→ Home → Customer Support Frequently Asked Questions

Customer Support Frequently Asked Questions

What is it? What does SEM contain by default? For whom is it intended? What is installed on my systems? OK - so it is powerful, but is it secure? Which platforms does it support? What does it cost? How can I evaluate it? What is the Subscriber Database? Can Subscriber Databases be linked to HR databases?

• Back to the support page
• Sample Case Studies
• Support Issues Library

What is it?

Sysgem Enterprise Manager (SEM) is primarily a monitoring, auditing and management tool for use by System Managers, Security Managers, Administrators and Help Desk users, but indeed can be used by anyone in your enterprise for running almost any type of application on multiple machines over multiple platform types.

SEM has:

• A client/server architecture which provides a Windows GUI and which can simultaneously invoke programs and scripts on as many systems in your network as you wish (multiple platforms - enterprise wide), managing, monitoring and collecting data.
• A file and directory browser that operates over multiple platform types. Scripts can be added to perform customer specific actions on selected files & directories. Files and directories can be created / modified / deleted / searched / etc.
• A standard set of "Plug-in" modules to perform system management, user account management, security management, and development management.
• Ability to run interactive scripts on multiple platforms.
• Telnet capability.

In the monitoring mode, data can be transferred at timed intervals from remote systems for display in customizable windows on your workstation. You can keep track of the status of almost any object or service such as: processes, queues, events, jobs, servers, networks, disk usage, registries, intrusions, etc.

In a transaction processing mode, a specific item can be selected - such as a file, or a directory, or a queue, or a user account, or a process, or indeed any object - and some action can be taken upon that object such as delete it, change it, change it's priority or its password, etc, or more comprehensive script can be run to take some customer specific processing action.

In the reporting mode, textual or html (web browser) reports can be produced giving current, up-to-date information on as wide or as focused a topic as your imagination will allow.

Set SEM to raise alarms when circumstances call for it - not when the situation has already become dangerous, out of control, or when your system security has already been compromised.

Develop your own scripts, forms, applications, in as simple a way as you could not have dreamt possible. Alternatively simply use the applications which ship with SEM - or modify them to fit your own needs - use them as example applications to provide your own applications interfaces.

Delegate responsibility in a safe and secure manner to authorized users - give them access to certain privileged operations - and deny them access to others. Browse the archive database to see who has done what. See a complete history of all the changes that have been made, and who made those changes.

Remember, the scope of SEM is as wide as your enterprise, and the scope of supported applications is as wide as your imagination.

top

What does SEM contain by default?

The SEM evaluation kit gives you full access for 60days (but just ask for an extended evaluation license if you need it) to the SEM base framework and application modules described in this web site. Application modules are optional - if you don't need them, you don't pay for them.

The base framework has the following:

• Data Collector
• Display Monitor
• Multi-platform Scripts
• Availability of Machines
• Network-wide Event Log Display, Filter and Archive
• Alerts
• Reports
• Filters
• Alarms
• Customizable Configurations
• Application development framework
• Archive and Audit Trail
• Logging
• Access Control - delegation
• Secure Environment
• Sharing of Scripts / Display Libraries

top

For whom is it intended?

... almost anyone - but specifically for...

• System managers needing to monitor and manage all machines, or groups of machines in the enterprise net-work,
• Security managers responsible for any aspect of computer security on any or all machines in the network.
• Help desk users needing immediate access to accounts/ queues/files / directories / quotas / servers / services / etc.
• Control centers needing to be alerted to the change of state of any aspect of the their remote system operations.
• Managers needing up to date information from any application source.
• Network managers responsible for the continued availability of their entire network.
• Small departmental sized organizations to huge multi-national corporations.

The list is endless - and bounded only by your own needs.

top

What is installed on my systems?

i. A software Agent component on each remote machine being managed. Once installed it is unlikely to need a manual upgrade, since script upgrades take place automatically from the centralized management console component. (See also list of platforms supported).

ii. A central Authorization Server (this is installed on a central NT or Windows 2000 server and used to hold the registration of authorized users of the system, master copies of Agent scripts, etc).

iii. A Management Console GUI on Windows NT or Windows 2000. This can be installed on individual workstations - or accessed from a single installation on central server.

top

OK - so it is powerful, but is it secure?

Absolutely. Every component of SEM ensures that it can only communicate with other official, authenticated components of SEM that have been uniquely registered on this customer network. Each software component is installed with a security key (a variable length, case-sensitive keyword) which is devised for the customer's own network at the point it is installed. All components in the system ensure that any other components to which they interact have the same registered keyword using a challenge / response security authentication dialogue. The key is never transmitted over the network; it is encrypted using blowfish encryption. Each challenge is never repeated, and has only one legitimate response. It is not possible to anticipate the correct response to any given challenge, regardless of how many authentication dialogue message exchanges may have been 'snooped'.

top

Which platforms does it support?

The SEM GUI and the Authorization Server run on Windows Workstations from Windows 2000 to Windows 7 and on Windows Servers from Windows 2000 to Windows 2008. The Target platform servers run on the following:

• Windows Workstation
  
• Windows Server (Intel)
• Open VMS (AXP/VAX/Itanium)
• HP UX
• SUN Solaris
• Digital / HP Tru64
• IBM AIX
• Linux
  
• AS 400 

top

What does it cost?

