Control Manager Installation Guide - Trend Micro? Online Help
Control Manager Installation Guide - Trend Micro? Online Help
Control Manager Installation Guide - Trend Micro? Online Help
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Introducing <strong>Trend</strong> <strong>Micro</strong> <strong>Control</strong> <strong>Manager</strong><br />
translate this private IP address into a real world IP address before sending a request to<br />
the Internet. This introduces some problems since each connecting computer uses a<br />
virtual IP and many network applications are not aware of this behavior. This usually<br />
results in unexpected program malfunctions and network connectivity issues.<br />
For products that work with <strong>Control</strong> <strong>Manager</strong> 2.5/3.0 agents, one pre-condition is<br />
assumed. The server relies on the fact that the agent can be reached by initiating a<br />
connection from server to the agent. This is a so-called two-way communication<br />
product, since both sides can initiate network connection with each other. This<br />
assumption breaks when the agent sits behinds a NAT device (or the <strong>Control</strong> <strong>Manager</strong><br />
server sits behind a NAT device) since the connection can only route to the NAT<br />
device, not the product behind the NAT device (or the <strong>Control</strong> <strong>Manager</strong> server sitting<br />
behind a NAT device). One common work-around is that a specific mapping<br />
relationship is established on the NAT device to direct it to automatically route the inbound<br />
request to the respective agent. However, this solution needs user involvement<br />
and it does not work well when large-scale product deployment is needed.<br />
The MCP deals with this issue by introducing a one-way communication model. With<br />
one-way communication, only the agent initiates the network connection to the server.<br />
The server cannot initiate connection to the agent. This one-way communication works<br />
well for log data transfers. However, the server dispatching of commands occurs under a<br />
passive mode. That is, the command deployment relies on the agent to poll the server<br />
for available commands.<br />
HTTPS Support<br />
The MCP integration protocol applies the industry standard communication protocol<br />
(HTTP/HTTPS). HTTP/HTTPS has several advantages over TMI:<br />
• A large majority of people in IT are familiar with HTTP/HTTPS, which makes it<br />
easier to identify communication issues and find solutions those issues<br />
• For most enterprise environments, there is no need to open extra ports in the<br />
firewall to allow packets to pass<br />
• Existing security mechanisms built for HTTP/HTTPS, such as SSL/TLS and<br />
HTTP digest authentication, can be used<br />
Using MCP, <strong>Control</strong> <strong>Manager</strong> has three security levels:<br />
1-7