Enabling a Strategic IT Infrastructure with Microsoft Forefront and Microsoft System Center

Published: May 9, 2007


By Rex Backman
Senior Product Manager, Microsoft Corporation

See other Viewpoint articles.

The “Uncontrollable” IT Environment

The complexity of the IT environment in many organizations is at an all-time high—a result of a growing list of business applications and systems that have been added to address business challenges, create new business scenarios, and foster growth. IT managers need to maintain the health of this increasingly intricate IT environment.

At the same time, while the rise of the Internet has delivered unsurpassed advantages—such as enabling remote work scenarios—it has also opened the door to a steady stream of more advanced, more frequent security threats. As work forces become more dispersed, and the boundary between internal and external resources blurs, IT managers must find the balance between managing network security and fostering the highest level of employee productivity. Often, achieving the right balance requires integrating multiple systems and technologies.

Adding to the challenge, IT managers must maintain constant vigilance and utmost control. Only then can they proactively manage systems and identify and address security issues before they become critical. How can businesses address these challenges and turn a possible IT liability into a business asset?

Regaining Control

To help the business meet its objectives, IT managers need tools and technologies that help secure and manage the IT environment in a cost-effective and efficient manner. The market offers many choices, yet few deliver an all-encompassing solution. As a result, businesses implement multiple-point solution products—each of which requires its own management console. The more consoles that are necessary, the more difficult it is for IT managers to get a clear view into the systems and the security state of their environment. What’s more, these tools may be difficult to deploy, use, or manage; they may not integrate easily into the existing environment; or they may consume excessive resource time—detracting from tasks that deliver true business value. Today, we offer a combined solution that hands back the reigns of control to IT managers: Microsoft Forefront and Microsoft System Center. These portfolios work together as a cohesive solution to deliver the benefits of a productive, simplified, and integrated platform.

Microsoft Forefront

The Microsoft Forefront family of business security products helps IT managers protect information and control access to their environment. Microsoft Forefront solutions integrate with an organization’s IT infrastructure and can be supplemented with interoperable third-party solutions, enabling end-to-end, in-depth security solutions. Simplified management, reporting, analysis, and deployment allows for more efficient protection of information resources, as well as more secure access to applications and servers. With highly responsive protection that is supported by Microsoft technical guidance, Microsoft Forefront helps IT managers confidently meet ever-changing threats and increased business demands.

Microsoft System Center

System Center is Microsoft’s family of IT management solutions that helps IT managers proactively plan, deploy, manage, and optimize their physical and virtual IT environment. It plays a central role in Microsoft’s vision to help IT organizations benefit from self-managing, dynamic systems. System Center solutions capture and aggregate knowledge about an infrastructure, policies, processes, and best practices so that IT staff can optimize the IT structure to reduce costs, improve application availability, and enhance service delivery.

Delivering a Productive, Simplified, and Integrated Environment

System Center and Forefront solutions are uniquely positioned to help organizations create a secure, well-managed IT environment. Forefront security solutions build on the deployment, reporting, and remediation capabilities of System Center management solutions, which IT managers can save time and effort by securing and managing their environment through a common infrastructure.

In addition, Forefront and System Center integrate with the Windows platform and its applications. Both product families are optimized for Active Directory and other Windows technologies to readily enable policy configuration and enforcement. They also integrate with Microsoft applications such as Exchange Server and Office SharePoint Server, as well as Windows Server components, to maximize their effectiveness. Forefront and System Center solutions further benefit from Microsoft’s breadth of security and operational knowledge, technical guidance, and best practices that are gained by supporting millions of customers worldwide on Microsoft applications and infrastructure.

Together, Forefront and System Center help IT managers maximize productivity, provide simplified administration, and integrate with an organization’s existing infrastructure. As a result, IT managers can reduce costs, provide their business with a flexible infrastructure, and maintain control.


Forefront and System Center solutions enhance productivity by automating redundant tasks and enabling IT managers to use Microsoft’s knowledge that is embedded into systems and security solutions. Consequently, IT managers can spend less time administering systems and more time completing tasks that maintain end-user productivity.

