the SSL Certificate drop-down list, select the friendly name of the certificate specified in step 3.
  7. Click OK and Close.

Related topics


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other