Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Planning and implementing Control Manager (TMCM) deployment

    • Updated:
    • 23 Feb 2015
    • Product/Version:
    • Control Manager 6.0
    • Platform:
    • Windows 2003 Server R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
Summary

You must take several factors into consideration before deploying TMCM to your network. This article helps you plan for TMCM deployment.

Details
Public

Deployment is the process of strategically distributing TMCM servers in your network environment to facilitate and provide optimal management of antivirus and content security products. Deploying enterprise-wide, client-server software like TMCM to a network requires careful planning and assessment. For ease of planning, Trend Micro recommends two deployment architectures:

  • Single-site deployment: Refers to distributing and managing child servers, managed products, and endpoints from a single TMCM located in a central office. If your organization has several offices but has fast and reliable local and wide area network connections between sites, single-site deployment still applies to your environment.
  • Multiple-site deployment:Refers to distributing and managing

    TMCM servers in an organization that has main offices in different geographical locations.

 
If you are using Control Manager for the first time, Trend Micro recommends the use of a Control Manager Advanced parent server to handle single-site and multiple-site deployments.

Single-site deployment refers to distributing and managing child servers, managed products, and endpoints from a single TMCM located in a central office.

Single Site Deployment

This picture shows a single-server deployment using TMCM Advanced parent server and mixed child servers.

Before deploying TMCM to a single site, complete the following tasks:

  1. Determine the number of managed products, endpoints, and cascading structures.
  2. Plan for the optimal ratios of the following:
    • Server-managed products to cascading structures
    • Server-endpoints to cascading structures
  3. Designate the TMCM Standard server or TMCM Advanced server.

Control Manager 6.0 Advanced supports the following as child Control Manager servers:

  • Control Manager 6.0 Advanced
  • Control Manager 5.5 Advanced
  • Control Manager 5.0 Advanced

Control Manager 5.0/5.5/6.0 Standard servers cannot be child servers.

Given the uniqueness of each network, exercise judgment as to how many TMCM servers would be optimal. Deploy TMCM servers in a number of different locations, including the demilitarized zone (DMZ) or the private network. Position the TMCM server in the DMZ on the public network to administer managed products, endpoints, or child servers and access the TMCM web console using Internet Explorer over the Internet.

Multiple Site deployment

This picture shows a multi-site deployment using multiple Control Manager Advanced parent servers and mixed child servers

Consider the following for multi-site deployment:

  • Group the managed products, endpoints, or child servers.
  • Determine the number of sites.
  • Determine the number of managed products, endpoints, and child servers.
  • Plan for network traffic.
  • Plan for the optimal ratios of the following:
    • Server-managed products to cascading structures
    • Server-endpoints to cascading structures
  • Decide where to install the Control Manager server

TMCM generates network traffic when the server and managed products/endpoints/child servers communicate. Plan the TMCM network traffic to minimize the impact on an organization's network.

These are the sources of TMCM-related network traffic:

  • Heartbeat
  • Logs
  • Communicator schedule
  • Managed product registration to TMCM server

    TMCM servers, by default, contain all the product profiles available during the TMCM release. However, if you register a new version of a product to TMCM, a version that does not correspond to any existing product profiles, the new product will upload its profile to the TMCM server. For brand-new Trend Micro products that have not had a product profile, Trend Micro delivers updates to enable TMCM to identify these products.

  • Child server registration to TMCM parent server
  • Downloading and deploying updates
  • Policy deployment

Consider the following when planning for server distribution:

  • Administration models
  • Control Manager server distribution
  • Single-server topology
  • Multiple-server topology

Understanding Administration Models

Early in the TMCM deployment, determine exactly how many people you want to grant access to your TMCM server. The number of users depends on how centralized you want your management to be.

The guiding principle being: the degree of centralization is inversely proportional to the number of users. Follow one of these administration models:

  • Centralized management: This model gives TMCM access to as few people as possible. A highly centralized network would have only one administrator, who then manages all the antivirus and content security servers on the network.

    Centralized management offers the tightest control over your network antivirus and content security policy. However, as network complexity increases, the administrative burden may become too much for one administrator.

  • Decentralized management: This is appropriate for large networks where system administrators have clearly defined and established areas of responsibility. For Planning and Implementing the TMCM Deployment 2-15 example, the mail server administrator may also be responsible for email protection; regional offices may be independently responsible for their local areas.

    A main TMCM administrator would still be necessary, but he or she shares the responsibility for overseeing the network with other product or regional administrators.

    Grant TMCM access to each administrator, but limit access rights to view and/or configure segments of the TMCM network that are under their responsibility.

With one of these administration models initialized, you can then configure the Product Directory and necessary user accounts to manage your TMCM network.

Understanding Control Manager Server Distribution

TMCM can manage products regardless of physical location, and so it is possible to manage all your antivirus and content security products using a single TMCM server. However, there are advantages in piding control of your TMCM network among different servers (including parent and child servers for Advanced Edition users). Based on the uniqueness of your network, you can decide the optimum number of TMCM servers.

Single-Server Topology

The single-server topology is suitable for small to medium, single-site enterprises. This topology facilitates administration by a single administrator, but does not preclude the creation of additional administrator accounts as required by your Administration plan. However, this arrangement concentrates the burden of network traffic (agent polling, data transfer, update deployment, and so on) on a single server, and the LAN that hosts it. As your network grows, the impact on performance also increases.

Multiple-Server Topology

For larger enterprises with multiple sites, it may be necessary to set up regional TMCM servers to pide the network load.

For additional information, refer to the Control Manager Installation Guide.

Premium
Internal
Rating:
Category:
Configure; Deploy; Install
Solution Id:
1096625
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.