Overview of the Blue Medora Agent
for Symantec Endpoint Protection
The Blue Medora Agent for Symantec Endpoint Protection provides
you with the capability to monitor Symantec Endpoint Protection, and to
perform basic
actions with Symantec Endpoint Protection. This chapter provides a
description of
the features, components, and interface options for the Blue Medora
Agent for Symantec Endpoint Protection.
IBM Tivoli Monitoring overview
IBM Tivoli Monitoring is the base software for the Blue Medora
Agent for Symantec Endpoint Protection. IBM Tivoli Monitoring provides
a way to monitor the availability and performance of all the systems
in your enterprise from one or several designated workstations. It
also provides useful historical data that you can use to track trends
and to troubleshoot system problems.
IBM Tivoli Monitoring is used to perform the following tasks:
- Monitor for alerts on the systems that you are managing by
using
predefined situations or custom situations.
- Establish your own performance thresholds.
- Trace the causes leading to an alert.
- Gather comprehensive data about system conditions.
- Use policies to perform actions, schedule work, and
automate manual
tasks.
The Tivoli Enterprise Portal is the interface for all IBM
Tivoli Monitoring related products
including the Blue Medora monitoring agents for IBM Tivoli Monitoring.
By providing a consolidated view of your environment, the Tivoli
Enterprise Portal permits
you to monitor and resolve performance issues throughout the enterprise.
Capabilities and Features of the Blue Medora Monitoring Agent for IBM Symantec Endpoint Protection
The Blue Medora Agent for Symantec Endpoint Protection extends the value of
customers’ existing IBM Tivoli Monitoring infrastructure by providing a
view of events generated by Symantec Endpoint Protection and Symantec
AntiVirus Corporate Edition. This results in less complexity, more
uniform operations management, and a significant reduction in costs due
to the elimination of redundant infrastructure and multiple
platform-specific tools.
The
Blue Medora Agent for Symantec Endpoint Protection software can identify,
notify you of, and correct common problems with the application that it
monitors. The software includes the following features:
Blue Medora Agent for Symantec Endpoint Protection improves your ability to:
- Monitor for virus infections
- Monitor for Symantec LiveUpdate failure
- Monitor for interrupted virus scans
- Monitor when key processes die or have been terminated by the user
- Monitor the age of the shared definition file
Key features of Blue Medora Agent for Symantec Endpoint Protection include:
- Symantec
Endpoint Protection Dashboard Status – A one-stop shop based on Tivoli
Enterprise Portal (TEP) that allows administrators to easily determine
the overall health and status of critical Symantec Endpoint
Protection/Corporate AntiVirus operating system processes and alerts.
- Availability
Monitor – Real-time detection of Symantec Endpoint Protection/Corporate
AntiVirus availability via monitoring of key processes.
- Log
Monitors – Detection and reporting of events found in the Symantec
Endpoint Protection/Corporate AntiVirus log files and the Windows Event
Log.
- Take-Actions – ITM Take-Actions that allow
administrators to manage their Symantec Endpoint Protection/Corporate
AntiVirus clients remotely via remote stop and start of key Symantec
services. The Take-Action can be combined with ITM Situations and
Policies in automated workflows to perform actions such as sending an
alert to the administrator or automatically restarting the Symantec
AntiVirus engine if it dies or is stopped.
- Situations
– ITM Situations specific to Symantec Endpoint Protection/Corporate
AntiVirus that allow administrators to quickly and efficiently isolate
impending or existing critical errors in their Symantec Endpoint
Protection/Corporate AntiVirus environment, along with expert advice
based on industry best practices on how to remedy the problem.
The
Blue Medora Agent for Symantec Endpoint Protection has been designed
from the ground up to look, feel, and operate like existing
IBM-developed ITM agents in terms of ITM remote deployment,
manageability via ITM command-line utilities, and installation and
configuration.
The Blue Medora Agent for Symantec Endpoint Protection:
- Takes
advantage of ITM's Tivoli Enterprise Portal (TEP) visualization
capabilities to include best practices, expert advice, customized
workspaces, and historical data gathering
- Integrates
with Tivoli Data Warehouse (TDW) to provide historical data collection
and analysis focused on Symantec Endpoint Protection
- Provides
the ability to send application-specific events to Tivoli Enterprise
Console (TEC) and Netcool OMNIbus for advanced correlation and
automation
- Is validated by IBM as Ready for IBM Tivoli
Components of the IBM Tivoli Monitoring environment
After you install and set up the Blue Medora Agent for Symantec Endpoint Protection, you have an
environment that contains the client, server, and monitoring agent implementation
for IBM Tivoli Monitoring that contains the following components:
- Tivoli Enterprise Portal client with a Java™-based
user interface for viewing and monitoring your enterprise.
- Tivoli Enterprise Portal Server that is placed between the client and the Tivoli Enterprise Monitoring Server and
enables retrieval, manipulation, and analysis of data from the monitoring agents.
The Tivoli Enterprise Portal Server is the central repository for all user data.
- Tivoli Enterprise Monitoring Server that acts as a collection and control point for alerts
received from the monitoring agents, and collects their performance and availability
data. The Tivoli Enterprise Monitoring Server is also a repository for historical data.
- Tivoli Enterprise Monitoring Agent, Blue Medora Agent for Symantec Endpoint Protection (one
or more instances of the monitoring agent). The instances communicate
with the systems or subsystems that you want to monitor. This monitoring agent collects
and distributes data to a Tivoli Enterprise Portal Server.
- IBM Tivoli Enterprise Console is an optional component, which acts as a central collection
point for events from a variety of sources, including those from other Tivoli® software
applications, Tivoli partner applications, custom
applications, network management platforms, and relational database
systems. You can view these events through the Tivoli Enterprise Portal (using the
event viewer), and you can forward events from IBM Tivoli Monitoring situations
to the IBM Tivoli Enterprise Console component.
- Tivoli
Common Reporting (TCR) is a separately installable feature available
to users of Tivoli software that provides a consistent approach to
generating and customizing reports. Some individual Blue Medora monitoring
agents for IBM Tivoli Monitoring contain report packages that are
designed for use with Tivoli Common Reporting, and have a consistent
look and feel.
User interface options
Installation of the IBM Tivoli Monitoring software and other integrated
applications provides the following interfaces that you can use to
work with the resources and data provided by your Blue Medora monitoring
agents for IBM Tivoli Monitoring:
- Tivoli Enterprise Portal browser client interface
- The browser client interface is automatically installed with
the Tivoli Enterprise Portal Server. To start the Tivoli Enterprise Portal browser client in your Internet
browser, enter the URL for a specific Tivoli Enterprise Portal browser client installed
on your Web server.
- Tivoli Enterprise Portal desktop client interface
- The desktop client interface is a Java-based graphical user
interface (GUI) on a Windows® or Linux® workstation.
- IBM Tivoli Enterprise Console
- An event management application that integrates system, network,
database, and application management to help ensure the optimal availability
of an IT services for an organization.
- Manage Tivoli Enterprise Monitoring Services window
- The window for the Manage Tivoli Enterprise Monitoring Services utility is used for
configuring the agent and starting Tivoli® services
not already designated to start automatically.
- Tivoli Common Reporting
- A Web user interface for specifying report parameters and other
report properties, generating formatted reports, scheduling reports,
and viewing reports. The user interface is based on the Tivoli Integrated
Portal