Recommended design for Trend Micro antivirus management
I need to plan the design for a centralized antivirus management architecture using Trend Micro Control Manager 3.5 and Office Scan 8.0 Client Edition for Windows. Because I'm new to Trend Micro products I don't have an overview about Trend Micros management infrastructure an I'm also not yet familiar with the best practices.
The goal is to manage Office Scan Clients in a lot of remote subnets from a single central server. Each subnet is connected to the central server by a VPN-WAN link. Each subnet contains a different Windows domain and there are no trusts between the central server's domain and the remote domains. All antivirus related tasks (installation, configuration, troubleshooting and reporting) have to be managed from the central server.
Where do I have to place the different Trend Micro infrastructure components (Trend Micro Control Manager, Office Scan Server, Office Scan Clients) for this scenario? I guess the 'root' in this design will be a central Trend Micro Control Manager (TMCM) on the central server. But which component is the best to be deployed in each subnet? An Office Scan Server (managed by the central TMCM) or an child TMCM? What would be the advantages/disadvantages for each product? In addition would it be a good idea to 'attach' Office Scan Clients in remote subnets directly to the central TMCM (without a local Office Scan Server or TMCM) if there are only 5 computers in in the remote subnet?
Would one of the architectures offer the possibility to trigger an antivirus client installation to a computer in a remote subnet with loading the setup packages from a repository that is in the same LAN as the target computer? This would be useful to avoid that setup packages are transferred from the central TMCM via VPN links to the remote target computers.
Any help is appreciated!
The goal is to manage Office Scan Clients in a lot of remote subnets from a single central server. Each subnet is connected to the central server by a VPN-WAN link. Each subnet contains a different Windows domain and there are no trusts between the central server's domain and the remote domains. All antivirus related tasks (installation, configuration, troubleshooting and reporting) have to be managed from the central server.
Where do I have to place the different Trend Micro infrastructure components (Trend Micro Control Manager, Office Scan Server, Office Scan Clients) for this scenario? I guess the 'root' in this design will be a central Trend Micro Control Manager (TMCM) on the central server. But which component is the best to be deployed in each subnet? An Office Scan Server (managed by the central TMCM) or an child TMCM? What would be the advantages/disadvantages for each product? In addition would it be a good idea to 'attach' Office Scan Clients in remote subnets directly to the central TMCM (without a local Office Scan Server or TMCM) if there are only 5 computers in in the remote subnet?
Would one of the architectures offer the possibility to trigger an antivirus client installation to a computer in a remote subnet with loading the setup packages from a repository that is in the same LAN as the target computer? This would be useful to avoid that setup packages are transferred from the central TMCM via VPN links to the remote target computers.
Any help is appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much! You really helped me to get an overview about TM antivirus architecture. If the Visio diagramm doesn't contain business critical information of your company that should kept secret it would be a great additional information for me to setup our design.
it is no problem the digram I would send you would be a very basic diagram of just how our Trend architecture is setup nothing secret, it does not repesent how our network is designed or function if you send me you e-mail address I will foward it on to you you can e-mail me at mdraeger@silgancontainers.
ASKER
thanks for your reply and for sharing your experience with Trend Micro (TM) products! Just to check that I really understand the TM architecture:
The jobs of TMCM are:
a) providing signature and product updates for multiple Office Scan Servers
b) providing a central point of configuration for multiple Office Scan Servers
The jobs of Office Scan Server are:
a) providing signature and product updates for their Office Scan Clients as recieved by TMCM
b) providing antivirus policies for their Office Scan Clients as recieved by TMCM
c) sending antivirus events recieved from their Office Scan Clients to TMCM
d) performing Office Scan Client push installations in their LAN as configured in TMCM
The jobs of Office Scan Client are:
a) antivirus and antimalware scanning
b) enforcing the antivirus policies as recieved by their Office Scan Server
c) reporting events to the Office Scan Server
That means: TMCM communicates only with Office Scan Servers and these Office Scan Servers perform all the tasks that were defined in TMCM. Office Scan Clients are always connected to 1 Office Scan Server but never directly to TMCM.
For the TM antivirus architecture: The top hierarchy level will be TMCM (and for redundancy/load sharing one/some child TMCMs), on the second hierarchy level there will be the Office Scan Servers at each site and they will manage their local Office Scan Clients as third hierarchy level. Communication will only take place between neighbour hierarchy levels but not between top level (TMCM) and third level (Office Scan Client).
Is this correct? Did I miss something?
BTW: Do you know the release date for TMCM v5?