Network Access Control; High Availability; Running The Service; Distributing And Renewing Zenworks Endpoint Security Management Credentials - Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 - ADMINISTRATION Administration Manual

4.2.2 Network Access Control

The Management Server can be further protected from unauthorized access by restricting network
access to it. This may take the form of some or all of the following:
Restricting incoming connection attempts to those IP addresses from which a valid access
attempt might be expected
Restricting incoming connection attempts to those ports and protocols from which a valid
access attempt might be expected
Restricting outgoing connection attempts to those IP addresses to which a valid access attempt
might be expected
Restricting outgoing connection attempts to those ports and protocols to which a valid access
attempt might be expected.
Such measures can be imposed through the use of standard firewall technology.

4.2.3 High Availability

High Availability mechanisms for the Management Server should be put in place if an
organizational risk assessment identifies a need for such steps. There are multiple alternative
mechanisms for building high availability solutions, ranging from the general (DNS round-robining,
layer 3 switches, etc.) to the vendor specific (the Microsoft web site has multiple resources on high
availability web services). Those implementing and maintaining an Endpoint Security Management
solution should determine which class of high availability solution is most appropriate for their
context. Note that the Management Server has been architected to function in non-high-availability
situations, and does not require High Availability to provide its services.

4.2.4 Running the Service

The Management Service launches immediately following installation, with no reboot of the server
required. The Management Console is used to manage the data on the Management Service. See
Section 5.3.1, "Infrastructure and Scheduling," on page 44
4.3 Distributing and Renewing ZENworks
Endpoint Security Management Credentials
The following sections contain additional information:
Section 4.3.1, "Distributing Endpoint Security Management Credentials (Key Management
Key)," on page 39
Section 4.3.2, "Periodic Renewal of the Key Management Key (KMK)," on page 40
4.3.1 Distributing Endpoint Security Management Credentials
(Key Management Key)
The Management Service automatically distributes credentials to each Endpoint Security Client
when it is installed and checks in to the Management Service for the first time. After this credential
is distributed, the Endpoint Security Client is permitted to receive policies from the Policy
Distribution Service, and provide reporting data to the Reporting Service.
for more details.
Using the ZENworks Endpoint Security Management Service 39