Policy Manager Installation Walk

advertisement
INSTALLATION HANDS-ON
About the Hands-On
This hands-on section is structured in a way, that it allows you to
work independently, but still giving you the possibility to consult
step-by-step instructions.
Each given task will be divided into two sections
• Actual Task
• Conditions, goals and short instructions
• Allowing you to work independently
• Detailed instructions (step-by-step work through)
• In case you can not come up with own solutions
Page 2
Task Overview
1. Policy Manager deployment (incl. PMS, PMC and AUSYS)
2. Console initialization and initial configuration
3. AVCS 6.x rollout
Page 3
Infrastructure
Your environment consists of two computers
• Windows 2003 Standard Server (SP3)
• Windows XP Professional (SP2)
Network
• 100 Mbit Ethernet, supporting TCP/IP
• C-class network (192.168.100.0/24)
Root Update
Server
XP Pro SP2
2003 Server
Page 4
Task 1
Install Policy Manager with all
necessary components (not
FSAVCS yet) on a single
computer
• Is such an installation possible in
this environment?
If needed, the next pages will
provide you with a step-by-step
walkthrough
=> After installation is completed,
continue on to page 19
Once you have a clear plan how
to proceed, install the products
and configure it as follows
• Limit access to the PMS admin
module to local host (use the
default ports during installation)
Root
Update
Server
XP Pro SP2
2003
Server
Page 5
Policy Manager Installation Walk-Through
Insert the F-Secure Product CD (old screenshot!)
• Select ”F-Secure Policy Manager”
Page 6
Policy Manager Installation Walk-Through
Choose the installation language
• Click “Next”
Page 7
Policy Manager Installation Walk-Through
Read the F-Secure License Terms and accept the agreement
• Click ”Next”
Page 8
Policy Manager Installation Walk-Through
Accept Custom installation
• Click “Next”
Page 9
Policy Manager Installation Walk-Through
Also here accept default selections
• Click “Next”
Page 10
Policy Manager Installation Walk-Through
Default installation path C:\Program Files\F-Secure is fine
• Click “Next”
Page 11
Policy Manager Installation Walk-Through
There is no old Policy Manager installed, so accept the default
• Click ”Next”
Page 12
Policy Manager Installation Walk-Through
Accept the default Port Numbers
• Click ”Next”
Page 13
Policy Manager Installation Walk-Through
Select F-Secure Anti-Virus Client Security 6.x
• Click ”Next”
Page 14
Policy Manager Installation Walk-Through
Necessary setup information has been collected. System is ready for
installation
• Click “Start”
Page 15
Policy Manager Installation Walk-Through
Installation in process. Do not restart the system until 100 %
completed
• Might take some minutes
Page 16
Policy Manager Installation Walk-Through
Components have been installed
• Click “Next”
Page 17
Policy Manager Installation Walk-Through
Installation finished successfully
• Click “Finish”
Page 18
Task 1 Completed
F-Secure Policy Manager is now
installed
• Check the Server Status
• Start/Status Monitor
• Both Apache modules should have
Status: OK
• Web Reporting Module will still show an
error, because we didn’t initialize the
console yet
Initializing and configuring the console
will be your next task
Page 19
Task 2
Initialize and configure Policy Manager Console
• Start the Console and go through the initialization process
• After that, configure the console as follows
• Rename the Root domain to F-Secure
• Restrict all user settings (try to find the easiest way)
• Define the Policy Manager host communication address
• Note: The address defined during the console
initialization is the administration module address
• Change the server polling interval to 10 seconds (incoming
and outgoing requests)
• Distribute policies!
Task continues on next page…
Page 20
Task 2
Perform a general system check
• Are all modules working properly?
• What does the status monitor say?
• Try out the web reporting, does it work?
Try to complete this task independently
• If needed, next pages will provide you with a step-by-step walk through
=> If you managed to complete this task, continue on page 36
Page 21
Console Initialization Walk-Through
Start Policy Manager from Start menu for initialization
• Click “Next”
Page 22
Console Initialization Walk-Through
Select Administrator mode
• Click “Next”
Page 23
Console Initialization Walk-Through
Accept default
• Click “Next”
Page 24
Console Initialization Walk-Through
Select the location of the key-pair. Defaults are ok.
• Click ”Next”
Page 25
Console Initialization Walk-Through
Create administrator’s cryptographic keys
• Move the cursor until the next dialogue box appears
Page 26
Console Initialization Walk-Through
Enter the administrative password. Use “password” in this hands-on
• Click “Next”
Page 27
Console Initialization Walk-Through
Click ”Finish”
Page 28
Console Initialization Walk-Through
First Policy Manager Console launch
• By default, Policy Manager Console is run in the Anti-Virus
Administration mode (AV mode)
Policy Manager is now initialized and ready to use
Next step is the console configuration and first policy distribution
Page 29
Initial Console Configuration Walk-Through
Rename the root domain
• Right-click the root domain
• Select Domain/Host Properties
• Rename “Root” to “F-Secure”
After that start fine tuning the
communication settings
• Click Centralized Management tab
Page 30
Initial Console Configuration Walk-Through
Prevent user from changing most important settings
• Click “Do not allow users to change settings…”
Page 31
Initial Console Configuration Walk-Through
Define communication settings
• Set Policy Manager Server address (IP address of your PMS computer)
• Set both polling intervals to 10 seconds
Page 32
Initial Console Configuration Walk-Through
Distribute the Policy, select File/Distribute (or press CTRL + D)
Page 33
System Status Check
Overall
Check the status of the Policy
Manager Server
• From the start menu:
Start/Programs/F-Secure Policy
Manager Server/Status Monitor
• The Web Reporting error should now
be fixed
Page 34
System Status Check (Optional)
Web Reporting
Open Report web interface
• From the start menu: Start/Programs/F-Secure Policy Manager Server/FSecure Policy Manager Web Reporting
Page 35
Task 2 completed
Policy Manager initialization and
configuration has been finalized
• The next task will be F-Secure Anti-Virus
Client Security 6 rollout
Root Update
Server
XP Pro SP2
F-Secure
PMS / PMC
Page 36
Task 3
Install AVCS 6.x on your client computer running Windows XP SP2
• Is the installation possible without any changes to the host?
• Any conflicting software installed on the target system?
• Which rollout method is best suited for this environment?
• Which methods are possible?
• Is there a firewall installed on the host preventing certain rollout
methods?
Task continues on next page…
Page 37
Task 3
Once you have a clear plan on how to rollout AVCS 6.x, and you have
checked all issues mentioned on the previous page, go ahead with the
rollout
Try to complete this task independently
• If needed, the next pages will provide you with a step-by-step walk through
=> If you managed to complete this task and your client has rebooted,
continue on page 61
Page 38
Pre-Rollout Checks
Check your target host for installed conflicting software
• Check if there is conflicting software installed on the computer
• If there is, check if that product is automatically detected and removed by
F-Secure Sidegrade Function
• Important: Always check all your hosts for conflicting software before
your start any rollout
Page 39
Pre-Rollout Checks
If the XP Firewall on your host is enabled:
• F-Secure Intelligent Installations requires
certain inbound traffic allowed on target host
(TCP 135 and 445)
• Try to connect to the ports from your PMS
• Open the command prompt and telnet
the ports
• There will be no response, so you need
to allow the above mentioned protocols
on your target host
• Try to come up with a solution, without
disabling the firewall!
Page 40
XP Firewall Configuration
Configure XP SP2 firewall exceptions
• Allow “File and Printer Sharing”
• Press “Edit”
• Enable SMB only (TCP 445)
• Disable all other ports
• Create a new service and allow RPC
• Press “Add Port”
• Name: RPC, Port number: 135
• Confirm by pressing OK
Page 41
Remote Installation Walk-Through
Select ”Installation” tab on the editor pane
• Click “Autodiscover Windows hosts…”
Page 42
Remote Installation Walk-Through
Select your target host from the list
• Click “Install”
Page 43
Remote Installation Walk-Through
Select F-Secure Anti-Virus Client Security 6.x
• Click “Next”
Page 44
Remote Installation Walk-Through
Check that F-Secure Anti-Virus for Client Security 6.x is the only
selection
• Click “Next”
Page 45
Remote Installation Walk-Through
Include the policy from your root domain “F-Secure”
• Click “Next”
Page 46
Remote Installation Walk-Through
Accept the default domain account
• Domain administrator account will be used to access the target host
• Click “Next”
Page 47
Remote Installation Walk-Through
Check the installation details, correct if necessary (“Back” button)
• Click “Start”
Page 48
Remote Installation Walk-Through
Click “Next”
Page 49
Remote Installation Walk-Through
Instructor will provide you with the correct keycode
• After typing the keycode, click “Next”
Page 50
Remote Installation Walk-Through
Install Virus Protection, E-mail scanning and Internet Shield
• Click ”Next”
Page 51
Remote Installation Walk-Through
Select the language the product will use
• Click “Next”
Page 52
Remote Installation Walk-Through
Choose centrally managed installation
• Click “Next”
Page 53
Remote Installation Walk-Through
Specify your Policy Manager Server’s URL
• Click “Next”
Page 54
Remote Installation Walk-Through
No need to add a custom property at this stage
• Click ”Next”
Page 55
Remote Installation Walk-Through
At this point you will be able to choose whether to remove conflicting
software automatically
• Accept the default setting
• Click “Next”
Page 56
Remote Installation Walk-Through
Select “Restart after installation, in”
• Change the countdown to 1 minute
• Type a reboot message
• Click “Finish”
Page 57
Remote Installation Walk-Through
Wait while Intelligent Installation creates the distribution package
• This step might take some minutes (depending on your system)
• Do not press “Cancel”
Page 58
Remote Installation Walk-Through
F-Secure Setup will start and install AVCS 6.x to your computer
Wait until the Reboot message appears on your screen
• Don’t reboot yet, minimize the window
Page 59
Remote Installation Walk-Through
The ”Installation progress” window
shows you if the installation has
finished successfully
• Close this window
• Also close the autodiscover
wizard window
• Distribute policies!
• Close Policy Manager Console
On the other computer, open the
reboot dialogue again and click
reboot
Page 60
System Status Check
After the reboot
• Open F-Secure Anti-Virus Client
Security 6.x by double-clicking the
F-Secure icon in the system tray
• Click “Central Management”
• Check Last connection and Policy
file counter
Page 61
Task 3 Completed
Congratulations! You have successfully finished the
Installation hands-on
Root Update
Server
F-Secure
AVCS 6
F-Secure
PMS / PMC
Page 62
Download