Welcome to Symantec DLP 10
Symantec has announced version 10 of its DLP product (formerly known as Vontu) In a press release, Symantec touts DLP 10 as the
Symantec has announced Symantec Data Loss Prevention 10, the industry’s first open data loss prevention (DLP) platform, which aims to give customers more options to find and fix data loss problems. As organizations strive to center their security strategies around information, DLP becomes essential.
Symantec DLP has undergone various changes since they purchased Vontu all geared to making the product stronger and more useful for the security professional.
DLP 10 will “allow companies to apply encryption and enterprise rights management (ERM) based on content and will integrate with additional Symantec products.
One of the products DLP 10 will integrate with Symantec’s Workflow product to help build automatic response and workflows into the product.
DLP 10 will also support 25 languages and add full localization or Japanese, Simplified Chinese and also French.
DLP 10 will release to the public in December
Symantec/Altiris slipping in Redmond Magazine’s User Awards
I’ve been reading Redmond Magazine (formerly MCPMag) ever since I got my first MCP (Microsoft Certified Professional). Each year, Redmond’s User Awards are voted on by the readers.
This year, Redmond created more categories and had more products to vote on. However Symantec/Altiris fared worse then last. Part of me wonders if this was because of how bad Altiris 7 was right out of the gate or because not many have moved to version 7 and version 6 is starting to show it’s age.
Some of the categories that Symantec/Altiris was listed in:
- Best Software Distribution Product:
- System Center Configuration Manager won
- Deployment Solution came in second
- Best Asset Management/Resource Inventory Product:
- SCCM won
- Altiris Service and Asset Management Suite came in 3rd
- Best Licesnse Managemetn Suite:
- SCCM won
- Altiris TMS came in 3rd
- Best Imaging Product
- Symantec Ghost won
- Best Software Packaging Product
- SCCM won
- Package Studio came in 3rd
- Best Remote Troubleshooting Solution:
- SCCM won
- Altiris Client Management Suite came in 2nd
- Best Patch Management Product:
- Nothing Altiris listed which I found interesting
- Best Applicaiton Conflict Testing Tool
- Installshield AdminStudio won
- Package Studio came in 3rd
- Best Antispyware Tool:
- Symantec Antivirus won
- Best Anti-Spyware Tool
- No Symantec products even though SEP has an Anti-Spyware portion
More information can be found on Redmondmag.com
Deployment Server 7.1 Roadmap
At the Cleveland user group meeting Hugo Parra the PM for Deployment Solution presented the roadmap for DS.
DS 6.X will continue to get changes and support, DS 6.9 SP4 will be released in Q2 2010 including hardware updates, OS Updates, and any fixes to priority defects
DS 7.X Roadmap
7.0 is currently out there
Limited functionality
Not a point solution
7.1 (Code named Avalon)
December release
Will help out in the following questions:
- DS Servers need to share data and keep in sync’ed
- Make it easier to manage images and software packages to get to the locations where they are needed
- Better security roles, more granular, global scoping
- Provide job status and reports, what machines have pending jobs, how long have they been waiting for a job, which jobs failed/succeeded/etc
- Smarter jobs with better branch logic, more reusability
- Dynamic groups and filters
- Make P2V and V2p transformations more fluid, provide advanced deployment capabilities of virtual machines
Based on the NS 7 (Symantec Management Platform) console, complete integration
PXE support
Will be brought back into DS
A site server will have the option to have the PXE Server service installed on it
PXE updates will occur through the Altiris NS agent
Server Support will be back into DS
Able to do a bare metal build of a server
Single Database, the Symantec_CMDB
No longer use the AClient or DAgent
Everything will run though the NS Agent and the DS Plug-in
DS Portal page
“Home” page for working within DS 7.1
Built on Silverlight
Drag and drop ability within the console
Can Drag jobs to computers, computers to jobs
7.2 (Codenamed Everest)
July 2010 release
MAC support
Thin client support (completely on par with DS 6.9)
Saw a demo of DS 7.1 and it looked really really cool, the DS Portal built on Silverlight was very fast and responsive, liked the drag and drop capability
Would love to hear your thoughts
Shame on Symantec – No Upgrade path for Recovery Server 7
This past week I have been upgrading a client from Client Management Suite (CMS) 6 and Recovery Solution (RS) 6 to CMS 7 and RS 7.
