Cloud-enabled Management lets you manage endpoints over the Internet even if the client computers are outside of the corporate environment and cannot access the management servers directly. The managed computers do not need to use a VPN connection to your organization's network.
You can apply Cloud-enabled Management in the following scenarios:
An organization with many employees traveling or working outside of the office (outside the corporate intranet).
A managed service provider (MSP), managing external companies.
Highly distributed companies with many small offices or employees working from home.
When you implement Cloud-enabled Management, the Notification Server computer and site servers are not directly exposed to the Internet. Therefore, Symantec Management Agent communicates with the Notification Server computer and the site servers through an Internet gateway. Usually two or more Internet gateways should be available to maintain reliable management of Cloud-enabled clients and to provide failover options. Each Internet gateway can support routing to multiple independent Notification Servers.
To use cloud-enabled management, you must install an internet gateway server. The Internet gateway works as a tunneling proxy. It ensures the privacy and safety of the data that is passed between an agent and a management server with HTTPS communications. The Internet gateway is located in a demilitarized zone (DMZ) between two firewalls. It accepts incoming connections from authorized client computers on the Internet and forwards them to the appropriate Notification Servers and site servers inside your network. The Internet gateway blocks any connection attempts by unauthorized clients.
The Symantec Management Agent automatically determines whether routing the communication through the Internet gateway is needed or not. If a Cloud-enabled computer has direct access to the local network using VPN, the agent automatically switches to a direct communication with Notification Server. If a Cloud-enabled computer is outside the corporate network, then the agent routes all communication on the Internet to Notification Server through the Internet gateway.
Cloud-enabled Management is only supported on Microsoft Windows client computers.
Cloud-enabled Management is available on your Symantec Management Platform only when one or more installed solutions support Cloud-enabled Management. Not all Symantec solutions support Cloud-enabled Management in IT Management Suite 7.5 SP1. For more information on Cloud-enabled Management support for a particular solution, refer to the solution documentation.
Figure: Cloud-enabled Management
To take advantage of the Cloud-enabled Management feature, you must perform the following tasks:
Set up the infrastructure and configure your servers and client computers to use SSL.