340 likes | 715 Views
Agenda and Takeaways. Session Objective(s): Demonstrate Forefront Endpoint Protection (FEP)Illustrate the different topologies supported and the core FEP componentsDemonstrate deployment of FEP via configuration managerDemonstrate the benefits of integration between Configuration Manager and FE
E N D
1. Ian Mackintosh & Andrew Macdermott
Dilignet Pty Ltd Convergence of Forefront Endpoint Protection 2010 and System Center
3. Agenda and Takeaways Session Objective(s):
Demonstrate Forefront Endpoint Protection (FEP)
Illustrate the different topologies supported and the core FEP components
Demonstrate deployment of FEP via configuration manager
Demonstrate the benefits of integration between Configuration Manager and FEP
TakeawayConvergence of endpoint protection and client management will:
Lower deployment cost via shared infrastructure and common technologies
Enhance endpoint protection through single console for configuration
Increase visibility through a single pane of glass
4. Forefront Endpoint Protection 2010
5. Protection Elements
6. The Protect Stack
7. FEP Client Deployment
8. Demo - FEP 2010 Part 1 Scalable Client Deployment through Existing Infrastructure
9. Integration with Configuration Manager FEP Components
FEP Topologies
Management Models
10. Forefront Common Client/Configuration Manager Integration
11. Topologies Basic
Aligned with Configuration Manager deployment components, resides on Site Servers
Easiest to deploy
Basic with Remote databases
Advanced
Allows the placement of Data Warehouse and reporting Services on remote system for performance gains
The FEP Auxiliary database must be on the same Server as Primary Site Database
12. Centralized Management
13. FEP Policy Model Policy: a set of protection technologies settings
Association: a policy is assigned to one or more Configuration Manager Collections
Precedence: a single FEP Policy is applied on a specific computer according to their order
14. Policy Lifecycle
15. The Magic of Authoring Policies Admin creates/updates a policy in FEP console
An SMS Program is created with same name inside FEP Policies package (Visible in Configuration Manager software distribution).
The Program is disabled since we don’t want it to run until the policy file ([name].xml) and policy script (applyPolicy.vbs) are created/updated.
In site server, a ConfigMgr status message invokes the Policy Source Updater tool PlcUpdtr.exe located in ConfigMgr adminui\bin folder
Goes Over ALL policies and makes sure xml file exists for each
Creates the applyPolicy.vbs
Updates ALL distribution points with new version of policies package
Enables all disabled policies
16. Client Policy Configuration Manager client receives software distribution policy of the SMS program of the FEP policy
The SMS program will run on the client: ApplyPolicy.vbs
The ApplyPolicy VB script will find from all FEP policies assigned to the client the policy with highest precedence and call the ConfigSecurityPolicy.exe tool (located in Program Files\Microsoft Security Client) with the appropriate policy xml file as input (e.g. ConfigSecurityPolicy.exe “Default Forefront Endpoint Protection Policy.xml”)
This tool writes to registry “Microsoft\Microsoft Security Client” what was the last succeed policy and if there was a failure
17. Demo - FEP 2010 Part 2 Deploying Policy
18. Signature Update Distribution
19. Configure UNC Share Download the definition file
Need to download for each architecture
Separate Downloads for AV/AS
Folder structure must be
..\updates\x86
..\updates\x64
Must grant computer accounts Read access to share
20. Configure WSUS Two Step process
Select the product in Configuration Manager
Add auto approval rule in WSUS
WSUS requires 2 things
What products to get metadata for (approval)
Approval to download Content
21. Signature Deployments
22. Signature Deployment
23. Signature Deployment
24. Monitoring, Alerts and Reports 24
25. Improved Visibility
26. FEP Alerts
27. Protection Summary
28. Malware Activity
29. Understanding computer state
30. 30 FEP 2010 Data Flow
31. Extending Endpoint Protection to Servers
32. Key Takeaways Convergence of endpoint protection and client management will:
Lower deployment cost via shared infrastructure and common technologies
Enhance endpoint protection through single console for configuration
Increase visibility through a single pane of glass
34. Resources