According to the documentation found on the Altiris Knowledge Base, there is a method to upgrade from Recovery Solution 7.0 as part of an off-box upgrade. This article can currently be found here.
After getting my migration plan approved which included the steps outlined in the document, we started the migration. The CMS 6 to CMS 7 migration went great, migrated 1200 nodes w/o issue and everything was rocking. Until we got to the RS upgrade. There were several references in the articel I couldn’t find or figure out, so a quick call to Symantec Tech Support would hopefully resolve it.
The support person I was working with looked up the KB # and told me it was no longer valid and shouldn’t even being visible to clients. I was then told there was another article to help me out. But he couldn’t find that other article either.
The recommended upgrade path from the support person? Uninstall completely and Install from scratch.
So we lost all the backups from version 6 and have to start creating our backups all over again. Also means that until we have backups done, we can’t recover anything.
This week’s FAIL whale goes to Symantec
When you write a blog a about a security vulnerability address the actual product
Through one of my Google Alerts, I stumbled across an article titled "Isn’t your Symantec Altiris Deployment Solution in Troube?" found here.
The article address some security vulnerabilities that have been found recently in Symantec’s Deployment Solution. The problem is not he vulnerabilities but the fact the author obviously has no clue what she is talking about.
The article clearly states for those who are not a user of the Deployment Solution is you might not understand it. The author then explains what it is:
“Alltiris service-oriented management solutions offer a modular and future-proof approach to manage highly diverse and widely distributed IT infrastructures. They are open solutions that allow lifecycle integration of client, handheld, server, network and other IT assets with audit-ready security and automated operation. The Symantec Altiirs Deployment Solutoion can run on Windows 2003/XP/Vista.”
I am amazed at how wrong this quote is when addressing Symantec Altiris Deployment Solution. First off the author is talking more about the Symantec Management Platform, or the Notification System. Secondly is the author referring to the agents that install on client machines? Because then it runs on Windows 2003/Vista/XP however the server installs only on a Windows 2003 server.
Then we get to the included screenshot of the application and I almost fell off my chair laughing. The screenshot in the “article” covers the Symantec Installation Manager, not the application with the vulnerabilities.
So let’s start over a bit. The Deployment Solution is a separate part of Altiris. Deployment Solution aids with computer imaging and computer migration. Deployment Solution can integrate within the rest of Altiris.
Just to correct the record
A response to FAI vs Altiris
I tried to post this on Stephen’s blog but had issues w/ his CAPTCHA, where he talks about using FAI to perform an automated install of Ubuntu 64-bit Server edition vs. a Windows 2003 64-bit install via Altiris Deployment Solution.
As an Altiris consultant I felt bound to respond. A scripted OS install ran through Altiris Deployment solution is a very slow process as an image w/ an empty partition first needs to be laid down, then a reboot into the scripted OS install.
An image deployment of Server 2003 64-bit would beat the 1 hour time frame that Stephen mentions.
So why a scripted OS install?
Also I wish Symantec supported Ubuntu but alas it doesn’t and doubt it will.
Installing the Dell Management Console
Summary:
This article will cover the steps to install and configure the Dell Management Console, including the steps to build a server, requirements for the server and steps for installing the DMC.
Overview
The Dell Management Console (DMC) is built around the Symantec Management Console and the Symantec Management Platform. DMC allows you to centrally manage your Dell Servers and clients along with managing the OpenManage Server Administration Agent (OMSA). DMC allows you to manage things like BIOS level, Dell specific patches, and allows you to create monitoring policies to monitor the health of your servers. For more information visit http://dell.symantec.com
Requirements for installing the Dell Management Console
The following tables come from the Symantec Planning and Configuration Guide for Altiris Notification Server 7. This document can be found on the Altiris knowledge base, http://kb.altiris.com. The tables are broken up into whether or not you are installing the DMC with SQL on the same box or off box. Also the requirements are for managing under 3000 nodes. Following the requirements for the server, are the requirements for installing the Altiris Agent (the Altiris Agent will then be used for managing, pushing out the OMSA agent, and then creating monitoring policies).
