HOWTO Best Practices

---

---

OS 12

Initial Testing without UMS

• Want to test out OS 12 with App Portal without UMS12?

Security / Password

• Password

  Provides details on the user types and their roles in IGEL OS. You can configure passwords for the user types to protect your endpoint devices against unwanted changes.

• Logon Settings

  Provides options for logon settings are available in IGEL OS.

• Active Directory/Kerberos

  Shows how to configure the options for Active Directory with Kerberos in IGEL OS.

• Single Sign On (SSO)

  IGEL SSO will work with identity provider (IdP) that supports OpenID Connect.

---

UMS

Initial setup for UMS can be done with embedded database with plans to migrate the embedded database to external database once devices reach a certain number.

NOTE: For small installations, a single UMS Server instance (standard UMS) with an embedded database is usually sufficient. If required, a single-instance installation can be easily extended anytime to a Distributed UMS installation by installing additional servers (and in the case of an embedded database, by switching preliminarily to an external data source).

• UMS Sizing Guidelines

---

ICG vs. Reverse Proxy

• IGEL Cloud Gateway vs. Reverse Proxy for the Communication between UMS 12 and IGEL OS Devices

  With the launch of IGEL Universal Management Suite (UMS) 12, the Unified Protocol used for all communication between the UMS and IGEL OS 12 devices was introduced. The Unified Protocol is a secure protocol that uses TCP 8443. However, depending on the structure of your UMS environment, company's security policies, etc., it may be insufficient, and the use of the IGEL Cloud Gateway (ICG) or reverse proxy may be required.

---

Remote Security Logging in IGEL

The remote security logging feature for the IGEL Universal Management Suite (UMS), the IGEL Cloud Gateway (ICG) and the IGEL Management Interface (IMI). The remote security logging feature logs security relevant events in a separate log files that can be picked up by a configured log collector/SIEM.

• IGEL KB: Remote Security Logging in IGEL

---

Collect IGEL information for input into CMDB

Instead of installing a 3rd party agent onto IGEL OS, use data collected by UMS to feed into your CMDB.

If the data needed is not currently being collected, then use IGEL UMS Device Attributes to collect the information.

• IGEL KB: How to Manage IGEL OS Devices by Device Specific Data - What Device Attributes Can Do for You

Now that you have the information in the IGEL UMS, create view and administrative task that will generate data file used in ETL Job.

• IGEL KB: Views - Filtering for Devices in the IGEL UMS

• IGEL KB: Export View or Advanced Search Result via Mail as an Administrative Task in the IGEL UMS

Now use the data file as input for your ETL job into your CMDB. Follow guidance from your CMDB vendor for setting up ETL job.