SSH Tectia

Benefits of SSH Tectia Manager

This section shows how SSH Tectia Manager can benefit the management of a security product environment as compared to a system without centralized management.

Easy installation of SSH Tectia software

Deploying and managing large software environments may lead to growing, often partially hidden, overhead costs created by the resources needed to deploy, upgrade, configure, and monitor the security environment.

  • The first installation of the Management Agent to the managed host should be performed using an existing 3rd party software deployment system (for example, System Management Server (SMS) or Active Directory on Windows). Naturally, it is also possible to install the Management Agent manually from a CD-ROM or a network drive. Once the Management Agents have been deployed, all SSH Tectia software installation can be managed centrally.

  • SSH Tectia Manager enables centralized SSH Tectia software deployment and upgrades. You can perform mass installations, upgrades, and uninstallations of SSH Tectia software over distributed and heterogeneous server and workstation environments from a single point, Management Server.

  • SSH Tectia Manager includes an SSH Tectia client/server binary and documentation library. SSH Tectia Manager imports the installation packages and documentation for SSH Tectia Client, ConnectSecure, and Server software for effective software deployment operations.

  • With SSH Tectia Manager, you can receive real-time detailed status reports of software and configuration deployment progress over a heterogeneous distributed environment.

  • Distribution Servers can be set up for load sharing of management operations in large and distributed environments. The management connection protocol and database interface have been designed to support an environment of thousands of hosts with a single Management Server. Local Distribution Servers may be deployed to facilitate the management of even larger environments. The easily deployable small-footprint Distribution Servers can also be duplicated, to provide redundancy.

Easy configuration management

Versatile software configuration options may lead to growing inconsistency of settings, when administration is distributed between several persons or teams. Configuration errors may take much time and effort to solve if configurations are done on a per-host basis.

  • SSH Tectia Manager enables centralized SSH Tectia software configuration management. You can create, maintain, assign, and deploy sets of SSH Tectia client/server configurations with the powerful configuration management GUI tool. You can also monitor your environment for local configuration changes for auditable policy enforcement.

  • SSH Tectia Manager offers flexible host grouping. You can create multiple free-form host views and hierarchies, based on how your environment and IT operations are organized.

  • SSH Tectia Manager stores host and configuration data in a built-in SQL database. Management Server with the SQL database provides easy installation and maintainability, and a storage facility for host information, log archives, and SSH Tectia client/server configurations. SSH Tectia Manager also supports the use of Oracle (versions 9.2 and 10g) as an external management database.

Visibility to the security environment

Administrator visibility into the environment may be poor if no efficient and systematic tools for handling logs and alerts exist.

  • With SSH Tectia Manager you can maintain an up-to-date view into the SSH Tectia applications and monitor the status in graphical statistics and reports.

  • SSH Tectia Manager offers centralized SSH Tectia Server log gathering and viewing. You can audit and troubleshoot your environment and operations with the centralized gathering and archiving of SSH Tectia client/server solution logs (including user logins, unsuccessful login attempts, and file transfer activity).

  • SSH Tectia Manager offers logging and alert support to third-party monitoring systems. The logs generated by SSH Tectia Server and SSH Tectia Manager can be pushed to syslog, for export to existing third-party monitoring and log analysis systems.

Efficient and secure administering

Administrators need a remote connection to the system they monitor and control.

  • SSH Tectia Manager offers an encrypted and authenticated web-based administration interface. Administrators can use standard browsers to access the SSH Tectia Manager administration interface securely, with no Java or plug-ins required. The connections from the administrator's workstation to the Management Server are TLS-encrypted with server-side X.509 certificate authentication. The administrators are likewise authenticated to the system using passwords and optional TLS client authentication using X.509 certificates.

  • SSH Tectia Manager offers administrator account import. You can import SSH Tectia administrator authentication information from an existing directory (for example from LDAP or active directory) and avoid maintaining passwords etc. in several overlapping systems.

  • SSH Tectia Manager enables role-based administrator access management. The administrator user groups and roles determine which hosts each administrator is able to manage and view, and which management actions (for example, configuration editing, configuration deployment) they are allowed to perform. In addition to maintaining granular administration privileges, you can enforce the maker/checker, or the four-eyes policy for the configuration management and deployment.

  • SSH Tectia Manager maintains an audit trail log of administrator actions for troubleshooting and accountability. All changes made by an administrator are logged as an audit trail in the database. Critical data in the database is encrypted. The database may be replicated, backed up and restored with existing procedures and third-party tools.

Easy host identity management

Managing trust between hosts becomes progressively more difficult in growing environments, as new hosts are installed, reinstalled, and taken out of service perhaps daily.

  • SSH Tectia Manager has a built-in certification authority for host identity management. You can manage your server host authentication with the robust public-key infrastructure (PKI) with full certificate lifecycle management features for enrolling, renewing, and revoking X.509v3 host certificates.

  • SSH Tectia Manager offers centralized configuration of PKI settings for the SSH Tectia client/server solution. You can leverage the built-in certification authority or your existing third-party PKI solution (e.g. Entrust Authority) for SSH Tectia authentication by managing and deploying PKI configuration settings and CA certificates throughout your environment.

  • SSH Tectia Manager offers centralized (server) host public key distribution. When plain public-key authentication is used instead of a full PKI, SSH Tectia Manager can be set to automatically distribute the server host public keys to the client hosts. This will avoid unnecessary "Host key has changed" notifications upon server installations and rebuilds.

  • SSH Tectia Manager offers secure management connections. Upon installation, the Management Agent automatically contacts the Management Server and sets up an authenticated and encrypted management connection for host registration and management operations. The management connections are encrypted and authenticated with transport layer security (TLS). The server is authenticated with an X.509 certificate and the client with a pre-shared key.