Export (0) Print
Expand All
1 out of 3 rated this helpful - Rate this topic

Before You Begin

 

Topic Last Modified: 2012-06-13

Prior to installing Microsoft Forefront Protection Server Management Console (FPSMC), you should decide whether you will implement a stand-alone installation of the FPSMC or a primary and a backup installation of the FPSMC. Both options provide the same functionality with one exception: the primary/backup scenario provides better business continuity. Should the primary server go offline, the backup server will continue to perform a subset of critical FPSMC functionality until the primary server is brought back online. For more information about FPSMC backup server functionality, see Redundancy.

You should also decide whether you wish to install the FPSMC using the Express or Enterprise installation of SQL Server. An Enterprise installation stores the FPSMC databases on an existing SQL Server (either locally or remotely), while the Express installation stores the FPSMC databases locally using SQL Server 2008 R2 Express. When installing the FPSMC as a primary server role, you must select the Enterprise installation option.

There are different requirements for the different SQL Server installation options. In a stand-alone Express installation, the account used to install the FPSMC must be a domain account with local administrative rights.

In an Enterprise installation, the SQL Server login used with SQL Server Authentication or associated with Windows Authentication must have the dbcreator server role. When using SQL Server Authentication, you must create two databases: FPSMCReport and FPSMCData, and assign the user account dbowner rights on both of the databases.

When installing FPSMC on a primary and backup server, in addition to the above requirements, you must have a Windows account with a SQL Server login that has dbcreator and sysadmin server roles. If you are using a separate server for SQL Server, the Windows account associated with the SQL Server login must have local administrative rights on the remote server.

One installation instance of FPSMC can support up to 100 managed FPE and FPSP servers. If you want to manage more than 100 FPE and FPSP servers, it is recommended that you install multiple instances of FPSMC. Multiple instances of FPSMC cannot share the same SQL database tables or instances. Instead, you need to create another instance of SQL Server on the same database server to support the new FPSMC server or deploy a new instance of SQL Server.

The following table summarizes necessary permission requirements for FPSMC.

 

Installation Console Access SQL Permissions for SQL Server Enterprise (Windows Authentication) SQL Permissions for SQL Server Enterprise (SQL Server Authentication)

Stand-alone

Domain account with Local Admin privileges, or higher

Local Admin

noteNote:
Regardless of the permissions, the user must be added to the console under User Management before they have access to the server. Only the installation administrator has access, once installation is complete.

SQL Server Express – Local Admin rights to the server that FPSMC is installed on.

SQL Server Enterprise – Requires credentials of a user account with the dbcreator server role. If databases are created prior to installing FPSMC, the account will also require db_owner rights to the databases.

SQL Express – Local Admin rights to the server that FPSMC and SQL Express are being installed on

SQL Server Enterprise – A user account with the dbcreator role and db_owner rights to the FPSMCData and FPSMCReport databases.

noteNote:
In order to use SQL Server Authentication, the FPSMCData and FPSMCReport databases must be created prior to installation.

Primary

Domain account with Local Admin privileges or higher

Local Admin

noteNote:
Regardless of the permissions, the user must be added to the console under User Management before they have access to the server. Only the installation administrator has access, once installation is complete.

SQL Server Express – Not allowed

SQL Server Enterprise – Requires credentials of a user account with the dbcreator server role. If databases are created prior to installing FPSMC, the account will also require db_owner right to the databases.

noteNote:
If SQL Server is remote, the account also needs Local Admin rights to the SQL Server computer. This is necessary for replication. If required, the Local Admin rights to the SQL Server can be removed after both the primary and backup server are installed.
noteNote:
For SQL Server Enterprise, two (or more) deployments of FPSMC cannot share the same database instance. Each FPSMC deployment has to be pointed to its own SQL Server instance.

SQL Server Express – Not allowed

SQL Server Enterprise – Requires credentials of a user account with dbcreator and db_owner rights to the FPSMCData and FPSMCReport databases.

noteNote:
If SQL Server is remote, the account will also need Local Admin rights to the SQL Server computer. This is necessary for replication. If required, the Local Admin rights to the SQL Server can be removed after both the primary and backup server are installed.
noteNote:
In order to use SQL Server Authentication, the FPSMCData and FPSSSMCReport databases must be created prior to installation.

Secondary

Domain Account with Local Admin privileges, or higher

Local Admin

noteNote:
Regardless of the permissions, the user must be added to the console under User Management before they have access to the server. Only the installation administrator has access, once installation is complete.

SQL Server Express - Local Admin rights to the server that FPSMC and SQL Server Express are being installed on

SQL Server Enterprise - Requires credentials of a user account with the dbcreator server role. If databases are created prior to installing FPSMC, the account also requires db_owner right to the databases.

noteNote:
If SQL Server is remote, the account will also need Local Admin rights to the SQL Server computer. This is necessary for replication. If required, the Local Admin rights to the SQL Server can be removed after both the primary and backup servers are installed.
noteNote:
For SQL Server Enterprise, this has to be on a different SQL Server instance than the primary server, and from other FPSMC deployments.

SQL Server Express - Local Admin rights to the server that FPSMC and SQL Server Express are being installed on.

SQL Server Enterprise – Requires credentials of a user account with dbcreator and db_owner rights to the FPSMCData and FPSMCReport databases.

noteNote:
If SQL Server is remote, the account also needs Local Admin rights to the SQL Server computer. This is necessary for replication. If required, the Local Admin rights to the SQL Server can be removed after both primary and backup servers are installed.
noteNote:
In order to use SQL Server Authentication, the FPSMCData and FPSMCReport databases must be created prior to installation.

To enable management by FPSMC of FPE and FPSP servers in an enterprise environment, use the firewall settings outlined in the following table to enable communication between the servers hosting FPSMC and the target computers.

 

Port Function

80

HTTP port. Enables communication between the web browser and FPSMC, as well as all HTTP communication from FPSMC to the internet.

445

Required for FPSMC agent deployment (unidirectional: FPSMC server to the managed computer)

8815

The deployment agent listens on this port on a managed server to receive commands from the FPSMC agent (unidirectional: FPSMC server to the managed computer).

8816

The push installer listens on this port on the managed servers (unidirectional: FPSMC server to the managed computer).

8817

The NotificationService on the FPSMC server listens on this port to receive data (such as quarantine and stats) from the managed servers.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.