INSTALLATION HANDSON About the HandsOn This handson section
INSTALLATION HANDS-ON
About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving you the possibility to consult step -by-step instructions. Each given task will be divided into two sections • Actual Task • Conditions, goals and short instructions • Allowing you to work independently • Detailed instructions (step-by-step work through) • In case you can not come up with own solutions Page 2
Task Overview 1. Policy Manager deployment (incl. PMS, PMC and AUSYS) 2. Console initialization and initial configuration 3. AVCS 6. x rollout Page 3
Infrastructure Your environment consists of two computers • Windows 2003 Standard Server (SP 3) • Windows XP Professional (SP 2) Network • 100 Mbit Ethernet, supporting TCP/IP • C-class network (192. 168. 100. 0/24) XP Pro SP 2 Root Update Server 2003 Server Page 4
Task 1 Install Policy Manager with all necessary components (not FSAVCS yet) on a single computer • Is such an installation possible in this environment? If needed, the next pages will provide you with a step-by-step walkthrough => After installation is completed, continue on to page 19 Once you have a clear plan how to proceed, install the products and configure it as follows • Limit access to the PMS admin module to local host (use the default ports during installation) Root Update Server XP Pro SP 2 2003 Server Page 5
Policy Manager Installation Walk-Through Insert the F-Secure Product CD (old screenshot!) • Select ”F-Secure Policy Manager” Page 6
Policy Manager Installation Walk-Through Choose the installation language • Click “Next” Page 7
Policy Manager Installation Walk-Through Read the F-Secure License Terms and accept the agreement • Click ”Next” Page 8
Policy Manager Installation Walk-Through Accept Custom installation • Click “Next” Page 9
Policy Manager Installation Walk-Through Also here accept default selections • Click “Next” Page 10
Policy Manager Installation Walk-Through Default installation path C: Program FilesF-Secure is fine • Click “Next” Page 11
Policy Manager Installation Walk-Through There is no old Policy Manager installed, so accept the default • Click ”Next” Page 12
Policy Manager Installation Walk-Through Accept the default Port Numbers • Click ”Next” Page 13
Policy Manager Installation Walk-Through Select F-Secure Anti-Virus Client Security 6. x • Click ”Next” Page 14
Policy Manager Installation Walk-Through Necessary setup information has been collected. System is ready for installation • Click “Start” Page 15
Policy Manager Installation Walk-Through Installation in process. Do not restart the system until 100 % completed • Might take some minutes Page 16
Policy Manager Installation Walk-Through Components have been installed • Click “Next” Page 17
Policy Manager Installation Walk-Through Installation finished successfully • Click “Finish” Page 18
Task 1 Completed F-Secure Policy Manager is now installed • Check the Server Status • Start/Status Monitor • Both Apache modules should have Status: OK • Web Reporting Module will still show an error, because we didn’t initialize the console yet Initializing and configuring the console will be your next task Page 19
Task 2 Initialize and configure Policy Manager Console • Start the Console and go through the initialization process • After that, configure the console as follows • Rename the Root domain to F-Secure • Restrict all user settings (try to find the easiest way) • Define the Policy Manager host communication address • Note: The address defined during the console initialization is the administration module address • Change the server polling interval to 10 seconds (incoming and outgoing requests) • Distribute policies! Task continues on next page… Page 20
Task 2 Perform a general system check • Are all modules working properly? • What does the status monitor say? • Try out the web reporting, does it work? Try to complete this task independently • If needed, next pages will provide you with a step-by-step walk through => If you managed to complete this task, continue on page 36 Page 21
Console Initialization Walk-Through Start Policy Manager from Start menu for initialization • Click “Next” Page 22
Console Initialization Walk-Through Select Administrator mode • Click “Next” Page 23
Console Initialization Walk-Through Accept default • Click “Next” Page 24
Console Initialization Walk-Through Select the location of the key-pair. Defaults are ok. • Click ”Next” Page 25
Console Initialization Walk-Through Create administrator’s cryptographic keys • Move the cursor until the next dialogue box appears Page 26
Console Initialization Walk-Through Enter the administrative password. Use “password” in this hands-on • Click “Next” Page 27
Console Initialization Walk-Through Click ”Finish” Page 28
Console Initialization Walk-Through First Policy Manager Console launch • By default, Policy Manager Console is run in the Anti-Virus Administration mode (AV mode) Policy Manager is now initialized and ready to use Next step is the console configuration and first policy distribution Page 29
Initial Console Configuration Walk-Through Rename the root domain • Right-click the root domain • Select Domain/Host Properties • Rename “Root” to “F-Secure” After that start fine tuning the communication settings • Click Centralized Management tab Page 30
Initial Console Configuration Walk-Through Prevent user from changing most important settings • Click “Do not allow users to change settings…” Page 31
Initial Console Configuration Walk-Through Define communication settings • Set Policy Manager Server address (IP address of your PMS computer) • Set both polling intervals to 10 seconds Page 32
