Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
-
date post
21-Dec-2015 -
Category
Documents
-
view
219 -
download
1
Transcript of Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
![Page 1: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/1.jpg)
Managing Forefront Client Security using MOM TechnologyChris SfanosProgram ManagerForefront Client SecurityMicrosoft
Session Code: SW17
![Page 2: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/2.jpg)
Session Takeaways and Objectives
Objectives for today’s talk:Understand how MOM 2005/SP1 integrates into FCS server managementUnderstand how to leverage MOM 2005/SP1 for
migration to FCSimportant FCS management tasks
Key Takeaway: MOM is a key infrastructure component for FCS
![Page 3: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/3.jpg)
AgendaIntroduction to the Forefront Client Security (FCS) architectureKey MOM integration points in the FCS systemUsing MOM to assist in migrating your current AV solution to FCSUsing MOM for essential day to day management tasks in FCSQ&A
![Page 4: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/4.jpg)
FCS Architecture
![Page 5: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/5.jpg)
Key Integration PointsComponents of FCS
MOM 2005/SP1 and MOM ReportingBoth ships as part of the FCS v1 packageFCS “Collection” role: MOM 2005/SP1FCS “Reporting” role: MOM Reporting
ArchitectureEvent gathering and Alert generation
MOM 2005 agent on all client machines
ReportingMOM 2005 Reporting / SQL Reporting services provide rich, detailed system reportsSystemCenterReporting is the historical reporting DB for FCS
![Page 6: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/6.jpg)
Key Integration PointsFunctionality
FCS Security Management pack defines which security events to gatherOn-demand scans are implemented as MOM tasksAlert management via the MOM Operations consoleMOM scripts to provide:
Flood Detection: Is a computer flooding the MOM server with too many eventsAuto Approval: Auto approve new machines in Pending ActionsNumerous others
![Page 7: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/7.jpg)
Important PointsExisting MOM installations (Server)
You cannot use an existing OnePoint or SystemCenterReporting database for FCSFCS includes a full version of MOM 2005 (licensed only for use with FCS)Performance and Scalability drove this requirement in v1
MOM agentsFCS supports clients that are multi-homed to an existing MOM server and to the FCS ServerFCS supports MOM 2005 agent with a SCOM 2007 Agent
![Page 8: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/8.jpg)
MigrationUsing MOM to migrate to FCS
Goals of the migrationClient machines are always protectedClear insight into the state of the migrationLeverage the MOM server component of FCS to help manage the transition
![Page 9: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/9.jpg)
MigrationUsing MOM to migrate to FCS
Overview of the processStep 1: Deploy your FCS Server infrastructureStep 2: Deploy the MOM agent to all your managed computersStep 3: Determine which version(s) of your current AV software are installedStep 4: Group machines by version and begin systematic uninstallsStep 5: Deploy the FCS client via a MOM task
![Page 10: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/10.jpg)
MigrationStep 1: Deploy your FCS Servers
This migration to FCS will use the MOM server infrastructure to help identify the status of your existing clients and bootstrap the deployment of FCSFor today, we will detail the migration for this new FCS customer:
Name: XYZ EnterprisesManaged Desktops: 8,000Current AV solution: eTrust version 7.1
![Page 11: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/11.jpg)
MigrationStep 1: Deploy your FCS Servers
Recommended FCS Server topology for XYZ Enterprises
All FCS roles on separate serversSQL DB’s are “off-box” on a back-end SQL server“5 Server topology”
![Page 12: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/12.jpg)
MigrationStep 2: Deploy the MOM Agent
After successfully deploying the FCS Server infrastructure, we deploy the MOM agent via Group Policy
An MSI transform is created with the necessary install properties and then deployed to all client machines that you plan to manage with FCSDeployment of the MOM agent allows us to gather critical data on the status of our existing AV install and bootstrap the installation of FCS
![Page 13: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/13.jpg)
MigrationStep 2: Deploy the MOM Agent• Two properties need to be configured
• Config Group• Ex:
ForefrontClientSecurity
•Management Server• Ex:
FCSCollectionServer
![Page 14: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/14.jpg)
MigrationStep 3: Determine current AV version
Create a Computer Attribute for your existing AV version
![Page 15: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/15.jpg)
MigrationStep 3: Determine current AV version
Create a Computer Group for clients with that attribute
![Page 16: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/16.jpg)
MigrationStep 4: Group machines for uninstall
Identify those machines via the newly created Computer group
![Page 17: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/17.jpg)
MigrationStep 4: Group machines for uninstall
Run a MOM task to uninstall
![Page 18: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/18.jpg)
MigrationStep 5: Deploy FCS via a MOM task
Run a MOM task to install FCS
![Page 19: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/19.jpg)
MigrationAlternate options during the migration
Using MOM to deploy the agentsPlacing the uninstall script as a logoff script and the FCS install script as a machine startup scriptUsing FCS Policy and MU/WSUS to distribute the FCS client
FCS will publish the client installer as a package on MU (which can only be downloaded to WSUS)Clients that have an FCS policy deployed will allow the client to be installed automatically from WSUS
![Page 20: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/20.jpg)
FCS System ManagementUsing MOM for day-to-day tasks
MOM is used for the following tasks:Alert ManagementClient Monitoring/TroubleshootingClient/Policy DeploymentAdministrator notification
![Page 21: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/21.jpg)
FCS System ManagementAlert Management
Recommendation: Create Alert Views for high-priority items
![Page 22: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/22.jpg)
FCS System ManagementAlert Management
Recommendation: Create additional Resolution states
![Page 23: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/23.jpg)
FCS System ManagementClient Troubleshooting
Recommendation: Create MOM tasks to gather logs and run the FCS log gathering utility
![Page 24: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/24.jpg)
FCS System ManagementClient Troubleshooting
Recommendation: Create a MOM task to distribute exported FCS policies
![Page 25: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/25.jpg)
FCS System ManagementClient Troubleshooting
Recommendation: Create notification groups for key FCS alerts
![Page 26: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/26.jpg)
Q&ADidn’t get your question answered today?Thought of something later?
Send me email!
![Page 27: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/27.jpg)
Please Complete An Evaluation FormYour input is important!
Two ways to access online evaluation forms
CommNet and evaluation stations located throughout the San Diego Convention CenterFrom any wired or wireless connection to http://mms2007.comBe eligible to win fun daily prizes –
t-shirts, wireless mice, portable hard drives!
![Page 28: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/28.jpg)
© 2007 Microsoft Corporation. All rights reserved.Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation.Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft,
and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 29: Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649d6b5503460f94a498e4/html5/thumbnails/29.jpg)