5. Tivoli Endpoint Manager Platform Elements
Single Server
Single Realtime Console Single Intelligent Agent
IBM
Content
Delivery
Thousands of In-Box Policies (Fixlets) Virtual Infrastructure
- Who, What and When
6. The Power of Distributed Intelligence Fixlet Messages
• Out-of-the-box policies
• Best practices for ops and sec
• Simple custom policy authoring
IBM
Content
Delivery
Single Server & Console
• Highly secure, highly available
• Aggregates data
• Analyzes & reports
Single Intelligent Agent
• Continuous self-assessment Virtual Infrastructure
• Continuous Policy enforcement • Designate any TEM agent
• Minimal system impact (<2% cpu) • Built-in redundancy
• Leverage existing systems
6
7. Tivoli Endpoint Manager: Low TCO, Real Savings
Previous Approach With TEM
24.000 device deployment 6 months 1 week
# of management servers 25 1
Patch Cycle 7 days 5 minutes
Software Inventory Cycle 3 weeks 20 minutes
(license ”true-up”)
Vulnerability Assessment Cycle 6 months 3 days
Security Configuration Cycle 5 months, 6 FTEs 2 weeks, 1 FTE
"I just wanted to share this with you and the guys…. The April Microsoft Patch push began at 5:00 AM on 4/20 with
579,047 affected patch instances to push, the largest push to date. At 3:00 PM on 4/20 a total of 527,916 affected
patch instances were fixed. This gives us a 91.17% affected patch instances fixed in only 10 hours!
I don't believe any other product could have accomplished what Tivoli Endpoint Manager accomplished here today.”
--IT Manager, Large Healthcare Organization
7
8. Unique realtime Endpoint Management Solution for
Windows, Macs, Linux – Vmware, AIX, HPUX – Android, Symbion, iOS
Manage your whole Endpoint Infrastructure from One server for
Patch Management, Software Inventory, Vulnerability Assessments,
Anti-virus Management, Power Management etc.
Manage Mobile phones as simple as you manage your servers.
Save real money by letting IBM Tivoli Software do the work for you.
8
IT and security staff struggle with multiple challenges and traditional technologies leave them exposed. Some of these challenges are:Missed patches – OS’es as well as applications such as iTunes, QuickTime, Adobe, Firefox, etc.Compliance pressures with regulatory mandates (e.g. PCI DSS, HIPAA/HITECH, etc)Failed auditsOperational failuresReductions in forceMergers and acquisitionsLack of visibility into what’s installed on a machine… and more…Simply put, with Tivoli Endpoint Managers, customers: know what they have know how it’s configured … and have the precision, speed, and control to execute change enterprise-wide – across platforms The innovation and unique approach provided by the Tivoli Endpoint Manager technology results in the ability for IT to do more with less. With our distributed agent intelligence, organizations benefit from real-time, instant visibility – assets are discovered immediately, and highly granular details are captured with a single, lightweight agent which performs continuous analysis, processing, and policy enforcement – whether the endpoint is connected to the corporate network or not.Thanks to this agent intelligence, we can offer unprecedented scalability – a single low cost server can manage over 250K endpoints – optimizing your back-end infrastructure and reducing complexity.The breadth of coverage is another key differentiator – whether your endpoints are desktops, servers, or roaming laptops – whether they’re running on Mac, Windows, Unix or Linux – whether they’re connected to your LAN or roaming and remote – they’re protected. Continuously, with a single intelligent agent.Deployment is straightforward, agents can be automatically provisioned, out-of-the-box policies can immediately be applied, and no network reconfiguration is required as we leverage existing hardware for our management infrastructure. Additionally, once the solution is up and running, discovery, assessment and remediation cycles complete in minutes – with the highest rates of first pass success in the industry (upwards of 90%).
Most enterprise networks are highly distributed. Users are connecting to your HQ site from across the Internet, while on the road, and also from remote offices – which makes security and systems management extremely challenging. Additionally, most enterprise networks have bandwidth constraints – over wireless, shared MPLS, satellite links, etc - which makes pushing fat software packages and security patches over these latency-prone links a huge burden for the IT organization. Moreover, many of these devices are intermittently connected – particularly those roaming laptops – which makes validating and updating their configuration virtually impossible. Finally, most enterprises have many different types of servers, desktops, laptops and handheld devices, making cross-platform support a must for any security and systems management solution.Unlike alternative solutions, BigFix was purpose-built to work efficiently within these types of environments. As you can see from the diagram, BigFix Agents can be deployed on all types of devices, whether those are running Windows, Windows Mobile, different flavors of UNIX, Linux and Mac. The BigFix Agent is the “brains” of the BigFix Unified Management Platform and continuously assesses the state of the endpoint against policy, whether connected to the network or not. As soon as it notices that an endpoint is out of compliance with a policy or checklist, it informs the BigFix server and executes the configured remediation strategy, and immediately notifies the BigFix Server of task status (completed, in process, not completed).The BigFix Server manages policy content – delivered in messages called “BigFix Fixlets” and updated continuously via the BigFix Content Delivery cloud-based service – and enables the BigFix Operator to maintain real-time visibility and control over all devices in the environment – including instantaneous discovery of devices that aren’t managed by BigFix. Because most of the analysis, processing and enforcement work is done by the BigFix Agent rather than the Server, ONE BigFix Server can support more than 200K endpoints, enabling customers to make the most of their security and systems management investment. Whatever specific BigFix solution a customer uses – whether it’s endpoint protection, systems lifecycle management or security configuration and vulnerability management – it’s delivered via a single management console view. Additionally, new services can be provisioned and delivered via the BigFix Content Delivery cloud with no additional hardware or software installations or network changes.Deployment is straightforward, and is typically completed within hours or days. Agents can automatically be installed within minutes, without disrupting end-users. Additionally, most customers deploy BigFix Relays to help manage distributed devices and policy content and as you can see in the diagram – an existing workstation can be leveraged for this purpose. Promoting an Agent to a Relay takes minutes and doesn’t require dedicated hardware or network configuration changes. It’s entirely up to the customer how many Relays to deploy and where they’d like to place them; however, we can certainly make recommendations based on business and technical considerations. In addition to caching patches and other software updates close to end user devices, BigFix Relays manage the bandwidth used by BigFix to ensure that systems and security management tasks don’t consume all available network bandwidth.To a world accustomed to multiple, fragmented technologies and point solutions, BigFix offers an alternative: the industry’s only single-console, single-agent platform that addresses operations, security and compliance initiatives in real-time and at global scale.
Here’s an example of one Tivoli Endpoint Manager customer who achieved an overall lower total cost of ownership, thanks to faster implementation and simplified IT operations. It’s truly remarkable to see a single solution – within a single week deployment – deliver the following results:Reduction of the number of management servers from 25 to 1 – the other 24 could be reprovisioned for other projects, or decommissioned to save on maintenance costs.Reduction of energy costs thanks to Tivoli Endpoint Manager for Power Management.Moving from a 7 day patch management cycle to literally minutes increased their time to remediation, shrinking vulnerability exposures and maximizing resources.They were able to perform a license true-up in 20 minutes compared to close to a month previously.In terms of security, it’s critical to shrink those windows of vulnerability – and in this case, thanks to Tivoli Endpoint Manager, they were able to do that with amazing results.