Call for details - we will be only too pleased to discuss your needs and how SEM can provide the answer. You will be surprised at how reasonably priced this product is, and how valuable it will become to your organization. Contact us here.

top

How can I evaluate it?

A full-functionality evaluation kit may be copied from our web page. It is supplied with a 30-day evaluation license. If this evaluation period needs to be extended - please contact your SYSGEM representative, or one of the authorized dealers, or send mail to: office@sysgem.com.

top

What is the Subscriber Database?

First of all the Subscriber DB is optional - it doesn't need to be used to perform central user account management with SEM.

Having said that, it can actually provide a number of advantages, particularly when security is a big issue.

The main purpose of the Subscriber DB is to provide a single point of access to user accounts where the "ownership" of all the distributed user accounts on many systems throughout the network can be linked to individual people.

So for each "person" in the company, there would be one Subscriber record, and that record has "pointers" to all the accounts that that person owns.

When creating a user account (after first selecting an employee's Subscriber record) many of the fields in the account creation form are automatically filled from the subscriber record. So this gives two immediate advantages... 1. It saves time keying that information (the form is already filled out for you) 2. It makes the data consistent (avoids keying errors, abbreviations, spelling errors, etc).

Often organizations have naming conventions that allow them to identify who actually owns all the accounts on the network - but equally often there seem to be accounts that are 'owned' by a person, but do not follow the normal naming conventions - such as test accounts, project accounts, group accounts, etc. Often the ownership of these accounts gets forgotten.

With the Subscriber Database it is possible to make sure that EVERY account in the network has a nominated "owner", and that any exceptions to this rule are identified in a regular audit report. It means that if someone leaves the company, that all accounts owned and controlled by that person can be identified and action taken upon them.

Without this Subscriber database, the only way of identifying the owners of accounts is by relying on the accounts themselves having the correct naming convention, or having a field set within them to indicate the owner. There is no possibility to audit this situation without the Subscriber database.

By linking the Subscriber database to an HR database, all people in the organisation are accounted for, and all accounts are shown to be "Owned" by a real, live person, who is really (still) in employment in this company. And this is the third advantage of the system - it ensures the ownership of accounts is attributed to actual "people" in the company. (Some organizations even want the "System Accounts" to be owned by a real, live, warm-blooded, breathing person who is definitely still on the payroll! Or else have an audit report to show anomalies).

The fourth advantage is... that if the User Account Administration team only use SEM to create/delete accounts, then as soon as someone else (who has the privileges, but not necessarily the authority) to create or delete an account by using the operating system tools to do so, then a report is made that shows that this account was created/deleted by something other than SEM (because the pointers in the Subscriber Database are no longer valid. They didn't have access to SEM, so the Subscriber DB wasn't updated. So this begs the question - why did someone create/delete an account when they were not an approved member of the user account administration team?)

Without the Subscriber database, this sort of information isn't immediately clear. Ok - it would be possible to extract that information from the System Audit Journal - but if you miss that event, or if it is concealed, or if it happened by accident - there is nothing thereafter to highlight the problem. But with SEM, until the pointers to the Subscriber DB are 'repaired' this anomaly will always be obvious.

There are other things too such as setting review dates in the subscriber record that enables all accounts owned by a user to be reviewed on a particular date. This is simply a date set in the subscriber record, that can be used to indicate that something should happen on this date - e.g. 3 months after an employee has left a company you may want to remove his accounts, whereas before that date you simply wanted to disable them.

So, in summary, the advantages are:

1. Saves keying time
2. Increases consistency of data
3. Shows ownership of accounts
4. Identifies when someone other than a SEM user created/deleted an account
5. Allows review dates to be set

top

Can Subscriber Databases be linked to HR databases?

HOW and WHETHER the Subscriber Database is linked to an HR database is a decision taken with each customer. The choices are:

1. Don't. Just leave it as a completely independent database. The disadvantage of this approach is that any changes (starters/leavers/changed records) have to be changed manually in the Subscriber Database. It can be initially populated from an external source such as the MS Exchange database, but thereafter changes have to be made manually. This approach would only be taken if the organization did not have an HR database that they could rely on. (Essentially, the SAcM Subscriber DB then becomes their HR database!)
2. Keep it as an independent database and synchronize it daily. A report is made on the differences between the HR & Subscriber records each day. This approach is often favoured for the report it produces showing what changed in the HR database since the previous day.
3. Map the personal part of the database to a "view" of the HR database. This has the advantage that it does not need to be synchronized, but it has the disadvantage that you don't get the synchronization report.

top

Products

• Versatile, powerful IT management tools for monitoring and managing systems, administering user accounts and auditing security.
• Sysgem Enterprise Manager
• Sysgem Account Manager
• Sysgem System Manager
• Sysgem Development Manager
• Sysgem VMS Monitor
• Password Synchronizer
• Password Policy Enforcer
• Self-Service Password Reset
• Logfile Concentrator

SysGem is a trademark of Sysgem AG. Other brands and products are registered trademarks of their respective holder/s.
© 2010 Sysgem AG, Lavaterstrasse 45, 8002 Zürich, Switzerland; +41 (0)44 204 60 23. All rights reserved.
Websolution by www.scofiej.co.uk