Endpoint Management Steering Committee

Duke University IT staff utilize a number of endpoint management services to support efficient maintenance of computing devices.  These services are available to all IT support groups at Duke. A Steering Committee has been established to work with the Community to set priorities, policies, and address resource requirements. Membership and leadership is explicitly not extended to those who are not currently employed by Duke University unless otherwise unanimously agreed to by Steering Committee in consultation with the EndPoint Community.

The steering committee’s main responsibility is to act as the coordinating body to meet the needs of the endpoint community. Duke’s Endpoint Governance and Endpoint‌‌@‌‌Duke community work together to maintain policies and support for the three services. We highly recommend joining the endpoints@duke.edu mail list to connect to the community and use as a resource for questions you may have.

Duke’s Endpoint Management Charter may be found here (link to charter) and a description of each service is provided below.  

Casper

Casper supports management of AppleOS and iOS devices. Casper provides automated software installation and maintenance, iOS security, and device encryption key escrow.

  • iOS and Mac OS device management 
  • Encryption deployment and management (with escrow and reporting) 
  • Utilize the Restricted Software feature as needed o System and application settings management and enforcement 
  • Self Service application 
  • Make use of the remote lock/wipe features for laptops that go missing 
  • Enhanced patch management 
  • User driven self provisioning of new machines either via Self Service and or DEP 
  • Inventory management and reporting

Documentation site - (https://sites.duke.edu/casperadmins)
Mail list - https://lists.duke.edu/sympa/info/casperadmins

IBM BigFix

IBM BigFix provides endpoint management and security for servers, desktops, notebooks and smartphones running a Microsoft Windows, Mac OS X, and various flavors of Linux operating systems. It is used for automated software installation and maintenance, Windows operating system patch management, and Windows security settings.

  • Device management 
  • Automated software installation/maintenance. 
  • Operating system patch management 
  • System and application security settings
  • Inventory management and reporting

Documentation site - https://sharepoint.oit.duke.edu/sites/Trinity/bigfix/SitePages/Home.aspx
Mail list - https://lists.duke.edu/sympa/info/bigfix (or bigfix-request@duke.edu for Master Operators)
 

Microsoft System Center Configuration Manager (SCCM)

Centrally managed for Windows based computer configuration support. Configuration Manager provides remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory.

  • Windows operating system installation/imaging including the latest Dell and Lenovo device drivers
  • Build and deploy software applications and packages o Remote access to client machines with no user interaction requiredWindows operating system patch management
  • Provide users with a list of approved software that can be installed with no local admin access via Software Center.
  • Access to numerous pre-built reports.

Documentation site - https://sites.duke.edu/sccmadmins
Mail list - oit-cm12@duke.edu

Symantec

Symantec Endpoint Protection (or “SEP”) is designed for use in managed environments, providing security for both servers and workstations running Microsoft Windows, Mac OS X, and several popular Linux distributions. The software is centrally licensed by Duke OIT for use on all university-owned and employee-owned computers.

  • Anti-virus/malware protection, backed by the world’s largest civilian threat intelligence network
  • Intrusion prevention, based on file reputation and application behavior
  • Rule-based firewall (Windows only), with fine-grained control and logging capabilities
  • Application control, allowing control of file and registry access and how processes are allowed to run
  • Advanced system lockdown features, allowing only whitelisted applications, or blocking blacklisted applications
  • External media control, restricting access to select hardware and controlling what types of devices can upload or download information

Symantec Endpoint Protection Manager (or “SEPM”) is the central management point for groups of managed computers running the SEP software. The SEPM service is managed by the Duke IT Security Office.

  • Apply shared policies to multiple managed endpoints
  • Access aggregated reports and alerts
  • Push actions (including software upgrades) and collect information from managed endpoints

Mail list - sep-admin@duke.edu