Using Forefront Server Protection Management Console 2010 (Part 3)

By /

If you would like to read the other parts in this article series please go to:

Managing Jobs…

FPSMC 2010 has 4 types of jobs: Deployment, Signature Redistribution, Schedule Report and Product Activation jobs, they are pretty straight forward and we are going to run a couple of them to get you up to speed with the process.

In order to create a new package, we need to define the type of the new package by clicking on the Jobs on the left-hand side, and then the Create item on the right-hand side (figure 01).


Figure 01

Let’s start with a product activation job (Figure 02), where we can define a Job Name and a specific date and time to run the job (if you don’t define a schedule you can run the job manually afterwards), then you need to type in your Product Activation information and define which servers will be affected by this job. Click Next and then Run.

Note:
You can edit jobs at any time. This means that if you add new servers to your organization you can edit the current job, select the new servers and run it again.


Figure 02

My second favorite job is the Signature Redistribution job where the FPSMC 2010 will be the staging area for updates and from that server the clients will have their engines and definition updated. In order to create one, we need to define a name for the job and how often we want to run while we can also define one or more e-mail address to receive the notifications about this process, as shown in Figure 03.


Figure 03

The second page of the job wizard is where we define the engine that will be updated as part of the job (Figure 04).

Note:
The Cloudmark micro-update is not updated by FPSMC and the local server will go to the Internet to retrieve them.


Figure 04

In the last page we can define which servers will receive the Signature Redistribution by selecting the available servers.

A few words about the Engine and Signature Distribution: the FPSMC 2010 will have a virtual directory on its IIS named FPSMCRedistribution and the agents will use that information to update their Forefront products (Figure 05); you can check on the client affected by the Job that an Event ID 2012 will show up on the Application area about engine updates (Figure 06).


Figure 05


Figure 06

The last but not least is the Deployment Job (Figure 07) that allows us to deploy a package that we created in the previous article. We just need to define a name for the new Job as always and then we need to select one of the previous packages created. Also we have the regular options, such as Schedule Install and E-mail Notification sections and clicking on Next we will be able to define which servers will be part of this configuration, select all servers that will be affected by the new Job and click on Finish.


Figure 07

The job will run and on the agent side we will see an Event ID 50004 and 500008 saying that the specific XML file used by our Job was downloaded and updated.

Bear in mind, if you have different layers of servers (for example: a pool of CAS, another pool for Hub Transports and a third one for Mailboxes), a good practice is to create a set of Server Group Management for each type of servers and configure the settings accordingly with each group requirements.

Managing Notification Logs…

In FPSMC the log management is really simple and can be found in a single location which is Notification Logs. In the bottom of the page we will have a section named Filter View (Figure 08) where we can define which components and/or servers we want to include in our query, and based on that information it will display the results. We have the following components to choose from: All, Deployment, Redistribution, New Server Discovery, Agent Deployment and Schedule Report, and they will give us everything that we need to know for our daily operation.


Figure 08

Everything that we have done so far can be checked in the Notification Logs. For example, to check the Agent Deployment (even though we know that is okay because we could see Agent Version and Product on the Server Management area) it can be validated by selecting Deployment and to be more specific we can also select a target server.

Managing Reports

Reports can be visualized in real time or schedule to be sent by e-mail. Either way the administrator won’t have a hard time to generate them.

If you want to generate reports on the console you can choose Incident Detection, Spam Detection, Engine and Definition Versions item to start defining date range and product as well.

In order to check the Engine and Definition Versions report, just click on the link on the left side underneath Reports and select the servers that you want the report and which product (Exchange and/or SharePoint) and click on Generate Report. The result will be similar to the one shown in Figure 09.


Figure 09

The other two reports follow the same logic to be created, we need to do define the Date Range of the results and which servers, then FPSMC will generate them. The reports have multiple sections which allow the administrator to get a better understanding what is going on with Spams and Incidents in general, as shown in Figure 10.


Figure 10

If you want to receive Forefront Reports in your Inbox (Figure 11), you can do by going to jobs and creating a new Schedule Report Jobs. The settings that we need to define are how often the Job will run, the message subject, body, recipients, and the servers and products to be included in the report and the interval of the data (1 day, week, or 1 month).

Note:
We removed MHT extension from Direct File Access settings on Outlook Web App to make them show up on the Outlook Web App message.


Figure 11

Managing Quarantine

By default every 15 minutes the Quarantine data is polled to FPSMC however, we can always click on Retrieve Quarantine to get more real-time data. We may be managing several servers from the console with a single view of all quarantine data (Figure 12). If we click on any of the items listed on the quarantine we can see all information, such as, server name, sender name, subject, the cause and so forth.

You can also release from the Quarantine, by clicking on the icon that shows up on the first column of each line and then a new page where we can send the message to alternate recipients instead of the original one is displayed, and then we just need to click Deliver.


Figure 12

The recipient will receive the message in the mailbox stating that the message was sent by the user who released the message from quarantine.

Conclusion

In the final article of this series we went through some of the features of FPSMC where we can manage quarantine from a single location, create and deploy job to a group of servers in a fast and consistent way.

If you would like to read the other parts in this article series please go to:

About The Author

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top