Ivanti Endpoint Security Workflow

After initial installation of the Ivanti Endpoint Security server, you must install the Ivanti Endpoint Security Agent on network endpoints to create an infrastructure to use Ivanti Endpoint Security modules and their functions.

The following chart lists the tasks you should perform after installing the Ivanti Endpoint Security server and logging in for the first time.

Discover endpoints and install agents

Discover network endpoints and install agents on them. To search for endpoints in your network, complete a discovery scan job (see About Discovery Scan Jobs). After completing this scan, you can select which endpoints you want to install agents on. You can then install agents by completing an agent management job (see About Agent Management Jobs). The agent communicates with the Ivanti Endpoint Security server to create an infrastructure for Ivanti Endpoint Security module functions. For additional information, see 2 Discovering Endpoints and Installing Agents.

Create groups

See About Groups. Groups are collections of endpoints. You can group endpoints by operating system, function, or any other method to suit your organization. After forming groups, you can manage them collectively. For additional information, see 3 Creating a Group.

Define configuration options

These configuration options control how the Ivanti Endpoint Security server communicates with the Ivanti Endpoint Security Agent, as well as general configuration options. For additional information, see 4 Defining Default Options.

Create users and user roles

Users are people who have access to Ivanti Endpoint Security, and user roles define the features Ivanti Endpoint Security users have access to. For additional information, see 5 Creating New Users and Roles.

Create Email Notifications

Email notifications are alerts that Ivanti Endpoint Security sends to defined email addresses when certain system events occur. For additional information, see 6 Creating Email Notifications.

Ivanti Endpoint Security at a Glance

Ivanti Endpoint Security is a software suite that contains numerous features that secure your network from various types of attacks.

Benefits

  • Provides a platform to install modules, which are security solutions that snap in to Ivanti Endpoint Security.
  • Features Discovery Scan Jobs, which are scans that search your network for endpoints.
  • Features Agent Management Jobs, which are jobs that remotely install the Ivanti Endpoint Security Agent on network endpoints.
  • Features groups, which are endpoint collections that can be managed collections.
  • Features Agent Policy Sets, which lists of behaviors that can be applied to groups.
  • Create new users, which are profiles that can be used to access Ivanti Endpoint Security.
  • Create custom user roles, which are sets of access rights that can be applied to users.
  • Create email notifications, which are alert emails that Ivanti Endpoint Security sends to defined users to notify them of system events.
  • View endpoint details and information. The Ivanti Endpoint Security Agent scans it host endpoint for system information, which is then sent to the Ivanti Endpoint Security server.

Key Terms

Agent Management Job: Jobs that let you install agents upon endpoints within your network remotely. The first function of this job is to discover the targeted endpoints as in a Discovery Scan Job. The second function of this job is to install agents upon endpoints discovered during the first function. These jobs access the targeted endpoints by providing credentials specified during job configuration.

Agent Policies: The agent rules for communicating with the server. These rules include: communication interval, deployment notification options, discovery agent mode, hours of operation, logging level, and reboot notification options. Agent policies are assigned to groups, but any group that has not been explicitly assigned an agent policy will use the default system policy, as defined within the Ivanti Endpoint Security server.

Agent Policy Sets: The combined selected agent policies as defined by the user. After their definition, these sets are then assigned to groups.

asset: An endpoint, along with all the hardware and software that is installed on that endpoint. Each endpoint, individual hardware device, and individual software application is considered an asset.

components: The components that form Ivanti Endpoint Security. components come in two types: platform components and module components. Platform components form a basis for module components to operate. Module components are the individual security solutions used to prevent network security breaches.

Discovery Scan Job: A network-based scan run from the Ivanti Endpoint Security server that discovers assets in your network (endpoints, routers, switches, printers, and so on) by using user-specified IP addresses or asset names and/or domains. These jobs also discover additional information about assets (operating system, address information, and so on) through port scans, information queries, and address mask requests.

Endpoint: In a client/server network architecture, an endpoint is any node that is a destination of two-way communication, whether requesting or responding. Additionally, in regard to the Ivanti Endpoint Security, the term endpoint is synonymous with any computer in your network that can have an agent installed.

