1. Normalized Endpoint Computing Research Team Results PSU Technology Solution Mat B. & Alice S

2. Overview of Solution The main focus of the proposed solution will be the utilization of Altiris CMS and migration of user data from local hard drive to network storage. This solution will require the purchase of the Altiris CMS Suite (Additional Plug-ins), WISE package studio, and storage space for data. Finally, portions of this solution may require policy to be drafted, which will be the responsibility of the Technology Task Force working in tandem with the Tiger Team.

3. CONOPS Security –Antivirus - Symantec for antivirus definitions, updated through Symantec Endpoint Update Server (SEPS). –Network Access Controls – NAC would be a highly recommended element for the management of endpoint devices –Encrypted Transmission – Web connections as needed, force vpn for secure applications and services –SW Updates – Altiris CMS includes the functionality for software management including updates –Endpoint FW - built in operating system level firewall –PII Discovery – Identity Finder –HD/File Encryption – PGP (MAC), BitLocker (Windows 7) –Audit – Symantec CMS –Physical access – No mandated policy

4. CONOPS (Cont.) Efficiency –Inventory Management – Retrieved with Symantec CMS, centrally stored within SDE through a sync process –Image Deployment – Symantec CMS –Policy Admin - Uniform active directory and extended group policies –SW Management – Symantec CMS paired with approval policies. –HW/Lifecycle Mgmt – Symantec CMS paired with Life Cycle Policy –Desktop Management – Folder redirection, and roaming profiles. Local sync when needed (Policy determines what data/type is backed up) –Remote Machine Access – Symantec CMS Built in client –Training – Initial infrastructure change then as needed with little variance from what is currently typical

5. CONOPS (Cont.) DR –Backup – Server based storage. Replicated and archived. Paired with data retention and management policy Development –Root/admin access - Least privileged mode operation is recommended for all users. Development machines can be provisioned (virtually or physically) on a private network segment. –Self service after hours support – Symantec CMS white- list, and SDE self service portal. Privilege elevation.

6. Key Policy Considerations Server data storage Policy development and enforcement Restructure of the entire IT infrastructure (Network, endpoints, etc) Heavy focus on security Development and enforcement of new procedures Analysis and approval of user type (Stationary, mobile) Implementation and support of new type of devices (mobile phones, tablets, etc.)

7. SWOT Analysis Strengths of the proposed solution: –Centralized management of all aspects of the endpoint (User data, software, etc) –Highly user-noticeable increase in level of OTS services, and decreased labor requirements –Little-to-no change in user experience –Major cost savings with purchasing less laptops then currently Opportunities to leverage –Existing infrastructure (AD, Partnership with Symantec) Weaknesses of the proposed solution: –Will require mass migration and labor to implement Threats to success of the solution: –Lack of policy and enforcement –Lack of cooperation throughout the organization –Lack of funding

8. Known Gaps in the Solution Limited software updates/patches provided automatically by Altiris