64 Endpoint Security and Compliance Management Design Guide Using IBM Tivoli Endpoint Manager
3.1 Logical component overview
In 2.2.4, “Managed environment” on page 32, we introduced the key components
of the Tivoli Endpoint Manager platform. In Figure 3-1, we depict these
components placed in a logical context; in this section, we take a closer look at
each of these components.
Figure 3-1 High-level components in a logical context
Most of the components in Figure 3-1 are within the control and responsibility of
the organization that deploys the overall solution, except for the Tivoli Endpoint
Manager Fixlet Servers. The Fixlet Servers exist outside of the organizational
control and are hosted by IBM.
Arrows in the diagram indicate data flow, not network traffic initiation. Network
flow is examined further in 3.3, “Network communications and usage” on
page 106. Figure 3-1 shows that data flows from the Fixlet Servers (external to
organization) into the Tivoli Endpoint Manager Server. This diagram does not
mean that the Fixlet Servers initiate the connection; it merely depicts the way that
the data flows.
A basic Tivoli Endpoint Manager solution contains a Tivoli Endpoint Manager
Server, Tivoli Endpoint Manager database, Tivoli Endpoint Manager Console,
Chapter 3. IBM Tivoli Endpoint Manager component structure 65
and one or several Tivoli Endpoint Manager Agents. Tivoli Endpoint Manager
Relays are suggested in most deployments. Other components are optional,
depending on what features of the system the organization plans to use.
Next, we explain each component in turn and its role in the overall system.
3.1.1 Fixlet Server
We first look at the Fixlet Servers and how they interact with the Tivoli Endpoint
Manager Server, shown in Figure 3-2.
Figure 3-2 Fixlet Server component in context
In 2.2.5, “Key terms” on page 36, we briefly introduced Fixlet messages and
Sites. Sites are a logical collection of Fixlets that are related in some way. For
example, they all relate to patching Microsoft Windows endpoints. Or, they relate
to measuring and managing compliance to a particular standard or operating
system. These Sites are normally hosted on the IBM Tivoli Endpoint Manager
Fixlet Servers as a
cloud service and are therefore external to the organization
that uses Tivoli Endpoint Manager. A Fixlet Server is not a component that the
organization must build or maintain.
By hosting the sites externally, each organization can subscribe to a content feed
from these servers and receive updates to their content dynamically, when that
content changes. This approach removes the manual steps required to ensure
that the organization has the latest patches, compliance controls, or any other
update to a subscribed site.
Obtaining updates in this way does not actively change your environment, it
merely provides the new content. Use of this new content to change the
organization endpoints must still be performed by an approved administrator.
Furthermore, any existing actions are equally not affected by this new content.
3.1.2 Tivoli Endpoint Manager Server
Next, we look at the Tivoli Endpoint Manager Server. We look at how it interacts
with the other surrounding Tivoli Endpoint Manager components, shown in
Figure 3-3 on page 66.