SIA310 - Planning and Deploying Forefront Endpoint Protection 2010 with Microsoft System Center Configuration Manager - PowerPoint PPT Presentation

kesia
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
SIA310 - Planning and Deploying Forefront Endpoint Protection 2010 with Microsoft System Center Configuration Manager PowerPoint Presentation
Download Presentation
SIA310 - Planning and Deploying Forefront Endpoint Protection 2010 with Microsoft System Center Configuration Manager

play fullscreen
1 / 22
Download Presentation
330 Views
Download Presentation

SIA310 - Planning and Deploying Forefront Endpoint Protection 2010 with Microsoft System Center Configuration Manager

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SIA310 - Planning and Deploying Forefront Endpoint Protection 2010 with Microsoft System Center Configuration Manager Alon Rosental Senior Program Manager Microsoft Corporation

  2. Session Objectives and Takeaways • Session Objective(s): • Quick recap on Forefront Endpoint Protection 2010 value proposition • Understand the server and client deployment scenarios addressed Forefront Endpoint Protection 2010 • Provide a high level understanding of the underlying architecture for Forefront Endpoint Protection 2010 and describe how it uses ConfigMgr • Takeaways • Forefront Endpoint Protection 2010 reduces the cost of deployment and ownership through reuse a proven, scalable infrastructure • Forefront Endpoint Protection 2010 is one of the easiest to deploy endpoint protection solutions

  3. Forefront Endpoint Protection 2010 • Lower Cost of Deployment • Built on ConfigMgrsoftware distribution infrastructure • Supports all ConfigMgrtopologies including Branch Office and Non-Domain-Joined • Ease of migration • Deployed across Windows Client & Server Operating systems • Be Protected and Stay Productive • Protect your desktops against viruses, spyware, rootkits, and malware • Productivity oriented default configuration • Integrated host firewall management • Backed by global Malware Research and Response • Unified Client Management • Unified management interface targeted for the desktop admin • Actionable and timely alerting • Simple operation-oriented policy administration • Historic reporting for security administrator

  4. Product Scope - Deployment Scenarios FEP Server Installation I want to use my existing ConfigMgr infrastructure to manage & secure client endpoints FEP Client Deployment I want to start a phased roll-out of Forefront clients and replace the existing client security solution Deployment Features • Client Roll-Out thru ConfigMgr • Non-Domain-Joined PCs • Branch Office topologies • Large-Scale Staged User On-boarding • Automatically switches existing client install base • Standalone (‘unmanaged’)

  5. Building Endpoint Protection On ConfigMgr 2007 • No new servers • Integrated management experience • Reuse of the existing tools, processes & best practices • Supports SP2/R2/R3 Central Site FEP Primary Site Primary Site Primary Site

  6. ConfigMgr 2007 Integration ConfigMgrConsole FEP UI ConfigMgrServer ConfigMgrAgent Forefront Endpoint Protection 2010 Event log ConfigMgrSoftware Distribution Registry FEP Extensions DCM ConfigMgrReporting WMI FEP Reports Managed Computer FEP Warehouse ConfigMgr DB ConfigMgr Forefront Endpoint Protection 2010

  7. Server Installation I want to use my existing ConfigMgrinfrastructure to manage & secure client endpoints

  8. Basic Installation – FEP On Existing ConfigMgr Server Roles • FEP supports the existing ConfigMgr topologies • FEP discovers and installs its server roles on the ConfigMgr server roles Primary Site Primary Site Primary Site FEP Reports FEP Server Extensions FEP Console Extension Central Site • One less infrastructure to deploy, secure & maintain; • No additional HW required; • Simple - Auto discovery & installation of FEP on top of ConfigMgr roles FEP Console Extension FEP Console Extension

  9. Advanced Installation options - Basic with Remote Reporting Database Setup • Offload FEP reporting role and database to a different machine • Consider it when there’s no spare capacity in the existing ConfigMgr deployment Primary Site Primary Site Primary Site FEP Server Extensions FEP Reports FEP Console Extension Central Site FEP Console Extension FEP Console Extension

  10. Centralized Management Advanced Installation options – hierarchy FEP Reports FEP Server Extensions Customers Environment Distributed Management Separate security management and operations to child sites Central policies, monitoring and reporting capabilities. FEP Console Extensions Secondary Site Secondary Site Primary Site Primary Site Primary Site Primary Site Central Site Consolidated reporting FEP Server Extensions FEP Reports FEP Reports FEP Server Extensions FEP Server Extensions FEP Reports FEP Console Extensions FEP Console Extensions FEP Console Extensions

  11. Installing Server Components demo

  12. Client Deployment I want to start a phased roll-out of Forefront clients and replace the existing client security solution

  13. Rolling out clients using ConfigMgr Microsoft Confidential • Built on ConfigMgr Software Distribution: • Supports existing topologies including NDJ, Branch • Enables reuse of the existing tools, processes & best practices • Extends ConfigMgr functionality: • Simplifies the process of switching the existing install base • Provides a rich management experience to enable deployment monitoring, operations and troubleshooting • Provides an integrated end-to-end solution

  14. Using ConfigMgr to Manage Client Deployment demo

  15. Switching the existing client install base Microsoft Confidential • Switching challenges • Different products, managed by different systems • Vulnerability window during replacement • Complex, error prone to automate • Simplified migration in FEP 2010 • Not a standalone tool, fully integrated • Encapsulates switching complexities • Reduces the overall deployment costs

  16. Switching the install base to Forefront Clients demo

  17. Additional client deployment options • Standalone client deployment: • Client protection components not dependent on ConfigMgr • Standalone client installer enables core deployment functions: • Unattended installation • Auto. switching install base • Applying security policies • Definitions provisioned by Microsoft Update in case internal update server not available • Preinstall support for operating system deployment scenarios

  18. Key Takeaways • Forefront Endpoint Protection 2010 reduces the cost of deployment and ownership through reuse a proven, scalable infrastructure • Forefront Endpoint Protection 2010 is one of the easiest to deploy endpoint protection solutions • Call to action: • Public RC is available at www.microsoft.com/forefront • Download, install, give us your feedback

  19. Q&A

  20. Session Evaluations Tell us what you think, and you could win! All evaluations submitted are automatically entered into a daily prize draw*  Sign-in to the Schedule Builder at http://europe.msteched.com/topic/list/ * Details of prize draw rules can be obtained from the Information Desk.

  21. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.