NetIQ SCM 5. 8 lumbers
through security checks
REVIEW: NetIQ Secure Configuration Manager 5. 8 does a decent job of
reporting IT asset configuration data, but IT managers should anticipate a mod-
erate amount of tinkering to get really useful information on a consistent basis.
By Cameron Sturdevant
NetIQ Secure Configura- tion Manager 5. 8 applies regulatory requirements for secure computing
environments to IT assets, and it
reports that information via a new
Web dashboard that can be used
by non-IT personnel. The product
does not set any new
heights for configuration reporting tools
and—in common
with other products
in this space, including Symantec’s better-documented Control
Compliance Suite—
requires a labor of love
to get useful reports
on a consistent basis.
SCM 5. 8 worked
well with virtual and
physical systems dur-
ing my tests, although
some of the trending
reports were skewed
by the on-again, off-
again nature of my vir-
tual machines. What
makes SCM 5. 8 wor-
thy of consideration in medium to
large organizations is its avalanche
of reporting templates for examin-
ing compliance with regulations
ranging from the Sarbanes-Oxley
EMC, but with portions—including
a similar compliance-checking com-
ponent—that have been absorbed
by VMware) provides compliance
reporting aimed squarely at virtual
machine environments.
How I tested SCM 5. 8
I ran NetIQ SCM 5. 8 on a Lenovo
ThinkServer RD210
with two quad-core
Intel Xeon 5540 processors and 12GB of
RAM; a Dell Power-Edge R610 server
with two quad-core
Intel Xeon 5540 processors and 32GB of
RAM; and a Lenovo
W510 mobile workstation with an Intel Core
i7 processor and 8GB
of RAM. I monitored
the physical systems,
along with several
virtual server systems
running a variety of
Windows and Red
Hat server operating
systems.
Many of the Windows server systems (a mix of Windows Server 2003 R2 and 2008 R2)
were also running Microsoft application servers, including IIS and
Act to COBIT (Control Objectives
for Information and related Technology), for operating systems including Windows, Red Hat and Unix
systems, and for applications including Microsoft SQL Sever and Oracle
databases.
NetIQ SCM 5. 8 started shipping in
September 2009 and starts at $1,000
per managed server. Competitive
products include Symantec Control
Compliance Suite, which offers integration with other Symantec security
tools. Configuresoft (acquired by
The Web-based dashboard enables IT to put reports in the hands of business,
legal, audit and executive users.
