Sophos Enterprise Solutions

1
Sophos Enterprise Solutions
2
This Seminar

• Overview
• Components EM Library, Enterprise Console,
  Clients
• OS requirements and product functionality
• EM Library
• In depth
• Enterprise Console
• In depth
• Clients
• In brief

3
Overview
4
Components

• EM Library (essential)
• Manages downloading of software from Sophos
• Enterprise Console (optional sort of)
• Manages clients
• Sophos Anti-Virus Clients (essential)
• Client software for virus detection and
  disinfection

5
Requirements EM Library

• Windows
• Windows NT SP6a
• Windows 2000 Professional or Server (SP3)
• Windows XP Professional (SP1)
• Windows 2003 Server
• Requires MMC 1.2
• IE 5.5 SP2 or above

6
Requirements Enterprise Console

• Windows 2000 (SP3) or 2003 Server
• If managing more than 10 PCs
• Windows 2000 (SP3) or XP (SP1) Professional
• If managing up to 10 PCs
• May be used to define and export policies,
  regardless of PCs managed

7
Function EM Library

• Downloads package updates from Sophos to a
  library according to a schedule
• Default is c\program files\sophos enterprise
  manager\library shared as SophosEM
• Library can be remote or local
• Optionally publishes packages to make them
  available to child libraries

8
Function EM Library

• Pushes updates to Central Installation
  Directories (CIDs)
• CIDs can be on remote servers (e.g. unix)
• CIDs can be published via a web server
• Clients check CIDs for updates and download as
  required

9
Function Enterprise Console

• Deploy software to clients
• Monitor status of client installations
• Organise clients into groups
• Define and apply updating and anti-virus polices
  to groups of PCs
• Report on alerts etc.

10
(No Transcript)
11
How does Enterprise Console fit in?

• Not required to provide updates to clients
• May be used to manage clients

12
Documentation

• Sophos enterprise solutions installation advisor
• Sophos Anti-Virus Startup Guide
• Knowledgebase
• Ignore docs with references to Remote Updates,
  SAVAdmin
• Look for EM Library v1.2, Enterprise Console 1.0,
  Clients 4.5 or 5.0
• http//www.oucs.ox.ac.uk/viruses/sophos/antivirus
  as a starting point

13
Questions?
14
EM Library
15
Installation

• Download required network installer from
  micros.oucs
• Before installation on Domain Controller
• Optionally create domain a/c with admin
  privileges
• http//www.sophos.com/support/knowledgebase/articl
  e/2522.html
• Global credentials used to access and update CIDs
  (Can be altered for individual CIDS)
• Run installer
• Server es10sfx.exe (unpacks to \sec10)
• Workstation run es10wssfx.exe if you run
  setup.exe from unpacked files it will fail (tells
  you only server supported!)

16
Installation

• To install EM Library only
• \sec10\Serverinstaller\EMConsole\setup.exe
• Post Installation
• Patch MSDE 2000 engine (use MBSA to determine
  appropriate patches)
• Not required if only installing EM Library (MSDE
  installed by Enterprise Console only)
• Note EM Library creates share for EM Library
  installation files
• Default is C\Program Files\Sophos Enterprise
  Manager\console\bin\inst shared as EMLibInstaller

17
Configuring EM Library
18
Create Library

• Location for downloaded files from Sophos
• Local or remote
• Prompts for installation path and library share
  name
• Defaults are C\Program Files\Sophos Enterprise
  Manager and SophosEM
• Prompts for path and share name for Central
  Installation Directories
• Default C\Program Files\Sophos Sweep for NT
  shared as Interchk

19
Create Library
20
Create network account

• Used to update library files
• May need to use pre-created domain account on a
  domain controller
• Unclear whether you need to pre-create account if
  installing on member server in a domain
• http//www.sophos.com/support/knowledgebase/articl
  e/2522.html
• On standalone server you can choose option to
  create account

21
Create Network Account
22
Select Parent
23
Select Parent

• Source of files to download to library
• Can be Sophos databank or another library
• Will generally be the Sophos databank
• Credentials available from ITSS restricted
  facilities web page
• https//register.oucs.ox.ac.uk6123/cgi-bin/diagon
  alley/index
• Under Sophos EM Library Update Service
• Do not divulge these to anyone except ITSS!

