© 2012 IBM Corporation IBM Endpoint Manager for Lifecycle Management Product Introduction and Overview [NAME], [TITLE] [DATE]
Nov 18, 2014
© 2012 IBM Corporation
IBM Endpoint Manager for Lifecycle ManagementProduct Introduction and Overview
[NAME], [TITLE][DATE]
© 2013 IBM Corporation2
IBM Endpoint Manager
• Concord Hospital achieves 98% first-pass success in hours on their Microsoft and 3rd party patches
• Stena Lines achieved a 12:1 labor savings ratio by reducing administrative overhead time for patch processes
• Li & Fung has been able to reduce the number of management servers from 79 to 3 and the number of FTEs (full time equivalents) from 6 to 1
Effective endpoint management drives significant savings
© 2013 IBM Corporation3
IBM Endpoint Manager
IBM Endpoint Manager Continuously monitor the health and security of all enterprise computers in real-time via a single, policy-driven agent
Endpoints • One infrastructure: management server, console, agent for Windows, Mac, Unix, Linux, Mobile
• Scales to 250,000 endpoints per management server
• Robust, flexible architecture with built-in failover
• Nearly-invisible impact to network, endpoints
• Operates in low-bandwidth / high-latency environments
• Physical or virtual, network or Internet-connected
IBM Endpoint Manager
Patch Management
Lifecycle Management
Software Use Analysis
Power Management
Mobile Devices
Security and Compliance
Core Protection
Desktop / laptop / server endpoint
Mobile Purpose specific
Systems Management Security Management
Server Automation
© 2013 IBM Corporation4
IBM Endpoint Manager
Security & Compliance
Vulnerability Assessment
Compliance Analytics
3rd Party Endpoint Protection Management
Patch Management
Security Configuration Management
Core Protection
Anti-Malware
Firewall
Data Protection (add-on)
Patch Management
Offline VM Patching
Application Patching
OS Patching
Mobile Devices
Compliance
App Mgmt
Mobile Device Mgmt
The IBM Endpoint Manager Family
Middleware Management
Multi-Platform OS Deployment
Physical & VirtualServer Lifecycle Management
Cross-Server Sequenced Task Automation (e.g. Patch OS on Server Cluster)
Server Automation
Power Management
Windows & Macs
Carbon, cost reduction reports
End-user Dashboard
Lifecycle Management
Software Distribution
OS Deployment
Remote Control
Patch Management
Basic HW & SW Inventory
Starter Kit
TPM evolution
Software Use Analysis
Software Catalog Correlation
Software Usage Reporting
Software Inventory
TADd / ILMT convergence
App, PIM Containers
Self-Quarantine
Starter Kit
© 2013 IBM Corporation5
IBM Endpoint Manager
Stores / Kiosks
WAN
Data center
Headquarters
Remote offices
Distribution center
Internet
Cabl
e/DS
L
WiFi
Airport
Hotel
Coffee shop
Home
Leased line3G
WiFi
IBM Endpoint Manager, built on BigFix technology
Whether it’s a Mac connecting from hotel WiFi, a Windows laptop at 30K feet or a Red Hat Linux Server in your data center, IBM Endpoint Manager has it covered. In real time, at any scale.
Satellite
Network-friendly architecture delivers large packages without disrupting critical business applications
Single, intelligent agent uses <2% CPU, <10MB RAM
Cloud-based service continuously provides new patch, policy updates
Full command and control of Internet-connected devices
Use existing computers as Relays to minimize network traffic
Content Update Service
Leased line
© 2013 IBM Corporation6
IBM Endpoint Manager
IBM Endpoint Manager elements
Single server and console• Highly secure, highly available• Aggregates data, analyzes and reports• Manages up to 250K endpoints per server
Flexible policy language (Fixlets)• Thousands of out-of-the-box policies• Best practices for operations and security• Simple custom policy authoring• Highly extensible/applicable across all platforms
Lightweight, easily configurable infrastructure• Designate IBM Endpoint Manager agent as a relay
or discovery point in minutes• Provides built-in redundancy • Leverages existing systems/shared infrastructure
Single intelligent agent• Continuous self-assessment• Continuous policy enforcement• Minimal system impact (<2% CPU, <10MB RAM)
© 2013 IBM Corporation7
IBM Endpoint Manager
Lifecycle Management
• Asset Discovery • Patch Management• Inventory Management• Software Distribution• OS Deployment• Remote Desktop Control
• Role based software deployment and user self-provisioning
• Hardware independent OS imaging and driver management
• Dramatically reduced patch cycles and increased first-pass success rates
• Closed loop validation in real time• Multi-platform support from a single
console (Unix, Linux, Windows, Mac OS X)
Benefits:Services:
Dramatically reduced patch cycles and
increased first-pass success rates
Multi-platform support (Unix, Linux, Windows,
Mac OS X)
© 2013 IBM Corporation9
IBM Endpoint Manager
Today’s reality
TO-DO LIST
•Find all assets on the network for a software audit
•Deploy a software application worldwide in days
•Provide status on critical security patch installation
•Report to finance on key software asset metrics ASAP
•Submit plan for reducing Help Desk costs
© 2013 IBM Corporation10
IBM Endpoint Manager
Find all assets on the network for software audit
• Use asset discovery and inventory reports to create dynamic situational awareness about changing conditions in the infrastructure.
