Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17
Objectives for today’s talk: Understand how MOM 2005/SP1 integrates into FCS server management Understand how to leverage MOM 2005/SP1 for migration to FCS important FCS management tasks Key Takeaway: MOM is a key infrastructure component for FCS
Introduction to the Forefront Client Security (FCS) architecture Key MOM integration points in the FCS system Using MOM to assist in migrating your current AV solution to FCS Using MOM for essential day to day management tasks in FCS Q&A
Components of FCS MOM 2005/SP1 and MOM Reporting Both ships as part of the FCS v1 package FCS “Collection” role: MOM 2005/SP1 FCS “Reporting” role: MOM Reporting Architecture Event gathering and Alert generation MOM 2005 agent on all client machines Reporting MOM 2005 Reporting / SQL Reporting services provide rich, detailed system reports SystemCenterReporting is the historical reporting DB for FCS
Functionality FCS Security Management pack defines which security events to gather On-demand scans are implemented as MOM tasks Alert management via the MOM Operations console MOM scripts to provide: Flood Detection: Is a computer flooding the MOM server with too many events Auto Approval: Auto approve new machines in Pending Actions Numerous others
Existing MOM installations (Server) You cannot use an existing OnePoint or SystemCenterReporting database for FCS FCS includes a full version of MOM 2005 (licensed only for use with FCS) Performance and Scalability drove this requirement in v1 MOM agents FCS supports clients that are multi-homed to an existing MOM server and to the FCS Server FCS supports MOM 2005 agent with a SCOM 2007 Agent
Goals of the migration Client machines are always protected Clear insight into the state of the migration Leverage the MOM server component of FCS to help manage the transition
Overview of the process Step 1: Deploy your FCS Server infrastructure Step 2: Deploy the MOM agent to all your managed computers Step 3: Determine which version(s) of your current AV software are installed Step 4: Group machines by version and begin systematic uninstalls Step 5: Deploy the FCS client via a MOM task
This migration to FCS will use the MOM server infrastructure to help identify the status of your existing clients and bootstrap the deployment of FCS For today, we will detail the migration for this new FCS customer: Name: XYZ Enterprises Managed Desktops: 8,000 Current AV solution: eTrust version 7.1
Recommended FCS Server topology for XYZ Enterprises All FCS roles on separate servers SQL DB’s are “off-box” on a back-end SQL server “5 Server topology”
After successfully deploying the FCS Server infrastructure, we deploy the MOM agent via Group Policy An MSI transform is created with the necessary install properties and then deployed to all client machines that you plan to manage with FCS Deployment of the MOM agent allows us to gather critical data on the status of our existing AV install and bootstrap the installation of FCS
Two properties need to be configured Config GroupConfig Group Ex: ForefrontClientSecurityEx: ForefrontClientSecurity Management ServerManagement Server Ex: FCSCollectionServerEx: FCSCollectionServer
Create a Computer Attribute for your existing AV version
Create a Computer Group for clients with that attribute
Identify those machines via the newly created Computer group
Run a MOM task to uninstall
Run a MOM task to install FCS
Alternate options during the migration Using MOM to deploy the agents Placing the uninstall script as a logoff script and the FCS install script as a machine startup script Using FCS Policy and MU/WSUS to distribute the FCS client FCS will publish the client installer as a package on MU (which can only be downloaded to WSUS) Clients that have an FCS policy deployed will allow the client to be installed automatically from WSUS
MOM is used for the following tasks: Alert Management Client Monitoring/Troubleshooting Client/Policy Deployment Administrator notification
Recommendation: Create Alert Views for high- priority items
Recommendation: Create additional Resolution states
Recommendation: Create MOM tasks to gather logs and run the FCS log gathering utility
Recommendation: Create a MOM task to distribute exported FCS policies
Recommendation: Create notification groups for key FCS alerts
Didn’t get your question answered today? Thought of something later? Send me !
Two ways to access online evaluation forms CommNet and evaluation stations located throughout the San Diego Convention Center From any wired or wireless connection to Be eligible to win fun daily prizes – t-shirts, wireless mice, portable hard drives!
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.