chris sfanos program manager forefront client security microsoft session code: sw17
Post on 21-Dec-2015
219 views
TRANSCRIPT
Managing Forefront Client Security using MOM TechnologyChris SfanosProgram ManagerForefront Client SecurityMicrosoft
Session Code: SW17
Session Takeaways and Objectives
Objectives for today’s talk:Understand how MOM 2005/SP1 integrates into FCS server managementUnderstand how to leverage MOM 2005/SP1 for
migration to FCSimportant FCS management tasks
Key Takeaway: MOM is a key infrastructure component for FCS
AgendaIntroduction to the Forefront Client Security (FCS) architectureKey MOM integration points in the FCS systemUsing MOM to assist in migrating your current AV solution to FCSUsing MOM for essential day to day management tasks in FCSQ&A
FCS Architecture
Key Integration PointsComponents of FCS
MOM 2005/SP1 and MOM ReportingBoth ships as part of the FCS v1 packageFCS “Collection” role: MOM 2005/SP1FCS “Reporting” role: MOM Reporting
ArchitectureEvent gathering and Alert generation
MOM 2005 agent on all client machines
ReportingMOM 2005 Reporting / SQL Reporting services provide rich, detailed system reportsSystemCenterReporting is the historical reporting DB for FCS
Key Integration PointsFunctionality
FCS Security Management pack defines which security events to gatherOn-demand scans are implemented as MOM tasksAlert management via the MOM Operations consoleMOM scripts to provide:
Flood Detection: Is a computer flooding the MOM server with too many eventsAuto Approval: Auto approve new machines in Pending ActionsNumerous others
Important PointsExisting MOM installations (Server)
You cannot use an existing OnePoint or SystemCenterReporting database for FCSFCS includes a full version of MOM 2005 (licensed only for use with FCS)Performance and Scalability drove this requirement in v1
MOM agentsFCS supports clients that are multi-homed to an existing MOM server and to the FCS ServerFCS supports MOM 2005 agent with a SCOM 2007 Agent
MigrationUsing MOM to migrate to FCS
Goals of the migrationClient machines are always protectedClear insight into the state of the migrationLeverage the MOM server component of FCS to help manage the transition
MigrationUsing MOM to migrate to FCS
Overview of the processStep 1: Deploy your FCS Server infrastructureStep 2: Deploy the MOM agent to all your managed computersStep 3: Determine which version(s) of your current AV software are installedStep 4: Group machines by version and begin systematic uninstallsStep 5: Deploy the FCS client via a MOM task
MigrationStep 1: Deploy your FCS Servers
This migration to FCS will use the MOM server infrastructure to help identify the status of your existing clients and bootstrap the deployment of FCSFor today, we will detail the migration for this new FCS customer:
Name: XYZ EnterprisesManaged Desktops: 8,000Current AV solution: eTrust version 7.1
MigrationStep 1: Deploy your FCS Servers
Recommended FCS Server topology for XYZ Enterprises
All FCS roles on separate serversSQL DB’s are “off-box” on a back-end SQL server“5 Server topology”
MigrationStep 2: Deploy the MOM Agent
After successfully deploying the FCS Server infrastructure, we deploy the MOM agent via Group Policy
An MSI transform is created with the necessary install properties and then deployed to all client machines that you plan to manage with FCSDeployment of the MOM agent allows us to gather critical data on the status of our existing AV install and bootstrap the installation of FCS
MigrationStep 2: Deploy the MOM Agent• Two properties need to be configured
• Config Group• Ex:
ForefrontClientSecurity
•Management Server• Ex:
FCSCollectionServer
MigrationStep 3: Determine current AV version
Create a Computer Attribute for your existing AV version
MigrationStep 3: Determine current AV version
Create a Computer Group for clients with that attribute
MigrationStep 4: Group machines for uninstall
Identify those machines via the newly created Computer group
MigrationStep 4: Group machines for uninstall
Run a MOM task to uninstall
MigrationStep 5: Deploy FCS via a MOM task
Run a MOM task to install FCS
MigrationAlternate options during the migration
Using MOM to deploy the agentsPlacing the uninstall script as a logoff script and the FCS install script as a machine startup scriptUsing FCS Policy and MU/WSUS to distribute the FCS client
FCS will publish the client installer as a package on MU (which can only be downloaded to WSUS)Clients that have an FCS policy deployed will allow the client to be installed automatically from WSUS
FCS System ManagementUsing MOM for day-to-day tasks
MOM is used for the following tasks:Alert ManagementClient Monitoring/TroubleshootingClient/Policy DeploymentAdministrator notification
FCS System ManagementAlert Management
Recommendation: Create Alert Views for high-priority items
FCS System ManagementAlert Management
Recommendation: Create additional Resolution states
FCS System ManagementClient Troubleshooting
Recommendation: Create MOM tasks to gather logs and run the FCS log gathering utility
FCS System ManagementClient Troubleshooting
Recommendation: Create a MOM task to distribute exported FCS policies
FCS System ManagementClient Troubleshooting
Recommendation: Create notification groups for key FCS alerts
Q&ADidn’t get your question answered today?Thought of something later?
Send me email!
Please Complete An Evaluation FormYour input is important!
Two ways to access online evaluation forms
CommNet and evaluation stations located throughout the San Diego Convention CenterFrom any wired or wireless connection to http://mms2007.comBe eligible to win fun daily prizes –
t-shirts, wireless mice, portable hard drives!
© 2007 Microsoft Corporation. All rights reserved.Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation.Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft,
and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.