SIM330 Session Objectives and Takeaways Business Challenge • Limited monitoring • No consolidated reporting • Laborious manual process Solution • Chose FEP 2010 as new antimalware.

Download Report

Transcript SIM330 Session Objectives and Takeaways Business Challenge • Limited monitoring • No consolidated reporting • Laborious manual process Solution • Chose FEP 2010 as new antimalware.

SIM330
Session Objectives and Takeaways
Business Challenge
• Limited monitoring
• No consolidated reporting
• Laborious manual process
Solution
• Chose FEP 2010 as new
antimalware management
solution
• Deployed to existing
ConfigMgr 2007 R2 and R3
servers & Clients
Results/Benefits
• Faster response to
infections
• Better type of malware
knowledge
• Improved SLA for policy
deployment
• Only added 1 server for
FEP SQL data warehouse
• Minimal impact to network
performance
FEP 2010 Deployment & Management Lifecycle
Phase 1
Implementation Planning:
Infrastructure & FEP Policies
Phase 4
Monitoring Alerting and
Reporting
Phase 2
FEP Server and Client
Deployment
Planning
Deployment
Reporting
Management
Phase 3
Ongoing Policy and
Update Management
1
Management Point
ConfigMgr 2007
Site Server
4
ConfigMgr
Console
2
Distribution Points
1. FEP Service Extensions
2. Databases
FEP DB
FEP Reporting Data warehouse DB
3. FEP Reporting
SQL Server
5
3
Software Update
SQL Reporting Server
Point
ConfigMgr
Clients
4. FEP Console Extensions
5. FEP 2010 Clients
Planning
Planning
Planning
ConfigMgr 07 Central Site
220,000 Clients Managed
FEP SQL
Console
DB
FEP Server +
Extensions
Redmond Campus
~80k Clients
North & South America
~35k Clients
Limited Services
~4k Clients
FEP SQL Data
Warehouse & Reporting
Europe, Middle east & Africa
~35k Clients
Fareast & South Pacific
~65k Clients
Deployment
Deployment
Deployment
Source
First time
Daily (approx. 3 times a
day)
Engine Update (approx.
once a month)
WSUS/MU
~65 MB
100 KB-1 MB (Binary Delta)
11MB-15MB
UNC/MMPC*
~65 MB
1MB-6MB (Delta)
~61MB
* MMPC – Microsoft Malware Protection Center
Deployment
http://technet.microsoft.com/en-us/library/ff823842.aspx
Deployment
Description
FEP 2010 Client
Size on Disk
~22MB
FEP Client Deployment package ~19MB
Service Name
Microsoft Antimalware Service
(MsMpSvc)
Process
MsMpEngine.exe
Deployment
Distribution
State
Category
Against
Against
Count
Count
Last
FailedError
Status
against
Count
1,473
Program
failed
Succeeded
1,180
65 778
Non Supported
Failed OS
Program failed (download failed)
142
1,788
232
No Status
Conflicting
MS Antimalware
Product
Program failed
(run time exceeded)
Accepted - No Further Status
857
839
20,994
60
245
Reboot
Insufficient
DiskPending
space
Program
failed
(download
failed - content
mismatch)
Waiting
Program installer
failed (unexpected restart)
Windows
Retrying
Not enough
space in cache
Running
WMI
112
66
Misc
Deployment
1. Malware Infects Client
Management Point
Distribution Points
ConfigMgr 2007
Site Server
ConfigMgr
Console
2. FEP Client Cleans malware
Security Event Raised
DCM Evaluation Triggered
3. DCM State Message Sent
SQL Server
Software Update
SQL Reporting Server
Point
4. Infection Data replicated to Data
Warehouse Server
ConfigMgr
Clients
5. Infection Data available in Reports
Manage
Manage
FEP/ConfigMgr Event
Type
No.
Size (KB)
Total Size
(KB)
FEP 2010 Client Installation
Status Message
~6
1
6
Delta Hardware Inventory
Inventory File
1
11
11
FEP Default Policy Applied