Group: A targeted collection of computers created and named for the purpose of deploying distribution packages, defining agent policies, setting Mandatory Baselines, or reporting. Groups provide a simple way to manage computers that have similar requirements rather than managing each computer separately.

Global Subscription Service (GSS ): The central repository where security content is stored for retrieval by the Ivanti Endpoint Security server. The GSS also serves as the Ivanti Endpoint Security licensing server.

Ivanti Endpoint Security Agent: The Ivanti Endpoint Security agent is a service that runs on each node and queries the Ivanti Endpoint Security server to receive any deployments that become ready. The behavior of the agent is defined by the agent’s policies, whether it is using the default agent policies of the Ivanti Endpoint Security server or the group’s agent policies.

Ivanti Endpoint Security Server: The central system in Ivanti Endpoint Security that manages content retrieval, vulnerability detection, and package deployment to all registered computers on the network. As a sophisticated, automated central repository of the most current security content available for a network, it maintains communication with the Ivanti Endpoint Security agent on nodes, across many key networking platforms, on the network, and detects any vulnerabilities with the help of the agent on each node.

Module Components: Individual security solutions used to prevent various types of security breaches within your network. Each module plugs in to the Ivanti Endpoint Security platform and can be purchased individually. Some module components come installed with the Ivanti Endpoint Security platform and require no additional licensing.

Module Sub Components: The two parts that form a module component. Each module component consists of a server sub-component and an endpoint sub-component. These sub-components work together to form a module's functionality.

Platform components:: The essential components needed for Ivanti Endpoint Security operation. These components include the Ivanti Endpoint Security Web console, the Ivanti Endpoint Security database, and the Ivanti Installation Manager.

Complete the following procedures in order.

Get started with Ivanti Endpoint Security by logging in. You can access the console from any endpoint within your network.

When accessing the Ivanti Endpoint Security console using a Web browser with high security settings enabled, the following message may display:
Scripting must be enabled to display this application properly.
In this event, Ivanti recommends adding the Ivanti Endpoint Security Web address as a trusted site in your browser settings to view the Web console.

  1. Open your Web browser.
  2. In your browser’s address bar, type the Ivanti Endpoint Security URL (http[s]://ServerURL) and press ENTER.

    You can also use the server IP address.

    3. A dialog prompting you for credentials opens.

  3. Type your user name in the User name field.
    When logging in for the first time, type the user name of the Windows user account used to install Ivanti Endpoint Security. You can use additional user names after adding new user profiles to Ivanti Endpoint Security. If logging in using a domain account, type the name in the following format: DOMAIN\Username.
  4. Type your password in the Password field.
  5. Click OK.

Before you can begin using Ivanti Endpoint Security's functions and features, you must first find the endpoints in your network, and then install agents on them. The Ivanti Endpoint Security Agent is software that communicates information about an endpoint to the Ivanti Endpoint Security server.

Discover endpoints using the Discovery Scan Wizard and review the results, then install agents using the Install Agents Wizard.

  1. Discover network endpoints using a Discovery Scan Job.
    A Discovery Scan Job is a network scan that searches your network for defined endpoints. These jobs find endpoints using IP addresses, endpoints names, network neighborhood, or other discovery methods. These scans can be configured to run at a specific time or immediately. To begin protecting your network, Ivanti recommends running an immediate Discovery Scan Job.
    1. From the navigation menu, select Discover > Assets.
      The Discovery Scan Wizard opens.
    2. Complete the wizard.
      For detailed information about completing the wizard, see Discovering Assets by Discovery Scan Job.
    3. From the navigation menu, select Review > Asset Discovery Job Results.
    4. Select the Completed tab.
      Discovery scan job results display on this tab after the job finished. The job's completion time varies according to the job's configured scope.
    5. Review the job results. Click the job link for detailed job information.
  2. Install agents on the desired endpoints.
    An Agent Management Job installs the agent on defined endpoints. Use the results from a completed Discovery Scan Job to designate endpoints for agent installation. The Agent Installation Wizard is similar to the Discovery Scan Wizard.
    1. From the navigation menu, select Discover > Assets and Install Agents.
      The Install Agents Wizard opens.
    2. Complete the wizard.
      For detailed information about completing the wizard, refer to Installing Agents by Agent Management Job.