24
Select Parent
25
Schedule Downloads
26
Schedule Downloads

• Sets up schedule for downloading from Sophos or
  parent library
• Generally set up new schedule and accept defaults
• Downloads updates once every hour (random offset)
• Downloads can also be triggered manually via EM
  Library

27
Schedule Downloads
28
Schedule Downloads
29
Select Packages
30
Select Packages

• Default view shows only the current versions of
  the new Sophos clients

31
Select Packages

• Uncheck options to see more packages

32
Download Packages
33
Download packages

• Triggers initial download of packages to populate
  both library and central installation folders
  (CIDs)
• Default CID already set up for each package
• If you want to move CIDs (e.g. to linux box) you
  can do this before downloading
• or later

34
Download Packages

• Can also be used at any time to trigger manual
  update of packages

35
Configuring Packages
36
Configuring Packages

• Subscribed
• Will be downloaded according to schedule
• Unsubscribed
• Will not be downloaded
• Right-click to subscribe
• Published
• Available to child libraries
• Right-click to publish

37
Configuring Central Installations
38
Configuring Existing CIDs

• Can alter location of CID (e.g. to a different
  server)
• Can alter credentials to access CID
• Can change updating schedule (default is to
  update immediately after library is updated)
• Can locate CIDs on other servers, so long as the
  location is accessible from Windows box (e.g. via
  Samba)

39
Configuring Central Installations

• Right-click to configure existing CIDs

40
Add additional CIDs

• Packages/subscribed and right-click on chosen
  package
• Configure options as per configuring existing
  CIDs

41
CIDs Additional Information

• Note special requirements for CIDs for the
  following clients (see manuals)
• Mac OS X
• Netware
• Unix
• We will cover some of these points in more detail
  in future seminars
• Manually update a CID via right-click/Update CID

42
CID Anatomy
Top Level Purpose
cid\
setup.exe Main setup file
cidsync.upd Used to check synchronisation status
sau\ AutoUpdate files
cidsync.upd Used to check synchronisation status
sauconf.xml Optional file to configure updating policy
rms\ Remote Management System files
cidsync.upd Used to check synchronisation status
savxp\ Sophos Anti-virus files
cidsync.upd Used to check synchronisation status
savconf.xml Optional file to configure A-V policy
43
CID Anatomy

• cidsync.upd
• Clients use this to check synchronisation status
• Includes details of all files (including ides)
• Binary file, generally updated by EM Library
• rms folder is optional
• Remote management components used by Enterprise
  Console
• Need to tell installer not to use it (default is
  to install rms)
• More on this in the next seminar

44
EM Library Tools/Options

• Console Options
• Display, refresh etc.
• Security
• Who can run EM Library
• Effectively adds and removes users or groups from
  the EMLibrary Users group
• Notifications
• Method (Email, Event Log, Network Messaging)
• What is notified

45
EM Library Scripts

• \\server\SophosEM\bin\EMLexp.exe (C\Program
  Files\Sophos Enterprise Manager\Library\bin\EMLexp
  .exe)
• Export library settings to XML file
• Import library settings from XML file
• Trigger manual update of a library
• NB File may require editing before import to
  different server (see http//www.sophos.com/sophos
  /docs/eng/manuals/eml_men.pdf)

46
EM Library Scripts

• Manual update of child library via batch file
• http//www.sophos.com/sophos/docs/eng/manuals/eml_
  men.pdf)
• Page 48

47
Questions?
48
Sophos Enterprise Console
49
Enterprise Console

• Install using network installers as per EM
  Library
• Manage clients in a controlled environment, e.g.
  college or department
• Remote installation and updating of Sophos
• Status of Sophos on machines
• Reporting
• Apply Policies for updating and A-V engine
• Apply via Enterprise Console
• Or export to files for inclusion in CIDs

50
Console View
51
Viewing Computers

• Actions/Find Computers
• Relies on Microsoft networking (browse masters
  etc.)
• Windows XP firewall likely to cause problems
• File/Import computers from file
• File format (text file)
• name1
• name2
• Netbios or DNS names
• See help for full information (testing shows that
  you may need to include OS)

52
Organising Computers Groups

• Need at least one group in order to define
  policies
• Move PCs from Unassigned into groups

53
Configuring Policies

• Updating and Anti-virus policies
• Policies may be different for each group
• Updating policy has different sections for each
  OS
• At least one section must be configured
• Updating policy must be set before protecting PCs
  via Enterprise Console
• Use Comply with to enforce policies

