Installation

  • Article

 

Applies to: Forefront Server Security Management Console

This release of FSSMC supports local installations on servers running the Microsoft Windows Server® 2003 operating system.

Note

The FSSMC cannot be installed on a server that is used as a domain controller, an Exchange server, or a SharePoint server.
The FSSMC is not supported on the perimeter network (also known as DMZ, demilitarized zone, and screened subnet). We recommend that you manage a perimeter network installation directly by using the Microsoft Forefront Server Security Administrator.

The Forefront Server Security Management Console setup wizards can be used to install the product to a local server running Windows Server 2003. Prior to installation, you will need to know the administrator account and password for the computer on which the FSSMC is being installed.

FSSMC can also be installed in a cluster environment (only Exchange 2003 clusters and Exchange 2007 CCR clusters are supported). For more information about cluster considerations, see Cluster Management Considerations.

Minimum Server Requirements

Note that administrators must have domain rights and local administrator rights. The following are the minimum requirements necessary to install the FSSMC on a server:

  • Microsoft Windows Server 2003 SP 2 (32-bit) or Windows Server 2003 R2 (32-bit). Windows Server 2008 or higher is not supported. FSSMC cannot be installed on a 64-bit computer. However, FSSMC (deployed on a 32-bit computer) can manage Forefront server security products that are deployed on 64-bit computers, including Small Business Server (SBS) and Essential Business Server (EBS). Additionally, FSSMC can be deployed on appropriate 32-bit computers running within a Hyper-V virtual environment.  
  • 512 megabytes (MB) of available memory
  • 186 MB of available disk space for prerequisites, which are listed in the Prerequisites section
  • 65 MB of available disk space for the Forefront Server Security Management Console

Prerequisites

These are the prerequisites necessary to install the FSSMC. Some must be available before you attempt to install FSSMC. Others will be installed for you if not present.

User Prerequisites

The following must be present before FSSMC can be installed:

  • Internet Information Services (IIS) 6.0. For security reasons, it must be installed and updated manually by an administrator.
  • ASP.NET version 2.0
  • SQL Server 2005 Standard Edition, SQL Server 2005 Express Edition, or SQL Server 2000

Automatically Installed Prerequisites

The following will be installed automatically if not present:

  • .NET Runtime version 2.0
  • Microsoft Message Queue and Message Queuing (also known as MSMQ) Triggers
  • MSXML 6.0

Before You Begin

If you are going to do an Enterprise Installation (which stores the FSSMC databases on an existing SQL Server), before starting the installation you must:

  • Create a new instance of the SQL server and specify the login and the privileges of the login user. The installer will create two databases:

    • SybariEnterpriseManager

    • SybariEnterpriseManagerReports

      Note

      If you are upgrading from a previous version of the Management Console, you must do an Enterprise Installation and specify the old database names (SybariEnterpriseManager and SybariEnterpriseManagerReports).

  • Know the name of the server running SQL Server to be accessed.

  • Know the domain in which SQL Server and the Forefront Server Security Management Console are located (if you will be using Windows integrated security to connect to a remote server running SQL Server).

  • Know a user name and password (for SQL or Windows authentication).

    Important

    The specified user must have local administrator rights and be granted access to both the SybariEnterpriseManager and SybariEnterpriseManagerReports databases and have db_owner permission. If you are installing on a Standalone server, the user must have a db_creator role. If you are installing on a Primary or Backup server, the user must have a sys_admin role.

Standalone Installation

Standalone provides all features other than redundancy. You may subsequently select either Express or Enterprise installation as the type. If SQL Server 2005 or SQL Server 2005 Express Edition is not already installed, setup will select Express installation. If MSDE is present, setup will upgrade it to SQL Server 2005 Express Edition automatically.

Important

You must know a user name and password (for SQL or Windows authentication). The specified user must have been granted access to both the SybariEnterpriseManager and SybariEnterpriseManagerReports databases and have db_owner permission. If you are installing on a Standalone server, the user must have a db_creator role.

