Symantec BindView®Security Management Center v3.00 Release Notes

Article:TECH113319  |  Created: 2006-01-15  |  Updated: 2010-08-04  |  Article URL http://www.symantec.com/docs/TECH113319
Article Type
Technical Solution


Issue






Solution



BindView®Security Management Center v3.00 Release Notes

Overview

Security Management Center provides organizations with advanced tools to proactively build and measure comprehensive security best practices across the enterprise.

System Requirements

The Security Management Center product has minimum system requirements for installation and use. The following minimum requirements are based on an environment in which 1-300 target machines will be monitored. Before installing Security Management Center, ensure that your system meets the following requirements.

· 3.0 GHz CPU

· 1 GB RAM

· 1 GB free disk space

· Monitor resolution set to 1024x768 pixels or greater

The machine that hosts the Security Management Center Server, the Security Management Center Web Portal, or the Security Management Center Database must meet the following minimum software requirements:

· One of the following versions of Microsoft Windows:
· Microsoft Windows Server 2003 SP1 or later

· Microsoft Windows 2000 Server SP4 or later

· Microsoft Windows 2000 Advanced Server SP4 or later

· MDAC 2.7 or later

· One or more NTFS Volumes

· Microsoft Windows Scripting Host v5.6 or later

· .NET Framework 1.1 or 1.1 SP1 (Service Pack 1 is recommended, due to known issues with security in v1.1)

· Microsoft Internet Explorer v6.0 or later

In addition, the machine that hosts the Security Management Center Database must have Microsoft SQL Server 2000 or later installed.

If you install the Web Portal, the machine that hosts the Web Portal must have IIS 6.0 or later installed and configured.

If you use Windows 2000 Server or Windows 2000 Advanced Server with IIS 6.0 or later, you must install IIS before installing the .NET Framework or use .NET utilities to register the .NET Framework with IIS.

On Windows Server 2003 machines, you must use the Add or Remove Windows Components option in the Add or Remove Programs Control Panel to install ASP.NET. It is not installed by default. For information on installing ASP.NET, please consult your Windows Server 2003 documentation.

In addition, when using Windows Server 2003 or IIS 6.0, you must enable the ASP.NET extensions within IIS. For information on configuring IIS to work properly with the Web Portal, please see the Security Management Center Getting Started Guide.

Security Management Center Client Requirements

The Security Management Center client is the user interface to the Security Management Center, allowing the user to set up and manage data collection and standards. The Security Management Center client can be used simultaneously on many machines on your enterprise network.

Any machine that meets the following hardware and software requirements can run the Security Management Center client:

· 1.2 GHz CPU

· 512 MB RAM

· Monitor set to 1024x768 pixels or greater

· One of the following versions of Microsoft Windows:

· Microsoft Windows 2000 Professional SP4 or later

· Microsoft Windows 2000 Server SP4 or later

· Microsoft Windows 2000 Advanced Server SP4 or later

· Microsoft Windows XP or later

· Microsoft Windows Server 2003 or later

Other Requirements

If you will use Compliance Manager, you must have at least one copy of the BindView RMS Console and Information Server installed and available for the BindView Compliance Manager to contact. The BindView Information Server must meet one of the following configurations:

· BindView RMS Console v7.30 SP2 with Hotfixes CRC170957 and CRC175169

· One or more bv-Control Snap-in Modules

· bv-Control for Windows v7.30 SP2 or later with Hotfixes WQD169877 and WSD176210, or bv-Control for Windows v7.35 with Hotfixes WQE169726 and WSE176196

· bv-Control for UNIX v7.3

· bv-Control for NetWare v7.52 with Hotfix NSC178010

· BindView RMS Console and Information Server v8.00 SP2, v8.00 SP1, or v8.00 with Hotfixes CRH170966 and CRH174834

· One or more bv-Control Snap-in Modules

· bv-Control for Windows v8.10, v8.00 SP2, or v8.00 SP1 with Hotfixes WQI174640 and WSI175769

· bv-Control for UNIX v8.10 with RF863 or v8.00 SP1 with RF828

· bv-Control for NetWare v8.00 with Hotfix NSH178009

· bv-Control for Oracle v8.00 or later

· bv-Control for Microsoft SQL Server v8.10 or later

· bv-Control for Microsoft Exchange v8.00

To use the NetWare Platform and Application Support Pack, you must install the BVSIM4.NLM in addition to bv-Control for NetWare. The NLM is available from BindView Technical Support for registered bv-Control for NetWare customers. In addition, in the Directory Services Name area of the Query tab of the bv-Control for NetWare Settings dialog, the Typeless option and no others must be selected. This is the default setting when bv-Control for NetWare is installed.

Printing Requirements

You may view and print Compliance Manager reports in two ways on computers that are not Compliance Manager clients. For reports with simple formats, save the report as text or email it to the recipient.

For reports with more complex formats, export reports as XLS, DOC, RTF, or PDF. To view these reports, the non-client where you view the exported reports must have the software that supports the exported format, as shown in the table.

          Format
          Software Required
          XLS, DOC
          Microsoft Office® 2000 or later
          Generic RTF
          Microsoft Office 2000 or later, WordPad, and other RTF-capable applications
          PDF
          Adobe® Reader® v5.00 or later
Known Issues

We recommend that you review the following notes before using Security Management Center with the BindView RMS Console:

· When the Security Management Center Installer is upgrading an existing Compliance Center v2.1 installation to Security Management Center v3.00, the Compliance Center Server is automatically uninstalled. During the uninstallation, the v2.1 uninstaller tries to remove a log file used by the Compliance Center Service before the Compliance Center Service has completely stopped. If this occurs, an error message will appear. If it appears, wait approximately two minutes to give the service time to stop and then click Retry to delete the log file and continue with the unistallation and upgrade.

· When the Security Management Center Installer is upgrading an existing Compliance Center v2.1 installation to Security Management Center v3.00, the Compliance Center Web Portal is automatically uninstalled. During the uninstallation, the v2.1 uninstaller may display the error message "Error:-1603 Fatal error during installation." If this message appears, click OK to close the dialog and the uninstallation and upgrade will continue.

· Due to restrictions in .NET Remoting used by the Security Management Center, if Name Resolution is not available, and the Security Management Center Client attempts to contact the Security Management Center server using only the IP Address, the Client will not start up successfully. If Name Resolution will not be available, you should add the Security Management Center Server's host name and IP address to the "lmhosts" and "hosts" files on each machine that will use the Security Management Center Client.

· If you choose to install the optional Web Portal components, the Web Portal will function properly as soon as it is installed, but incorrect icons will appear for the Security Management Center Web site in the Internet Information Services (IIS) Manager until the next time the Internet Information Server service is restarted, since the Internet Information Services (IIS) Manager only collects the icons it displays when it starts up. This is a cosmetic effect only, and it does not affect Web Portal operation or performance.

· When you generate a report for a user-defined standard in Compliance Manager, items in the Remediation and References tabs do not appear in the report.

· When using the Security Management Center Installer to Add Features to an existing installation, the Windows Installer service sometimes fails to start properly. When this happens, the error message "Unable to launch the Security Management Center Setup MSI. Error Code: 1601" appears. If this occurs, open the Windows Services Control Panel and manually start the Windows Installer service, or restart the computer. You will then be able to use the Security Management Center to add features.

· When copying and pasting formatted text from another application into a Policy Manager policy, the formatting present in the source application may not match the formatting in Policy Manager, due to the way formatting is handled on the Windows clipboard.

· Due to restrictions in Microsoft .NET, the the Security Management Center Server, Job Server, Web Portal, and Database cannot be hosted by computers whose names contain Unicode characters.

