Microsoft Servers
Customer Solution Case Study
Renowned Medical Center Safeguards Against
E-Mail Viruses, Keeps Messages Moving
Overview
Country or Region: United States
Industry: Healthcare
Customer Profile
High-ranking University of Pittsburgh
Medical Center (UPMC) ensures that its
patients receive the highest standard of
coordinated healthcare.
Business Situation
Facing an increase in virus attacks, UPMC
looked for e-mail server scanning software
that offered multiple scan engines and
could scan at the database table level
without a significant performance hit.
Solution
UPMC deployed Antigen for Exchange in
1999 and deployed Microsoft® Antigen for
Exchange and Microsoft Antigen Enterprise
Manager in early 2006.
Benefits
 Great performance with reliable security
 Lower administration costs
 Robust reporting
“Since we’ve had Antigen in place, our Exchange
servers have run clean. We haven’t had viruses get
through in e-mail. That’s a testimony to the strength of
Microsoft Antigen.”
Mike Dorn, Messaging Analyst, University of Pittsburgh Medical Center
The University of Pittsburgh Medical Center (UPMC) is one of the
most respected medical centers in the United States. UPMC has
approximately 28,000 users of its e-mail system, which is based on
Microsoft® Exchange Server communication and collaboration
server. With so many mailboxes, UPMC must vigilantly safeguard
against viruses carried in e-mail messages. Experiencing an
increase in virus attacks, UPMC sought antivirus software that
would thoroughly scan e-mail servers without significantly affecting
performance. E-mail server security products from Microsoft
Antigen—an antivirus solution that tightly integrates with Exchange
Server and Windows®-based SMTP gateway servers—proved to be
exactly what UPMC sought. Since implementing Antigen for
Exchange in 1999, UPMC has not had a single significant virus
outbreak attributed to the e-mail system.
Situation
“Microsoft Antigen gives
us the flexibility
necessary to run our email infrastructure in a
way that meets the
needs of the
organization.”
Mark Longwell, Senior Software Architect,
University of Pittsburgh Medical Center
The Information Services (IS) Division
supports all the hospitals and health centers
that make up the University of Pittsburgh
Medical Center (UPMC), one of the most
respected medical centers in the United
States. The current UPMC messaging
infrastructure, which is built on Microsoft®
Exchange 2000 Server and Exchange Server
2003 communication and collaboration
server, supports approximately 28,000 users
and handles between 300,000 and 400,000
inbound messages each day. Like other
organizations, UPMC must safeguard against
viruses and still keep the performance of its
e-mail system at an optimal level.
In 1999, UPMC was looking for an enterprise
antivirus solution when the Melissa macrovirus spread widely, crippling e-mail systems
all over the world. Mike Dorn, Messaging
Analyst at UPMC, says, “We were examining
the advantages of using multiple engines for
antivirus scanning. Melissa made the case for
us.”
UPMC also wanted a solution that would scan
its mail servers—including the Exchange
Server message store—without causing a
significant decline in performance.
Solution
The first significant virus to hit after UPMC
deployed Antigen for Exchange was the “I
Love You” virus (also called Lovebug). New to
using Antigen for Exchange at the time, UPMC
e-mail administrators were using antivirus
engines, but they had not yet put Antigen for
Exchange file filters in place when the virus
hit.
“The I Love You virus affected us for only a
very short time,” explains Dorn. “Antigen for
Exchange allowed us to put file filters in place
quickly and run manual scans, stripping the
offending file from the stores. End of virus.
We’ve run clean since.”
The UPMC network has grown from a fairly
small e-mail system to a full collaboration
platform, which includes Exchange Server
public folders and remote access through
Microsoft Office Outlook® Web Access.
Early in 2006, UPMC deployed Microsoft
Antigen for Exchange, which provides
advanced safeguards, increases availability
and control, and secures content. The goal
was to maintain comprehensive safeguards
and simplify administration while still enjoying
the full collaborative benefits of Exchange
Server. Microsoft Antigen helps extend
security by offering a fifth scan engine—the
Microsoft antivirus scan engine.
UPMC deployed Antigen for Exchange.1
“Antigen for Exchange, as a single solution
that can manage multiple engines in a single
product, was a great fit,” says Dorn. “What’s
more, whereas other products could
adequately scan messages between servers,
Antigen for Exchange was the only product
that constantly scanned the Exchange Server
message store with a very minimal impact on
the servers. That was very important to us.”
In June 2005, Microsoft acquired Sybari
Software, Inc. and its Antigen product line.
1
Architecture
The current mail system includes:

Two appliances running antispam
software from Proofpoint.

Two Windows® operating system–
based Simple Mail Transfer
Protocol (SMTP) Gateways running
Symantec Brightmail antispam
solution.
The following servers run either Exchange
2000 Server or Exchange Server 2003 and
Microsoft Antigen for Exchange:




“With Microsoft Antigen,
I can actually push out
the new templates to
servers in less than two
minutes, and it’s worked
wonderfully.”
Mike Dorn, Messaging Analyst, University of
Pittsburgh Medical Center
Two servers that accept mail from
the SMTP Gateways and scan for
viruses using the “Favor Certainty”
bias setting in Microsoft Antigen.
Sixteen mailbox servers that scan
for viruses using the “Maximum
Certainty” setting in Microsoft
Antigen.
One bridgehead server.
Two servers that support Outlook
Web Access.
UPMC uses five scan engines on every server
running Microsoft Antigen: Norman Data
Defense Systems, Sophos solutions,
Computer Associates Vet, Computer
Associates IT, and the Microsoft Antigen
Worm engine. Microsoft Antigen manages
multiple scan engines so that organizations
receive constant, updated virus signatures
from industry-leading antivirus labs around
the world to reduce the overall risk and
minimize the window of exposure to any given
threat. The multiple engine management in
Microsoft Antigen also ensures that UPMC
can update or replace one engine without
taking others offline. When an engine is
offline for updates, there’s virtually no impact
to users; mail doesn’t queue up to be
scanned because the remaining engines
continue scanning.
To ensure that virus scanning does not
impact Exchange Server performance, UPMC
uses the performance bias settings in
Microsoft Antigen. These bias settings allow
administrators to allocate what percentage of
engines are used for any particular scan job.
In addition to virus scanning, UPMC takes
advantage of Microsoft Antigen file filtering to
block certain file names or extensions such
as executables. UPMC also filters by subject
line and content on sender domain.
Dorn and UPMC e-mail administrators install,
manage, and update Microsoft Antigen on
UPMC e-mail servers by using Microsoft
Antigen Enterprise Manager. From this
browser-based console, administrators
quickly deploy configurations across the
distributed servers running Microsoft Antigen.
Benefits
“Since we’ve had Microsoft Antigen in place,
our Exchange Servers have run clean,” says
Dorn. “We haven’t had any e-mail viruses get
through. That’s a testimony to the strength of
Microsoft Antigen.” While UPMC gets the help
it needs to safeguard against virus threats
and its users enjoy the performance they
demand of the e-mail system, UPMC e-mail
administrators benefit from simplified
management and administration and easier
reporting.
UPMC is evaluating Microsoft Office Live
Communications Server. Says Dorn, “If we
move forward with Live Communications
Server, Antigen for Instant Messaging [IM]
likely will be our choice for helping us to
protect our IM system as well.” Antigen for
Instant Messaging stops viruses introduced
by IM in real time and provides content
filtering that helps IS administration to
enforce corporate content policies in IM
conversations and file transfers.
Great Performance with Reliable
Security
“Microsoft Antigen gives us the flexibility
necessary to run our e-mail infrastructure in a
way that meets the needs of the
organization,” says Mark Longwell, Senior
Software Architect at UPMC. “For example,
we can vary bias settings—maximum for the
real-time Exchange [Server] store scanning,
and a slightly lower setting on resource
servers that handle inbound and outbound
mail (to account for heavy traffic and
preserve performance). We get the best of
both worlds: the system performs well and yet
is protected.”
Lower Administration Costs
Web-based administration and configuration
templates cut down on time spent managing
UPMC’s multiple servers running Exchange
Server.
Rather than configuring settings on each of
the 16 mailbox servers, the UPMC e-mail
support team can do any number of things,
including set file or content filters, scan
engine settings, performance settings, and
the like, save settings in a configuration
template, and push the template out to a
remote server. Settings can be instated
immediately in real time—without the need to
reboot the server. “With Microsoft Antigen, I
can actually push out the new templates to
servers in less than two minutes, and it’s
worked wonderfully,” says Dorn.
Robust Reporting
Previously, every month, Dorn had to gather
mail volume, virus protection, and other
statistics for each of the 16 servers, one
server at a time, and compile the statistics
into a spreadsheet report. By implementing
Microsoft Antigen Enterprise Manager, UPMC
can now create a report for all 16 servers
seamlessly.
“Now, I have all the information in one place
and I can report statistics much more quickly
and with one-sixteenth the effort,” remarks
Dorn.
Dorn, his peers, and managers at all levels in
UPMC regularly review Microsoft Antigen
reports that show mail volume, viruses
commonly caught, and antivirus definitions
updates. “The Microsoft Antigen reporting
feature is powerful, and it proves that we’re
getting value from Microsoft Antigen,” says
Dorn.
UPMC e-mail administrators also receive
Microsoft Antigen e-mail alerts on viruses and
definitions. “Having this knowledge puts us
way ahead of the curve and is very valuable,”
says Longwell. “Microsoft Antigen is always
on top of things—that’s really key.”
For More Information
For more information about Microsoft
products and services, call the Microsoft
Sales Information Center at (800) 4269400. In Canada, call the Microsoft
Canada Information Centre at (877) 5682495. Customers who are deaf or hard-ofhearing can reach Microsoft text telephone
(TTY/TDD) services at (800) 892-5234 in
the United States or (905) 568-9641 in
Canada. Outside the 50 United States and
Canada, please contact your local
Microsoft subsidiary. To access information
using the World Wide Web, go to:
www.microsoft.com
Microsoft Windows Server
System
Microsoft Windows Server System™ is a line
of integrated and manageable server
software designed to reduce the complexity
and cost of IT. Windows Server System
enables you to spend less time and budget
on managing your systems so that you can
focus your resources on other priorities for
you and your business.
For more information about Windows Server
System, go to:
www.microsoft.com/windowsserversystem
For more information about University of
Pittsburgh Medical Center products and
services, call (800) 533-UPMC (8762) or
visit the Web site at:
www.upmc.com
Software and Services
Microsoft Servers
− Microsoft Exchange 2000 Server
− Microsoft Exchange Server 2003
− Microsoft Office Live Communications
Server
 Microsoft Antigen Enterprise Manager
 Microsoft Antigen for Exchange


© 2006 Microsoft Corporation. All rights reserved.
This case study is for informational purposes only. MICROSOFT
MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
SUMMARY. Microsoft, Outlook, the Windows logo, and Windows
Server System are either registered trademarks or trademarks
of Microsoft Corporation in the United States and/or other
countries. All other trademarks are property of their respective
owners.
Document published June 2006
Technologies
− Microsoft Office Outlook Web Access
Hardware

IBM X366 Quad Processor servers with 16
GB of RAM