1 / 34

Convergence of Forefront Endpoint Protection 2010 and System Center

Agenda and Takeaways. Session Objective(s): Demonstrate Forefront Endpoint Protection (FEP)Illustrate the different topologies supported and the core FEP componentsDemonstrate deployment of FEP via configuration managerDemonstrate the benefits of integration between Configuration Manager and FE

johannes
Download Presentation

Convergence of Forefront Endpoint Protection 2010 and System Center

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Ian Mackintosh & Andrew Macdermott Dilignet Pty Ltd Convergence of Forefront Endpoint Protection 2010 and System Center

    3. Agenda and Takeaways Session Objective(s): Demonstrate Forefront Endpoint Protection (FEP) Illustrate the different topologies supported and the core FEP components Demonstrate deployment of FEP via configuration manager Demonstrate the benefits of integration between Configuration Manager and FEP Takeaway Convergence of endpoint protection and client management will: Lower deployment cost via shared infrastructure and common technologies Enhance endpoint protection through single console for configuration Increase visibility through a single pane of glass

    4. Forefront Endpoint Protection 2010

    5. Protection Elements

    6. The Protect Stack

    7. FEP Client Deployment

    8. Demo - FEP 2010 Part 1 Scalable Client Deployment through Existing Infrastructure

    9. Integration with Configuration Manager FEP Components FEP Topologies Management Models

    10. Forefront Common Client/Configuration Manager Integration

    11. Topologies Basic Aligned with Configuration Manager deployment components, resides on Site Servers Easiest to deploy Basic with Remote databases Advanced Allows the placement of Data Warehouse and reporting Services on remote system for performance gains The FEP Auxiliary database must be on the same Server as Primary Site Database

    12. Centralized Management

    13. FEP Policy Model Policy: a set of protection technologies settings Association: a policy is assigned to one or more Configuration Manager Collections Precedence: a single FEP Policy is applied on a specific computer according to their order

    14. Policy Lifecycle

    15. The Magic of Authoring Policies Admin creates/updates a policy in FEP console An SMS Program is created with same name inside FEP Policies package (Visible in Configuration Manager software distribution). The Program is disabled since we don’t want it to run until the policy file ([name].xml) and policy script (applyPolicy.vbs) are created/updated. In site server, a ConfigMgr status message invokes the Policy Source Updater tool PlcUpdtr.exe located in ConfigMgr adminui\bin folder   Goes Over ALL policies and makes sure xml file exists for each Creates the applyPolicy.vbs Updates ALL distribution points with new version of policies package Enables all disabled policies

    16. Client Policy Configuration Manager client receives software distribution policy of the SMS program of the FEP policy The SMS program will run on the client: ApplyPolicy.vbs The ApplyPolicy VB script will find from all FEP policies assigned to the client the policy with highest precedence and call the ConfigSecurityPolicy.exe tool (located in Program Files\Microsoft Security Client) with the appropriate policy xml file as input (e.g. ConfigSecurityPolicy.exe “Default Forefront Endpoint Protection Policy.xml”) This tool writes to registry “Microsoft\Microsoft Security Client” what was the last succeed policy and if there was a failure

    17. Demo - FEP 2010 Part 2 Deploying Policy

    18. Signature Update Distribution

    19. Configure UNC Share Download the definition file Need to download for each architecture Separate Downloads for AV/AS Folder structure must be ..\updates\x86 ..\updates\x64 Must grant computer accounts Read access to share

    20. Configure WSUS Two Step process Select the product in Configuration Manager Add auto approval rule in WSUS WSUS requires 2 things What products to get metadata for (approval) Approval to download Content

    21. Signature Deployments

    22. Signature Deployment

    23. Signature Deployment

    24. Monitoring, Alerts and Reports 24

    25. Improved Visibility

    26. FEP Alerts

    27. Protection Summary

    28. Malware Activity

    29. Understanding computer state

    30. 30 FEP 2010 Data Flow

    31. Extending Endpoint Protection to Servers

    32. Key Takeaways Convergence of endpoint protection and client management will: Lower deployment cost via shared infrastructure and common technologies Enhance endpoint protection through single console for configuration Increase visibility through a single pane of glass

    34. Resources

More Related