Installing a five-server topology on Windows Server 2008
Applies To: Forefront Client Security
This topic provides an overview about how to install Client Security on a five-server topology on Windows Server 2008.
Important If you are installing multiple Client Security deployments, you must use unique computer names for each collection database server and reporting database server, as well as unique Management group names. Unique names allow you to use the Client Security Enterprise Manager tool to aggregate reporting and to manage your Client Security environment from a single Client Security console.
Installing the software prerequisites
It is highly recommended that you install the software prerequisites in exactly the order shown in the following table.
Computer | Task | Steps |
---|---|---|
Database server |
Install software prerequisites. |
Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. Important
|
Install Microsoft .NET Framework 1.1 with SP1. |
Install .NET Framework 1.1 from Microsoft .NET Framework Version 1.1 Redistributable Package (https://go.microsoft.com/fwlink/?LinkId=126621). Install .NET Framework 1.1 SP1 from Microsoft .NET Framework 1.1 Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=126622). |
|
Install .NET Framework 3.0. |
Use Server Manager in Windows Server 2008 in order to install .NET Framework 3.0. For more information, see Server Manager(https://go.microsoft.com/fwlink/?LinkId=126624). |
|
Install SQL Server 2005 with SP2. |
When installing SQL Server 2005, make sure to do the following:
|
|
Reporting server |
Install software prerequisites. |
Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. Important
|
Install Microsoft .NET Framework 1.1 with SP1. |
Install .NET Framework 1.1 from Microsoft .NET Framework Version 1.1 Redistributable Package (https://go.microsoft.com/fwlink/?LinkId=126621). Install .NET Framework 1.1 SP1 from Microsoft .NET Framework 1.1 Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=126622). |
|
Install .NET Framework 3.0. |
Use Server Manager in Windows Server 2008 in order to install .NET Framework 3.0. For more information, see Server Manager(https://go.microsoft.com/fwlink/?LinkId=126624). |
|
Install IIS and ASP.NET |
Use Server Manager in Windows Server 2008 in order to install IIS and ASP.NET. For more information, see Installing IIS 7.0 on Windows Server 2008 (https://go.microsoft.com/fwlink/?LinkId=126625). In the Add Roles Wizard, make sure you install the following role services:
|
|
Install SQL Server 2005 Reporting Services without configuring it. |
When installing SQL Server 2005, make sure to do the following:
|
|
Configure Reporting Services and create the remote database. |
It is highly recommended that you follow the detailed instructions in Installing the software prerequisites on the reporting server for a five-server topology. |
|
Add the reporting server site to the Local intranet zone in Internet Explorer. |
In Internet Explorer, on the Tools menu, click Internet Options. On the Security tab, add the reporting server site to the Local intranet zone. |
|
Collection server |
Install software prerequisites. |
Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. Important
|
Install Microsoft .NET Framework 1.1 with SP1. |
Install .NET Framework 1.1 from Microsoft .NET Framework Version 1.1 Redistributable Package (https://go.microsoft.com/fwlink/?LinkId=126621). Install .NET Framework 1.1 SP1 from Microsoft .NET Framework 1.1 Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=126622). |
|
Install .NET Framework 3.0. |
Use Server Manager in Windows Server 2008 in order to install .NET Framework 3.0. For more information, see Server Manager(https://go.microsoft.com/fwlink/?LinkId=126624). |
|
Enable network COM+ access. |
Use Server Manager in Windows Server 2008 in order to enable network COM+ access. |
|
Management server |
Install software prerequisites. |
Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. Important
|
Install Microsoft .NET Framework 1.1 with SP1. |
Install .NET Framework 1.1 from Microsoft .NET Framework Version 1.1 Redistributable Package (https://go.microsoft.com/fwlink/?LinkId=126621). Install .NET Framework 1.1 SP1 from Microsoft .NET Framework 1.1 Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=126622). |
|
Install .NET Framework 3.0. |
Use Server Manager in Windows Server 2008 in order to install .NET Framework 3.0. For more information, see Server Manager(https://go.microsoft.com/fwlink/?LinkId=126624). |
|
Install GPMC with SP1. |
Use Server Manager in Windows Server 2008 in order to install GPMC. For more information, see "Appendix B: Resources for Learning About Group Policy for Windows Server 2008" in Installing GPMC on a server running Windows Server 2008 (https://go.microsoft.com/fwlink/?LinkId=126626). |
|
Add the reporting server site to the Local intranet zone in Internet Explorer. |
In Internet Explorer, on the Tools menu, click Internet Options. On the Security tab, add the reporting server site to the Local intranet zone. |
|
Distribution server |
Install software prerequisites. |
Verify that all critical security and computer updates have been installed, and then begin installing the software prerequisites. |
Install .NET Framework 3.0. |
Use Server Manager in Windows Server 2008 in order to install .NET Framework 3.0. For more information, see Server Manager(https://go.microsoft.com/fwlink/?LinkId=126624). |
|
Install IIS and ASP.NET |
Use Server Manager in Windows Server 2008 in order to install IIS and ASP.NET. For more information, see Installing IIS 7.0 on Windows Server 2008 (https://go.microsoft.com/fwlink/?LinkId=126625). In the Add Roles Wizard, make sure you install the following role services:
|
|
Install, configure, and synchronize Windows Server Update Services (WSUS) with SP1. |
To install, configure, and synchronize WSUS 3.0 with SP1, see "Step-by-Step Guide to Getting Started" with Microsoft Windows Server Update Services 3.0 (https://go.microsoft.com/fwlink/?LinkId=126627). When configuring WSUS, make sure you have configured automatic updates so that your client computers receive updates. In particular, make sure you have configured the following:
|
Verifying a successful installation of the software prerequisites
Before continuing, it is recommended that you verify that the software prerequisites have been successfully installed and configured, as described in the following table. For detailed instructions, see Verifying the software prerequisites for a five-server topology.