Notification Server managing under 3000 Endpoints with SQL on Box
| Hardware | Recommendation |
| CPU | 8 Cores |
| CPU Speed | 2.4 GHZ |
| Memory | 8 GB |
| Network | Gigabit |
| Disk | 10 GB free |
| Operating System | Windows 2003 Server Enterprise (32-bit) |
| Software | Recommendation |
| .NET | Microsoft .NET 3.5 |
| Web Browser | IE 7 |
| Web Server | IIS 6.0 |
Notification Server managing under 3000 Endpoints with SQL off box
| Notification Server Hardware | Recommendation |
| CPU | 4 cores |
| CPU Speed | 2.4 GHz |
| Memory | 4 GB |
| Network | Gigabit |
| Disk | 10 GB free |
| Operating System | Windows 2003 Server (32 bit) |
| SQL | SQL Server 2005 off box |
| Software | Recommendations |
| Web browser | Internet Explorer 7 |
| .NET | Microsoft .NET 3.5 |
| IIS | IIS 7.0 |
| SQL Hardware | Recommendation |
| CPU | 4 Cores |
| CPU Speed | 2.4 GHz |
| Memory | 8 GB |
| Network | Gigabit |
| Disk | 10,0000 RPM SCSI or better with RAID 1+0 |
| Operating System | Windows 2003 Server Enterprise (64-bit) |
| SQL | SQL Server 2005 |
| See Microsoft KB for optimal SQL Configuration |
Altiris Agent Requirements
| Item | Specification |
| Operating System | Windows 2000 SP4, Windows 2003 (32-bit, 64-bit), Windows XP SP2/SP3, Windows Vista (32-bit, 64-bit), Windows 2008 (32-bit, 64-bit (not core) |
| Hard Disk Space | 60 MB |
| RAM | 64 MB minimum (128 recommended) |
| Internet Explorer | IE 5.0 or later |
| Access Rights | Account used to install agent must have local admin rights |
| Windows XP Items | Turn off simple file sharing, open port 80/445 directed to Notification Server IP |
Steps for Installing the DMC
Installing the Server
Follow your standard build documents for installing and building a new server. A couple of pieces of software to make sure you need to have. IIS and ASP.net need to be installed and enabled. The easiest way to do this is through the “Configure Your Server” wizard and turn the server into an Application Server. .NET 3.5 needs to be installed, an important note is to NOT install .NET 3.5 Service Pack 1. IE 7 needs to be installed as well.
If you are going to be using SSL (HTTPS), please install and configure IIS to use SSL before installing DMC. If you try to make this change after the install, there will be problems within the system.
If you are running SQL Server on the same box, please install this and configure it correctly before proceeding to the next steps.
The Symantec Management Console is installed under the Default Web site which will cause problems if you have other web servers running on the DMC system.
Installing SIM
The Symantec Management Console utilizes the Symantec Installation Manager (SIM) to install all parts of the Management Console. SIM can be downloaded from the Symantec Website (http://www.symantec.com/business/products/trialware.jsp?pcid=pcat_infrastruct_op&pvid=cm_suite_1). Once this is downloaded launch the executable and you will be greeted with this screen:
Select Next and you will be presented with the directory to install SMC into. A quick word of warning, the directory you select here is the directory all of the Console will be installed to.
Once the installation is finished, the Symantec Installation Manager will start allowing you to install other portions of the console.
Installing the Symantec Management Console
When the Symantec Installation Manager is launched it will be default open up to Install New Solutions. While you can install both the DLP component and also the Management Console at the same time, I recommend installing just the Console and then the component.
From the Installation Manager scroll down until you find the Symantec Management Console
After selecting “Review selected products” and then Next, aceept the license agreement and continue. Fill out the required information. This information is required to verify export controls.
After the information is filled out, select Next for the systems requirement check
The Symantec Management Console requires ASP.net, IIS, IE 7.0, at least 2.0 gigs of RAM, and Windows 2003 Server along with MS SQL 2005. As you can see in the screenshot I do not meet the requirements. If you do not, close the Installation Manager and resolve any problems.
If you meet the requirements select Next to begin installation of the Symantec Management Console. While it is not necessary to restart after the installation is complete, I have had the best luck rebooting before moving on to other installations.
Installing DMC
After the Symantec Management Console has been installed, reboot the system. While this is not a requirement, after much testing this provides the best option.
Launch the Symantec Installation Manager from Start – All Programs -> Altiris -> Symantec Installation Manager and launch the Symantec Installation Manager.
