The security policies governing the environment of your enterprise or organization have an impact on the way management operations are planned and executed in SSH Tectia Manager. Some of the following questions may be relevant in your environment:

Question 3: Who is allowed to deploy new software?

Question 4: Who is allowed to change the software configurations?

Question 5: Is the separation of duties enforced (meaning that no single administrator can perform an entire chain of operations, such as create, assign, and deploy configurations)?

SSH Tectia Manager allows several levels of administration rights to be assigned to the various administrator groups. Chapter 5 gives some examples of these.

Question 6: Are local configuration changes allowed on some hosts in certain situations?

SSH Tectia Manager notifies the administrator about locally made changes in the configuration. They are overwritten only if the administrator explicitly chooses to do so when deploying the centralized configuration (note that if the SSH Tectia software binaries on the host are updated, the centralized configuration files are automatically deployed to the host).

Question 7: How are new software and configuration deployments timed? Is there a certain time slot (per day, week, or even a year) when they can be performed?

SSH Tectia Manager does not currently restrict management operations according to time slots. It does enable, for example, the administrator to create and assign new configuration sets so that they are ready for the operators to perform the actual deployment during a weekend maintenance period.

Question 8: Which authentication mechanisms are used in the environment? Is a public-key infrastructure (PKI) available?

Chapter 8 provides guidelines for efficient PKI deployment in the SSH Tectia environment.