3 Replies Latest reply on Jan 14, 2010 11:03 AM by jsivak

    newbie questions - appliance vs. non-appliance scan engine solution



      I have the task of procuring a new MVM scan engine to handle a NAT'd portion of our organization's network.  The new MVM scan engine will report results to a central MVM database maintained by our IT security dept.  The IT security folks currently use FS1000 appliances on other portions of the network, but they have favorable experience with non-appliance MVM (i.e. Foundstone Enterprise) installations.  They are giving me the option of appliance vs. non-appliance solution.  Following are are few questions:



      --- FS1000 EOL?  Where is info on MVM3000 appliance?

      I gather from this thread ( http://community.mcafee.com/message/98743 ) that the FS1000 is no longer being sold although I do see it available at some vendors.  The discussion of the MVM3000 sounds interesting, but I have been unable to find any specific information (e.g. datasheet) for this appliance.  Just some limited info on reseller sites.  A pointer to MVM3000 info would be appreciated.



      --- non-appliance: which operating system exactly?

      I am inclined to go with a non-appliance solution for this scan engine.  I have available h/w that exceeds mimum system requirements (dual Intel Xeon 5160); however, I have questions about which o/s to procure.  The MVM webpage ( http://www.mcafee.com/us/enterprise/products/risk_and_compliance/vulnerability_m anager.html ) says "Microsoft Windows 2003 Server Standard Edition with Service Pack 1" while the MVM datasheet ( http://www.mcafee.com/us/local_content/datasheets/ds_mcafee_vulnerability_manage r.pdf ) says "Microsoft Windows 2003 Server (32-bit) with Service Pack 2".


      My concerns/questions here are twofold:

      (1) Does MVM really want to run on a 32-bit o/s even though 64-bit h/w is specified?


      (2) I am concerned about spending $700+ on an o/s for which mainstream support ends next July.  Will MVM run under Windows 2008 Server?



      --- hardening o/s for non-appliance solution

      I understand that the appliance solutions include o/s hardening.  I assume this involves registry and policy edits to enhance security.  Are there instructions or scripts available for o/s hardening with non-appliance (i.e. MVM software-only) installations?