      You can also install the agent from endpoints locally using the Web console. For additional information, refer to Downloading the Agent Installer.

    3. Select the Completed tab after the job completes.
      The job's completion time varies according to the job's configured scope.
    4. Review the job results. Click the job link for detailed job information.
  3. [Optional] Update the agent version number.

    You may have to wait for agents to complete the registration process before you can update them.

    1. Select Manage > Endpoints.
      The Endpoints page opens.
    2. Select the Select All check box.
    3. Click Agent Versions.
      The Manage Agent Versions dialog opens.
    4. From the global drop-down list, select the latest agent version number.
    5. Click Apply to All Agents.
    6. Click OK.

    The agents are installed on the defined endpoints (and, if applicable, updated).

Within Ivanti Endpoint Security, you can organize endpoints into groups. Use groups to manage endpoint collectively. Groups are a key Ivanti Endpoint Security feature that greatly reduce administrative overhead.

Create and configure groups from the Groups page.

  1. From the Navigation Menu, select Manage > Groups.
  2. From the Browser tree, select Custom Groups.
    Groups are arranged within a tree structure. You can place your new group anywhere within the custom group hierarchy.

    The group you create is added as a child group to the group selected within the directory tree.

  3. Create a group.
    1. From the View list, select Group Membership.
    2. Click Create.
    3. In the Name field that displays, type a group name.
    4. In the Description field that displays, type a description.
    5. Click the Save icon.
  4. Add endpoints to the group.
    • From the View list, select Endpoint Membership.
    • Click Manage.
    • Assign endpoints to the group.
      For more detailed information, refer to Adding Endpoints to a Group.
    • Click OK.
  5. Define the group's settings.
    Group settings contain additional group controls.
    1. From the View list, select Settings.
    2. Define the settings.
      For more detailed information, refer to Editing Group Settings.
      1. Click Save.

    The group is created and configured.

Default options control the initial settings for every time you log in to Ivanti Endpoint Security. These settings control a variety of settings: the number of list item that display in a list at one time, pre- selected wizard, values, agent communication intervals, and so on. Configuring default options customizes settings for your preferences.

Define default options from the Options page. Define the General Options first, then the Agent Options.

  1. From the navigation menu, select Tools > Options.
  2. Define the general options.
    These options define basic options, such as UI options, password options, and report and display options. For additional information, refer to Working with Options.
  3. Select the Agents tab.
  4. Define the agent options. These options include agent-to-server communication guidelines. They also include the options for pre-configuration of the Agent Installation Wizard.
    For additional information, refer to Working with Options.

Your default settings are defined.

You can add unlimited users and roles to Ivanti Endpoint Security. Users are profiles people can use to access the Web console. Roles, which are assigned to users, determine the users access rights within Ivanti Endpoint Security. Create new users to delegate Ivanti Endpoint Security duties to the appropriate colleagues.

Create the role, then the user.

Create users and roles from the Users and Roles page.

  1. From the navigation menu, select Tools > Users and Roles.
    The Users and Roles page opens to the Users tab.
  2. [Optional] Create a custom role.
    1. Select the Roles tab.
    2. Click Create.
    3. Complete the Create Role dialog.
      For more detailed information, refer to Creating User Roles.
  3. Create or add a user.
    1. Click Create.
    2. Complete the Create User Wizard.
      For more detailed information, refer to the following topics:

New users and roles are created.

You can configure Ivanti Endpoint Security to send email notifications when defined events occur. To create email notifications, define the email addresses you want to receive alerts, define the events that you want to trigger alerts, and then define the values that trigger alerts. Email notifications are useful for keeping your network maintained.

Define notification recipients, then select notification types, then define notification trigger values.

Create email notifications from the Email Notifications page.

  1. Select Tools > Email Notifications.
  2. Define addresses and the notifications the address will receive.
    1. Click Create.
    2. Type an email address in the Notification Address.
    3. Select the notifications you want the address to receive.
    4. Repeat the previous sub-steps to add more email addresses.
  3. Define alert settings.
    Alert settings are the values that trigger email notifications. For additional information, refer to Configuring Alert Settings.
  4. Click Save.

Email notifications are configured. You will receive emails when the defined events occur.