You could look at direct access As long as the remote machines ate Internet connected they can be managed
Usually people may still access the web bit not VPN onto corporate On Friday, 15 March 2013, Ken Schaefer wrote: > So, if I could summarise your requirements, and current state:**** > > ** ** > > Machines:**** > > *In Office* > > *Remote: once-per-day connectivity* > > *Remote: once-per-month connectivity* > > *Remote: no connectivity* > > 450**** > > ~30**** > > ~30**** > > ~30**** > > ** ** > > *Requirement* > > *Metric* > > *Compliance* > > Update AV**** > > Within 24 hours of release**** > > 100% of machines. **** > > Weekly report**** > > Update Acrobat/Java/Firefox/Chrome**** > > Within 14 days of release**** > > 100% of machines**** > > Weekly report**** > > Successful Backup**** > > (unsure what the scope is here)**** > > Unsure what the metric is here (Daily? Weekly? Monthly?)**** > > Weekly report**** > > Compliance Report**** > > Weekly**** > > 100% coverage**** > > ** ** > > If you need to meet 100% compliance (you don’t mention meeting, say, 90% > compliance within 1 day, 100% within a week, or dividing machines into > “in-office” vs. “remote”) then I think your problem is the infrequently > connected machines (~10% of the fleet), as they don’t connect frequently > enough for central enforcement and meeting your turn-around-times. So you > might look at:**** > > **a) **A configuration management system that’s able to communicate > “over the internet”. Could be as simple as a script that runs as a > scheduled task and posts the data back to a web server that you have > centrally**** > > **b) **Some way of making remote configuration changes > (Go-To-Meeting or something) to enforce updates (if/when required)**** > > ** ** > > You could look at using RDS or similar to publish the apps you need to > update within 14 days (except the ones listed all have their own updating > mechanisms). If that’s not working well, then Citrix/RDS might be an > option, as at least you can enforce the updating centrally**** > > ** ** > > Backup – I’m going to assume that TSM is not going to work for the > machines that do not VPN in, so you need something separate for them.**** > > ** ** > > I’d also look at your configuration management procedures, and tighten up > the link between asset lifecycle management -> configuration management -> > AD configuration, to reduce the time being spent on machines that haven’t > been removed from AD. You might want to read the ITIL docs to see all the > process areas you should have (not saying you should implement ITIL, but > it’ll help with proactive/consistent management of the environment.**** > > ** ** > > If you really need to hit the metrics you have above (including proving > compliance), you could be devoting almost an entire FTE to the above.**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > ** ** > > *From:* David Lum [mailto:[email protected] <javascript:_e({}, 'cvml', > '[email protected]');>] > *Sent:* Friday, 15 March 2013 7:24 AM > *To:* NT System Admin Issues > *Subject:* RE: Keeping 550+ systems maintained**** > > ** ** > > Excellent questions Ken, thanks. Up to date at this point means **** > > ** ** > > **1. **Current (within 1 day) of anti-virus signatures **** > > **2. **Have the latest Acrobat/Java/Firefox/Chrome updates within > two weeks**** > > **3. **Successful backups (we use Tivoli to back up endpoints)**** > > **4. **Weekly report to confirm the above **** > > ** ** > > Dave**** > > ** ** > > ** ** > > *From:* Ken Schaefer [mailto:[email protected]] > *Sent:* Wednesday, March 13, 2013 8:01 PM > *To:* NT System Admin Issues > *Subject:* RE: Keeping 550+ systems maintained**** > > ** ** > > I think you need to know what your requirements are.**** > > ** ** > > How do you define “up to date”? e.g. **** > > - How quickly do you need to deploy something (or even have a > range of critical/medium/low priority updates)?**** > > - And how do you need to report compliance (on demand? At > pre-set intervals?)**** > > - And how do you measure your SLA? E.g. what is an acceptable > level of ‘unknown’ state devices? And how long can they remain as ‘unknown’ > **** > > ** ** > > Once you have an idea of what you need to meet, then you can start to work > out what combination of technologies and people you need to meet it.**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, 13 March 2013 1:40 AM > *To:* NT System Admin Issues > *Subject:* Keeping 550+ systems maintained**** > > ** ** > > Scenario: **** > > · 550 Windows workstations, with 100 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected]<javascript:_e({}, > 'cvml', '[email protected]');> > with the body: unsubscribe ntsysadmin > -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
