Choosing your topology
Applies To: Forefront Client Security
You can install the Client Security server components in a variety of configurations, based on the needs of your organization. This is called the Client Security topology. Before beginning the installation of Client Security, you need to determine which topology to deploy. This decision can be based on a number of factors; the primary factors are discussed in this topic.
Client Security supports deployment in six topologies. These topologies vary in the number of computers needed to deploy, the location of the Client Security databases, and the number of managed computers supported.
The three topologies discussed in the following topic all support up to 5,000 managed computers. Additionally, these three topologies support the use of either SQL Server 2005 Standard Edition or SQL Server 2005 Enterprise Edition; however, if your deployment supports more than 3,000 managed computers, it is highly recommended that you use SQL Server 2005 Enterprise Edition.
For more information about Client Security and SQL Server 2005 editions, see the Client Security Performance and Scalability Guide (https://go.microsoft.com/fwlink/?LinkId=89661).
The single-server topology is the smallest of the supported topologies. In this configuration, all Client Security server components are installed on a single server.
.gif "Client Security Single-server topology")
The single-server topology is ideal for test environments or for small deployments. Depending on the hardware of the servers, the single-server topology can support up to 3,000 managed computers.
| Number of managed computers | Processor | RAM | Hard disk configuration |
|---|---|---|---|
Up to 1,000 |
Two 2 GHz or faster 32-bit processors |
2 GB |
Integrated drive electronics (IDE) disks with the operating system, data files, and log files separated. |
Up to 3,000 |
Two 2 GHz or faster 32-bit processors |
4 GB |
Small computer system interface (SCSI) disks with the operating system, data files, and log files separated. Data files on a 2 disk redundant array of independent disks (RAID) configuration. |
The two-server topology separates the distribution component onto its own server. This topology is useful primarily for organizations that already have an existing WSUS infrastructure. Server sizing recommendations are similar for this topology as for the single-server topology.
.gif "Client Security Two-server topology")
If you choose a two-server topology and later begin to encounter performance issues with the Client Security databases (slowdowns in report rendering or lengthening of the duration of the Data Transformation Services (DTS) job), it is recommended that you move to a topology that separates the Client Security SQL Server databases from each other. The largest performance gain is experienced when moving from the two-server topology to the four-server or six-server topologies, both of which separate the Client Security SQL Server databases onto separate servers.
The three-server topology separates the heavily used reporting database onto its own server. The management, collection, and reporting components as well as the collection database are on a second server, and the distribution component is installed on a third server.
.gif "Client Security Three-server topology")
This topology, like the two-server topology, works well with organizations that have an existing WSUS infrastructure, because the distribution server is separate from all other server components.
Additionally, the separation of the reporting database from all other components reduces the load incurred by the management, collection, and reporting server. With the use of SQL Server 2005 Enterprise Edition, the three-server topology can support up to 5,000 managed computers.
The following table summarizes the hardware recommendations for the servers in a three-server topology with up to 3,000 managed computers.
| Server components | Processor | RAM | Hard disk configuration |
|---|---|---|---|
Management, collection, and reporting; collection database |
Two 2 GHz or faster 32-bit processors |
2 GB |
SCSI disks with the operating system, data files, and log files separated. Data files on a 2 disk RAID configuration. |
Reporting database |
Two 2 GHz or faster 32-bit processors |
2 GB |
SCSI disks with the operating system, data files, and log files separated. Data files on a 2 disk RAID configuration. |
Distribution server |
Single 2 GHz or faster 32-bit processor |
1 GB |
SCSI disks with the operating system separated from the data and log files. |
The following table summarizes the hardware recommendations for the servers in a three-server topology with up to 5,000 managed computers.
| Server components | Processor | RAM | Hard disk configuration |
|---|---|---|---|
Management, collection, and reporting; collection database |
Four 2 GHz or faster 32-bit processors |
4 GB |
SCSI disks with the operating system, data files, and log files separated. Data files and log files each on a 2 disk RAID configuration. |
Reporting database |
Two 2 GHz or faster 32-bit processors |
4 GB |
SCSI disks with the operating system, data files, and log files separated. Data files and log files each on a 2 disk RAID configuration. |
Distribution server |
Single 2 GHz or faster 32-bit processor |
1 GB |
SCSI disks with the operating system separated from the data and log files. |
The three topologies described in the following sections all scale up to 10,000 managed computers. It is highly recommended that you use SQL Server 2005 Enterprise Edition in any Client Security deployment of more than 3,000 managed computers; all three of the following topologies presuppose the use of SQL Server 2005 Enterprise Edition.
The commonalities among these three topologies are the separation of the distribution component and the separation of the databases from the management component.
The four-server topology separates each function onto its own server; the management server is on one server, the distribution server on a second, the collection server and collection database on a third, and the reporting server and reporting database on the fourth server.
.gif "Client Security Four-server topology")
By separating the two Client Security databases from each other, this topology reduces the workload performed by SQL Server 2005 Enterprise Edition.
The following table summarizes the hardware recommendations for the servers in a four-server topology with up to 5,000 managed computers.
| Server components | Processor | RAM | Hard disk configuration |
|---|---|---|---|
Management |
Two 2 GHz or faster 32-bit processors |
2 GB |
SCSI |
Reporting and reporting database |
Four 2 GHz or faster 32-bit processors |
4 GB |
SCSI disks with the operating system, data files, and log files separated. Data files and log files on 2 disk RAID configurations. |
Collection and collection database |
Four 2 GHz or faster 32-bit processors |
4 GB |
SCSI disks with the operating system, data files, and log files separated. Data files and log files on 2 disk RAID configurations. |
Distribution server |
Two 2 GHz or faster 32-bit processors |
2 GB |
SCSI disks with the operating system separated from the data and log files. |
The following table summarizes the hardware recommendations for the servers in a four-server topology with up to 10,000 managed computers.
| Server components | Processor | RAM | Hard disk configuration |
|---|---|---|---|
Management |
Two 2 GHz or faster 32-bit processors |
2 GB |
SCSI disk |
Reporting and reporting database |
Four 2 GHz or faster 32-bit processors |
4 GB |
SCSI disks with the operating system, data files, and log files separated. Data files on 4 disk RAID configuration, and log files on 2 disk RAID configuration. |
Collection and collection database |
Four 2 GHz or faster 32-bit processors |
4 GB |
SCSI disks with the operating system, data files, and log files separated. Data files on 4 disk RAID configuration and log files on 2 disk RAID configuration. |
Distribution server |
Two 2 GHz or faster 32-bit processors |
2 GB |
SCSI disks with the operating system separated from the data and log files. |
The five-server topology builds on the four-server topology by moving both Client Security SQL Server databases to a single computer running SQL Server 2005 Enterprise Edition.
.gif "Client Security Five-server topology")
The five-server topology is useful for large scale deployments with existing WSUS infrastructure and SQL Server deployments. Using this topology allows you to locate your Client Security databases on a preexisting server running SQL Server.
The primary difference between the five-server topology and the four-server topology is the separation of the SQL Server databases on separate servers.
The six-server topology separates all Client Security components onto their own servers. Because the Client Security databases are separated in this topology, the six-server topology provides the largest performance gain compared to any topology that places the Client Security databases on the same server or on a server with another Client Security component.
.gif "Client Security Six-server topology")
Additionally, this topology provides the flexibility of reusing existing installations of SQL Server for your Client Security databases.