My boss is about to pull all of our servers out of ePolicy and have the VSE run as a standalone on the servers. I know this is stupid and the reason for this is because we had this one incident where one of my techs accidentally added a server on the wroing container in ePolicy and deleted a file. The server was one of our high profile servers so he was upset to say the least. I have a meeting with him this Friday, I know what I need to tell him (i.e. auto updates, etc) but my boss is an intelligent person and I would like to make sure that I have all the information I need before I have this meeting with him. So, if anyone out there that has information they can pass to me that would help justify why we need the servers managed by ePolicy, It would be greatly appreciated.
THanks in advance,
If there is an outbreak you want to be able to quickly be able contain the spread. For instance Conficker which is still relevant today spreads via file shares (ports 445 and 139). If conficker is found in your environment not having clients connected to a central management server would mean you have to touch every client and block these ports, that's even if you are aware of it in the first place.
With ePO you can create an automatic rule that will assign a tag and auto-apply a quarentine policy to block those ports to prevent it from spreading so you can remediate the client. You can also go one step further and that tag can also be assigned to a full scan task to automatically kick off a full scan.
the servers with standalone VSE will update the latest DAT (update) directly from the internet so there is a chance for the high bandwidth consuming.let us assume there is 15 servers running with standalone VSE if you want to exclude particular system files or folders you need to do the exclusion on individual machines also if you wants to create a policy again you have to do on every machine so the time consuming to apply a single policy is high when caompared to centrally deploy the policy via ePO
Most important advantage of the ePO is centaralized management if yours servers will be stand alone then the monitoring part is so difficult have to concentrate on each servers weather the DAT applied or not weather the servers are protected else infected with some threats etc .
One more senario in future if your company going to add 15 more servers you need to install the VSE product individually probably the time taken to complete the installation for 15 servers will be more high than centrally creating deployment policies to install VSE on 15 machines.
Note: certains feautures will not be available for standalone VSE for exaple DLP,Device control etc.
i forgot to mention one more point
More number of human resouce required to install standalone VSE (for exaple 100 servers) if your higher offiicials fixed to finish the process with in the specific time period
Major points to deliver
1) Bandwidth consuming(During DAT update)
2)Time consuming is high to finish a specific task(Policies,exclusions,task etc)
3)certain features will not be available for standalone VSE(DLP etc )
4)More no of human resource may required to finish a certain task within a specific time period
5)have to monitor on individual servers (update,policies,protected or not etc)
Hope this points will hepls you Also this is a great place you may also get better points from the varrious users,specialists etc to convince your boss