Management Center Security
The Ivanti Management Center can be implemented in a secure distributed environment with Active Directory integration, Secure Socket Layers (SSL) for encrypted communications, authenticated Management Server and database connections.
In this section:
Security Challenges
The security challenges for implementing the Management Center include:
- System integrity — Attempts to tamper with configuration and agent packages distributed to managed machines through the introduction of malware or modifications to software packages undermine the security policies which the management software is required to implement.
- Data confidentiality — Event and alert data is continuously relayed to the SQL database via the Management Server and could be vulnerable to the threat of access by unauthorized users.
Authentication and Authorization
Authentication using Active Directory integration ensures that Management Center and product software is only accessed or modified by authorized administrative users.
Connections from the Management Server to the database can be authenticated using Microsoft Windows authentication or Microsoft SQL authentication.
An appropriate certificate issued by a Certification Authority, following enterprise policy and procedure and installed on the Management Server, ensures the server can be validated before client connections are established. Client connections are from managed computers and computers hosting the Management Center console and product consoles.
Securing Communications using SSL
SSL provides confidentiality and integrity of communications to ensure sensitive data is accessible only by authorized users, including:
- Event data
- Agents and agent configuration data
If you are setting up SSL certificates on web servers using other supported operating systems and other versions of Microsoft SQL Server, see the following Microsoft documentation for further information.
Enable SSL Communications
SSL provides confidentiality and integrity of communications to ensure sensitive data is accessible only by authorized users, including:
- Event data
- Agents and agent configuration data
Set up Secure Socket Layers (SSL) for the Management Center, using a self-signed certificate.
You can run the Install Deployment Agent functionality within the console in small and medium scale enterprise environments to repair or modify the URL path for currently deployed Deployment Agents to change the http or https prefix and port number.
Setup SSL on IIS
- In Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager, select the <ServerName> node and in the IIS section click Server Certificates.
- Select Create Self-Signed Certificate in the Actions panel.
- Provide a friendly name for the certificate and click OK.
-
Select the Management node and click Edit Bindings in the shortcut menu.
- Click Add and in the Type drop-down list select HTTPS.
- In the SSL Certificate drop-down list, select the friendly name of the certificate specified in step 3.
- Click OK and Close.
Establishing HTTPS connections
You need to manually configure the UWM servers to use HTTPS, as by default they are configured to use HTTP.
Instructions are found in the User Workspace Manager documentation, Configure User Workspace Manager Web Services to Use Secure Connections.