Using Forefront Server Protection Management Console 2010 (Part 1)

If you would like to read the other parts in this article series please go to:

Introduction

Since Forefront Server Protection for Exchange the only way to manage it was using Forefront Script Kit which we talked about here at MSExchange.org in these following articles:

Using Forefront Script Kit with Forefront Protection for Exchange Server (Part 1)

The scripts were okay and with the help of the native tools we were able to export settings from a server and import them into several servers, however, that process is not that practical when you have several servers and you want a single point of view, centralized quarantine, reporting and even basic requirements such as, keeping configuration consistency among different servers.

The second release of the Management Console for Forefront products has more restrictions and only works against Forefront Protection for Exchange and SharePoint products, if you have legacy products such as: Forefront Security for Exchange Server (10.x), Antigen and SMTP protections the old console is required in this kind of scenario. If you are still using those versions you can check how to manage those products using the previous versions using these MExchange.org articles:

Also, the FPSMC 2010 has a page dedicated to the FOPE (Forefront Online Protection for Exchange) where the administrator can access Online Reports, Hosted Quarantine, Administration Center and Advanced Mail Tracing. Although we don’t have single sign-on, the page provides access to all Online Protection resources in a single location.

Forefront Server Protection Management Console 2010 (FPSMC) Installation

There are a couple of prerequisites to install the tool on a server. Basically the FPSMC tool cannot be installed if any of these items are TRUE:

  • Any Forefront product installed
  • It is a Domain Controller
  • It has either Exchange or SharePoint installed
  • It is in workgroup mode

If you answer YES for any of the above questions it’s better to find a new server. The last requirement is the Operating System which must be Windows Server 2008 R2, and if you are interested in virtualization, this server is a good candidate for your Hyper-V or VMware environment. One last piece of information is the number of servers supported by FPSMC is 100 agents.

The tool can be deployed in two different scenarios. Standard, where a single server does the trick and if that fails we need to restore the server or in a fault tolerant mode where we have a Primary and a Backup server where the signatures will be available even if the Primary server fails. In this article we are going for the Standalone method. By default, Standard edition installs the SQL Express however you can have the Standard method using a different SQL server database.

Before moving forward, let’s go over the required tools that we need to download and check some items that will be requested during the installation process. Here are the software components that we will be using during this article series:

Now, that we have downloaded the required software components, let’s double click on the first file from our previous list (fpmsc_setup.exe) and then we can follow these steps to install the product:

  1. In the initial page, just click on Next.
  2. The second page is the place where we can define our FPMSC design (Figure 01).  In this article series we are going to use Standard. After that, click on Next.
    Note: If you want to go for a fault tolerant scenario a password will be required for file transfer between servers.


Figure 01

  1. Database selection (Figure 02), we can use the Express edition that will be installed on the local server or use an existent SQL (The option name is enterprise however it does not mean that we need a SQL Enterprise version) already installed in your environment. Let’s select Express and click Next.
    Note: Choosing SQL Enterprise requires the Database and login credentials on the SQL Server. You will have an option to fill out the credential information and also test the credentials before moving forward. The FPMSC will configure the Database on the selected SQL server.


Figure 02

  1. The installation process will inform you with all prerequisites that will be installed as part of the installation process, just click on Yes.


Figure 03

  1. The next page will be the license agreement for the SQL Server 2008 R2 Express. After reading and agreeing with the license terms, click on I accept the license terms and click OK.
  2. After installing SQL Server a pop-up will show up and it will request the installation of the Microsoft Chart Controls (Figure 04), since we already have downloaded it, let’s double-click on the MSChart.exe and install the application (Just accept default values), the entire setup will take 3 pages with a license agreement to be accepted on the second page. After installing Microsoft Chart Controls, we can click on Retry pop-up to continue the installation.


Figure 04

  1. In the Microsoft Update page (Figure 05), let’s click on Use Microsoft Update when I check for updates (recommended) to make sure that FPMSC is updated during the regular Windows Update process, and then click Next.


Figure 05

  1. We will have another license agreement but this one is for FPSMC 2010, let’s click on I accept the terms in the License Agreement and click on Next.
  2. In the Select Installation folder page (Figure 06). We can define where the FPSMC 2010 will be installed, by default is C:\Program Files\Forefront Protection Server Management, click Next.


Figure 06

  1. In the Ready to Install page. Just hit Install to start the installing process.
  2. The final page will be Installation Complete page, and then click Finish.

Now, that we have the product installed we can access the console locally using http://localhost/FPSMConsole or from any computer on the network using http://<Server-Name>/FPSMConsole and after authenticating the user, we will be able to see the initial page of the web-console, as shown in Figure 07.


Figure 07

In the initial page which can be accessed by clicking on At a Glance item on the left menu, we will have a summary of spam and incident statistics for both products: Exchange and SharePoint, and also the Top 5 viruses and Active Servers (based on detections). Bear in mind that information comes from the Agent deployed and it represents the last 24hrs of data after you deployed the agent. If you have deployed the agent today, then only tomorrow will be available in the initial page.

FPSMC is based on web and as part of the installation process a couple of Virtual Directories will be created: FPSMConsole and FPSMCRedistribution, as shown in Figure 08. By default the FPSMC doesn’t use SSL to access the web page interface. If your company has security requirements to enfoce SSL you can be configuring SSL for the server using IIS like any regular application. The only requirement is to uncheck Require SSL on FPSMCRedistribution virtual directory otherwise forefront agents won’t be able to use distribution engines and definition afterwards.


Figure 08

Conclusion

In this initial article we went through the process of deploying Forefront Protection Server Management Console. In the next article we will be covering the general administration of the product and also how to create templates and packages.

If you would like to read the other parts in this article series please go to:

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

Share
Published by
Anderson Patricio

Recent Posts

What’s next in the evolution of biometrics and facial recognition technology?

Facial recognition technology has matured to the point of being reliable — for better or for worse. What does the…

1 hour ago

Locking down your Exchange server with cipher suites

Cipher suites are a set of algorithms you need to secure your environment, either by using SSL and TLS. Here’s…

4 hours ago

AI cyber risks: What to look out for when deploying AI technology

Artificial intelligence has greatly improved modern life. But businesses must recognize that AI cyber risks exist and take appropriate measures.

21 hours ago

Review: Office 365 synchronizing and administration tool CiraSync

CiraSync offers an enterprise solution for syncing global address list contacts and calendars to smartphones and other mobile devices. Here’s…

1 day ago

HIPAA IT compliance: Privacy and security rules you must know

HIPAA is the mandatory health regulation that must be followed strictly. But if you’re an IT pro in the health-care…

1 day ago

Exchange in-place upgrade? Sorry, folks, just say no!

An Exchange in-place upgrade would be a dream come true. But if you try it, you will find yourself trapped…

2 days ago