Solved

Recommended design for Trend Micro antivirus management

Posted on 2007-11-30
5
3,700 Views
Last Modified: 2013-11-22
I need to plan the design for a centralized antivirus management architecture using Trend Micro Control Manager 3.5 and Office Scan 8.0 Client Edition for Windows. Because I'm new to Trend Micro products I don't have an overview about Trend Micros management infrastructure an I'm also not yet familiar with the best practices.

The goal is to manage Office Scan Clients in a lot of remote subnets from a single central server. Each subnet is connected to the central server by a VPN-WAN link. Each subnet contains a different Windows domain and there are no trusts between the central server's domain and the remote domains. All antivirus related tasks (installation, configuration, troubleshooting and reporting) have to be managed from the central server.

Where do I have to place the different Trend Micro infrastructure components (Trend Micro Control Manager, Office Scan Server, Office Scan Clients) for this scenario? I guess the 'root' in this design will be a central Trend Micro Control Manager (TMCM) on the central server. But which component is the best to be deployed in each subnet? An Office Scan Server (managed by the central TMCM) or an child TMCM? What would be the advantages/disadvantages for each product? In addition would it be a good idea to 'attach' Office Scan Clients in remote subnets directly to the central TMCM (without a local Office Scan Server or TMCM) if there are only 5 computers in in the remote subnet?

Would one of the architectures offer the possibility to trigger an antivirus client installation to a computer in a remote subnet with loading the setup packages from a repository that is in the same LAN as the target computer? This would be useful to avoid that setup packages are transferred from the central TMCM via VPN links to the remote target computers.

Any help is appreciated!
0
Comment
Question by:ghana
  • 3
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
silganit earned 500 total points
ID: 20396671
The company I work for has use Trend product for many years with great success. We are a large manufacturing company with location all over the country every location is connect via MPLS WAN. I have setup 2 control manager server one located at the main IT office and one at our corporate office for load balancing. The TMCM server at our main IT office is the main server or the Parent and the TMCM server at our corporate is the child this configuration all me to manage all Trend Micro products from one location. As for Officescan each location has a Domain controller and I have install Officescan at each location That way all the clients can get the updates from the local server instead of going across the WAN to pull the updates down. Each officescan server is register to one of the 2 TMCM servers  depend on it location. Office scan allows you to put in multiple sources to get its updates from so depending on what TMCM server it is register with determines which server it will get it updates from but I also put in the second TMCM server just in case that server is offline or the WAN link is down. As for clients they get there update from the local server unless the local server is unavailable then they go to Trend Micro web site for updates. This is for our remote users that have laptop these users travel so this will grantee that they will always have current updates.  All of this is reported back to both TMCM server and the system e-mails a daily report  everyday tell me the client that are out of date or failed to get the update and who is infected and if the infection was cleaned.  
I hope this helps if you need more information Please feel free to contact me.

PS as side note we have been Beta testing TMCM 5 for the last month and as soon as it is released I would suggest upgrading to it which will be a free upgrade as long as you license are current. There are many features that gives more central control and reporting of your Trend Product plus it allow for custom query to be performed on the DB.

Michael Draeger
Field Support Rep
Silgan Containers Corp.
0
 
LVL 11

Author Comment

by:ghana
ID: 20401398
Hello silganit,

thanks for your reply and for sharing your experience with Trend Micro (TM) products! Just to check that I really understand the TM architecture:

The jobs of TMCM are:
a) providing signature and product updates for multiple Office Scan Servers
b) providing a central point of configuration for multiple Office Scan Servers

The jobs of Office Scan Server are:
a) providing signature and product updates for their Office Scan Clients as recieved by TMCM
b) providing antivirus policies for their Office Scan Clients as recieved by TMCM
c) sending antivirus events recieved from their Office Scan Clients to TMCM
d) performing Office Scan Client push installations in their LAN as configured in TMCM

The jobs of Office Scan Client are:
a) antivirus and antimalware scanning
b) enforcing the antivirus policies as recieved by their Office Scan Server
c) reporting events to the Office Scan Server

That means: TMCM communicates only with Office Scan Servers and these Office Scan Servers perform all the tasks that were defined in TMCM. Office Scan Clients are always connected to 1 Office Scan Server but never directly to TMCM.

For the TM antivirus architecture: The top hierarchy level will be TMCM (and for redundancy/load sharing one/some child TMCMs), on the second hierarchy level there will be the Office Scan Servers at each site and they will manage their local Office Scan Clients as third hierarchy level. Communication will only take place between neighbour hierarchy levels but not between top level (TMCM) and third level (Office Scan Client).

Is this correct? Did I miss something?
BTW: Do you know the release date for TMCM v5?

0
 
LVL 3

Assisted Solution

by:silganit
silganit earned 500 total points
ID: 20403135
Your right on the money on everything except you left out the fact that the TMCM also has Damage clean up services if you bought the license for it and the this is also a feature with officescan  providing you have the license for it. Also you do not need to set up a child TMCM if you do not have that many Officescan servers my company has 53 officescan servers plus, Scanmail , DSC, and Network Virus Wall Which all connect to the Control manager to get its update and policies. This is why I setup two so not just one server is getting hit will all the traffic. If you want I can send you a Viso Digram of how we have our AV architecture setup if that will help


As for when TMCM 5 will be released I am not sure the exact date but right now beta 2 will be released 12/10 all test script are due 10/20 and the public release is sometime in January.  
0
 
LVL 11

Author Comment

by:ghana
ID: 20403447
Thank you very much! You really helped me to get an overview about TM antivirus architecture. If the Visio diagramm doesn't contain business critical information of your company that should kept secret it would be a great additional information for me to setup our design.
0
 
LVL 3

Expert Comment

by:silganit
ID: 20403897
it is no problem the digram I would send you would be a very basic diagram of just how our Trend architecture is setup nothing secret, it does not repesent how our network is designed or function if you send me you e-mail address I will foward it on to you you can e-mail me at mdraeger@silgancontainers.com.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now