This is a document that lists the recommended order in which to have your Vulnerability Manager setup and ready for use.
Once all the appliance set-up points have been considered, the following is the recommended order of operation for implementing the appliance to ensure the most efficiency in the process and taking greatest advantage of automation:
- Install CA Vulnerability Manager
- Create Asset Groups in the appliance per decisions based on organizational considerations. Create Asset Groups using hostname or IP range distinctions in order to take advantage of automatic Asset Group assignment.
- Schedule the Asset Groups to report to the appliance, staggering the reporting times
NOTE: Creating Asset Groups using IP or Host Name convention to identify assets and scheduling the Asset Groups before deploying the VM Service to hosts will optimize appliance processing during the implementation phase.
- Create User Accounts, associating the appropriate Asset Groups to the user based on administration needs.
- Deploy the VM Service and Remediation Agent to assets that will be automatically managed and remediate.
- Associate Best Practice or User-Defined Configuration Standard groups with Asset Groups, if desired.
These steps, taken in the suggested order, will ensure the most optimal performance of the appliance during implementation. No configuration made during the implementation phase is permanent - any grouping or association made during the initial set-up can be changed at any point later in time - but changes are made more easily after all Services have finished reporting to the appliance and corresponding asset profiles created.
Given a planned and executed implementation of a 500 asset appliance with content and code two versions back, the average implementation will take a few days to complete.
Time frame can vary depending what version of CA Vulnerability Manager you have received. The best practice is to let the VM sit until the it has received its latest code update. You will be able to verify this by looking at the upper right hand corner of the application and see if the there is a code update pending.
Proactively considering each point presented above, the CA Vulnerability Manager implementation will be a quick, successful process, with the added benefit of being able to begin addressing vulnerability management in the network as soon as the implementation is complete.