By eweek  |  Posted 2006-05-01 Print this article Print

Data Drill-Down

With any CMDB (change management database) system, the amount of data collected is prodigious, and ECM 4.8 is certainly no shirker in this regard.

During our weeklong tests with a relatively small number of systems, we were easily able to collect megabytes of data. ECM 4.8 sizing guides indicate that IT managers should provide for at least 1TB of storage for daily collections on 100 systems with data stored for one year.

This is where the ability to gather specific data through the reports becomes a real benefit.

Content-addressed storage can ease compliance burdens, but the technology is too closed off. Click here to read more. During tests, we added the new compliance reports. The reports cover nearly all major regulatory bodies that business managers need to satisfy during an audit, and they will make it much easier for IT managers to provide the kind of data that makes business-line managers sleep easier.

All told, the compliance packs, which are available at no additional cost to Configuresoft customers with active support contracts, are good basic templates that will ensure that systems are correctly configured. We looked at all the available compliance packs.

After getting our entire data collections fine-tuned—for example, by removing several configuration measures, such as the last time a user account password was changed—we started looking at the compliance reports.

The basic process was the same for each of the tool kits. First, we opened what are called Rule Groups, which define the base-line parameters that should be evaluated and the machines against which the rule sets should be run.

We then used predefined templates to generate reports that showed how our systems measured up to the regulatory requirements.

For example, we found that our RHEL (Red Hat Enterprise Linux) ES 3.0 server was configured quite closely to Defense Information Systems Agency controls for security hardening. (The most recent version of RHEL ES, 4.0, will be supported in a future version of ECM, according to Configuresoft officials.) In contrast, our Windows Server 2003 system had 487 parameters (70 percent of the 692 conditions evaluated) that needed to be tweaked to bring the system up to snuff with DISA regulations.

We were able to run the compliance tool kit reports against the SQL Sever database for all our systems and generate useful reports. All the compliance tool kits are supplied for Windows and the Unix and Linux operating systems that ECM 4.8 can monitor.

Here, too, we could see how ECM 4.8 will be of most use to Windows shops. For example, the software provides a variety of security posture reports for all the operating systems it supports, but it does the best job of monitoring Windows systems with a report that specifically tracks the stringent requirements of the MSS (Microsoft Security Standards) Baseline and Hardening guidelines.

Next page: Evaluation Shortlist: Related Products.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel