Export (0) Print
Expand All

Choosing your topology

Published: December 16, 2009

Applies To: Forefront Client Security

You can install the Client Security server components in a variety of configurations, based on the needs of your organization. This is called the Client Security topology. Before beginning the installation of Client Security, you need to determine which topology to deploy. This decision can be based on a number of factors; the primary factors are discussed in this topic.

Client Security supports deployment in six topologies. These topologies vary in the number of computers needed to deploy, the location of the Client Security databases, and the number of managed computers supported.

Deployments under 5,000 managed computers

The three topologies discussed in the following topic all support up to 5,000 managed computers. Additionally, these three topologies support the use of either SQL Server 2005 Standard Edition or SQL Server 2005 Enterprise Edition; however, if your deployment supports more than 3,000 managed computers, it is highly recommended that you use SQL Server 2005 Enterprise Edition.

For more information about Client Security and SQL Server 2005 editions, see the Client Security Performance and Scalability Guide (http://go.microsoft.com/fwlink/?LinkId=89661).

Single-server topology

The single-server topology is the smallest of the supported topologies. In this configuration, all Client Security server components are installed on a single server.

Client Security Single-server topology

The single-server topology is ideal for test environments or for small deployments. Depending on the hardware of the servers, the single-server topology can support up to 3,000 managed computers.

 

Number of managed computers Processor RAM Hard disk configuration

Up to 1,000

Two 2 GHz or faster 32-bit processors

2 GB

Integrated drive electronics (IDE) disks with the operating system, data files, and log files separated.

Up to 3,000

Two 2 GHz or faster 32-bit processors

4 GB

Small computer system interface (SCSI) disks with the operating system, data files, and log files separated.

Data files on a 2 disk redundant array of independent disks (RAID) configuration.

Two-server topology

The two-server topology separates the distribution component onto its own server. This topology is useful primarily for organizations that already have an existing WSUS infrastructure. Server sizing recommendations are similar for this topology as for the single-server topology.

Client Security Two-server topology

If you choose a two-server topology and later begin to encounter performance issues with the Client Security databases (slowdowns in report rendering or lengthening of the duration of the Data Transformation Services (DTS) job), it is recommended that you move to a topology that separates the Client Security SQL Server databases from each other. The largest performance gain is experienced when moving from the two-server topology to the four-server or six-server topologies, both of which separate the Client Security SQL Server databases onto separate servers.

Three-server topology

The three-server topology separates the heavily used reporting database onto its own server. The management, collection, and reporting components as well as the collection database are on a second server, and the distribution component is installed on a third server.

Client Security Three-server topology

This topology, like the two-server topology, works well with organizations that have an existing WSUS infrastructure, because the distribution server is separate from all other server components.

Additionally, the separation of the reporting database from all other components reduces the load incurred by the management, collection, and reporting server. With the use of SQL Server 2005 Enterprise Edition, the three-server topology can support up to 5,000 managed computers.

The following table summarizes the hardware recommendations for the servers in a three-server topology with up to 3,000 managed computers.

 

Server components Processor RAM Hard disk configuration

Management, collection, and reporting; collection database

Two 2 GHz or faster 32-bit processors

2 GB

SCSI disks with the operating system, data files, and log files separated.

Data files on a 2 disk RAID configuration.

Reporting database

Two 2 GHz or faster 32-bit processors

2 GB

SCSI disks with the operating system, data files, and log files separated.

Data files on a 2 disk RAID configuration.

Distribution server

Single 2 GHz or faster 32-bit processor

1 GB

SCSI disks with the operating system separated from the data and log files.

The following table summarizes the hardware recommendations for the servers in a three-server topology with up to 5,000 managed computers.

 

Server components Processor RAM Hard disk configuration

Management, collection, and reporting; collection database

Four 2 GHz or faster 32-bit processors

4 GB

SCSI disks with the operating system, data files, and log files separated.

Data files and log files each on a 2 disk RAID configuration.

Reporting database

Two 2 GHz or faster 32-bit processors

4 GB

SCSI disks with the operating system, data files, and log files separated.

Data files and log files each on a 2 disk RAID configuration.

Distribution server

Single 2 GHz or faster 32-bit processor

1 GB

SCSI disks with the operating system separated from the data and log files.

Larger deployments

The three topologies described in the following sections all scale up to 10,000 managed computers. It is highly recommended that you use SQL Server 2005 Enterprise Edition in any Client Security deployment of more than 3,000 managed computers; all three of the following topologies presuppose the use of SQL Server 2005 Enterprise Edition.

The commonalities among these three topologies are the separation of the distribution component and the separation of the databases from the management component.

Four-server topology

The four-server topology separates each function onto its own server; the management server is on one server, the distribution server on a second, the collection server and collection database on a third, and the reporting server and reporting database on the fourth server.

Client Security Four-server topology

By separating the two Client Security databases from each other, this topology reduces the workload performed by SQL Server 2005 Enterprise Edition.

The following table summarizes the hardware recommendations for the servers in a four-server topology with up to 5,000 managed computers.

 

Server components Processor RAM Hard disk configuration

Management

Two 2 GHz or faster 32-bit processors

2 GB

SCSI

Reporting and reporting database

Four 2 GHz or faster 32-bit processors

4 GB

SCSI disks with the operating system, data files, and log files separated.

Data files and log files on 2 disk RAID configurations.

Collection and collection database

Four 2 GHz or faster 32-bit processors

4 GB

SCSI disks with the operating system, data files, and log files separated.

Data files and log files on 2 disk RAID configurations.

Distribution server

Two 2 GHz or faster 32-bit processors

2 GB

SCSI disks with the operating system separated from the data and log files.

The following table summarizes the hardware recommendations for the servers in a four-server topology with up to 10,000 managed computers.

 

Server components Processor RAM Hard disk configuration

Management

Two 2 GHz or faster 32-bit processors

2 GB

SCSI disk

Reporting and reporting database

Four 2 GHz or faster 32-bit processors

4 GB

SCSI disks with the operating system, data files, and log files separated.

Data files on 4 disk RAID configuration, and log files on 2 disk RAID configuration.

Collection and collection database

Four 2 GHz or faster 32-bit processors

4 GB

SCSI disks with the operating system, data files, and log files separated.

Data files on 4 disk RAID configuration and log files on 2 disk RAID configuration.

Distribution server

Two 2 GHz or faster 32-bit processors

2 GB

SCSI disks with the operating system separated from the data and log files.

Five-server topology

The five-server topology builds on the four-server topology by moving both Client Security SQL Server databases to a single computer running SQL Server 2005 Enterprise Edition.

Client Security Five-server topology

The five-server topology is useful for large scale deployments with existing WSUS infrastructure and SQL Server deployments. Using this topology allows you to locate your Client Security databases on a preexisting server running SQL Server.

The primary difference between the five-server topology and the four-server topology is the separation of the SQL Server databases on separate servers.

Six-server topology

The six-server topology separates all Client Security components onto their own servers. Because the Client Security databases are separated in this topology, the six-server topology provides the largest performance gain compared to any topology that places the Client Security databases on the same server or on a server with another Client Security component.

Client Security Six-server topology

Additionally, this topology provides the flexibility of reusing existing installations of SQL Server for your Client Security databases.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft