INSTALLATION HANDS-ON
description
Transcript of INSTALLATION HANDS-ON
INSTALLATION HANDS-ON
Page 2
About the Hands-On
This hands-on section is structured in a way, that it allows you to work independently, but still giving you the possibility to consult step-by-step instructions.
Each given task will be divided into two sections• Actual Task
• Conditions, goals and short instructions
• Allowing you to work independently
• Detailed instructions (step-by-step work through)
• In case you can not come up with own solutions
Page 3
Task Overview
1. Policy Manager deployment (incl. PMS, PMC and AUSYS)
2. Console initialization and initial configuration
3. AVCS 6.x rollout
Page 4
Infrastructure
Your environment consists of two computers• Windows 2003 Standard Server (SP3)
• Windows XP Professional (SP2)
Network • 100 Mbit Ethernet, supporting TCP/IP
• C-class network (192.168.100.0/24)
XP Pro SP2 2003 Server
Root Update Server
Page 5
Task 1
Install Policy Manager with all necessary components (not FSAVCS yet) on a single computer• Is such an installation possible in
this environment?
Once you have a clear plan how to proceed, install the products and configure it as follows• Limit access to the PMS admin
module to local host (use the default ports during installation)
If needed, next pages will provide you with a step-by-step walk through
=> After installation is completed, continue on page 19
XP Pro SP2 2003 Server
Root Update Server
Page 6
Policy Manager Installation Walk-Through
Insert the F-Secure Product CD (old screenshot!)• Select ”F-Secure Policy Manager”
Page 7
Policy Manager Installation Walk-Through
Choose the installation language• Click “Next”
Page 8
Policy Manager Installation Walk-Through
Read the F-Secure License Terms and accept the agreement • Click ”Next”
Page 9
Policy Manager Installation Walk-Through
Accept Custom installation• Click “Next”
Page 10
Policy Manager Installation Walk-Through
Also here accept default selections• Click “Next”
Page 11
Policy Manager Installation Walk-Through
Default installation path C:\Program Files\F-Secure is fine• Click “Next”
Page 12
Policy Manager Installation Walk-Through
There is no old Policy Manager installed, so accept the default• Click ”Next”
Page 13
Policy Manager Installation Walk-Through
Accept the default Port Numbers• Click ”Next”
Page 14
Policy Manager Installation Walk-Through
Select F-Secure Anti-Virus Client Security 6.x• Click ”Next”
Page 15
Policy Manager Installation Walk-Through
Necessary setup information has been collected. System is ready for installation• Click “Start”
Page 16
Policy Manager Installation Walk-Through
Installation in process. Do not restart the system until 100 % completed• Might take some minutes
Page 17
Policy Manager Installation Walk-Through
Components have been installed• Click “Next”
Page 18
Policy Manager Installation Walk-Through
Installation finished successfully• Click “Finish”
Page 19
Task 1 Completed
F-Secure Policy Manager is now installed• Check the Server Status
• Start/Status Monitor
• Both Apache modules should have Status: OK
• Web Reporting Module will still show an error, because we didn’t initialize the console yet
Initializing and configuring the console will be your next task
Page 20
Task 2
Initialize and configure Policy Manger Console• Start the Console and go through the initialization process
• After that, configure the console as follows
• Rename the Root domain to F-Secure
• Restrict all user settings (try to find the easiest way)
• Define the Policy Manger host communication address
• Note: The address defined during the console initialization is the administration module address
• Change the server polling interval to 10 seconds (incoming and outgoing requests)
• Distribute policies!
Task continues on next page…
Page 21
Task 2
Perform a general system check• Are all modules working properly?
• What does the status monitor say?• Try out the web reporting, does it work?
Try to complete this task independently• If needed, next pages will provide you with a step-by-step walk through
=> If you managed to complete this task, continue on page 36
Page 22
Console Initialization Walk-Through
Start Policy Manger from Start menu for initialization• Click “Next”
Page 23
Console Initialization Walk-Through
Select Administrator mode• Click “Next”
Page 24
Console Initialization Walk-Through
Accept default• Click “Next”
Page 25
Console Initialization Walk-Through
Select the location of the key-pair. Defaults are ok.• Click ”Next”
Page 26
Console Initialization Walk-Through
Create administrator’s cryptographic keys• Move the cursor until the next dialogue box appears
Page 27
Console Initialization Walk-Through
Enter the administrative password. Use “password” in this hands-on• Click “Next”
Page 28
Console Initialization Walk-Through
Click ”Finish”
Page 29
Console Initialization Walk-Through
First Policy Manager Console launch• By default, Policy Manager Console is run in the Anti-Virus
Administration mode (AV mode)
Policy Manger is now initialized and ready to use
Next step is the console configuration and first policy distribution
Page 30
Initial Console Configuration Walk-Through
Rename the root domain• Right-click the root domain
• Select Domain/Host Properties
• Rename “Root” to “F-Secure”
After that start fine tuning the communication settings• Click Centralized Management tab
Page 31
Initial Console Configuration Walk-Through
Prevent user from changing most important settings• Click “Do not allow users to change settings…”
Page 32
Initial Console Configuration Walk-Through
Define communication settings• Set Policy Manager Server address (IP address of your PMS computer)
• Set both polling intervals to 10 seconds
Page 33
Initial Console Configuration Walk-Through
Distribute the Policy, select File/Distribute (or press CTRL + D)
Page 34
System Status CheckOverall
Check the status of the Policy Manager Server• From the start menu:
Start/Programs/F-Secure Policy Manager Server/Status Monitor
• The Web Reporting error should now be fixed
Page 35
System Status Check (Optional)Web Reporting
Open Report web interface• From the start menu: Start/Programs/F-Secure Policy Manager Server/F-
Secure Policy Manager Web Reporting
Page 36
Task 2 completed
Policy Manager initialization and configuration has been finalized• The next Task will be F-Secure Anti-Virus
Client Security 6 rollout
XP Pro SP2 F-SecurePMS / PMC
Root Update Server
Page 37
Task 3
Install AVCS 6.x on your client computer running Windows XP SP2• Is the installation possible without any changes to the host?