To begin installing the Forefront Server Security Management Console

  1. Run Setup.exe from the directory containing the FSSMC installation files.

  2. Select the “Standalone” Server Role.

  3. Select the Installation Mode:

    Express installation. This installation type installs its own instance of SQL Server 2005 Express Edition on the local computer. Click Check prerequisites to ensure that you have all the needed prerequisites. If existing data is found, you are asked if you want to keep it. The installation then continues with the steps in the section Standalone Express Installation.

    Enterprise installation. This installation type uses an existing instance of SQL Server. Click Check prerequisites to ensure that you have all the needed prerequisites. The installation then continues with the steps in the section StandaloneEnterprise Installation.

Standalone Express Installation

The following are the steps to continue the Express Installation procedure.

To continue the Express Installation process

  1. The initial setup screen is Welcome. Click Next to continue.

  2. The End User License Agreement screen appears. Accept the agreement, and then click Next.

  3. The Select Installation Folder screen appears. Either accept the default folder or enter an alternate one by typing its name or browsing to it.

  4. The Ready To Install screen appears. Click Install to begin the installation or click Back to modify your choices. Once the installation begins, its status is displayed.

  5. When the installation has finished, the Installation Complete screen appears. Click Finish to complete the installation.

Standalone Enterprise Installation

The following are the steps to continue the Enterprise Installation procedure.

To continue the Enterprise Installation process

  1. Indicate the Authentication Method. Specify whether to use Windows Integrated (NT) Security or SQL Authentication. Your SQL Server administrator will be able to tell you how the system was set up. If the wrong authentication type is selected, the installation will fail to log on.

    Note

    If you are using Windows integrated security with a remote server, the Forefront Server Security Management Console server requires credentials accessible to both FSSMC and the remote server running SQL Server. This is only supported using FSSMC and SQL in a domain or the Active Directory® directory service environment.

    Specify the following information:

    • Server The local or remote server running SQL Server to install to. The list will display all the servers running SQL Server that could be discovered in the client's environment. You are not limited to the entries in this list. You may enter a different server name.
    • NT Domain This field can be ignored if you are using a local server running SQL Server with integrated security and a local account, or if you are using SQL authentication. If you are using Windows integrated security to connect to a remote server running SQL Server, enter the domain in which SQL Server and FSSMC are located. Do not enter a fully qualified domain name. Enter only the domain name.
    • User Enter the name of the user with access to the SQL repository. This user will automatically be added to the FSSMC database user list, but will not be included in the list of users displayed in the FSSMC to prevent anyone from deleting it.
    • Password Enter the password for that user.
    • Test Logon After providing the necessary credentials, you may test the logon using the Test Logon button (provided you have "logon as batch" rights).

  2. The Welcome screen appears. Click Next to continue.

  3. The End User License Agreement screen appears. Accept the agreement, and then click Next.

  4. The Select Installation Folder screen appears. Either accept the default folder or enter an alternate one by typing its name or browsing to it.

  5. The Ready To Install screen appears. Click Install to begin the installation or click Back to modify your choices. Once the installation begins, its status is displayed.

  6. When the installation has finished, the Installation Complete screen appears. Click Finish to complete the installation.

Primary Server Installation

These are the steps to install FSSMC on a Primary server.

Important

You must know a user name and password (for SQL or Windows authentication). The specified user must have local administrator rights and be granted access to both the SybariEnterpriseManager and SybariEnterpriseManagerReports databases and have db_owner permission. If you are installing on a Primary or Backup server, the user must have a sys_admin role.

To begin installing the Forefront Server Security Management Console

  1. Run Setup.exe from the directory containing the FSSMC installation files.

  2. Select the Primary server role. Then, enter the password to be used for encrypting data transferred between the Primary and Backup servers. The password must be the same for both. Click Next to continue.

  3. The Enterprise installation type is automatically selected for you. Click Check prerequisites to have Setup verify that all needed prerequisites have been installed.

  4. Select the address of the Primary database server. Then, enter the credentials to access it (NT Domain, User name, and Password). You must use the same account for the Backup server. Click Test Logon to ensure that the credentials are accurate.

  5. If existing data is found, you are asked if you want to keep it.

  6. The Welcome screen appears. Click Next to continue.

  7. The End User License Agreement screen appears. Accept the agreement, and then click Next.

  8. The Select Installation Folder screen appears. Either accept the default folder or enter an alternate one by typing its name or browsing to it.