Initial Console Configuration Walk-Through Distribute the Policy, select File/Distribute (or press CTRL + D) Page 33
System Status Check Overall Check the status of the Policy Manager Server • From the start menu: Start/Programs/F-Secure Policy Manager Server/Status Monitor • The Web Reporting error should now be fixed Page 34
System Status Check (Optional) Web Reporting Open Report web interface • From the start menu: Start/Programs/F-Secure Policy Manager Server/FSecure Policy Manager Web Reporting Page 35
Task 2 completed Policy Manager initialization and configuration has been finalized • The next task will be F-Secure Anti-Virus Client Security 6 rollout Root Update Server XP Pro SP 2 F-Secure PMS / PMC Page 36
Task 3 Install AVCS 6. x on your client computer running Windows XP SP 2 • Is the installation possible without any changes to the host? • Any conflicting software installed on the target system? • Which rollout method is best suited for this environment? • Which methods are possible? • Is there a firewall installed on the host preventing certain rollout methods? Task continues on next page… Page 37
Task 3 Once you have a clear plan on how to rollout AVCS 6. x, and you have checked all issues mentioned on the previous page, go ahead with the rollout Try to complete this task independently • If needed, the next pages will provide you with a step-by-step walk through => If you managed to complete this task and your client has rebooted, continue on page 61 Page 38
Pre-Rollout Checks Check your target host for installed conflicting software • Check if there is conflicting software installed on the computer • If there is, check if that product is automatically detected and removed by F-Secure Sidegrade Function • Important: Always check all your hosts for conflicting software before your start any rollout Page 39
Pre-Rollout Checks If the XP Firewall on your host is enabled: • F-Secure Intelligent Installations requires certain inbound traffic allowed on target host (TCP 135 and 445) • Try to connect to the ports from your PMS • Open the command prompt and telnet the ports • There will be no response, so you need to allow the above mentioned protocols on your target host • Try to come up with a solution, without disabling the firewall! Page 40
XP Firewall Configuration Configure XP SP 2 firewall exceptions • Allow “File and Printer Sharing” • Press “Edit” • Enable SMB only (TCP 445) • Disable all other ports • Create a new service and allow RPC • Press “Add Port” • Name: RPC, Port number: 135 • Confirm by pressing OK Page 41
Remote Installation Walk-Through Select ”Installation” tab on the editor pane • Click “Autodiscover Windows hosts…” Page 42
Remote Installation Walk-Through Select your target host from the list • Click “Install” Page 43
Remote Installation Walk-Through Select F-Secure Anti-Virus Client Security 6. x • Click “Next” Page 44
Remote Installation Walk-Through Check that F-Secure Anti-Virus for Client Security 6. x is the only selection • Click “Next” Page 45
Remote Installation Walk-Through Include the policy from your root domain “F-Secure” • Click “Next” Page 46
Remote Installation Walk-Through Accept the default domain account • Domain administrator account will be used to access the target host • Click “Next” Page 47
Remote Installation Walk-Through Check the installation details, correct if necessary (“Back” button) • Click “Start” Page 48
Remote Installation Walk-Through Click “Next” Page 49
Remote Installation Walk-Through Instructor will provide you with the correct keycode • After typing the keycode, click “Next” Page 50
Remote Installation Walk-Through Install Virus Protection, E-mail scanning and Internet Shield • Click ”Next” Page 51
Remote Installation Walk-Through Select the language the product will use • Click “Next” Page 52
Remote Installation Walk-Through Choose centrally managed installation • Click “Next” Page 53
Remote Installation Walk-Through Specify your Policy Manager Server’s URL • Click “Next” Page 54
Remote Installation Walk-Through No need to add a custom property at this stage • Click ”Next” Page 55
Remote Installation Walk-Through At this point you will be able to choose whether to remove conflicting software automatically • Accept the default setting • Click “Next” Page 56
Remote Installation Walk-Through Select “Restart after installation, in” • Change the countdown to 1 minute • Type a reboot message • Click “Finish” Page 57
Remote Installation Walk-Through Wait while Intelligent Installation creates the distribution package • This step might take some minutes (depending on your system) • Do not press “Cancel” Page 58
Remote Installation Walk-Through F-Secure Setup will start and install AVCS 6. x to your computer Wait until the Reboot message appears on your screen • Don’t reboot yet, minimize the window Page 59
Remote Installation Walk-Through The ”Installation progress” window shows you if the installation has finished successfully • Close this window • Also close the autodiscover wizard window • Distribute policies! • Close Policy Manager Console On the other computer, open the reboot dialogue again and click reboot Page 60
System Status Check After the reboot • Open F-Secure Anti-Virus Client Security 6. x by double-clicking the F-Secure icon in the system tray • Click “Central Management” • Check Last connection and Policy file counter Page 61
Task 3 Completed Congratulations! You have successfully finished the Installation hands-on Root Update Server F-Secure AVCS 6 F-Secure PMS / PMC Page 62
- Slides: 62