• Any conflicting software installed on the target system?• Which rollout method suits best for this environment?
• Which methods are possible?• Is there a firewall installed on the host preventing certain rollout
methods
Task continues on next page…
Page 38
Task 3
Once you have a clear plan, how to rollout AVCS 6.x, and you have checked all issues mentioned on the previous page, go ahead with the rollout
Try to complete this task independently• If needed, next pages will provide you with a step-by-step walk through
=> If you managed to complete this task and your client has rebooted, continue on page 61
Page 39
Pre-Rollout Checks
Check your target host for installed conflicting software• Check if there is conflicting software installed on the computer
• If there is, check if that product is automatically detected and removed by F-Secure Sidegrade Function
• Important: Always check all your hosts for conflicting software before your start any rollout
Page 40
Pre-Rollout Checks
If the XP Firewall on your host is enabled:• F-Secure Intelligent Installations requires
certain inbound traffic allowed on target host (TCP 135 and 445)
• Try to connect to the ports from your PMS
• Open the command prompt and telnet the ports
• There will be no respond, so you need to allow the above mentioned protocols on your target host
• Try to come up with a solution, without disabling the firewall!
Page 41
XP Firewall Configuration
Configure XP SP2 firewall exceptions• Allow “File and Printer Sharing”
• Press “Edit”• Enable SMB only (TCP 445)
• Disable all other ports
• Create new service and allowing RPC
• Press “Add Port”
• Name: RPC, Port number: 135
• Confirm by pressing OK
Page 42
Remote Installation Walk-Through
Select ”Installation” tab on the editor pane• Click “Autodiscover Windows hosts…”
Page 43
Remote Installation Walk-Through
Select your target host from the list • Click “Install”
Page 44
Remote Installation Walk-Through
Select F-Secure Anti-Virus Client Security 6.x• Click “Next”
Page 45
Remote Installation Walk-Through
Check that F-Secure Anti-Virus for Client Security 6.x is the only selection• Click “Next”
Page 46
Remote Installation Walk-Through
Include the policy from your root domain “F-Secure”• Click “Next”
Page 47
Remote Installation Walk-Through
Accept the default domain account• Domain administrator account will be used to access the target host
• Click “Next”
Page 48
Remote Installation Walk-Through
Check the installation details, correct if necessary (“Back” button)• Click “Start”
Page 49
Remote Installation Walk-Through
Click “Next”
Page 50
Remote Installation Walk-Through
Instructor will provide you with the correct keycode• After typing the keycode, click “Next”
Page 51
Remote Installation Walk-Through
Install Virus Protection, E-mail scanning and Internet Shield• Click ”Next”
Page 52
Remote Installation Walk-Through
Select the language the product will use• Click “Next”
Page 53
Remote Installation Walk-Through
Choose centrally managed installation• Click “Next”
Page 54
Remote Installation Walk-Through
Specify your Policy Manager Server’s URL• Click “Next”
Page 55
Remote Installation Walk-Through
No need to add a custom property at this stage• Click ”Next”
Page 56
Remote Installation Walk-Through
At this point you will be able to choose, whether to remove conflicting software automatically• Accept the default setting
• Click “Next”
Page 57
Remote Installation Walk-Through
Select “Restart after installation, in”• Change the countdown to 1 minute
• Type a reboot message
• Click “Finish”
Page 58
Remote Installation Walk-Through
Wait while Intelligent Installation creates the distribution package• This step might take some minutes (depending on your system)
• Do not press “Cancel”
Page 59
Remote Installation Walk-Through
F-Secure Setup will start and install AVCS 6.x to your computer
Wait until the Reboot message appears on your screen• Don’t reboot yet, minimize the window
Page 60
Remote Installation Walk-Through
The ”Installation progress” window shows you, if the installation has finished successfully• Close this window• Also close the autodiscover wizard
window• Distribute policies!• Close Policy Manager Console
On the other computer, open the reboot dialogue again and click reboot
Page 61
System Status Check
After the reboot• Open F-Secure Anti-Virus Client
Security 6.x by double-clicking the F-Secure icon in the system tray
• Click “Central Management”
• Check Last connection and Policy file counter
Page 62
Task 3 Completed
Congratulations! You have successfully finished the Installation hands-on
F-SecureAVCS 6 F-Secure
PMS / PMC
Root Update Server