Automate Routine Tasks

By automating routine and redundant tasks, Forefront and System Center solutions help IT managers reduce the time spent administering systems and focus on tasks that deliver real business value to the organization. For example, System Center solutions use Active Directory and the Windows platform to automatically discover information about systems. Through System Center solutions, IT managers can remotely deploy agents that discover, connect, and self-activate management servers. IT managers can also automatically identify, catalog, and report on software assets throughout the organization.

Similarly, Forefront solutions automate repetitive tasks required for maintaining the security of clients, application servers, and the network edge. Microsoft Forefront Client Security and Forefront Server Security products automate signature updates for protecting clients and application servers, respectively, from threats. In using a multi-engine approach, Forefront Server Security monitors all scan-engine vendor Web sites for updates, downloads, and signatures as they become available, which eliminates the need for IT involvement. Microsoft Internet Security and Acceleration (ISA) Server also provides automated tools that make it easy to more securely publish multiple Web sites.

Use Microsoft’s Embedded Knowledge

With Forefront and System Center, IT managers can create a highly optimized IT environment by using Microsoft’s deployment, operational, and security knowledge. For example, management packs in Microsoft System Center Operations Manager deliver prescriptive guidance and knowledge to help improve monitoring, troubleshooting, and problem resolution for more than 50 Microsoft applications and operating systems. With Microsoft System Center Configuration Manager, administrators can access configuration baselines for core Windows client and server products to consistently create and maintain the desired configuration state for clients and servers.

Forefront solutions benefit from Microsoft’s ongoing research into the threat landscape. Microsoft’s intelligent, global, malware research system is powered by volumes of data collected and submitted by the community. Data on the threat landscape comes from a breadth of internal and external sources, including Forefront Server Security products, Windows Live OneCare, MSN, Hotmail, Exchange Hosted Services, other Microsoft protection technologies, and community submissions. Microsoft’s experienced virus and spyware research team combines this data with automated analysis techniques to respond quickly to current and emerging threats that affect customers.

Maintain End-User Productivity

Forefront and System Center provide solutions that help IT managers to proactively manage systems, protect data, and control access so that end-user interruptions can be avoided.

In monitoring system health, System Center Operations Manager proactively monitors system utilization and Windows client reliability, and it incorporates troubleshooting knowledge to help IT managers quickly identify and resolve end-user problems. System Center Configuration Manager provides IT managers with model-based management techniques to help them ensure that systems comply with corporate policies and maintain good system health, uptime, and performance.

While System Center solutions help maintain system health and compliance with corporate policies, Forefront solutions help IT managers protect end users from interruptions due to malware. For example, Forefront Client Security’s integrated antivirus and antispyware engine provides real-time protection from threats to the operating system of desktops, laptops, and servers. Forefront Server Security products use multiple scan engines to protect end users of applications such as Microsoft Exchange Server and SharePoint Server while maintaining uptime and optimizing server performance.


Through Forefront and System Center solutions, IT managers can simplify the deployment, configuration, management, and security of their environment. With centralized management consoles that use familiar Microsoft interfaces, IT managers can get clear visibility into systems health and security trends and easily drill-down into key details. By providing rapid insight through prioritized information, With Forefront and System Center solutions, IT managers can take action when and where it’s needed to help maintain a secure, well-managed infrastructure.

Easily Secure and Manage Infrastructure

Forefront and System Center give IT managers the tools and technology they need to easily deploy, configure, manage, and secure their IT infrastructure to meet business needs and reduce costs.

System Center solutions simplify the management of Microsoft-based systems and applications while enabling IT managers to complete a diverse assortment of tasks. Using System Center solutions, an IT manager can use native management capabilities—ranging from Windows Mobile devices to enterprise-class Windows-based servers—to administer the smallest hardware component, the most complex service-oriented architecture based IT services, and anything in between.

With Forefront solutions, administrators and users alike benefit from simplified, centralized distribution of the latest configurations, policies, and updates for clients and servers. The management consoles for Forefront products are easy to use, reduce training time, and help control business costs. Because Forefront solutions are also simple to deploy and configure throughout the organization, they help avoid miss configurations that can lead to security issues.

Understand State of Security and System Health

Forefront and System Center solutions provide IT managers with clear visibility into the state of security and systems health and emerging trends, enabling quick drill-down into key details. In addition to reporting on viruses, spyware, and other threats, Forefront Client Security enables IT managers to conduct state assessment scans, so that they can determine which managed computers need patches or are configured insecurely. With the reporting functionality, administrators can measure their security risk profile based on security best practices.

System Center Operations Manager can be used to get visibility into the systems health of those clients. It provides an easy-to-use environment that tracks thousands of event and performance monitors across hundreds of operating systems and applications. Complementing both solutions, System Center Configuration Manager makes it easy to discover and fix system vulnerabilities, to identify systems that lack compliance with corporate policies, and to ensure that the latest hardware and software security updates are applied.


Forefront and System Center solutions integrate with the Windows platform, its applications, and management infrastructure, enhancing the overall effectiveness and responsiveness of existing systems so that IT managers can get the most value out of their investments.

Build on Windows Platform and Applications

Forefront and System Center increase the value of an organization’s investment in Microsoft technology, because each solution builds and expands on Windows capabilities. For example, Forefront Client Security is optimized for Active Directory Group Policy for configuring security agents on clients. Microsoft Forefront Security for Exchange Server uses the intelligent antivirus transport stamp in Exchange Server 2007 to prevent multiple scanning of messages and to conserve valuable messaging server resources. At the network edge, Microsoft’s Intelligent Application Gateway includes customized, detailed access policy and security capabilities that provide secure remote access to Exchange Server, SharePoint Server, and other applications.

In managing IT environments, System Center solutions integrate with Microsoft-based systems and applications such as the Windows operating system, Windows Server operating system, Exchange Server, Microsoft SQL Server, Microsoft Office, and others. System Center solutions also use most of the technology that was developed through the Dynamic Systems Initiative, which is Microsoft’s effort to enable knowledge about an IT system to be created, modified, and operated on throughout the IT system’s life. Knowledge, guidance, and best practices for managing workloads and Windows-based systems come directly from Microsoft development teams and are built into solutions from the System Center family.

Extend Security and Management Capabilities

Forefront and System Center also interoperate with third-party products, so IT administrators can take advantage of existing applications. For example, Operations Manager can monitor third-party applications that are already a part of the infrastructure. System Center partners also provide custom service templates and management applications to extend System Center capabilities to monitor and control third-party infrastructure and applications such as SAP, Oracle, Apache, Linux, and other server operating systems.

Within the Forefront security product family, ISA Server provides an application-layer inspection platform that integrates third-party URL filtering, XML filtering, and Session Initiation Protocol filtering products to provide unified threat management. Intelligent Application Gateway integrates with a range of third-party client-side products—including antivirus, firewall, and other security-related technologies—to support endpoint security and policy enforcement capabilities during remote access.

Moving Forward: Integrated Scenarios and Products

Today, Forefront and System Center deliver a comprehensive set of security and management solutions that share a common management infrastructure and platform. As a result, IT managers can simplify the task of administration, integrate security and management with their existing infrastructure, and maximize their productivity while maintaining end-user productivity. Through Forefront and System Center, companies at all stages of infrastructure maturity can realize these benefits now and create an IT environment that is secure, well-managed, and efficient. Companies can also discover how the breadth of Microsoft’s infrastructure offerings can help them achieve their objectives.

Forefront and System Center will provide a foundation for other integrated scenarios and features that connect people, processes, and infrastructure. For enterprises that are composed of large teams with specialized roles in security and management, Microsoft will continue to offer two product families: Forefront for security-based roles and System Center for management-based roles. Going forward, these product families can be unified through a common “service management” solution that enables workflow definition, process automation, and comprehensive reporting across security and management. Through this solution, security specialists and management specialists can standardize their processes for gathering and prioritizing incidents, for assigning resources to address issues, and for managing changes and resolving problems. By having a central hub through which IT processes and activities are tracked, IT staff can provide business managers with visibility into the overall performance of their environment through centralized reporting.