Installing FSE on a cluster

 

Applies to: Forefront Security for Exchange Server

Forefront Security for Exchange Server supports local installations in all types of Exchange Server 2007 cluster and cluster-like configurations:

  • Local Continuous Replication (LCR)

  • Standby Continuous Replication (SCR)

  • Cluster Continuous Replication (CCR)

  • Single Copy Cluster (SCC)

Note

If your system is configured to run a Network Load Balancer (NLB), there are no special installation procedures for Forefront Security for Exchange Server. Simply follow the instructions in the "Forefront Security for Exchange Server User Guide" for a non-clustered installation.

Note

Each node of the cluster is a mailbox-only server. FSE should also be installed on your Edge and Hub servers for more reliable protection and performance.

Forefront Security for Exchange Server recognizes the existence of Microsoft Windows Server 2003 and Microsoft Windows Server 2008 active/passive clusters. To install Forefront Security for Exchange Server in a cluster environment, you must log on to the local computer as a Domain user with an account that has Local administrator rights. Forefront Security for Exchange Server must be installed on each node. All program files must be installed to a local drive.

Features of the installation include:

  • Configuration data (such as ScanJobs.fdb and Notifications.fdb) is associated with a Clustered Mailbox Server (CMS), not the physical nodes. Because of this, the data needs to be configured only for each CMS, regardless of how many nodes you have.

  • Similarly, scanner signature files are associated with a CMS, so that both active and passive nodes are up-to-date.

  • Configuration data kept in the registry is replicated on a CMS basis when the CMS moves from one computer to another during a failover event.

The Forefront Server Security Administrator should be connected to the Virtual Machine when connecting to Forefront Security for Exchange on a cluster server. If you try to connect to the physical server, you will be asked to select the Virtual Machine to which you would like to connect.

Applying Exchange and FSE service packs and rollups

This section describes how to apply Exchange and FSE service packs and rollups.

To install an Exchange service pack or rollup

  1. Disable FSE on all nodes using the steps described in The FSC utility in the “Microsoft Forefront Security for Exchange Server User Guide”.

  2. On each node, follow the instructions provided with the specific Exchange service pack or rollup that you are installing.

  3. After the installation is complete and the Exchange services have been restarted, verify that mail is flowing.

  4. Starting with the active node, enable FSE on all nodes using the steps described in The FSC utility in the “Microsoft Forefront Security for Exchange Server User Guide”.

Warning

Do not fail over the active node when performing these steps.

Note

Some Exchange service packs and rollups require you to download and install an FSE update in order to ensure that FSE operates correctly. For information and downloads, visit the Microsoft Web site at Microsoft Help and Support.

To install an FSE service pack or rollup

  1. On the active node, run the installer by double-clicking the service pack or rollup executable file.

  2. On the passive node, run the installer by double-clicking the service pack or rollup executable file.

  3. After the installation is complete and the Exchange and FSE services have been restarted (this occurs automatically during the installation), verify that FSE is working properly.

    Note

    FSE service packs or rollups can also be installed using the FFSMC Deployment job. (For details, see Deployment Jobs in the Forefront Server Security Management Console User Guide.) In this case, the installer runs in silent mode and there is no user input required. The rest of the process remains the same as when running the installer by double-clicking the executable file.