SIM330 Session Objectives and Takeaways Business Challenge • Limited monitoring • No consolidated reporting • Laborious manual process Solution • Chose FEP 2010 as new antimalware.
Download ReportTranscript SIM330 Session Objectives and Takeaways Business Challenge • Limited monitoring • No consolidated reporting • Laborious manual process Solution • Chose FEP 2010 as new antimalware.
SIM330 Session Objectives and Takeaways Business Challenge • Limited monitoring • No consolidated reporting • Laborious manual process Solution • Chose FEP 2010 as new antimalware management solution • Deployed to existing ConfigMgr 2007 R2 and R3 servers & Clients Results/Benefits • Faster response to infections • Better type of malware knowledge • Improved SLA for policy deployment • Only added 1 server for FEP SQL data warehouse • Minimal impact to network performance FEP 2010 Deployment & Management Lifecycle Phase 1 Implementation Planning: Infrastructure & FEP Policies Phase 4 Monitoring Alerting and Reporting Phase 2 FEP Server and Client Deployment Planning Deployment Reporting Management Phase 3 Ongoing Policy and Update Management 1 Management Point ConfigMgr 2007 Site Server 4 ConfigMgr Console 2 Distribution Points 1. FEP Service Extensions 2. Databases FEP DB FEP Reporting Data warehouse DB 3. FEP Reporting SQL Server 5 3 Software Update SQL Reporting Server Point ConfigMgr Clients 4. FEP Console Extensions 5. FEP 2010 Clients Planning Planning Planning ConfigMgr 07 Central Site 220,000 Clients Managed FEP SQL Console DB FEP Server + Extensions Redmond Campus ~80k Clients North & South America ~35k Clients Limited Services ~4k Clients FEP SQL Data Warehouse & Reporting Europe, Middle east & Africa ~35k Clients Fareast & South Pacific ~65k Clients Deployment Deployment Deployment Source First time Daily (approx. 3 times a day) Engine Update (approx. once a month) WSUS/MU ~65 MB 100 KB-1 MB (Binary Delta) 11MB-15MB UNC/MMPC* ~65 MB 1MB-6MB (Delta) ~61MB * MMPC – Microsoft Malware Protection Center Deployment http://technet.microsoft.com/en-us/library/ff823842.aspx Deployment Description FEP 2010 Client Size on Disk ~22MB FEP Client Deployment package ~19MB Service Name Microsoft Antimalware Service (MsMpSvc) Process MsMpEngine.exe Deployment Distribution State Category Against Against Count Count Last FailedError Status against Count 1,473 Program failed Succeeded 1,180 65 778 Non Supported Failed OS Program failed (download failed) 142 1,788 232 No Status Conflicting MS Antimalware Product Program failed (run time exceeded) Accepted - No Further Status 857 839 20,994 60 245 Reboot Insufficient DiskPending space Program failed (download failed - content mismatch) Waiting Program installer failed (unexpected restart) Windows Retrying Not enough space in cache Running WMI 112 66 Misc Deployment 1. Malware Infects Client Management Point Distribution Points ConfigMgr 2007 Site Server ConfigMgr Console 2. FEP Client Cleans malware Security Event Raised DCM Evaluation Triggered 3. DCM State Message Sent SQL Server Software Update SQL Reporting Server Point 4. Infection Data replicated to Data Warehouse Server ConfigMgr Clients 5. Infection Data available in Reports Manage Manage FEP/ConfigMgr Event Type No. Size (KB) Total Size (KB) FEP 2010 Client Installation Status Message ~6 1 6 Delta Hardware Inventory Inventory File 1 11 11 FEP Default Policy Applied Status Message ~6 1 6 4 DCM Baseline Policies & Results State Message 1 78 78 Total 101 KB Malware Detected Event 2 DCM Baseline Evaluation & Results Total Type State Message No. Size (KB) Total Size (KB) 1 49 49 49 KB Manage FEP/ConfigMgr Event Type No. Size (KB) Total Size (KB) FEP 2010 Client Installation Status Message ~6 1 6 Delta Hardware Inventory Inventory File 1 11 11 FEP Default Policy Applied Status Message ~6 1 6 4 DCM Baseline Policies & Results State Message 1 78 78 Total 101 KB Malware Detected Event 2 DCM Baseline Evaluation & Results Total Type State Message No. Size (KB) Total Size (KB) 1 49 49 49 KB Manage Key Tables Changed FEP related Status Messages Compliance Detail Total Rows Added Size Growth 121 35.05 KB 4 16 KB 121 51.05 KB Projected Growth for 220k clients Malware Incident Key Tables Changed 10.71 GB Rows Added Size Growth Compliance Status, Compliance Details, Compliance History 4 17 KB Total 4 17 KB Projected Growth for 220k clients 3.56 GB Manage Manage Patch Release Performance Data Collected every 15 minutes Green Less than 25% spike; Yellow = Between 25% and 50%; Red = Greater than 50% spike Primary Site 1: 94,000 ConfigMgr Clients and 53,000 FEP Clients Site Role Total Processor % Utilization Before After Site Server 37% MP’s SUP Status Memory Available Before After 13% 8 GB 7% 27% 7% 5% Status Total KiloBytes per second Before After 8 GB 912 4.5 GB 4.5 GB 5.5 GB 5.8 GB Status Web Service Current Connection Count Before After Status 1270 NA NA NA 632 448 840 1007 2491 722 142 99 Manage ConfigMgr Performance Counter (Processed/Min) State Sys Files State Sys Records Role Before After Central Site Status Before After Hardware Inventory (MIFs) Status Before After Data Discovery Records (DDRs) Status Before After Status Message Records/second Status Before After 730 750 8200 7800 45 47 160 175 337 462 Primary 200 Site 180 3100 3200 22 19 56 83 28 22 Status Convergence of Management and Security New Enhancements Evaluation Options • Built on System Center Configuration Manager 2012 • Advanced protection with lower impact on productivity • • • • Simplified hierarchy model Role Based Access Control Definition Updates and automatic approval rules through ConfigMgr Improved alert timings • FEP 2012 Beta available now: http://www.microsoft.com/fep • Join Community Evaluation Program (included in ConfigMgr CEP) https://connect.microsoft.com/site1211 More Information http://www.microsoft.com/fep/ http://technet.microsoft.com/enus/library/gg543127.aspx http://technet.microsoft.com/en-us/library/ff684073.aspx http://go.microsoft.com/fwlink/?LinkId=207730 http://blogs.technet.com/b/clientsecurity/archive/2011/01/19/fepcapacity-planning-worksheet.aspx http://technet.microsoft.com/en-us/configmgr/default.aspx http://blogs.technet.com/b/systemcenter/ http://blogs.technet.com/configurationmgr/default.aspx http://technet.microsoft.com/enus/systemcenter/ee942121.aspx http://blogs.msdn.com/shitanshu/default.aspx http://twitter.com/ConfigMgr_MSIT [email protected] Satish Petwe – [email protected] Blue Section http://www.microsoft.com/cloud/ http://www.microsoft.com/privatecloud/ http://www.microsoft.com/windowsserver/ http://www.microsoft.com/windowsazure/ http://www.microsoft.com/systemcenter/ http://www.microsoft.com/forefront/ http://northamerica.msteched.com www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn