Installation and Configuration

  • Article

 

There are several steps involved in the installation and configuration process.

Ensure that the requirements are met

Install the product

Deploy agents

Establish group membership with the Attribute Discovery task

Configure notification groups

Modify optional paths

Requirements

These are the requirements for installing the Microsoft Forefront Server Security Management Pack for MOM 2005.

MOM Server Requirements

You must have an operational server running Microsoft Operations Manager 2005. Download the Microsoft Forefront Server Security Management Pack for MOM 2005 file (see Installing the Management Pack) to this server.

Script Requirements

The FFSMP contains some scripts, driven by tasks, that require Windows Management Instrumentation (WMI) and Windows Scripting Host version 5.6 to be running on the MOM agent system. The use of these tasks is optional.

Installing the Management Pack

The Microsoft Forefront Server Security Management Pack for MOM 2005 is a standard MOM Management Pack (akm) file.

To install (import) the management pack

  1. Select and download the proper .akm file from the Microsoft Operations Manager Downloads site to the Program Files\Microsoft Operations Manager 2005\Management Packs folder on the MOM Server. If you are going to manage Microsoft Forefront Security for Exchange Server systems, download “FSMPack_FSE.akm”. If you are going to manage Microsoft Forefront Security for SharePoint systems, download “FSMPack_FSSP.akm”. If you are going to manage both kinds of systems, download “FSMPack_All.akm”.

  2. Navigate to the Management Packs container on the MOM 2005 Administrator Console.

  3. Right-click the Management Packs container and select the Import/Export Management Option. The Import/Export Wizard launches.

  4. Select Import.

  5. Choose the akm file you downloaded in the first step.

For more information about importing Management Packs, please refer to the Microsoft MOM 2005 product help and documentation.

Deploying Agents

To administer remote computers with Microsoft Forefront Security for Exchange Server or Microsoft Forefront Security for SharePoint installed, you must deploy MOM agents to them. These agents communicate between the managed servers and MOM 2005. Systems that have had the agents installed are referred to as agent systems.

For more information about deploying MOM agents, see the Microsoft Operations Manager 2005 help and documentation.

Establishing Group Membership

The Microsoft Forefront Server Security Management Pack for MOM 2005 uses group membership to apply its rule-based monitoring to the correct agent systems. After the FFSMP and the MOM agents have been installed, you must establish group membership by assigning agent systems to the appropriate computer group.

Using a process called attribute discovery, MOM examines a server’s registry to see if Forefront Security for Exchange Server or Forefront Security for SharePoint is installed. If so, the server is added to the appropriate MOM computer group. For the steps involved in adding agent systems to computer groups, see Attribute Discovery.

For more information about computer groups, see Computer Groups.

Attribute Discovery

Run the attribute discovery task on the agent systems to assign each to a computer group.

To run Attribute Discovery

  1. Open the MOM 2005 Administrator Console.

  2. Navigate to Administration and expand it.

  3. Navigate to Computers\Agent Managed Computers. These are the systems that have had agents installed.

  4. Select all the computers in the right pane (the agent systems), and then right-click. A shortcut menu appears.

  5. Select Run Attribute Discovery Now from the shortcut menu. Each agent system will be placed into one of the computer groups.

Configuring Notification Groups

FFSMP includes alert rules that, when triggered, send alerts to a Microsoft Forefront Security Administration Group. This group was automatically created when the Management Pack was imported. It is initially empty and does not include any operators (group members) or their notification details.

The notification groups, group membership, and alert rules applied to these groups may need to be adjusted to suit your enterprise.

Additionally, the appropriate e-mail server parameters and paging parameters may need to be configured from within the Administration\Global Settings container in the MOM 2005 Administrator Console.

For more information about configuring notifications within MOM, refer to the Microsoft MOM 2005 product help and documentation.

Other Configuration Steps

There are two other configuration steps, both optional:

  • Modifying the Microsoft Forefront Server Security Administrator path.

  • Modifying the directory specified for an Application Log Provider.

Microsoft Forefront Server Security Administrator Path

If you have installed the Forefront Server Security Administrator, you can run a local copy of the FSSA on the MOM server. To do this, MOM needs to know its location. Its location is set to the Forefront Server Security Administrator default installation folder. If you changed that location when you installed the Forefront Server Security Administrator on MOM, you must reflect that change.

To modify the Forefront Server Security Administrator path

  1. Select Client Console in Tasks/Microsoft Forefront Security in the Mom Operator Console.

  2. Select Forefront Server Security Administrator.

  3. Right-click and choose Properties. The Forefront Server Security Administrator Properties appear.

  4. Enter the new location in the Task Command Line field.

  5. Click OK.

For more information about running a local copy of the Forefront Server Security Administrator, see Client Console Tasks.

MOM Data Providers

The Microsoft Forefront Server Security Management Pack for MOM 2005 utilizes various provider types for collecting data on the MOM agent servers:

  • The Microsoft Windows Event Logs.

  • The Microsoft Forefront Security ProgramLog.txt file. You can change the directory path to the ProgramLog.txt file in the Application Log provider.

  • The Microsoft Windows Performance Monitor.

  • Timed Event.

While it is possible to disable logging to these providers on the remote systems, doing so will prevent logging the data that MOM requires to report on system status.

Forefront Security ProgramLog Providers

The Microsoft Forefront Server Security Management Pack for MOM 2005 includes two custom providers (Forefront Security ProgramLog and Forefront SP ProgramLog) that allow MOM to monitor for particular entries written to the Forefront Security ProgramLog.txt file. One provider points to the directory for Forefront Security for Exchange Server and the other points to the directory for Forefront Security for SharePoint.

The configuration for the ProgramLog providers:

Provider Name

Forefront Security ProgramLog

Provider Type

Application Log Provider

Provider Log Type

Generic single-line log file

Format

Generic

Directory

%PROGRAMFILES%\Microsoft Forefront Security\Exchange Server\Data\ProgramLog.txt

Provider Name

Forefront SP ProgramLog

Provider Type

Application Log Provider

Provider Log Type

Generic single line log file

Format

Generic

Directory

%PROGRAMFILES%\Microsoft Forefront Security\SharePoint\Data\ProgramLog.txt

If the ProgramLog.txt file is not stored in the default Forefront Security installation directory on one or more agent systems, you must tell MOM where to find it.

Note

You can assign multiple directory path entries to this provider, since each agent system might have the file in a different directory.

You can add a new directory path in which MOM can find the log file.

To add a new directory path to the Application Log Provider

  1. Open the MOM 2005 Administrator Console.

  2. Navigate to the Management Packs\Providers container.

  3. Select the Application Log type called Forefront Security ProgramLog or Forefront SP ProgramLog, depending on which one requires a new path.

  4. Right-click, and then select Properties.

  5. Click the Directories tab.

  6. Click Add. The Directory Edit dialog box appears.

  7. Enter the directory path to the log file in the Directory field.

  8. Select a format of Generic in the Format field.

  9. Click Add. The File Pattern Edit dialog box appears.

  10. Enter a File Pattern. This is the name of the Application Log file. It is usually called ProgramLog.txt, but you may have renamed it on the agent system.

  11. Click OK.

You can modify an existing directory path so that MOM can find the log file.

To modify the directory path to the Application Log Provider

  1. Open the MOM 2005 Administrator Console.

  2. Navigate to the Management Packs\Providers container.

  3. Select the Application Log type called Forefront Security ProgramLog or Forefront SP ProgramLog, depending on which one requires the modification.

  4. Right-click, and then select Properties.

  5. Click the Directories tab.

  6. Select a log.

  7. Click Edit. The Directory Edit dialog box appears.

  8. Modify the directory path to the log file in the Directory field, if necessary.

  9. Select a format of Generic in the Format field.

  10. Modify the File Pattern, if necessary. This is the name of the Application Log file. It is usually called ProgramLog.txt, but you may have renamed it on the agent system.

  11. Click OK.