Select Install new products and once you find the Dell Management Console from the list
After selecting the DMC, all of the dependencies will be installed as well
Click on Ok to proceed and move on. Once the install is complete we begin installing the Altiris Agent and the OMSA Agent.
Deploying the Altiris and OMSA Agent
Discovering Dell Servers
There are 3 ways to discover computers within the DMC, import from Active Directory, domain discover and network discovery.
An Active Directory import is the most reliable discover of all of the methods. An important item to remember is this is just an import, nothing is modified in Active Directory, no schema modification, nothing. To perform the Active Directory Import, within the DMC, navigate to Actions -> Discover -> Import Active Directory. The console will look like the following:
Fill out the correct information and run the import. More information on running the AD import can be found in the DMC Manual.
The second way to discover computers is through a domain membership or domain browse. This type of discovery will query the Master Browse list for computers. To perform this discovery, navigate in the DMC to Actions -> Discover -> Import Domain Membership/WINS. The screen will look like the following:
Fill out the correct information and run the discover. More information can be found in the DMC Manual.
The third way of discovery computers is through a network discovery. This can take the longest depending on how large of a discovery you are running. To perform a network discover navigate in the DMC to Actions -> Discover -> Network Devices. The console will look like the following:
Fill out the correct information and run the discover. More information can be found in the DMC Manual.
Pushing out Agents
Once we have discovered Dell Servers we can roll out our agents. The first agent we need to push is the Altiris Agent, and then the OMSA Agent.
To deliver the Altiris Agent, navigate in the DMC to Actions -> Agents/Plug-ins -> Push Altiris Agent
Select the server from the list of computers and select Install Altiris Agent. For more help on the pushing the Altiris Agent, see the DMC Manual.
To install the OpenManage Administrator Agent, navigate to the DMC Home Portal and select Deploy OpenManage Administrator.
From this part of the console, select Launch Dell OpenManage Server Administrator Deployment Wizard. Select the computers from the drop down and then hit next. By default the installation of the OMSA agent is scheduled for now. There will be a task at the bottom of the Dell OpenManage Server Portal page that will turn green when the installation is complete.
Symantec Government Symposium – A review
Recently i had the opportunity to attend the Symantec Government Symposium in Washington DC. This is an event sponsored by Symantec and some of its partners. About 1500 customers of Symantec was gathered in one building to discuss what is going on in the Federal Space in regards to IT and IT Security.
The symposium started out with an introduction from John Thompson and Enrique Salem. The former president and CEO of Symantec introduced the new CEO Enrique Salem, who then introduced the keynote speaker Senator Mark Warner, from Virginia. Mr. Warner has a tech background and understand technology. However, I was disappointed in the tone of the speech as it seemed more like a campaign speech instead of a keynote speech. Mr. Warner is newly elected and perhaps that is why it seemed so much like a stump speech.
I attended the track entitled “Secure and Transparent Government.” The first session in this track was called “Assessing Security Standards Today.” The roundtable discussion was made up of Erick Hopkins (U.S. Senate Homeland Security and Governmental Affairs Committee), Ron Ross (Senior Computer Scientist and Information Security Researcher, NIST), and Tony Sager (Chief Vulnerability Analysis and Operations Group, Information Assurance Directorate, NSA). The big take away from this discussion (besides everyone having really really long titles) was in regards to the changes to FISMA (Federal Information Security Management Act). FISMA was originally passed during the Bush Administration and provides guidance on what branches of the government must do. From the discussion I learned that FISMA 2.0 will have a lot more “teeth” to it. FISMA is one new thing I will be learning.
The second session I attended was “Information Security: You can’t secure what you don’t manage.” The members of this roundtable discussion were Jaren Doherty (Associate Deputy Assistant Secretary, Office of Cyber Security, Directory of Veterans Affairs), Holly Ridgeway (Director, Justice Security Operations Center, Department of Justice), and Pete Stark (Manager, Corporate Information Security, US Postal Service). I was disappointed in this session, I thought they would have talked more about how to manage these endpoints, why managing the endpoint, etc. It seemed more discussion about what they did security policy instead of how the endpoints were managed.