54
Updating Policy

• Need to specify at least
• Primary source (for updates)
• Credentials (if required)
• Can specify other items
• How often client checks for updates

55
Updating Policy
56
Anti-virus policy

• E.g. scheduled and on-access scanning

57
Protect Computers Prerequisites

• Need access to clients via file share
• XP or other personal firewall
• May prefer to install from client
• Need account with admin credentials on clients
• Need same account credentials to exist on server
  (does not need to be admin)
• Dont have to be logged in as this account
• Suspect non-domain issue
• Must configure Updating Policy on group before
  protecting

58
Protect Computers Wizard
59
Enterprise Console and Firewalls

• 3 services on client (see Appendix B)
• Using TCP 8192-8194
• Connections may be initiated by server or clients
• Be wary of firewalls at both ends
• Only applies for management of machines
• Scheduled client updates are always initiated
  from the client end

60
Policies

• Can be applied via Enterprise Console
• Can also be applied using files
• Sauconf.xml (Updating policy) in sau folder
• Savconf.xml (A-V policy) in savxp folder
• Useful for clients not managed by Enterprise
  Console
• Web-based CIDs

61
Policies

• Export group policies from Enterprise Console
  using exportconfig.exe
• \sec10\tools or \sec10ws\tools
• More detail in next seminar

62
Questions?
63
Sophos Clients
64
Client Installation

• Sophos AutoUpdate installed first
• Configured with source of Sophos files
• Credentials to access files
• Sophos AutoUpdate
• Fetches and installs other components using
  source and credentials
• Management Components
• Optional (default install from CID includes
  these)
• Enterprise Console will install them can be
  turned off using other installation methods

65
Client Components on Windows XP
Component Purpose Services
Sophos AutoUpdate Updating Sophos 1. Sophos AutoUpdate Service
Sophos Anti-Virus Virus Detection 1. Sophos Anti-Virus 2. Sophos Anti-Virus status reporter
Sophos Remote Management System Enterprise Console Management 1. Sophos Agent 2. Sophos AutoUpdate Agent 3. Sophos Message Router
66
Client Configuration

• Groups created
• SophosAdministrator
• SophosPowerUser
• SophosUser
• Automatically puts members of Administrators into
  SophosAdministrator, etc.
• Restricts access to configuration options

67
Group Restrictions

• Member of SophosAdministrator group

68
Group Restrictions

• Member of SophosUser group

69
Client Installation and Configuration

• To be continued

70
Questions?
71
Appendix A EM Library

• Default Shares
• C\Program Files\Sophos\Enterprise
  Manager\console\bin\inst (EMLibInstaller)
• Installation files for EM Library
• C\Program Files\Sophos Enterprise
  Manager\Library (SophosEM)
• Library
• C\Program Files\Sophos Sweep for NT (Interchk)
• Client software Central Installation Directories

72
Appendix A EM Library

• Services created when Library is created
• Sophos EMLibUpdate Agent
• Sophos Enterprise Manager Scheduler

73
Appendix A EM Library

• Users created (optional)
• EMLibUser1 (can specify alternative account)
• Member of Administrators
• Groups created
• EMLibrary Users
• Members of existing Administrators group are made
  members automatically

74
Appendix B Enterprise Console

• Shares created
• None known
• Services created
• Sophos Agent
• Sophos AutoUpdate Agent
• Sophos Certification Manager
• Sophos Management Service
• Sophos Message Router

75
Appendix B Enterprise Console

• Groups created
• Sophos Console Administrators
• Members of existing Administrators group are made
  members automatically
• Must be a member of this group in order to run
  Enterprise Console

76
References

• Sophos enterprise solutions installation advisor
• http//www.sophos.com/misc/sophos_es_support_pack.
  chm
• Sophos Anti-Virus Startup Guide
• http//www.sophos.com/sophos/docs/eng/instguid/esa
  v_sen.pdf
• Sophos EM Library Manual
• http//www.sophos.com/sophos/docs/eng/manuals/eml_
  men.pdf

77
References

• Sophos Enterprise Console Manual
• http//www.sophos.com/sophos/docs/eng/manuals/sec_
  men.pdf
• OUCS Guide to Installing and Configuring EM
  Library and Automatic Client Updating
• http//www.oucs.ox.ac.uk/viruses/sophos/enterprise
  /
• Refer to references section for more links