ibm endpoint manager: security and compliance analytics ... · ibm endpoint manager security and...

IBM Endpoint Manager

Security and Compliance AnalyticsSetup GuideVersion 9.2

��

NoteBefore using this information and the product it supports, read the information in “Notices” on page 21.

This edition applies to version 9, release 2, modification level 0 of IBM Endpoint Manager and to all subsequentreleases and modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2012, 2015.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Chapter 1. Introduction . . . . . . . . 1System Requirements . . . . . . . . . . . 1Setup Considerations . . . . . . . . . . . 3

Chapter 2. Installing and upgradingSecurity and Compliance Analytics . . . 5Download IBM Endpoint Manager Analytics . . . 5Installing Security and Compliance Analytics . . . 5Upgrading from earlier versions of Security andCompliance Analytics . . . . . . . . . . . 8Migrating keystores . . . . . . . . . . . . 9

Perform Initial Configuration . . . . . . . . 10Configure HTTPS . . . . . . . . . . . . 12Configure the TEMA application server to useLDAP . . . . . . . . . . . . . . . . 13

Adding LDAP servers . . . . . . . . . . 13Linking users to directories . . . . . . . . 15Authenticating LDAP through user provisioning 16

Appendix. Support . . . . . . . . . 19

Notices . . . . . . . . . . . . . . 21

© Copyright IBM Corp. 2012, 2015 iii

iv IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

Chapter 1. Introduction

IBM® Endpoint Manager for Security and Compliance Analytics (SCA) is acomponent of IBM Endpoint Manager for Security and Compliance, whichincludes vulnerability detection libraries and technical controls and tools based onindustry best practices and standards for endpoint and server securityconfiguration (SCM checklists). The vulnerability detection libraries and thetechnical controls enable continuous, automated detection and remediation ofsecurity configuration issues.

SCA provides report views and tools for managing the vulnerability of SCMchecks.

SCA generates the following reports, which can be filtered, sorted, grouped,customized, or exported using any set of Endpoint Manager properties:v Overviews of Compliance Status, Vulnerabilities and Historyv Checklists: Compliance Status and Historyv Checks: Compliance Status, Values, and Historyv Vulnerabilities: Rollup Status and Historyv Vulnerability Results: Detailed Statusv Computers: Compliance Status, Values, Vulnerabilities, and Historyv Computer Groups: Compliance Status, Vulnerabilities, and Historyv Exceptions: Management, Status, and History

New features

The following features and enhancements are included in Security and ComplianceAnalytics 1.6.v Enhanced flexibility of computer groups associations. Using this feature, you can

now make changes and assign users to complex computer groups withoutaffecting the integrity of the compliance data that are reported.

v Migration from Jetty to IBM Websphere.v Support for Transport Layer Security (TLS) 1.2 for HTTPS connections that are

configured for TLS 1.2.v Updated installer.v Expanded support for Windows 2012 R2 and Microsoft SQL 2014.v End of support for versions of IBM Endpoint Manager earlier than 9.0.v Support of operating systems with 64-bit versions only.v Performance improvements when importing.v Updated interface.

System RequirementsLearn the system requirements to successfully deploy Security and ComplianceAnalytics.

Configure your Security and Compliance Analytics deployment according to thefollowing requirements:

© Copyright IBM Corp. 2012, 2015 1

Table 1. Supported components and system requirements to deploy Security andCompliance Analytics

Components Requirements

Supported browser versions v Internet Explorer versions 10.0, 11.0

v Firefox 31 and later versions

v Firefox Extended Support Release (ESR)versions 24 and 31

v Google Chrome 35.0 and later versions

Supported IBM Endpoint Managercomponent versions

v Console versions 9.0, 9.1, 9.2

v Web Reports versions 9.0, 9.1, 9.2

v Windows Client versions 9.0, 9.1, 9.2

v UNIX Client versions 9.0, 9.1, 9.2

SCA server operating system requirements v Microsoft Windows Server 2008 (64-bitonly)

v Microsoft Windows Server 2008 R2

v Microsoft Windows Server 2012

v Microsoft Windows 2012 R2

Note: Security and Compliance Analyticssupports operating systems with the 64-bitversions only.

