GFI LanGuard deployment configuration depends on the number of computers and devices you want to monitor as well as the traffic load on your network. Additionally, geographical location, network environment, and many other variables can require certain adjustments to your setup.
The most common scenarios are covered in the Deployment Scenarios section of the Product manual. It provides a general overview of the deployment scenarios and helps make decisions when installing LanGuard.
Please ask yourself the questions below to determine the best options for your specific environment.
How many machines will you be scanning?
Depending on the number of machines you plan to scan, you will need to adjust your deployment according to the System Requirements; the hardware requirements are higher for a larger number of machines.
Do you need to provide reporting access to anyone outside of the IT department?
If you need to have multiple departments/users accessing reporting information gathered by LanGuard, you will need to use the Central Management Server. Otherwise, you may skip installing the Central Management Server because it will only use extra resources for features that you do not need.
Do you have multiple geographic locations with separate networks?
For environments with multiple geographic locations, such as banks, there are two ways to set up LanGuard:
- Use Relay agents - they will cache patches. Hence, all machines would not need to download the patches individually.
- Alternatively, you can install a separate instance of LanGuard for each location and centralize the reporting via the Central Management Server. Please note that you will need to have access to each instance of LanGuard to manage each location. This solution is more common for environments that have multiple HQ locations.
Do you have a single domain or multiple domains? Are there machines in workgroups outside of the main domain?
In environments with multiple domains or devices in various workgroups, LanGuard is still able to manage scanning and deployment on each domain by using Alternative Credentials. Please follow the detailed instructions in the article Best Practices for Account Permissions to configure your environment.
Is there a specific scanning window?
If you have a small number of machines and only plan to perform scans over weekends, you can work in an Agent-less environment. In most cases, we suggest deploying Agents to reduce network bandwidth utilization and scan time. In the Agent-less mode, the GFI LanGuard server performs audits over the network; in the Agent mode, audits are done using resources of the scanned machine and only the resulting XML file is transferred over the network.
Do you perform network scans at night?
If you plan to scan your network at night, you need to consider one of the following options:
- Computers need to be turned on at night.
Wake-on-Lan needs to be configured in the environment.
What security restrictions do you have in place in the environment?
Every environment is configured differently, including individual settings and specific security requirements. Hence, make sure to review the following article and configure your environment accordingly: Required Settings to Scan a Machine and Successfully Install Missing Patches Using GFI LanGuard.
Make sure to review the variables that make your environment unique and select the appropriate settings for your specific setup. The best way to confirm the basic functionality is to use the Network Connectivity tests, which test the main functions of LanGuard.
- System Requirements
- GFI LanGuard Central Management Server
- Best Practices for Account Permissions
- Required Settings to Scan a Machine and Successfully Install Missing Patches Using GFI Languard
- Network Connectivity Tests