Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

 

Background Information: The campus (OIT) purchased 3,700 Sophos Anti-Virus (SAV) licenses back in August 2010.  The specifics were 3,700 on-campus licenses (and up to 3,700 licenses for use on off campus staff computers) for 3 years for $15,000.  So, the cost per seat is $1.35 per person per year.  These licenses will expire August of 2013.  OIT picked up the entire cost of the purchase at that time.

 

Non-Managed Systems Server Background:  Around seven years ago, a standalone server was created to provide "unmanaged" access to anti-virus and adware signature updates from a central Sophos server that OIT managed.  The idea was that local computer support could provide configuration for the anti-virus product on users desktops and really only needed access to engine and signature updates.  So, it was decided to provide department-level credentials to user groups on campus to allow them access them updates from the central signature server.  However, this unmanaged server is, now, coming to the end of its useful life.  Further, this server is now providing services that are redundant to other anti-virus services being provided on a "managed" basis for the campus from within OIT.

 

Managed Systems Server Background: With the creation of the Windows Services Group (WSG) in 2010, certain specific commodity services were identified between the Help Desk, Desktop Support and Windows Services Group that should be combined into a single instance on campus so that redundancies could be reduced and a more comprehensive product expertise could be introduced to those services that may not have been possible previously.  A central Sophos Enterprise Console instance was brought up for WSG and the central instance that Desktop Support was managing was decommissioned after the client base was moved over from their instance of Sophos Enterprise Console to the WSG version.  However, the "unmanaged" version of the Sophos server and the Sophos server instance that is being managed in the Instructional Labs area of OIT still continued to provide service to their respective clients.

 

Differences Between "Managed" and "Unmanaged" Sophos Anti-Virus Services

configuation.  In an "unmanaged" environment, the local Computer Support Coordinators (CSCs) and their staff usually take on the responsibility to configure anti-virus services for their clients.  The installation and configuration of these services traditionally occurs during the system imaging process. In the "unmanaged" environment, the following functionalities are left to either computer support personnel or the end-user to configure:

  • Installation – Usually, the deparment has access to an executable that they can use during the system imaging process.  There is really no difference between an unmanaged approach and the managed approach during installation.  However, because systems are being configure one at a time for anti-virus services, each of the workstations will need to be individually configured for use, which provides a slightly different set of challenges for the installation configuration:
    • Consistency – The time between configurations, and the tendency of support personnel to have and follow installation procedure documentation available to them tends to introduce slightly modified versions of the base configuration throughout the organization.  Further, settings that are discovered over time and introduced to later installations will usually fail to be introduced back into the earlier installations.  These types of challenges are overcome in the "managed" environment, in that, policies can be established and set at the enterprise, department, group and/or individual level, and moving an unmanaged system into one of those policies provides consistent application of settings for an entire policy group at a time.  As modifications or additions are brought on to the policy group, those changes are delivered immediately to all participants in the policy, thereby establishing a consistent application of changes and additions across the board.
    • Limited Expertise – There is a tendency on the part of all support organizations, small as well as large, to develop a "sufficiency-based" expertise with secondary computer services rather than developing a "comprehensive" expertise with secondary products.  The tendency to have insufficiencies in product expertise arise, many times, through no fault of the support organizaztion – certain expertise can only be derived from time, experience and having a sufficient base of systems that the system behavior can be understood for the anomalies that only occur on a rather infrequent basis.  One would like to think that additional expertise can be obtained by personnel specifically dedicated to provide specific services as a "primary" responsibility rather than as a secondary service.

 

  • No labels