Computer | Task | Steps |
---|---|---|
Management server |
Verify and record the reporting server URL. |
In Internet Explorer, on the management server, verify that you can connect to the reporting server URL. Record the URL, because you will need to provide it when installing Client Security. |
Installing Client Security for a five-server topology
It is highly recommended that you install Client Security in exactly the order shown in the following table. In the Setup wizard, you will provide server names, SQL Server instances, and service accounts you have already set up. In addition, you must specify the following:
Size of the databases Make sure the size does not exceed the space on your server.
Management group name You can enter the name you want or use the default value (ForefrontClientSecurity). Record the name that you enter, because you will need to provide it when configuring Client Security.
Important
Because this is a multiple-server topology, the default values provided in the Setup wizard are frequently not correct. Make sure to type the correct values.
For detailed instructions, see Installing Client Security on a five-server topology.
Computer | Task | Steps |
---|---|---|
Database server |
Install collection database and reporting database on the database server. |
Run the Server Setup wizard on the server with the collection database. When the Program Compatibility Assistant dialog box appears, you can dismiss it. On the Component Installation page, select the Collection database and Reporting server and report database check boxes, and then clear the other check boxes. Complete the steps in the wizard. Important As part of this wizard, you will remotely configure the reporting server. You should not run the Server Setup wizard on the reporting server. |
Collection server |
Install Client Security on the collection server. |
Run the Server Setup wizard on the collection server. When the Program Compatibility Assistant dialog box appears, you can dismiss it. On the Component Installation page, select the Collection server check box, and then clear the other check boxes. Complete the steps in the wizard. |
Install Client Security SP1. |
To install Client Security SP1, connect the appropriate server to Microsoft Update or to WSUS. For detailed instructions on how to install Client Security SP1, see Problems and update scenarios that are addressed in Forefront Client Security Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=126628). Note This upgrade is only supported for Client Security server components; do not install it on your client computers. |
|
Management server |
Install Client Security on the management server. |
Run the Server Setup wizard on the management server. When the Program Compatibility Assistant dialog box appears, you can dismiss it. On the Component Installation page, select the Management server check box, and then clear the other check boxes. Complete the steps in the wizard. |
Install Client Security SP1. |
To install Client Security SP1, connect the appropriate server to Microsoft Update or to WSUS. For detailed instructions on how to install Client Security SP1, see Problems and update scenarios that are addressed in Forefront Client Security Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=126628). Note This upgrade is only supported for Client Security server components; do not install it on your client computers. |
Configuring Client Security for a five-server topology
After installing Client Security, you must configure it by following the steps in the following table. While completing the Configuration wizard, you will provide server names, SQL Server instances, service accounts, and the management group name you have already set up.
Important
Because this is a multiple-server topology, the default values provided in the Configuration wizard are frequently not correct. Make sure to type the correct values.
For detailed instructions, see Configuring Client Security on a five-server topology.
Computer | Task | Steps |
---|---|---|
Management server |
Configure Client Security on the management server. |
Open the Client Security console and run the Configuration wizard on the management server. Complete the steps in the wizard. |
Point MOM administrator and operator consoles to the collection server. |
By default, the MOM consoles on the management server look for the collection server on the local host. To point to the correct location, do the following:
|
|
Collection server |
Grant the correct permissions for the user account. |
The user account you use to work with Client Security on the management server must have the correct permissions on the collection server. To create these, do one of the following:
|
All computers |
Grant permissions to service accounts. |
It is highly recommended that you follow the detailed instructions in Configuring Client Security on a five-server topology. |
Verifying your Client Security installation
To verify a successful installation of Client Security, follow the steps described in the following table. For more information, see Verifying the installation of Client Security on a five-server topology.
Computer | Task | Steps |
---|---|---|
Management server |
Open the Client Security console. |
Make sure you can view all of the data in the console, including the 14-day History chart. |
Browse the reports. |
Make sure you can view all of the data in the reports. |