Using Forefront Server Protection Management Console 2010 (Part 1)

If you would like to read the other parts in this article series please go to:

• Using Forefront Server Protection Management Console 2010 (Part 2)
• Using Forefront Server Protection Management Console 2010 (Part 3)

Introduction

Since Forefront Server Protection for Exchange the only way to manage it was using Forefront Script Kit which we talked about here at MSExchange.org in these following articles:

Using Forefront Script Kit with Forefront Protection for Exchange Server (Part 1)

The scripts were okay and with the help of the native tools we were able to export settings from a server and import them into several servers, however, that process is not that practical when you have several servers and you want a single point of view, centralized quarantine, reporting and even basic requirements such as, keeping configuration consistency among different servers.

The second release of the Management Console for Forefront products has more restrictions and only works against Forefront Protection for Exchange and SharePoint products, if you have legacy products such as: Forefront Security for Exchange Server (10.x), Antigen and SMTP protections the old console is required in this kind of scenario. If you are still using those versions you can check how to manage those products using the previous versions using these MExchange.org articles:

• Using Microsoft Forefront Server Security Management Console (Part 1)
• Using Microsoft Forefront Server Security Management Console (Part 2)

Also, the FPSMC 2010 has a page dedicated to the FOPE (Forefront Online Protection for Exchange) where the administrator can access Online Reports, Hosted Quarantine, Administration Center and Advanced Mail Tracing. Although we don’t have single sign-on, the page provides access to all Online Protection resources in a single location.

Forefront Server Protection Management Console 2010 (FPSMC) Installation

There are a couple of prerequisites to install the tool on a server. Basically the FPSMC tool cannot be installed if any of these items are TRUE:

• Any Forefront product installed
• It is a Domain Controller
• It has either Exchange or SharePoint installed
• It is in workgroup mode

If you answer YES for any of the above questions it’s better to find a new server. The last requirement is the Operating System which must be Windows Server 2008 R2, and if you are interested in virtualization, this server is a good candidate for your Hyper-V or VMware environment. One last piece of information is the number of servers supported by FPSMC is 100 agents.

The tool can be deployed in two different scenarios. Standard, where a single server does the trick and if that fails we need to restore the server or in a fault tolerant mode where we have a Primary and a Backup server where the signatures will be available even if the Primary server fails. In this article we are going for the Standalone method. By default, Standard edition installs the SQL Express however you can have the Standard method using a different SQL server database.

Before moving forward, let’s go over the required tools that we need to download and check some items that will be requested during the installation process. Here are the software components that we will be using during this article series:

• Forefront Protection Server Management Console (FPSMC) 2010
• Microsoft Chart Controls for Microsoft .NET Framework 3.5

Now, that we have downloaded the required software components, let’s double click on the first file from our previous list (fpmsc_setup.exe) and then we can follow these steps to install the product:

1. In the initial page, just click on Next.
2. The second page is the place where we can define our FPMSC design (Figure 01).  In this article series we are going to use Standard. After that, click on Next.
   Note: If you want to go for a fault tolerant scenario a password will be required for file transfer between servers.
   

Figure 01

3. Database selection (Figure 02), we can use the Express edition that will be installed on the local server or use an existent SQL (The option name is enterprise however it does not mean that we need a SQL Enterprise version) already installed in your environment. Let’s select Express and click Next.
   Note: Choosing SQL Enterprise requires the Database and login credentials on the SQL Server. You will have an option to fill out the credential information and also test the credentials before moving forward. The FPMSC will configure the Database on the selected SQL server.
   

Figure 02

4. The installation process will inform you with all prerequisites that will be installed as part of the installation process, just click on Yes.

Figure 03

5. The next page will be the license agreement for the SQL Server 2008 R2 Express. After reading and agreeing with the license terms, click on I accept the license terms and click OK.
6. After installing SQL Server a pop-up will show up and it will request the installation of the Microsoft Chart Controls (Figure 04), since we already have downloaded it, let’s double-click on the MSChart.exe and install the application (Just accept default values), the entire setup will take 3 pages with a license agreement to be accepted on the second page. After installing Microsoft Chart Controls, we can click on Retry pop-up to continue the installation.

Figure 04

7. In the Microsoft Update page (Figure 05), let’s click on Use Microsoft Update when I check for updates (recommended) to make sure that FPMSC is updated during the regular Windows Update process, and then click Next.

Figure 05

8. We will have another license agreement but this one is for FPSMC 2010, let’s click on I accept the terms in the License Agreement and click on Next.
9. In the Select Installation folder page (Figure 06). We can define where the FPSMC 2010 will be installed, by default is C:\Program Files\Forefront Protection Server Management, click Next.

Figure 06

10. In the Ready to Install page. Just hit Install to start the installing process.
11. The final page will be Installation Complete page, and then click Finish.

Now, that we have the product installed we can access the console locally using http://localhost/FPSMConsole or from any computer on the network using http://<Server-Name>/FPSMConsole and after authenticating the user, we will be able to see the initial page of the web-console, as shown in Figure 07.

Figure 07

In the initial page which can be accessed by clicking on At a Glance item on the left menu, we will have a summary of spam and incident statistics for both products: Exchange and SharePoint, and also the Top 5 viruses and Active Servers (based on detections). Bear in mind that information comes from the Agent deployed and it represents the last 24hrs of data after you deployed the agent. If you have deployed the agent today, then only tomorrow will be available in the initial page.

FPSMC is based on web and as part of the installation process a couple of Virtual Directories will be created: FPSMConsole and FPSMCRedistribution, as shown in Figure 08. By default the FPSMC doesn’t use SSL to access the web page interface. If your company has security requirements to enfoce SSL you can be configuring SSL for the server using IIS like any regular application. The only requirement is to uncheck Require SSL on FPSMCRedistribution virtual directory otherwise forefront agents won’t be able to use distribution engines and definition afterwards.

Figure 08

Conclusion

In this initial article we went through the process of deploying Forefront Protection Server Management Console. In the next article we will be covering the general administration of the product and also how to create templates and packages.