I have the task of procuring a new MVM scan engine to handle a NAT'd portion of our organization's network. The new MVM scan engine will report results to a central MVM database maintained by our IT security dept. The IT security folks currently use FS1000 appliances on other portions of the network, but they have favorable experience with non-appliance MVM (i.e. Foundstone Enterprise) installations. They are giving me the option of appliance vs. non-appliance solution. Following are are few questions:
--- FS1000 EOL? Where is info on MVM3000 appliance?
I gather from this thread ( http://community.mcafee.com/message/98743 ) that the FS1000 is no longer being sold although I do see it available at some vendors. The discussion of the MVM3000 sounds interesting, but I have been unable to find any specific information (e.g. datasheet) for this appliance. Just some limited info on reseller sites. A pointer to MVM3000 info would be appreciated.
--- non-appliance: which operating system exactly?
I am inclined to go with a non-appliance solution for this scan engine. I have available h/w that exceeds mimum system requirements (dual Intel Xeon 5160); however, I have questions about which o/s to procure. The MVM webpage ( http://www.mcafee.com/us/enterprise/products/risk_and_compliance/vulnerability_manager.html ) says "Microsoft Windows 2003 Server Standard Edition with Service Pack 1" while the MVM datasheet ( http://www.mcafee.com/us/local_content/datasheets/ds_mcafee_vulnerability_manager.pdf ) says "Microsoft Windows 2003 Server (32-bit) with Service Pack 2".
My concerns/questions here are twofold:
(1) Does MVM really want to run on a 32-bit o/s even though 64-bit h/w is specified?
(2) I am concerned about spending $700+ on an o/s for which mainstream support ends next July. Will MVM run under Windows 2008 Server?
--- hardening o/s for non-appliance solution
I understand that the appliance solutions include o/s hardening. I assume this involves registry and policy edits to enhance security. Are there instructions or scripts available for o/s hardening with non-appliance (i.e. MVM software-only) installations?
A few answers to your questions:
(1) For now,Vulnerability Manager will only install and run on a 32-bit OS, which is Windows Server 2003. The next version of Vulnerability Manager will support a 64-bit OS and Windows Server 2008 R2.
(2) And yes, there is a tool to harden the O/S for software only solutions.
Is there a chance that policy adutor and rememdiation manager (software) will have a future version supporting ePO 4.5/Agent 4.5, windows 2008 r2 and windows 7?
When is next version of MVM expected? I couldnt find them in beta section. the current version is 6.8
If not, will McAfee offer trade-in option for appliance?
Policy Auditor 5.2 already supports ePO 4.5 and McAfee Agent 4.5. And is supported on Windows Server 2008. There is a hotfix for PA which allows it to have its client on a Windows 7 system. The current released version of MVM is 6.8, while the next version of MVM will run on the current appliances as well as future appliances. As for a trade-in option, I would suggest that you speak with your local sales rep. :-)
Hope this helps.