AVIRA SECURITY MANAGEMENT CENTER - OPTIMIZATION FOR LARGE NETWORKS, SECURITY MANAGEMENT CENTER User Manual

Download

Page 1

HowTo

How to optimize

the Security Management Center

for large networks

Avira Support

August 2009

Content

1. Introduction............................................................................................................................... 2

2. Activation of the Pull Mode for the SMC Agents ......................................................... 2

3. How to define the events sent by the SMC Agent ..................................................... 3

4. Minimizing the Frontend Updates ..................................................................................... 4

5. Configuration of maximum connections of the Internet Update Manager ....... 5

6. Deactivation of the Function „Automatic Update“...................................................... 6

7. Network Structure / How to visualize the organizational structure in the

security environment .................................................................................................................. 7

8. How to use an SQL server as Event Data Base .......................................................... 7

Page 2

1. Introduction

This document helps you to optimize the SMC for large installations (1000 or more administered computers). This document should be seen as a complement to the Security Management Center Server HowTo.

2. Activation of the Pull Mode for the SMC Agents

The SMC is using the push mode by default in order to get a direct connection to the SMC agent. But the push mode can decrease the amount of available ports in large networks. This mode requires that that the SMC server can directly reach every SMC agent. But computers which are connected to the network by NAT cannot directly be reached by the SMC server.

Additionally a direct connection between SMC server and SMC agent causes a network load which increases with the amount of administered computers.

In order to avoid a higher network load, we recommend you to use the pull mode on the SMC agent. Thereby the SMC doesn’t work in real time mode anymore but also computers which are connected via NAT can be administered. Besides the network load caused by the SMC or its agents is reduced.

Page 3

The interval of the pull mode can be configured depending on the size and the available brandwidth of the network. The SMC agent logs on to the SMC every 60 minutes by default and looks for new commands/configurations and sends the current status of the computer.

3. How to define the events sent by the SMC Agent

You can discharge the event manager of the SMC and its data base by defining which kind of events should be sent to the SMC in the configuration of the SMC agent. We recommend you to ignore information events by default. Important events like warnings and errors are still sent to the SMC.

Page 4

4. Minimizing the Frontend Updates

Especially with a large amount of computers in the security environment of the SMC it may occur that the update (the renewal of all entries) needs a certain time (the SMC frontend has to display the new status for every computer). In the meantime the SMC frontend cannot be used.

This is why you have the possibility to reduce these updates to a minimum in the SMC server configuration. This option is deactivated by default. You can change that in the SMC server configuration in the menu “General settings”.

Page 5

5. Configuration of maximum connections of the Internet Update Manager

In networks where only the integrated Internet Update Manager of the SMC is used, we recommend to check the settings for the “Maximum amount of connections of the HTTP server”.

Twice the number of possible connections to the server as computers in the SMC security environment should always be available. Therefore all computers can connect to the web server in case of an update at one time.

We recommend you to use several Internet Update Managers in large networks. In this way the load is shared and you have a lower network load especially in satellite stations.

Page 6

6. Deactivation of the Function „Automatic Update“

The Internet Update Manager sends an update command to all computers in the security network in case the Internet Update Manager has loaded new files (e.g. VDF/engine).

But by the use of this function all computers execute the update at the same time. In order to reduce the load of the SMC server and the networks, we recommend you to deactivate this option in the configuration of the Internet Update Manger.

Important: If this function has been deactivated, the update tasks have to be set manually, so that all computers execute their updates.

Page 7

7. Network Structure / How to visualize the organizational structure in the security environment

We recommend you to visualize the network structure/organizational structure also in the security environment of the SMC. Thus you have a better overview and the frontend needs less time for the update of the status display of each computer.

8. How to use an SQL server as Event Data Base

The SMC uses a Microsoft Access data base in order to save all events. The limit of the Microsoft Access data base can be reached quite soon in large environments. (e.g. a slow reaction in case of the maximum size of files of 2 GB).

But it is possible to use the SMC with a Microsoft SQL server. The necessary steps are described in detail in the Avira Knowledgebase where you find an SQL script for the creation of the data base.