  9. The Ready To Install screen appears. Click Install to begin the installation or click Back to modify your choices. Once the installation begins, its status is displayed.

  10. When the installation has finished, the Installation Complete screen appears. Click Finish to complete the installation.

Redundancy

To ensure yourself of fault tolerance for your FSSMC server, you can install one or more backup servers that will automatically replicate data and perform mission-critical activities, such as scan engine signature updating, when the primary server is offline. A backup server can perform the functions of the primary server without excessive configuration. The following data is periodically replicated onto the backup servers: the managed server list and user data (such as templates and jobs). Start by installing a primary FSSMC server, then install one or more backup FSSMC servers. To install FSSMC on Primary and Backup servers, see Primary Server Installation and Backup Server Installation.

Note

For Primary and Backup mode installations, only Windows authentication is permitted. If you use Windows authentication, the account used to access the SQL Server must have “Log on as Interactive” privileges on the installing machine.

FSSMC has a slightly different look on a backup server. For more information about the console itself, see Console Overview.

For more information about what you can and cannot do on a backup server, see Redundancy.

Backup Server Installation

These are the steps to install FSSMC on a Backup server.

To begin installing the Forefront Server Security Management Console

  1. Run Setup.exe from the directory containing the FSSMC installation files.

  2. Select the Backup server role. Then, enter the password to be used for encrypting data transferred between the Primary and Backup servers. The password must be the same for both. Click Next to continue.

  3. If SQL Server 2005 is already installed, you must select Enterprise installation for this role. Otherwise, you must select Express installation. Click Check prerequisites to have Setup verify that all needed prerequisites have been installed.

  4. Select the address of both the Primary and the Backup database servers. Then, enter the credentials to access them (NT Domain, User name, and Password). You must use the same account for the Backup server. Click Test Logon to ensure that the credentials are accurate.

  5. The Welcome screen appears. Click Next to continue.

  6. The End User License Agreement screen appears. Accept the agreement, and then click Next.

  7. The Select Installation Folder screen appears. Either accept the default folder or enter an alternate one by typing its name or browsing to it.

  8. The Ready To Install screen appears. Click Install to begin the installation or click Back to modify your choices. Once the installation begins, its status is displayed.

  9. When the installation has finished, the Installation Complete screen appears. Click Finish to complete the installation.

  10. Log on to the Backup server and configure it to replicate from the Primary server at a particular time and frequency. For configuration information see "Replication Configuration" in Redundancy.

Restoring a Former Version

You cannot use the FSSMC installation procedure to return to a former version. Once you have installed any version of FSSMC, you can only restore a previous version if the loss of your accumulated data is acceptable. If you choose to not keep your existing data, simply uninstall the product and re-install the older version.

Uninstalling

To uninstall the Forefront Server Security Management Console, you may either use Windows Add/Remove Programs or run Setup.exe and select the Remove option. Follow the on-screen instructions to complete the removal process.

When you uninstall FSSMC from a Standalone or Primary server, you are informed that uninstalling FSSMC will not automatically remove the agents on managed servers and that you should remove them with the management console prior to uninstalling it. You can choose to Continue or Cancel (in order to remove the agents). You are then asked if you want to keep all the data. At this point, the product is uninstalled.

When you uninstall FSSMC from a Backup server, you are warned that all the data in the backup database will be removed. At this point, the product is uninstalled.

When FSSMC is removed, the existing databases (SybariEnterpriseManager and SybariEnterpriseManagerReports) remain, since other applications may be using them. If you want to remove them, you must do it manually.

Upgrading

The FSSMC installation process does not perform an upgrade directly; it first uninstalls the previous version, while preserving the existing databases. The upgrade process then asks if you want to keep them. Select Yes to retain your existing data.

Restoring FSSMC after a System Failure

To restore FSSMC after a system failure, restore your SQL database first and then reinstall FSSMC by following the appropriate installation procedure for your environment. During the FSSMC reinstallation you will be prompted to connect to an existing database; select the restored SQL database.

For more information on backing up and restoring SQL databases, see the following articles.

Disaster Recovery Planning for SQL Server

Disaster Recovery Articles for Microsoft SQL Server