220 likes | 568 Views
SIA310 - Planning and Deploying Forefront Endpoint Protection 2010 with Microsoft System Center Configuration Manager. Alon Rosental Senior Program Manager Microsoft Corporation. Session Objectives and Takeaways. Session Objective(s):
E N D
SIA310 - Planning and Deploying Forefront Endpoint Protection 2010 with Microsoft System Center Configuration Manager Alon Rosental Senior Program Manager Microsoft Corporation
Session Objectives and Takeaways • Session Objective(s): • Quick recap on Forefront Endpoint Protection 2010 value proposition • Understand the server and client deployment scenarios addressed Forefront Endpoint Protection 2010 • Provide a high level understanding of the underlying architecture for Forefront Endpoint Protection 2010 and describe how it uses ConfigMgr • Takeaways • Forefront Endpoint Protection 2010 reduces the cost of deployment and ownership through reuse a proven, scalable infrastructure • Forefront Endpoint Protection 2010 is one of the easiest to deploy endpoint protection solutions
Forefront Endpoint Protection 2010 • Lower Cost of Deployment • Built on ConfigMgrsoftware distribution infrastructure • Supports all ConfigMgrtopologies including Branch Office and Non-Domain-Joined • Ease of migration • Deployed across Windows Client & Server Operating systems • Be Protected and Stay Productive • Protect your desktops against viruses, spyware, rootkits, and malware • Productivity oriented default configuration • Integrated host firewall management • Backed by global Malware Research and Response • Unified Client Management • Unified management interface targeted for the desktop admin • Actionable and timely alerting • Simple operation-oriented policy administration • Historic reporting for security administrator
Product Scope - Deployment Scenarios FEP Server Installation I want to use my existing ConfigMgr infrastructure to manage & secure client endpoints FEP Client Deployment I want to start a phased roll-out of Forefront clients and replace the existing client security solution Deployment Features • Client Roll-Out thru ConfigMgr • Non-Domain-Joined PCs • Branch Office topologies • Large-Scale Staged User On-boarding • Automatically switches existing client install base • Standalone (‘unmanaged’)
Building Endpoint Protection On ConfigMgr 2007 • No new servers • Integrated management experience • Reuse of the existing tools, processes & best practices • Supports SP2/R2/R3 Central Site FEP Primary Site Primary Site Primary Site
ConfigMgr 2007 Integration ConfigMgrConsole FEP UI ConfigMgrServer ConfigMgrAgent Forefront Endpoint Protection 2010 Event log ConfigMgrSoftware Distribution Registry FEP Extensions DCM ConfigMgrReporting WMI FEP Reports Managed Computer FEP Warehouse ConfigMgr DB ConfigMgr Forefront Endpoint Protection 2010
Server Installation I want to use my existing ConfigMgrinfrastructure to manage & secure client endpoints
Basic Installation – FEP On Existing ConfigMgr Server Roles • FEP supports the existing ConfigMgr topologies • FEP discovers and installs its server roles on the ConfigMgr server roles Primary Site Primary Site Primary Site FEP Reports FEP Server Extensions FEP Console Extension Central Site • One less infrastructure to deploy, secure & maintain; • No additional HW required; • Simple - Auto discovery & installation of FEP on top of ConfigMgr roles FEP Console Extension FEP Console Extension
Advanced Installation options - Basic with Remote Reporting Database Setup • Offload FEP reporting role and database to a different machine • Consider it when there’s no spare capacity in the existing ConfigMgr deployment Primary Site Primary Site Primary Site FEP Server Extensions FEP Reports FEP Console Extension Central Site FEP Console Extension FEP Console Extension
Centralized Management Advanced Installation options – hierarchy FEP Reports FEP Server Extensions Customers Environment Distributed Management Separate security management and operations to child sites Central policies, monitoring and reporting capabilities. FEP Console Extensions Secondary Site Secondary Site Primary Site Primary Site Primary Site Primary Site Central Site Consolidated reporting FEP Server Extensions FEP Reports FEP Reports FEP Server Extensions FEP Server Extensions FEP Reports FEP Console Extensions FEP Console Extensions FEP Console Extensions
Client Deployment I want to start a phased roll-out of Forefront clients and replace the existing client security solution
Rolling out clients using ConfigMgr Microsoft Confidential • Built on ConfigMgr Software Distribution: • Supports existing topologies including NDJ, Branch • Enables reuse of the existing tools, processes & best practices • Extends ConfigMgr functionality: • Simplifies the process of switching the existing install base • Provides a rich management experience to enable deployment monitoring, operations and troubleshooting • Provides an integrated end-to-end solution
Switching the existing client install base Microsoft Confidential • Switching challenges • Different products, managed by different systems • Vulnerability window during replacement • Complex, error prone to automate • Simplified migration in FEP 2010 • Not a standalone tool, fully integrated • Encapsulates switching complexities • Reduces the overall deployment costs
Additional client deployment options • Standalone client deployment: • Client protection components not dependent on ConfigMgr • Standalone client installer enables core deployment functions: • Unattended installation • Auto. switching install base • Applying security policies • Definitions provisioned by Microsoft Update in case internal update server not available • Preinstall support for operating system deployment scenarios
Key Takeaways • Forefront Endpoint Protection 2010 reduces the cost of deployment and ownership through reuse a proven, scalable infrastructure • Forefront Endpoint Protection 2010 is one of the easiest to deploy endpoint protection solutions • Call to action: • Public RC is available at www.microsoft.com/forefront • Download, install, give us your feedback
Session Evaluations Tell us what you think, and you could win! All evaluations submitted are automatically entered into a daily prize draw* Sign-in to the Schedule Builder at http://europe.msteched.com/topic/list/ * Details of prize draw rules can be obtained from the Information Desk.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.