Export (0) Print
Expand All

Installing a four-server topology on Windows Server 2003

Published: December 16, 2009

Applies To: Forefront Client Security

This topic gives an overview about how to install Client Security on a four-server topology on Windows Server 2003.

Before installing Client Security or deploying Client Security to your client computers, make sure you have completed the preinstallation tasks. For more information, see Preparing to install Client Security.

Important   If you are installing multiple Client Security deployments, you must use unique computer names for each collection database server and reporting database server, as well as unique Management group names. Unique names allow you to use the Client Security Enterprise Manager tool to aggregate reporting and to manage your Client Security environment from a single Client Security console.

Installing the software prerequisites

It is highly recommended that you install the software prerequisites in exactly the order shown in the following table.

 

Computer Task Steps

Reporting server

Install software prerequisites.

Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. For detailed instructions, see Installing the software prerequisites on the reporting server for a four-server topology.

Install IIS and ASP.NET.

Open the Manage Your Server window from Administrative Tools, and then add the Application Server role.

Install SQL Server 2005 with SP2 or SP1.

When installing SQL Server 2005, make sure to do the following:

  • Install the following components: Database Services, Reporting Services, Integration Services, and Workstation components.

  • Use a domain user or network service account for the SQL Server and SQL Server Agent service accounts. It is recommended that you use a domain user account.

  • Have the SQL Server Agent service start automatically.

Collection server

Install software prerequisites.

Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. For detailed instructions, see Installing the software prerequisites on the collection server for a four-server topology.

Install SQL Server 2005 with SP2 or SP1.

When installing SQL Server 2005, make sure to do the following:

  • Install the following components: Database Services and Workstation components.

  • Use a domain user or network service account for the SQL Server and SQL Server Agent service accounts. It is recommended that you use a domain user account.

  • Have the SQL Server Agent service start automatically.

Enable network COM+ access.

You can enable network COM+ access by selecting Details for Application Server in the Windows Components Wizard(available in Add or Remove Programs).

Grant permissions to the SQL Server Agent account.

On the collection database server, add the computer account for the reporting database server (if the SQL Server Agent runs under the local system), or the domain account that the agent runs under, to the SQLServer2005MSSQLUser $computername$ MSSQLSERVER group.

Management server

Install software prerequisites.

Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. For detailed instructions, see Installing the software prerequisites on the management server for a four-server topology.

Install .NET Framework 2.0.

In many cases, .NET Framework 2.0 is already installed. If it is not installed, install .NET Framework 2.0 from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=77420).

Install MMC 3.0.

Install MMC 3.0 from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=77419).

Install GPMC with SP1.

Install GPMC with SP1 from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=77421).

Add the reporting server site to the Local intranet zone in Internet Explorer.

In Internet Explorer, on the Tools menu, click Internet Options. On the Security tab, add the reporting server site to the Local intranet zone.

Distribution server

Install software prerequisites.

Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. For detailed instructions, see Installing the software prerequisites on the distribution server for a four-server topology.

Install .NET Framework 2.0.

In many cases, .NET Framework 2.0 is already installed. If it is not installed, install .NET Framework 2.0 from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=77420).

Install IIS and ASP.NET.

Open the Manage Your Server window from Administrative Tools, and then add the Application Server role.

Install and configure WSUS with SP1.

After installing and configuring, make sure to configure and synchronize WSUS.

Verifying a successful installation of the software prerequisites

Before continuing, it is recommended that you verify that the software prerequisites have been successfully installed and configured, as described in the following table. For detailed instructions, see Verifying the software prerequisites for a four-server topology.

 

Computer Task Steps

Management server

Verify and record the reporting server URL.

In Internet Explorer on the management server, verify that you can connect to the reporting server URL. Record the URL, because you will need to provide it when installing Client Security.

Installing Client Security for a four-server topology

It is highly recommended that you install Client Security in exactly the order shown in the following table. In the Setup wizard, you will provide server names, SQL Server instances, and service accounts you have already set up. In addition, you must specify the following:

  • Size of the databases   Make sure the size does not exceed the space on your server.

  • Management group name   You can enter the name you want or use the default value (ForefrontClientSecurity). Record the name that you enter, because you will need to provide it when configuring Client Security.

ImportantImportant:
Because this is a multiple-server topology, the default values provided in the Setup wizard are frequently not correct. Make sure to type the correct values.

For detailed instructions, see Installing Client Security on a four-server topology.

 

Computer Task Steps

Collection server

Install the collection database on the collection server.

Run the Server Setup wizard on the server with the collection database.

On the Component Installation page, select the Collection server and Collection database check boxes, and then clear the other check boxes.

Complete the steps in the wizard.

Reporting server

Install the reporting database on the reporting server.

Run the Server Setup wizard on the server with the reporting database.

On the Component Installation page, select the Reporting server and reporting database check box, and then clear the other check boxes.

Complete the steps in the wizard.

Management server

Install Client Security on the management server.

Run the Server Setup wizard on the management server.

On the Component Installation page, select the Management server check box, and then clear the other check boxes.

Complete the steps in the wizard.

Distribution server

Install Client Security on the distribution server.

Run the Server Setup wizard on the distribution server.

On the Component Installation page, select the Distribution server check box, and then clear the other check boxes.

Complete the steps in the wizard.

Configuring Client Security for a four-server topology

After installing Client Security, you must configure it by following the steps in the following table. While completing the Configuration wizard, you will provide server names, SQL Server instances, service accounts, and the management group name you have already set up.

ImportantImportant:
Because this is a multiple-server topology, the default values provided in the Configuration wizard are frequently not correct. Make sure to type the correct values.

For detailed instructions, see Configuring Client Security on a four-server topology.

 

Computer Task Steps

Management server

Configure Client Security on the management server.

Open the Client Security console and run the Configuration wizard on the management server.

Complete the steps in the wizard.

Point MOM administrator and operator consoles to the collection server.

By default, the MOM consoles on the management server look for the collection server on the local host. To point to the correct location, do the following:

  • On the management server, open the MOM administrator or operator console.

  • When the MOM dialog box appears, enter the name of the collection server in the Name box, and then click OK.

  • Close the MOM console.

Collection server

Grant the correct permissions for the user account.

The user account you use to work with Client Security on the management server must have the correct permissions on the collection server. To create these, do one of the following:

  • Make sure that the user account you use to work with Client Security on the management server has local administrator privileges on the collection server.

  • On the collection server, add the user account you use for the management server to these groups: MOM Users and Distributed COM.

All computers

Grant permissions to service accounts.

It is highly recommended that you follow the detailed instructions in Configuring Client Security on a four-server topology.

Verifying your Client Security installation

To verify a successful installation of Client Security, follow the steps described in the following table. For more information, see Verifying the installation of Client Security on a four-server topology.

 

Computer Task Steps

Management server

Open the Client Security console.

Make sure you can view all of the data in the console, including the 14-day History chart.

Browse the reports.

Make sure you can view all of the data in the reports.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft