Environment
Situation
Resolution
Improves Agent Communication and Scalability
Security Manager version 6.5 greatly improves the agent communication infrastructure, increasing the speed at which agents can send data to central computers, allowing for greater flexibility in agent deployment, and improving agent efficiency and reliability. Increased agent performance also allows a single central computer to monitor many more agents than in previous versions of Security Manager, enabling users to streamline their environments and reduce cost.
Provides Robust Certificate-Based Authentication
Security Manager version 6.5 provides certificate-based authentication of communication between agents and central computers, allowing users to configure Security Manager to require authentication of communication from agents, from central computers, or both using authentication certificates generated using their own Public Key Infrastructure (PKI). Security Manager uses the Microsoft Secure Channel (SChannel) security package and supports all SChannel cipher suites, including the Advanced Encryption Standard (AES). For more information about configuring agent and central computer authentication, see the User Guide for NetIQ Security Manager.
Provides Dedicated Syslog Provider
Security Manager version 6.5 provides a new, dedicated syslog provider, replacing the previous Application Log-based provider. The new syslog provider sends syslog data to the central computer much more quickly than the previous provider and allows multiple provider instances to collect data using the same port. The new syslog provider also includes a significantly faster High Performance Log Archive Mode that bypasses any real-time rules and channels collected data directly to the log archive.
Note: Users currently using the "legacy" syslog provider who want to be able to use the new syslog provider must create new syslog providers. You cannot upgrade from the "legacy" syslog provider to the new syslog provider.
Allows Central Computers to Monitor Large Numbers of Workstations
Security Manager version 6.5 can detect any monitored workstation computer and apply different communication settings than those used for servers. Security Manager uses a scalability multiplier to increase the interval between communications with the central computer, allowing the central computer to monitor and manage large numbers of low-volume workstation computers. For example, if a server in a configuration group heartbeats every 200 seconds, and the scalability multiplier is 30, a workstation in the same configuration group heartbeats every 6000 seconds.
Note: When you install Security Manager, the workstation scalability multiplier is automatically enabled, with 36 as the default multiplier value. Because the scalability multiplier is enabled by default, any central computer monitoring workstations may not receive data from agents installed on those workstations for several hours, until the multiplied interval elapses. For more information about using Security Manager with workstation computers, see the Installation Guide for NetIQ Security Manager.
Supports FIPS-Compliant Algorithms for Agent Communication
Security Manager version 6.5 allows users to enable Federal Information Processing Standards (FIPS)-compliant security algorithms when monitoring Windows agents.
Provides Support for Database and Reporting Server Components on SQL 2005 Clusters
Security Manager version 6.5 allows users to install both the database server and reporting server on clustered instances of Microsoft SQL Server 2005 with Service Pack 3. Security Manager supports both failover (active/passive) and multi-instance (active/active) SQL Server clustering. For more information about installing Security Manager components in clustered environments, see the Installation Guide for NetIQ Security Manager.
Provides Support for IPv6 Format Addresses in Received Data
Security Manager 6.5 supports Internet Protocol version 6 (IPv6) format addresses in received data from agents. However, all Security Manager components and monitored computers must use Internet Protocol version 4 (IPv4) format addresses. (ENG240621)
Allows Monitoring of Windows 2008 Computers
Security Manager version 6.5 allows users to deploy agents to monitor computers using Microsoft Windows Server 2008, both standard and Core versions.
Provides Support for 64-Bit Versions of Windows
Security Manager version 6.5 allows users to deploy agents to computers using 64-bit versions of Microsoft Windows Server 2003, Windows XP, Windows Vista, and Windows Server 2008.
Security Manager now also allows the NetIQ_SM_SSIS job to create and groom multiple reporting cube partitions on a 64-bit installation of Microsoft SQL Server Enterprise Edition.
Enables Forensic Analysis Query Cancellation
In the Pending Reports view in the Control Center, Security Manager version 6.5 allows users to cancel Forensic Analysis queries still in progress.
Allows Configuration of Low-Level Communication Settings
Security Manager version 6.5 lets users configure several low-level communication settings for both agents and central computers using the Development Console, including buffer sizes, maximum message sizes, and network timeout intervals.
Enables Completed Forensic Analysis Report Grooming
Security Manager version 6.5 allows users to configure grooming for completed Forensic Analysis reports using the Development Console. Security Manager now grooms completed reports after 180 days by default, removing groomed reports from the OnePoint database on the database server.
Incorporates Monitor Console Functionality into Control Center
Security Manager version 6.5 incorporates existing Monitor Console functionality and features into the Security Manager Control Center. The table below describes some of the existing features of the Monitor Console that you can access using either the Control Center or Development Console.
Enables Distributed Installation of Reporting Components
Security Manager version 6.5 allows you to install the reporting cube (Microsoft SQL Server Analysis Services) on a different SQL Server 2005 computer from SQL Server Integration Services and the cube depot. (ENG255193)
Enables Configuration of Forensic Analysis Query Timeout Settings
Security Manager version 6.5 enables you to use the Control Center to configure the number of minutes before a Forensic Analysis query times out. To configure the global query timeout setting, click Forensic Analysis in the Navigation pane and then click Modify Global Query Settings on the Tasks menu. (ENG249185)
Provides Reporting Cube Backlog Notification
Security Manager version 6.5 provides a threshold alert for the NetIQ_SM_SSIS job on the reporting server that warns users if the SSIS job cannot process uploaded log archive data into the reporting cube quickly enough and becomes backed up. In order to use this alerting capability, you must deploy an agent to your reporting server.
Provides a Customizable Event Severity Option for Forensic Analysis Queries
Security Manager version 6.5 allows users to create Forensic Analysis queries based on Severity parameters other than the default Low, Medium, or High parameters. Users can now select Other and specify text or numeric criteria for a new query to match, up to 35 characters in length.
Enables Configuration of Central Computer Failover Settings
Security Manager version 6.5 allows users to use the Development Console to configure the number of milliseconds for which agents continue to try to communicate with their primary central computer before failing over to the redundant central computer. Users can configure this setting either globally for all agents or for individual agents. For more information about configuring agent settings, see the User Guide for NetIQ Security Manager.