SCA database server requirements v Microsoft SQL Server 2005 Service Pack 2

v Microsoft SQL Server 2008 R2

v Microsoft SQL Server 2012

v Microsoft SQL Server 2014

SCA server You must have Administrator privileges onthe target SCA server.

SCA database You must have dbcreator permissions on thetarget SCA database server.

IBM Endpoint Manager database userpermissions

IBM Endpoint Manager database userpermissions

SCM mastheads and Fixlet sites v You might have earlier BigFix Fixlets, IBMEndpoint Manager Fixlets, and customFixlets for security compliance in yourdeployment. These Fixlets continue tofunction correctly, but only certain Fixletsdisplay within the SCA reports.

v To view the current list of SCM contentsites that are supported with SCA, see thetechnote What SCM content is availablefor TEM?.

IBM Endpoint Manager DB2 databasepermissions

You must have data administration authority(DATAACCESS) to perform the followingtasks:

v Access to create objects

v Access to data within an IBM EndpointManager DB2 database

Note: Version 1.4 is the minimum version required to upgrade to Security andCompliance Analytics 1.6.

2 IBM Endpoint Manager: Security and Compliance Analytics Setup Guide

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1770

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1770

Setup ConsiderationsDuring setup, match your optimum deployment size to your hardwarespecifications. Use the suggestions as general guidance to setup Security andCompliance Analytics.

Consider the requirements of the following servers when you are calculating thedata sizing for SCA.v Security and Compliance Analytics database serverv Security and Compliance Analytics application server

Although you can install the Security and Compliance Analytics server on thesame computer as your SQL Server, doing so might affect the performance of theSecurity and Compliance Analytics application. Carefully manage the SQL Servermemory and if necessary, use a dedicated SQL Server computer.

Security and Compliance Analytics database server

The size of the Security and Compliance Analytics database server depends on thefollowing factors.v The number of computersv The amount of content that is subscribed onto these computersv The number of imports that are run

You can add more disk space for future growth of endpoints and more securitycompliance checks.v CPU and memory considerations

A minimum of 2 to 3 GHz CPU with 4 GB RAM is sufficient for hosting aSecurity and Compliance Analytics database server. The database server wouldgather analytics data for several hundred Endpoint Manager clients. Therequirements scale with the number of computers and compliance checks.It is suggested that you add more RAM for the SQL Server as the deploymentenvironment scales up.Use the following suggested sizing matrix for your deployment environment.

Table 2. Suggested sizing matrix for SCA deployment environments

Deployment Size(Number ofcomputers) Data Size CPU Memory

1 - 500 0 - 15 GB quad core 4 GB

500 - 5,000 15 - 25 GB quad core 8 GB

5,000 - 30,000 25 - 60 GB quad core 16 GB

30,000 - 100,000 60 - 165 GB quad core 32 GB

100,000+ 165 GB + 1.5 GB forevery 1,000endpoints

2 x quad core 64 GB+

Note: The sizing matrix does not include the database log size. For Security andCompliance Analytics 1.6, the log size generally requires the same size as thedatabase size.

v Disk space considerations and assumptions

Chapter 1. Introduction 3

An example deployment size of 30,000 Endpoint Manager Clients that aresubscribed to SCM contents must take into account the following disk spaceconsiderations and assumptions:– A 60 GB of free disk space is needed by the Security and Compliance

Analytics database server with 30,000 Endpoint Manager Clients.– Add 1.5 GB free disk space for the SCA database server for every 1,000 more

clients.– The disk space suggestions are based on the following assumptions:

- Your deployment environment has an average of 2,000 SCM checks and 200SCM checks per computer

- 2% check result change over each import (daily)- 5% of the checks have associated exceptions that are managed in Security

and Compliance Analytics- 1% of the measured value change over each import (daily)- All measured value analyses for all checks are activated- Your deployment contains one year of archived compliance data (365

imports)

Note: Disk space size is affected by the sum of the following key elements:

(Number of check results and their compliance change over time) + (Numberof vulnerability results and their compliance change over time) + (Number ofmeasured values change over time) + (Computer Group * Checks * Numberof imports over time) + (Number of exceptions + Number of MeasuredValues)

Security and Compliance Analytics application serverv A minimum of 3 GB of free disk space is needed by the SCA Server. 10 GB of

free disk space can be sufficient for up to 250,000 computers.v A 2 to 3 GHz CPU Quad-cores with 8GB RAM free memory space to support

30,0000 computers.

Note: The Security and Compliance Analytics application has a hard limit of 1 GBof memory use and there are up to 4 simultaneous PDF generation processeswhich would take about 1 GB of memory use.


Chapter 2. Installing and upgrading Security and ComplianceAnalytics

Before installing SCA, ensure that your system meets all prerequisites as describedin Systems Requirements .

Install and configure IBM Endpoint Manager Analytics by completing thefollowing steps:v Install by using the InstallAnywhere installerv Perform initial configuration by using the web interface

Upgrading from an earlier version requires updating the data schema as well. Todo this, the operator must access the Security and Compliance Analytics webinterface from the server hosting Security and Compliance Analytics. ClickUpgrade Schema

Download IBM Endpoint Manager Analytics

To download IBM Endpoint Manager Analytics, perform the following steps:1. In the IBM Endpoint Manager console, add the SCM Reporting masthead.2. In the Security Configuration domain in the console, open the Configuration

Management navigation tree. Click the TEM SCA 1.6 First-time Install Fixletunder the SCA Install/Upgrade menu tree item.

3. Take the associated action and follow the installation steps in the description ofthe Fixlet.

Installing Security and Compliance AnalyticsFollow these steps to install Security and Compliance Analytics.

Procedure1. Run the installer executable file. When you are prompted, extract the installer

file to a folder.


2. Run tema-windows-x86_64.bat from within the folder to begin the installation.3. You can change the installation path and port during installation.

a. Installation path

b. TCP port


Note: Security and Compliance Analytics uses HTTPS by default from version1.6 and later.

4. Specify the user account that runs the IBM Endpoint Manager Analyticsservice. If you configure IBM Endpoint Manager Analytics to connect to theSQL Server through a user that is authenticated through Windows, the IBMEndpoint Manager Analytics service must be configured to run as that sameuser.

5. When the installation is completed, use the web interface to complete the setupof the IBM Endpoint Manager Analytics server.

Chapter 2. Installing and upgrading Security and Compliance Analytics 7

6. The final window of the installer prompts you to launch a web browser tocomplete the setup. Click Done.

The Security and Compliance Analytics web server may take a while to fullyload. Allow time for the server to initialize.While the server is loading or during the database configuration, you mightreceive a message stating Not Found. This is expected. The page automaticallyreloads when it is ready.

Upgrading from earlier versions of Security and Compliance Analytics

Before you begin

Updating from an earlier version requires updating the data schema as well. Theoperator must access the Security and Compliance Analytics web interface from theserver hosting Security and Compliance Analytics. Click Upgrade Schema.

About this task

Security and Compliance Analytics 1.6 uses IBM WebSphere. Earlier versions useJetty as an application server.


When upgrading from earlier versions of Security and Compliance Analytics, theinstaller replaces the previously supplied server certificate and private key pairwith a new self-signed certificate and key pair.

Note: Version 1.4 is the minimum version that is required to upgrade to Securityand Compliance Analytics 1.6.

To upgrade from earlier versions of Security and Compliance Analytics, you mustconfigure your SSL certificate settings again. To apply the settings again, go toManagement > Server Settings when installation is completed.

Procedure1. Click Replace in the Certificate section.2. Click Browse... and select your server certificate and private key.3. Enter the private key password.4. Click Save and restart Security and Compliance Analytics. If the original

certificate and key pair are difficult to get or are unavailable, follow the steps inMigrating Keystores.

Migrating keystoresFollow these steps to migrate keystores in Security and Compliance Analytics. Akeystore is a database file that stores security certificates, such as authorization orpublic key certificates.

About this task

The Security and Compliance Analytics installer will save the following files foryour reference under <TEMA_ROOT>\wlp\usr\servers \server1\resources\security\.v Under <TEMA_ROOT>\wlp\usr\servers \server1\resources\security\, a copy of

your original keystore filev Under <TEMA_ROOT>\wlp\usr\servers \server1\config\

– A copy of your original jetty.xml file– The keystore password in deobfuscated_password file

Migrating keystores require the following:v Java Runtime Environment (installed in <TEMA_ROOT>\jre\bin\

v The original keystore filev The deobfuscated_password filev Command prompt (Windows) with appropriate PATH set


Procedure1. Convert the keystore from JKS to PKCS12 format.

Table 3. Example command line of converting the keystore format from JKS to PKCS12

Command line example Reference

v Input file: keystore

v Output file: keystore.p12

v <password_string>: The password stringsaved in the deobfuscated_password file

v key_pass: The new password of yourchoice for keystore.p12. The passwordmust be a minimum of 6 characters.

2. Convert the PKCS12 format keystore into PEM format certificate and key usingOpenSSL.

Table 4. Example command line of converting the keystore format from PKCS12 to PEM

Command line example Reference

> openssl pkcs12 -in keystore.p12 -outkeystore.pem

v Input file: keystore.p12

v Output file: keystore.pem

You will be prompted to enter the following passwords:v Password (Import password) for keystore.p12

v New password of your choice for the private key. The password must be aminimum of 4 characters.

3. Open the PEM encoded certificate and key (keystore.pem). Save it as certificateand a private key file.a. The file keystore.pem contains both the certificate and private key in

sections.b. Copy then save the following section server.crt.

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

c. Copy then save the following section as server.key.-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----

4. Go to Management > Server Settings. Apply the following in Security andCompliance Analytics.v certificate (server.crt)v key pair (server.key)v password (PEM pass phrase entered in Step 2.)

Perform Initial Configuration

To set up the database connection, perform the following steps:1. Enter the host and database name fields.2. Select a type of authentication.3. Click Create to create a new administrative user.


In the next screen, enter a username and password for the new administratoraccount. Click Create.

Next, connect to your IBM Enterprise Manager database. Enter the host, databasename, and authentication method for your primary IBM Endpoint Managerdatabase. Click Create.

You can also set up a Web Reports database in the fields on the right side of thewindow.


Configure HTTPS

IBM Endpoint Manager Analytics administrators can configure SSL and the TCPports from the Management/Server Settings section of the web interface. Whenturning on SSL, you can provide a pre-existing private key and certificate or havethe system automatically generate a certificate. If you change the port or SSLsettings, you must restart the service for the changes to take effect.

If you generate a certificate, you must specify a certificate subject common name.The common name must correspond to the DNS name of the IBM EndpointManger Analytics server.


If you provide a pre-existing private key and certificate, they must bePEM-encoded. If your private key is protected with a password, you must enter itin the Private key password field.

Configure the TEMA application server to use LDAP

IBM Endpoint Manager for Security Compliance Security Compliance Analytics 1.4supports authentication through the Lightweight Directory Access Protocol (LDAP)server. You can add LDAP associations to IBM Endpoint Manager Analytics so youand other users can log in using credentials based on your existing authenticationscheme.

To use LDAP for authentication of IBM Endpoint Manager Analytics users, youmust do the following steps:v Add an LDAP server directoryv Link a user to the created directory

You can also use the user provisioning feature to authenticate LDAP users withoutcreating individual users in the application.

Adding LDAP serversTo use LDAP for authentication of IBM Endpoint Manager Analytics users, youmust add a working LDAP directory.

Before you begin

You must be an Administrator to do this task.

Procedure1. Log in to the TEMA application server.2. Go to Management > Directory Servers.


3. To create an LDAP connection, click New.4. Enter a name for the new directory.5. Select an LDAP Server for authentication from a list and enter the name of a

Search Base6. If the values of your LDAP server are different from the default, select Other

from the LDAP Server list.7. Enter values of filters and attributes of your LDAP server.8. Enter a name and a password for the authenticated user.9. If your LDAP server uses Secure Socket Layer protocol, select the SSL check

box. If you require no user credential, select the Anonymous Bind check box.10. In the Host field, provide the host name on which the LDAP server is

installed.11. Enter the Port.12. To verify whether all of the provided entries are valid, click Test Connection.13. Click Create. You configured a system link to an authentication system.


14. To add a backup LDAP server, in the Primary Server tab, click the Addbackup server link.a. Enter the host and IP of the backup LDAP server.b. Click Test Connection to verify whether all of the provided entries are

valid.c. Click Save to confirm the changes.

15. Optional: To edit the directory, select its name. Click Save to confirm thechanges.

16. Optional: To delete the created directory, select its name. In the upper left ofthe window, click Delete.

Linking users to directoriesTo complete an authentication process through LDAP, you must create a user thatwould link to the created directory.

Before you begin

You must be an Administrator to do this task.

Procedure1. Log in to the TEMA application server.2. Go to Management > Users.


3. To create a user, click New.4. In the Username field, enter the name of an existing user of an LDAP server.5. From the list, select a Computer Group that the user would be assigned to.6. From the Authentication Method list, select the name of an LDAP directory.7. Click Create.8. 8. Optional: To delete the created user, click its name. Then in the upper left of

the window, click Delete.

What to do next

To confirm authentication, log in to the Endpoint Manager Analytics server withthe credentials.

Authenticating LDAP through user provisioningYou can configure the LDAP group permission to authenticate LDAP users withoutcreating users individually in SCA.

Before you begin

You must configure at least one directory with a working LDAP group in theLDAP server.

Procedure1. Log in to the TEMA application server.2. Go to Management > User Provisioning.3. To create a user, click New.4. In the Group Names field, type the name of an existing group of an LDAP

server.5. From the list, select a Computer Group that the TEMA would grant for

authentication.6. From the Roles field, click one or more roles that the group users granted for

access permission.


7. From the Computer Group field, select a computer group that the group userswould be assigned to.

8. Click Create.

What to do next

To confirm authentication, log in to the Endpoint Manager Analytics server withuser within the LDAP group you created.


Appendix. Support

For more information about this product, see the following resources:v IBM Knowledge Centerv IBM Endpoint Manager Support sitev IBM Endpoint Manager wikiv Knowledge Basev Forums and Communities


http://www-01.ibm.com/support/knowledgecenter/SS63NW_9.2.0/com.ibm.tivoli.tem.doc_9.2/welcome/IEM92_landing.html

http://www.ibm.com/support/entry/portal/Overview/Software/Tivoli/Tivoli_Endpoint_Manager

https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Home

http://www-01.ibm.com/support/docview.wss?uid=swg21584549

http://www.ibm.com/developerworks/forums/category.jspa?categoryID=506

Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte character set (DBCS) information,contact the IBM Intellectual Property Department in your country or sendinquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.1623-14, Shimotsuruma, Yamato-shiKanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certaintransactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Web


sites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurements may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject tochange before the products described become available.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:


This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. The sampleprograms are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

If you are viewing this information softcopy, the photographs and colorillustrations may not appear.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the “Web at Copyright andtrademark information” at www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of TheMinister for the Cabinet Office, and is registered in the U.S. Patent and TrademarkOffice.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Java™ and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in theUnited States, other countries, or both and is used under license therefrom.

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo aretrademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

Notices 23

��

Printed in USA

ibm endpoint manager: security and compliance analytics ... · ibm endpoint manager security and...

Documents