• Run distributed scans on the entire network to identify all IP-addressable devices.
• Keep stakeholders informed with easy to use near real-time reporting.
How do I stay on top of a rapidly evolving infrastructure?
Asset Discovery Results
© 2013 IBM Corporation11
IBM Endpoint Manager
Deploy a software application worldwide in days
Deliver software packages through policy based deployment and ensure success with closed-loop verification.
Manage software distribution across Windows, Linux, and Mac OS platforms from a single point of control.
Deploy Windows images to new workstations, notebooks and servers as well as OS migration and refresh for existing endpoints.
Layer on required software, enforce security configuration policies and rapidly apply critical patches.
How can I keep up with software deployment requests?
Managing software packages
© 2013 IBM Corporation12
IBM Endpoint Manager
Provide status on critical security patch installationWith more critical patches every week, how can I keep up?
Increase first-pass success rates from 60-75% to 95-99+%
Reduce patch and update times from weeks and days to hours and minutes
Access real-time reporting
Provide patches to distributed endpoints regardless of their location, connection type or status.
Deliver patches for Windows, UNIX, Linux and Mac OS and for applications from vendors including Adobe, Mozilla, Apple and Java.
Automated self-assessment, no centralized or remote scanning required
Patches for Windows Overview dashboard
© 2013 IBM Corporation13
IBM Endpoint Manager
Deliver report to finance on key software asset metrics ASAPHow can I reduce the time spent providing reports?
Includes near real time and continuous reporting and analysis from the intelligent agents on your organization’s endpoints
Web based reportingAsset Mgt. reporting
Patch reporting
© 2013 IBM Corporation14
IBM Endpoint Manager
Submit plan for reducing Help Desk costsWith more critical patches every week, how can I keep up?
Save time and improve responsiveness to end user needs
Support and remote control Windows and Linux desktops, notebooks and servers throughout the distributed environment regardless of connection type (direct access, VPN, internet brokered)
Troubleshoot issues remotely, upload client diagnostics and automatically generate reports to identify solutions quickly
Right-click on the target you want to establish a remote control session with
© 2013 IBM Corporation15
IBM Endpoint Manager
CenterBeam’s endpoint management services are delivered under a utility-based computing model, in which companies pay per-node on a monthly basis. As a result, the more efficient and effective CenterBeam is in delivering its services, the more successful the company is.
Customer Needs Key Features &Outcomes Increased policy compliance by more than 20
percent (from 80 percent to 98 percent)
Supported a tenfold increase in number of endpoints under management with only one engineer
Helped clients mitigate risk and strengthen endpoint security
Delivers 98 percent policy compliance across all enterprise devices—server, desktop CenterBeam is a U.S.-based IT managed service provider (MSP) serving mid-size businesses. With a 13-year track record of delivering cloud-based IT services, CenterBeam provides customers with on-demand IT capacity utilizing a subscription pricing model.
“With our old solution, we had two engineers managing 2,500 endpoints. Now we need only one engineer managing 20,000 endpoints and we have 98 percent compliance against our policy baselines.”
—Shahin Pirooz, Executive Vice President, Chief Technology Officer, CenterBeam
Case Study: Centerbeam – Improves compliance and reduces costs
© 2013 IBM Corporation16
IBM Endpoint Manager
Summary
•Find and remediate unmanaged assets
•Easily deploy a software application worldwide in days
•Achieve 98.5% first pass success rates for patch installation
•Support stakeholders across the business with easy to use real-time reporting
•Reduce Help Desk costs with built-in remote control and troubleshooting capabilities
© 2013 IBM Corporation17
IBM Endpoint Manager
BACKUP SLIDES• Software Distribution• Remote Control
© 2013 IBM Corporation18
IBM Endpoint Manager
Software Distribution Information
© 2013 IBM Corporation19
IBM Endpoint Manager
Software Distribution via Tivoli Endpoint Manager
IEM Console
IEM Relay
2. Admin imports library, customizes packages, and initiates policies
4. Eligible IEM agents act on the policy, installing prerequisites and offering installations to users
5. Completed actions are immediately reported to the IEM Server
ExistingSoftware Library
IEM Server
1. Admin imports library from network storage 3. IEM Server and Relays
manage and cache downloads for workstations
© 2013 IBM Corporation20
IBM Endpoint Manager
20
Client Dashboard
© 2013 IBM Corporation21
IBM Endpoint Manager
Capabilities Tool for importing pre-existing packages Intuitive library management interface Automatic setup of MSI, EXE, BAT, SPB, App-V installation processes Customize installations/removals Duplicate and modify packages without duplicate files “Follow the user” targeting of installs App-V – Microsoft Application Virtualization. We use the App-V client
to manage these on the end point, see the App-V Client Dashboard
21
© 2013 IBM Corporation22
IBM Endpoint Manager
“Follow the User” Targeting
Construct complex rules using Computers, Users, Security Groups, and Organizational Units
Full control of logical groupings TEM Agent queries Active Directory APIs at user login events and
caches results Low impact to environment Speedy enforcement of policy
© 2013 IBM Corporation23
IBM Endpoint Manager
Remote Control Info
© 2013 IBM Corporation24
IBM Endpoint Manager
Tivoli Remote Control Peer to Peer
24
IEM ServerDB
TRC Controllers
TRC TargetsWindows or Linux Systems