Status Message
~6
1
6
4 DCM Baseline Policies & Results
State Message
1
78
78
Total
101 KB
Malware Detected Event
2 DCM Baseline Evaluation & Results
Total
Type
State Message
No.
Size (KB)
Total Size
(KB)
1
49
49
49 KB
Manage
FEP/ConfigMgr Event
Type
No.
Size (KB)
Total Size
(KB)
FEP 2010 Client Installation
Status Message
~6
1
6
Delta Hardware Inventory
Inventory File
1
11
11
FEP Default Policy Applied
Status Message
~6
1
6
4 DCM Baseline Policies & Results
State Message
1
78
78
Total
101 KB
Malware Detected Event
2 DCM Baseline Evaluation & Results
Total
Type
State Message
No.
Size (KB)
Total Size
(KB)
1
49
49
49 KB
Manage
Key Tables Changed
FEP related Status Messages
Compliance Detail
Total
Rows Added
Size Growth
121
35.05 KB
4
16 KB
121
51.05 KB
Projected Growth for 220k clients
Malware Incident Key Tables Changed
10.71 GB
Rows Added
Size Growth
Compliance Status, Compliance Details,
Compliance History
4
17 KB
Total
4
17 KB
Projected Growth for 220k clients
3.56 GB
Manage
Manage
Patch Release
Performance Data Collected every 15 minutes
Green Less than 25% spike; Yellow = Between 25% and 50%; Red = Greater than 50% spike
Primary Site 1: 94,000 ConfigMgr Clients and 53,000 FEP Clients
Site
Role
Total Processor %
Utilization
Before
After
Site
Server
37%
MP’s
SUP
Status
Memory Available
Before
After
13%
8 GB
7%
27%
7%
5%
Status
Total KiloBytes per second
Before
After
8 GB
912
4.5 GB
4.5 GB
5.5 GB
5.8 GB
Status
Web Service Current
Connection Count
Before
After
Status
1270
NA
NA
NA
632
448
840
1007
2491
722
142
99
Manage
ConfigMgr Performance Counter (Processed/Min)
State Sys Files
State Sys Records
Role
Before After
Central
Site
Status Before
After
Hardware Inventory
(MIFs)
Status Before
After
Data Discovery
Records (DDRs)
Status Before
After
Status Message
Records/second
Status Before
After
730
750
8200
7800
45
47
160
175
337
462
Primary
200
Site
180
3100
3200
22
19
56
83
28
22
Status
Convergence
of Management
and Security
New
Enhancements
Evaluation
Options
• Built on System Center Configuration Manager 2012
• Advanced protection with lower impact on productivity
•
•
•
•
Simplified hierarchy model
Role Based Access Control
Definition Updates and automatic approval rules through ConfigMgr
Improved alert timings
• FEP 2012 Beta available now: http://www.microsoft.com/fep
• Join Community Evaluation Program (included in ConfigMgr CEP)
https://connect.microsoft.com/site1211
More Information
http://www.microsoft.com/fep/
http://technet.microsoft.com/enus/library/gg543127.aspx
http://technet.microsoft.com/en-us/library/ff684073.aspx
http://go.microsoft.com/fwlink/?LinkId=207730
http://blogs.technet.com/b/clientsecurity/archive/2011/01/19/fepcapacity-planning-worksheet.aspx
http://technet.microsoft.com/en-us/configmgr/default.aspx
http://blogs.technet.com/b/systemcenter/
http://blogs.technet.com/configurationmgr/default.aspx
http://technet.microsoft.com/enus/systemcenter/ee942121.aspx
http://blogs.msdn.com/shitanshu/default.aspx
http://twitter.com/ConfigMgr_MSIT
[email protected]
Satish Petwe – [email protected]
Blue Section
http://www.microsoft.com/cloud/
http://www.microsoft.com/privatecloud/
http://www.microsoft.com/windowsserver/
http://www.microsoft.com/windowsazure/
http://www.microsoft.com/systemcenter/
http://www.microsoft.com/forefront/
http://northamerica.msteched.com
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn