Duke University IT staff utilize a number of endpoint management services to support efficient maintenance of computing devices.  These services are available to all IT support groups at Duke.

Steering Committee information available at https://it.duke.edu/endpoint-management-steering-committee
Duke’s Endpoint Management Charter may be found here (link to charter) and a description of each service is provided below.

Casper Casper

Casper supports management of Mac OS X and iOS devices. Casper provides automated software installation and maintenance, iOS security, and device encryption key escrow.

  • iOS and Mac OS X device management
  • Encryption deployment and management (with escrow and reporting)
  • Utilize the Restricted Software feature as needed o System and application settings management and enforcement
  • Self Service application
  • Make use of the remote lock/wipe features for laptops that go missing
  • Enhanced patch management
  • User driven self provisioning of new machines either via Self Service and or DEP
  • Inventory management and reporting

bigfixIBM BigFix

IBM BigFix provides endpoint management and security for servers, desktops, notebooks and smartphones running a Microsoft Windows, Mac OS X, and various flavors of Linux operating systems. It is used for automated software installation and maintenance, operating system patch management, security settings and inventory.

  • Device management
  • Automated software installation/maintenance
  • Operating system patch management
  • System and application security settings
  • Inventory management and reporting

SCCMMicrosoft System Center Configuration Manager (SCCM)

Centrally managed for Windows based computer configuration support. Configuration Manager provides remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory.

  • Windows operating system installation/imaging including the latest Dell and Lenovo device drivers
  • Build and deploy software applications and packages
  • Remote access to client machines with no user interaction required
  • Windows operating system patch management
  • Provide users with a list of approved software that can be installed with no local admin access via Software Center
  • Access to numerous pre-built reports.

SymantecSymantec

Symantec Endpoint Protection (or “SEP”) is designed for use in managed environments, providing security for both servers and workstations running Microsoft Windows, Mac OS X, and several popular Linux distributions. The software is centrally licensed by Duke OIT for use on all university-owned and employee-owned computers.

  • Anti-virus/malware protection, backed by the world’s largest civilian threat intelligence network
  • Intrusion prevention, based on file reputation and application behavior
  • Rule-based firewall (Windows only), with fine-grained control and logging capabilities
  • Application control, allowing control of file and registry access and how processes are allowed to run
  • Advanced system lockdown features, allowing only whitelisted applications, or blocking blacklisted applications
  • External media control, restricting access to select hardware and controlling what types of devices can upload or download information

Symantec Endpoint Protection Manager (or “SEPM”) is the central management point for groups of managed computers running the SEP software. The SEPM service is managed by the Duke IT Security Office.

  • Apply shared policies to multiple managed endpoints
  • Access aggregated reports and alerts
  • Push actions (including software upgrades) and collect information from managed endpoints