· If you have previously installed Compliance Manager 2.0 or 2.1, and you have upgraded your Compliance Center 2.0 or 2.1 Technical Standards Packs to the new version 3.0 Technical Standards Packs before upgrading to the Security Management Center, the Technical Standards Packs will not be properly configured for use when you upgrade to the Security Management Center. To configure them for use, after performing the upgrade to the Security Management Center, you must open the Windows Add or Remove Programs Control Panel, select the Security Management Center, and click Change/Remove. When the Security Management Center Setup Wizard appears, select Add Features and select the Technical Standards Packs and regulatory views you had previously installed in Compliance Manager 2.0 or 2.1 and click Install to correctly configure the Technical Standards Packs.

· After using the Security Management Center Installer to repair an existing installation, upgrade to a new version, or add features, you must manually restart the BindView SMC Server and BindView SMC Job Server services, or restart the computers that host them.

· After starting the Security Management Center Server on an Express Installation, the Send by Email link in the Compliance Manager will not be available. To enable it, you must use the Windows Service Manager to stop and restart the BindView SMC Server service.

· The Windows source types used in Compliance Manager do not always accurately reflect the the source type included. Please refer to the following table:

          Source Type
          Includes
          Windows 2000 Server
          Windows 2000 Servers and Member Servers
          Windows 2000 Advanced Server
          Windows 2000 Advanced Servers and Member Servers
          All Windows 2000 Server Types
          All Windows 2000 Servers and Member Servers
          Windows 2003 Machines
          Windows Server 2003 servers

          ·

When Role Assignments are changed, the role changes will not appear in users' Security Management Center Consoles until the next time the users start the Security Management Center Console. If a user is currently using the Console, they must quit and reopen the console for the role change to take effect.

· It is possible for a user to create a new collection with the same name as a built-in collection.

· When moving a check from section to section within a single standard, the user is prompted to delete evaluation jobs and results from the standard. The user should click No to retain existing results.

· After installing the Security Management Center, the user may encounter the message "Method not found" when browsing data providers the first time. This message does not interfere with using the Security Management Center and should be ignored.

· If a user does not have permission to view the objects in a result, the message "No Matching objects were found" appears in the result window. When this appears, it indicates that the user does not have the right to view those objects.

· If a computer hosting the Security Management Center client and the computer running Microsoft SQL Server and hosting the Security Management Center database are set to different time zones, the Security Management Center client will be unable to Browse Collections. Both the client and the machine hosting the database must be set to the same time zone.

· The default scope for UNIX file data import may take up to several hours to complete. Before performing jobs using the default scope, consider excluding file data from the job, or schedule it to run at off-peak hours.

· If you are upgrading from Compliance Center 2.1 and have created custom scope files, you can copy them to the Program Files\BindView\Security Management Center\SMC Job Server\EOP directory on the machine hosting the Security Management Center Job Server for use in Compliance Manager after upgrading to the new version.

Change History

The following is a summary of the change history of the Compliance Manager:

· New Installer

· Data segregation

· New roles functionality

· Dashboards for trending and rollup

· Enhanced reports

The following is a summary of the change history of the Policy Manager:

· Policy Authoring

· Policy review and approval

· Policy acceptance

· Audiences

· Policy change history

· Drag-and-drop check mapping

· Evidence definitions

· Exception management

· Evidence link to Compliance Manager

Documentation

Your BindView product CD contains the following documentation:

· Getting Started Guide - contains a high-level description on planning and deployment of Security Management Center, as well as evaluation scenarios and troubleshooting information.

· Online Help - contains information on how to use the product. You can access the Online Help by clicking the Help button in any dialog, by right-clicking an item and selecting Help from the action menu, or by pressing the F1 key.

· Online Help for Programmers - the Online Help for the Compliance Manager contains a section entitled "Programmer Help" which describes how programmers can configure their software to programmatically interact with the Compliance Manager using APIs and Events.






Legacy ID



2006081514353453


Article URL http://www.symantec.com/docs/TECH113319


Terms of use for this information are found in Legal Notices