7 min read
Implement a Central Collection System
Microsoft has made some considerable changes to event management in Windows Vista. But are these changes enough to help you control your entire infrastructure?
As you have seen, Microsoft has made considerable changes to the Vista Event Log—changes that move it from a PC-based system to an enterprise level tool. Collecting events from remote systems is something that administrators of Windows systems have wanted to do for many years. Vista finally makes it possible. But, is the Vista event management and collection system enough in and of itself, even with its improvements? Let’s take a look.
If you decide to run your event management strategy based on Vista’s new features, then you’ll need to configure your environment to meet the following guidelines:
So, as you can see, you can do it with Vista alone, but it has some limitations.
If you are interested in centrally collecting events and use it to gain complete control of your distributed environment, then look to these requirements:
These requirements are just a few examples of what you’ll need to have to perform complete event management in your network.
Is Vista enough on its own? Not really. The changes Microsoft has implemented make the Vista Event Log a much more solid and robust event management environment. The fact that all events are stored in XML format, the fact that Windows Remote Management now lets you manage systems through common HTTP ports and the fact that the task scheduler is now linked with event management are excellent examples of how Microsoft can implement and design a standards-based operating system. These changes make it easier for third party software manufacturers to develop and integrate comprehensive management systems to the Vista OS.
Vendors such as EventTracker have been supporting event management for years. That’s partly because like their customers, they know that event management is the best way to manage change in any Windows network. True event management requires a separate tool, one that is focused on event management and only on event management (see Figure 1). That’s what EventTracker does. It is Windows version agnostic in that it works with any Windows version. It supports the needs of multiple audiences such as auditors, CxOs, system administrators, security officers and Help Desk engineers. It automatically categorizes events so that you know what you’re looking at. It is linked to one of the largest databases of Windows events in the world so that you always understand what Windows is telling you. It is centrally controlled through a Web-based console so you can have access to it from any location in your network. And, it is policy-driven, letting you design a standard policy which can be applied to any node in the network from one central location. All you need is administrative access to each node.
Figure 1. Event Tracker covers the entire gamut of Event Management needs
There is no doubt that if you want to manage your Windows network, whether it be Vista or not, then you need a proper event management tool—one that will support all of your needs and let you know what is going on in the network at any time. And, if you do the math right, you’ll find out that EventTracker quickly pays for itself. For example, in a network of 50 servers, implementing EventTracker could pay itself back within about four months (see Table 1)—even less if you deploy it in a virtualized operating system instead of on an actual physical server.
$24,000.00
$2,019.23
$3,211.54
$10,000.00
$39,230.77
$24,062.50
$11,682.69
$3,164.06
$12,387.92
$65,625.00
$116,922.18
198.04
$9,743.51
4.03
Table 1. Sample EventTracker Return on Investment Calculation
If you’re interested in making sure you know what is going on in your network, then look to tools such as EventTracker. If you’re moving to Vista, then do it right. Introduce complete network management and move to a managed network model. You won’t regret it. Not only will you have information at your fingertips once and for all, but you’ll also be able to take full advantage of all that Vista offers.
About the Authors
Danielle Ruest and Nelson Ruest, MCSE+Security, MCT, Microsoft MVP, are IT professionals specializing in systems administration, migration planning, software management and architecture design. They are authors of multiple books, and are currently working on the Definitive Guide to Vista Migration for Realtime Publishers as well as the Complete Reference to Windows Server 2008 for McGraw-Hill Osborne. They have extensive experience in systems management and operating system migration projects.
Industry News
HIPAA Audit: 42 questions that the US Department of Health and Human Service (HHS) might ask.
Everything from security to employee status to internet use
Automating the HIPAA compliance process
Like many of the other Compliance standards in wide spread use today, HIPAA calls for a risk-based assessment by the Covered Entity to implement safeguards to meet HIPAA compliance. Can HIPAA compliance be achieved without a log management solution? The answer to that is “perhaps”, but especially at the larger CE’s, at a considerable increase of risk of information breach and audit failure. Achieving compliance also becomes an extremely labor intensive activity.
Data Loss and ID Theft Fears Altering Consumer Purchasing Behavior
With the headlines announcing almost on a weekly basis another data breach at businesses, educational institutions and medical facilities, a recent study shows consumers are modifying their purchasing behavior, including online buying, out of concern for the security of their personal information.
Audit your organization year-round for best results, experts say
Enterprise security managers and others who work with auditors would do well by taking a page out of the National Football League’s playbook, a CISO advised attendees at the Burton Group Catalyst Conference.
Download the Whitepaper
5 min read
10 min read