Print Download PDF Send Feedback

Previous

Next

Endpoint Security Architecture

In This Section:

Elements of the Endpoint Security Architecture

Endpoint Security Server and Client Communication

Elements of the Endpoint Security Architecture

An Endpoint Security environment includes the SmartEndpoint console, Endpoint Security Management Server, and Endpoint Security clients. It is integrated with the Check Point Security Management and SmartConsole.

Endpoint Security Management Server

 

Item

Description

1

Active Directory Server

The repository of the user information of the organization. (Not part of the Endpoint Security Management Server.)

2

Endpoint Security Management Server

Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data.

The Endpoint Security Database holds policies that enforce security on endpoint clients, user and computer objects, licensing, and Endpoint monitoring data.

Also contains the Directory Scanner, that gets the structure and contents of the Active Directory Server for directory-based policy assignment.

Note - The term Endpoint Security Management Server refers to all Endpoint Security Servers in the environment. This includes Endpoint Security Management Servers and the (optional) Endpoint Policy Servers.

3

SmartEndpoint

A Check Point SmartConsole application to deploy, monitor and configure Endpoint Security clients and policies. Install on the Endpoint Security Management Server or on a Windows computer that supports the client installation.

Endpoint Security Clients

 

Item

Description

4

Endpoint Security Clients

Application installed on end-user computers to monitor security status and enforce security policies.

5

Endpoint Security components

The components deployed on the endpoint client. You can install any or all of these components from the Endpoint Security Management Server.

For Endpoint Security server and client requirements, see the release notes on the R80.30 home page.

Optional Endpoint Security Elements

To make sure that your Endpoint Security system runs efficiently and without unnecessary down time, you can also include these optional elements in your system architecture:

 

Item

Description

6

Secondary Endpoint Security Management Server

One additional Endpoint Security Management Servers for High Availability. This makes sure that a backup server is available if the primary server is down.

7

Endpoint Policy Servers

Endpoint Policy Servers improve performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites. The Endpoint Policy Server handles heartbeat and synchronization requests, Policy downloads, Anti-Malware updates, and Endpoint Security client logs.