Introduction To the Management Console


Applies to: Forefront Server Security Management Console

Topic Last Modified: 2009-05-15

The Microsoft Forefront™ Server Security Management Console (FSSMC) is a management tool that provides information technology (IT) administrators with a way to centrally manage Forefront server security products on all enterprise servers (with the exception of the Forefront Security for Office Communications Server (FSOCS) product, which is not supported). FSSMC is also backwards compatible with all Microsoft Antigen Version 9 products. Using a browser-based user interface, the FSSMC provides centralized deployment and reporting.

Centralized deployment allows administrators to deploy various files and settings to all or selected servers in the enterprise. Using the FSSMC, you can deploy the following to remote computers:

  • Forefront Security installations, uninstalls, and upgrades
  • Templates for configuration management
  • Forefront Security product activation keys
  • Scan engine signature file updates (to centralize the update procedure)
  • General Options to configure system-level settings
  • Manual scan jobs
  • Jobs that send reports on a fixed schedule
  • Jobs that rapidly enable and disable scanning and filtering features on remote servers.

In addition, you can retrieve the following from remote computers:

  • Program log, incidents database, and quarantine database
  • Quarantined data
  • Centralized reporting allows administrators to more closely monitor the servers in the enterprise and evaluate the effectiveness of antivirus software. The FSSMC collects statistics from all its managed servers and stores them in a central repository for later analysis. The statistics are also used by the FSSMC to alert administrators to potential problems by monitoring event thresholds and looking for statistical anomalies that may indicate a problem. Reports provide information about the trends in virus, filter, and update activity for each server or the entire enterprise.

Data used by the FSSMC can be stored in Microsoft SQL Server™ 2005 Express Edition, which is a version of SQL Server with limited features. Data can also be stored on an existing computer running SQL Server—locally or remotely—using SQL or Windows authentication.

The FSSMC uses bidirectional DCOM to communicate information between the FSSMC and the agents located on remote computers. In environments where internal firewalls are present, the firewall configuration must be configured to allow the DCOM protocol.

FSSMC supports managing servers that are not in the same domain or forest. This capability is supported for the following products:

  • Antigen for Exchange Version 9
  • Antigen for SMTP Gateways Version 9
  • Forefront Security for Exchange Server Version 10
  • Forefront Security for SharePoint Version 10

When managing servers that are not in the same domain or forest, consider the following important points:

  • Servers must be entered as fully qualified domain names (FQDN) in order for them to be resolved as computer objects.
    For more information about managing servers, see "Configuring Managed Servers" in Getting Started.
  • Users must be entered as fully qualified domain names (FQDN) in order for them to be resolved as user objects.
    For more information about managing users, see "Configuring User Accounts" in Getting Started.
  • The Browse button on the Add Servers pane only browses servers from the installed domain and its subdomains.
  • The Browse button on the Add Users pane only browses users from the installed domain and its subdomains.
  • Auto discovery jobs only search the installed domain for new computers that are running Microsoft Exchange Server.
  • Managed computers in external domains require read access to the SybariRedistribution share on the FSSMC server.
  • A two-way trust must be created between the installed domain and the external domain that you are trying to manage. If a two-way trust does not exist, FSSMC cannot fully manage the servers in the external domain.
  • You should update the Domain Name System (DNS) to allow the FSSMC server to resolve managed computers in the external domains.

Community Additions