Be on the look out for an e-mail instructions on how to download the latest BETA version of Endpoint Security Manager - Enterprise Edition. If you are a registered beta tester (through the sign up links) you should be receiving a notice shortly.
New features:
Workgroup mode (Active Directory is not required!)
If you have any questions, problems or feedback, please let us know!
Hint: Registered beta testers can use the same links in the welcome e-mail to download the latest software.
At first glance, it still appears to rely on having a central controller. Do you think this will affect its appeal, since it imposes a condition on the normal, transient nature of workgroups? This isn’t necessarily a criticism, just an observation based on my experience on the nature of workgroups LANs and the nature of the people who use them.
First of all thank you for your attention to our yesterday’s release!
We refer to your posts of yesterday:
There must be some misunderstanding with Server 2003 matter: in fact CESM Solution does not specially require Server 2003 to be installed on any of the computers.
As product Release Notes say CESM Central Service module could be installed on a PC with any OS (namely Server 2003 , XP SP2 or Vista).
In order to work with workgroups no such thing as ‘Central Server’ is required - as you correctly mentioned added workgroup functionality is only instrument of discovery (import) of computer structures along with AD option: our Central Service ‘applies’ to automatically ‘elected’ Master Browser in order to discover and import current workgroup(s), and as you know one cannot avoid Master Browser as even in a peer-to-peer LAN it is needed to keep list of PCs in a workgroup.
One thing that I brought up (and was answered) previously was the idea of security - an encrypted channel by which machines in a distributed network across the internet would poll another machine to recieve thier configuration settings.
However, one other thing springs to mind - the use or access lists. Recently, another system know to us using just channel encryption and passwords, was compromised. Ideally we would like to be able to tie down any machine that listens for poll requests to only allow set machines access, probably via IP address or range. OK, IP can be spoofed, but in combination with secure channels it provide another level of security.
My opinion is that the method you described is exactly what firewall is supposed to do
i.e. to assign IP addresses (or range) to be allowed on the server PC.
Where can I register as a beta tester to help test this product.
I hope it has a web interface - I have several admin consoles already and they are becoming tiresome.