Organizations with many office sites located across the country may choose to maintain multiple Security Controls consoles. One console is typically deemed the central console. The central console will typically reside at a central site, such as your company headquarters. Each remote office site will contain a remote console. Each remote console is responsible for performing scans and patch deployments on the machines in their local network and for rolling up the results of these actions to the central console.
The central console can be thought of as a Central Policy Manager. It is the console capable of tracking the results of actions performed on all the other consoles. Likewise, a remote console can be thought of as a Distributed Policy Manager. It is responsible for enforcing your organization's patch policies at remote locations. By adding a distribution server into the mix you can implement a Distributed Policy Service. The distribution server can be used to store the data files that effectively represent your organization's policy. The files are downloaded and used by the remote consoles, thus implementing your policy.
There are several additional advantages to maintaining multiple consoles:
- The consoles can reside at physically distinct locations and be close to the machines they are managing
- You can distribute the workload across multiple consoles
- The scans and deployments are performed much quicker
- You won't tie up your network trying to scan hundreds of geographically distinct machines from one location
- It cuts down on a lot of network traffic, especially over WANs (which can be expensive)
- The results from each console that uses a different database can be rolled up to and viewed from one central location
- If you maintain multiple consoles within the same network the consoles can all use one shared database, making it possible to share templates, comments, reports and scan results
There are many possible multiple console configurations, from a basic data rollup configuration to an advanced configuration that combines multiple consoles with Security Controls Agent. Each of these multiple console configurations is described in detail in the following sections: