Customers would like a high-level overview of the steps required to implement Cloud-Enabled Management (CEM) in an existing ITMS installation
ITMS 8.x
What is Cloud Enabled Management?
Cloud-enabled Management lets you manage client computers over the Internet even if they are outside of the corporate environment and cannot access the management servers directly. The managed computers do not need to use a VPN connection to your organization's network.
Visualization of basic CEM-enabled network:
When you implement Cloud-enabled Management, the Notification Server computer and site servers are not directly exposed to the Internet. Therefore, Symantec Management Agent communicates with the Notification Server computer and the site servers through an Internet gateway. The configured Internet Gateway doesn't hold packages and its only function is to broker communication between agents and the SMP environment.
CEM is not a VPN replacement and no VPN is required.
You can apply Cloud-enabled Management in the following scenarios:
Configuring your environment to use SSL is a prerequisite for setting up Cloud-enabled Management (CEM). After you configure your environment to use SSL and agents are successfully communicating over SSL, you can then set up Cloud-enabled Management.
CEM supports the use of self-signed/SMP-generated certificates as well as 3rd party certificates.
Supported Gateway Implementations
(Highly scalable)
Implementing Cloud-Enabled Management in an existing ITMS installation:
Step 1: Enable SSL in your environment. Do not proceed if agents are unable to communicate over SSL.
Step 2: Configure the Cloud-enabled Management Agent IIS Website Settings.
A separate agent site on Notification Server is required for Cloud-enabled agents. This site contains only agent interfaces and does not provide access to any of the Symantec Management Console pages. It also performs additional certificate and resource access checks to enforce security measures for the agents connecting from the Internet.
Configuration of the site is performed from the SMP console and can be found in the following location: Settings > Notification Server > Cloud-enabled Management > Setup > Cloud-enabled Management Agent IIS Website Settings
Step 2: Install Internet Gateway on a supported server in your DMZ.
The Internet Gateway installation package can be generated/downloaded from the SMP console in the following location: Settings > Notification Server > Cloud-enabled Management > Setup > Cloud-enabled Management Setup > Internet Gateway Setup tab.
Step 3 (Optional): Assign site servers to the internet site. Internet site servers serve CEM-enabled agents and help to offload SMP processing.
Once IIS is updated with the correct binding and certificate, proceed to step 4
Step 4: Open Gateway Manager on Internet Gateway Server
Step 5: Configure one or more Cloud-enabled Management Settings policies in the SMP console
Step 6: Verify CEM enabled agents are able to communicate off the LAN
Note: Starting with 8.6 RU1, CEM connections in WinPE environments are supported for running tasks and jobs (Deployment Solution).
White Paper - Cloud-enabled Management for ITMS