Endpoint Security Architecture

An Endpoint Security environment includes the SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. console, Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data., and Endpoint Security clients. It is integrated with the Check Point Security Management and SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

Endpoint Security Management Server

Item

Description

Active Directory Server

The repository of the user information of the organization. (Not part of the Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..)

Endpoint Security Management Server

Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data.

The Endpoint Security Database holds policies that enforce security on endpoint clients, user and computer objects, licensing, and Endpoint monitoring data.

Also contains the Directory Scanner, that gets the structure and contents of the Active Directory Server for directory-based policy assignment.

Note - The term Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. refers to all Endpoint Security Servers in the environment. This includes Endpoint Security Management Servers and the (optional) Endpoint Policy Servers.

SmartEndpoint

A Check Point SmartConsole application to deploy, monitor and configure Endpoint Security clients and policies.

Install on the Endpoint Security Management Server or on a Windows computer that supports the client installation.

Endpoint Security Clients

	Item	Description
4	Endpoint Security Clients	Application installed on end-user computers to monitor security status and enforce security policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..
5	Endpoint Security components	The components deployed on the endpoint client. You can install any or all of these components from the Endpoint Security Management Server.

Item

Description

Endpoint Security Clients

Application installed on end-user computers to monitor security status and enforce security policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..

Endpoint Security components

The components deployed on the endpoint client.

You can install any or all of these components from the Endpoint Security Management Server.

For Endpoint Security Server and Endpoint Security Client Application installed on end-user computers to monitor security status and enforce security policies. requirements, see the R80.40 Release Notes.

Optional Endpoint Security Elements

To make sure that your Endpoint Security system runs efficiently and without unnecessary down time, you can also include these optional elements in your system architecture:

	Item	Description
6	Secondary Endpoint Security Management Server	One additional Endpoint Security Management Server for High Availability. This makes sure that a backup server is available if the primary server is down.
7	Endpoint Policy Servers	Endpoint Policy Servers improve performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites. The Endpoint Policy Server Endpoint Policy Server improves performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites. The Endpoint Policy Server handles heartbeat and synchronization requests, Policy downloads, Anti-Malware updates, and Endpoint Security client logs. handles heartbeat Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to check the connectivity status and report updates. and synchronization requests, Policy downloads, Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. updates, and Endpoint Security client logs.

Item

Description

Secondary Endpoint Security Management Server

One additional Endpoint Security Management Server for High Availability. This makes sure that a backup server is available if the primary server is down.

Endpoint Policy Servers

Endpoint Policy Servers improve performance in large environments by managing most communication with the Endpoint Security clients.

Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites.

The Endpoint Policy Server Endpoint Policy Server improves performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites. The Endpoint Policy Server handles heartbeat and synchronization requests, Policy downloads, Anti-Malware updates, and Endpoint Security client logs. handles heartbeat Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to check the connectivity status and report updates. and synchronization requests, Policy downloads, Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. updates, and Endpoint Security client logs.