The following sections contain information to help you secure access to your ZENworks Endpoint Security Management server:
Physical access to the Distribution Service Server should be controlled to prevent access by unauthorized parties. Measures taken should be appropriate to the risks involved. There are multiple available standards and guidelines available, including NIST recommendations, HIPAA requirements, ISO/IEC 17799, and less formal collections of recommendations such as CISSP or SANS guidelines. Even when a given regulatory frameworks is not applicable, it may still act as a valuable resource and planning guide.
Likewise, Disaster Recovery and Business Continuity mechanisms to protect the Distribution Server should be put in place to protect the server if an organizational risk assessment identifies a need for such steps. The mechanisms best used will depend on the specifics of the organization and its desired risk profile, and cannot be described in advance. The same standards and guidelines sources listed above can be helpful in this decision as well.
The Distribution Server can be further protected from unauthorized access by restricting network access to it. This may take the form of some or all of the following:
Restricting incoming connection attempts to those ports and protocols from which a valid access attempt might be expected
Restricting outgoing connection attempts to those IP addresses to which a valid access attempt might be expected
Restricting outgoing connection attempts to those ports and protocols to which a valid access attempt might be expected
Such measures can be imposed through the use of standard firewall technology.
High Availability mechanisms for the Distribution Server should be put in place if an organizational risk assessment identifies a need for such steps. There are multiple alternative mechanisms for building high availability solutions, ranging from the general (DNS round-robining, layer 3 switches, etc.) to the vendor specific (the Microsoft* web site has multiple resources on high availability web services and clustering issues). Those implementing and maintaining a ZENworks Endpoint Security Management solution should determine which class of high availability solution is most appropriate for their context. Note that the Distribution Server has been architected to function in non-high-availability situations, and does not require High Availability to provide its services.