In the last issue we’ve talked about useful tools for those who want to be Managed Service Providers (MSP) and covered a number of platforms for the management (both technical and administrative) of the clients’ infrastructures. One of them is Comodo One MSP, which the colossus of IT security Comodo makes available for free (with some limitations that can be avoided with the Premium plan).
The free access to the product is the strength point for sure of the Comodo One MSP platform (One onwards), which integrates the three main features every MSP needs: Remote and Security Management, Path Management and Service Desk with Ticketing capabilities. Remote and Security Management and Patch Management belongs to the family of RMM (Remote Monitoring and Management) products that are used to maintain control of the infrastructure and perform maintenance actions for clients. Remote control, resource monitoring, automated notification and management of upgrades are part of it.
Service Desk with ticketing, time tracking and documentation capabilities is more part of the PSA (Professional Service Automation) world.
For those who want more than the basic features, several upgrades are available (some are free, some are paid) allowing higher levels of protection and additional modules. For instance, there’s a better endpoint protection with an advanced firewall and Host Intrusion Prevention, and the package dedicated to network security offers better monitoring and intrusion detection capabilities, and a system for the capture and analysis of in transit packages. Among the upgrade we can also find the Acronis client for Cloud backup (Acronis Cloud Backup).
Other available modules are Antispam Gateway, Dome Shield, Korugan Central Manager (RMM category), Comodo CRM and Comodo Quote Manager (PSA category). Note how some of these additional modules are free (like Quote Manager, the package used to prepare quotes), and other can be installed for free but with a basic configuration (like cWatch Basic, a component for network security). In each case, after accessing to the specs of each one, you can find information about prices.
Be careful when activating the ITSM module, as the licence is valid only for a solar year from the activation date. The upgrade to the paid Premium version is for $4/month per unit (1-99 users), up to $4,80 for the Premium version.
First steps with Comodo One MSP
Registration is quick at the webpage one.comodo.com, where you just need to add a valid email, a password and an active cellphone number to start. The dashboard is neat and well organized, with data presented as charts (histograms, pie charts, etc..) and the different “tiles” that can be dragged and be arranged as you prefer. This feature is quite handy as data presented are a lot and it’s better to place the more representative tiles high up in the page. It’s also possible to decide which ones to visualize and which ones to disable. Information are displayed per Customer and can be filtered: Comodo One allows to create, modify and remove separate entities for each client, which can be associated with the basic information (name, email address, address, ZIP code and a brief description). At the same time you can create different Staff users, with administrative privileges. In its free version, the ITSM package offers an unlimited number of users. As explained before, the free configuration of One includes IT and Security Manager, Patch Management and Service Desk. These three areas can be accessed within the upper menu of the dashboard and link to the related Web interfaces.
Comodo IT & Security Manager
The dashboard of the module devoted to endpoint security and protection is organized with tiles in a similar way to the main one, with the addition of a lateral browsable menu to access the numerous features. In the homepage there are 4 tiles that quickly explain how to move the first steps in device management.
After the introduction page, the voice in the menu dedicated to global control has five other sub-voices, each one linking to a specific area of the RMM control: as the starting dashboard in One, this one too offers a similar Web interface organized with customizable tiles and most data are presented as charts. In the Audit section you can see the different types of devices engaged, with related software platforms (desktop and mobile) and the BYOD state (personal use, business use, not defined). The Compliance voice instead shows all the information about the state of devices including virus and threats identification, online devices and even the presence of mobile endpoints -Android or iOS- that have been rooted or Jailbreak’d.
Valkyrie is the Cloud-based file analysis system used by Comodo for the real time control of threats on endpoints, it’s available with the free version of One but with limited features: for instance analysis of a Comodo operator is available only with the paid Premium version ($2 per unit). The last two voices are about reporting and notification, two important tools to document and keep under control (also from a time perspective) all events that happen within the infrastructure. Switching to the Devices section, you can manage devices controlled by One. The first voice links to the complete list, where you can directly interact with the machines currently controlled and engaged new others with the Enroll procedure.
As shown within the screen, each kind of selected entity offers a number of command that can be enabled in the upper bar, according to the type of endpoint. But the real control is achieved by accessing the management page of each single device where it’s possible to visualize a detailed system report and perform several activities like changing login password, power off, power on, enable/disable sounds, etc., and even wipe the device itself. If it’s a common computer, you can force the installation of packages and updates, or keep under control the state of patches that are actually installed, and identify any missing patch. In every case you can send a message to the terminal and interact and warn the user about important announcements.
Naturally a platform of this kind can interface without any problem with Active Directory environments, and indeed it’s possible -by accessing the sub-voice Bulk Installation Package- to configure the automated deployment of MSI installation packages, combined with AD rules.
In a similar way to what we’ve seen for devices, the Users section allows to create, modify and delete users, as well as organizing them into groups. The Profiles section is quite interesting, as profiles with specific settings can be created and then assigned to devices engaged with the control platform: inside profile you can define policies like network access permissions and antivirus presence, in addition to some parameters about the operating system. Profiles are organized per software platform, therefore they are grouped into Windows, Mac, Android and iOS. We’ve talked about creating groups before: bearing that in mind, you can easily see the usefulness of the combo profiles-groups. One already offers a set of four pre-configured profiles, one for each supported platform.
In order to access the subsequent menu voices -Procedures and Monitoring Profiles- you need to download and install a client called RMM Administration Console: this Windows application allows to create, manage and delete both procedures (very useful for automation) and profiles.
The last three available areas are dedicated to the management of applications (mobile apps, list of of installed apps and patch management), endpoint protection (from where you can control the archive of identified threats and interact with the antivirus protection of each device) and App Store, which allows to connect with iOS and Android stores and control the distribution of apps that can be installed on mobile devices (with the opportunity of inserting licences and customize logo and screenshot). Specifically, this last feature of One allows to access and manage also iOS and Android apps of Enterprise level.
Lastly, the area dedicated to the global configuration, where you can set parameters related to your own account.
The second macro area of One we can access to is the one about Patch Management: in this case too we find a graphically rich dashboard that sums up the software state of the infrastructure. Patch Management allows to keep under control the state of available updates for each endpoint, and to create distribution policies of upgrades.
The voices of the horizontal menu in the upper part of the page allows to control the installed agents, which must be downloaded from the dropdown menu.
The System Reports voice is particularly interesting as it offers a complete report of the state of machines, with data grouped per type of hardware (CPU, disks, network and memory) and software (operating system, patch list and active policies) resource.
The third main feature offered by One is Service Desk for the management of support tickets. The dashboard is very simple and can show, at a quick glance, the state of tickets and the temporal trend. The upper part of the interface allows to switch between users management, tickets list (from where you can interact with tickets), knowledgebase, project creation and the useful Time Sheet, which shows activities reports. Creating a new ticket links to a very detailed module to insert, in addition to the textual description of the problem, some useful parameters for classification like SLA, priority, intervention category, etc..
Administration side, we’ve seen that the control of endpoints in One is total, and even the remote wipe of Android and iOS devices can be performed without an intervention of the user. Despite this level of control, usage and device configuration is almost transparent to end users. The PC client starts with the operating system and remains visible in as tray icon in the Windows bar, and the only configurable options are the ones about a potential proxy. In a similar way, the mobile app works in background and allows to interact with the control suite with only the send/receive notification button.
Client deployment is simple and immediate: at the beginning of the Enroll procedure you are asked to indicate the receiver that will receive a pre-made email (note that you can customize templates from settings) with links to auto-configuring downloads for the different supported platforms.