The first place to start with a secure endpoint is to have that endpoint managed. This mantra is something we at ITS have been preaching since we started with Altiris back in 2001. In fact this mantra is something Mr. Salem himself has talked about when mentioned operationalizing security. The session was very disappointing.
The rest of the day I spent trying to meet and greet people and to try and get the ITS name out in the public. It was great to meet potentially new customers and more Symantec sales people to work with.
A great event if you do business with the government and with Symantec. Follow the hashtag #symgovsym on Twitter for more information
Installing the DLP Integrated Component in Altiris
Summary
This article is part I of II on the DLP Integrated Component and how it works within the Symantec Management Console (Altiris). Part II will cover using the Integrated Component (IC) to manage your Endpoint Agents. We will discuss installation of the Symantec Management Console and then installation of the DLP Component
Contents
Introducing the DLP Endpoint Agent 1
Installing the DLP Integrated Component 1
Installing the Symantec Installation Manager 1
Installing the Symantec Management Console 2
Introducing the DLP Endpoint Agent
Installing the DLP Integrated Component
Installing the Symantec Installation Manager
The Symantec Management Console utilizes the Symantec Installation Manager (SIM) to install all parts of the Management Console. SIM can be downloaded from the Symantec Website (http://www.symantec.com/business/products/trialware.jsp?pcid=pcat_infrastruct_op&pvid=cm_suite_1) Once this is downloaded launch the executable and you will be greeted with this screen:
Select Next and you will be presented with the directory to install SMC into. A quick word of warning, the directory you select here is the directory all of the Console will be installed to.
Once the installation is finished, the Symantec Installation Manager will start allowing you to install other portions of the console.
Installing the Symantec Management Console
When the Symantec Installation Manager is launched it will be default open up to Install New Solutions. While you can install both the DLP component and also the Management Console at the same time, I recommend installing just the Console and then the component.
From the Installation Manager scroll down until you find the Symantec Management Console
After selecting “Review selected products” and then Next, aceept the license agreement and continue. Fill out the required information. This information is required to verify export controls.
After the information is filled out, select Next for the systems requirement check
The Symantec Management Console requires ASP.net, IIS, IE 7.0, at least 2.0 gigs of RAM, and Windows 2003 Server along with MS SQL 2005. As you can see in the screenshot I do not meet the requirements. If you do not, close the Installation Manager and resolve any problems.
If you meet the requirements select Next to begin installation of the Symantec Management Console. While it is not necessary to restart after the installation is complete, I have had the best luck rebooting before moving on to other installations.
Installing the DLP IC
Once the Symantec Management Console has been installed, install the DLP Integrated Component. To do so, launch the SIM from Start -> Altiris -> Symantec Installation Manager. Once launched the following screenshot will be displayed showing installed products.
Click on “Install new products” to install the integrated component.
From the filter drop down, select “Filter by all” and scroll down till you find the DLP Integrated Component, see the following screenshot.
Follow the same steps, without making any changes you did during the installation of the management console.
When the Integrated Component is finished, launch the Symantec Management Console to begin using it.
Using Skytap for Demoing Altiris
With the release of Altiris 7 and the upcoming release of Service Desk, plus moving into more and more Symantec products we have seen the need for more hardware for demos, videos, and other projects. However hardware is expensive and something that money can’t be spent on during the current economy we are going through.
One of the engineers I work with investigated moving into “cloud computing”, how much it would cost us and who would be the best company to invest some money into.
The company that we decided to work with is called Skytap and I am loving working with it. Each month with the contract we have, we have 1000 hours of computing time to use. Also we have 10 Skytap Virtual Machines we can be running at a time. A SVM is defined as 1 Gig of RAM and 1 processor. For a CMS 7 demo of 1 NS 7 box then I consume 3 SVM’s. 3 Gigs of RAM and 2 procs.
My Altiris demos have never been so good or so quick to respond. All I need is internet access and a web browser and I can provide a kick butt demo.
Let me know if you need more details or information, but I highly recommend Skytap.
-
Archives
- November 2009 (3)
- October 2009 (8)
- September 2009 (5)
- August 2009 (8)
- July 2009 (7)
- June 2009 (8)
- May 2009 (5)
- April 2009 (6)
- March 2009 (7)
- February 2009 (8)
- January 2009 (7)
- December 2008 (7)
-
Categories
-
RSS
Entries RSS
Comments RSS
