locked
Forefront Client Security across sites RRS feed

  • Question

  • hi Team,

    We have 2 sites  and planning to deploy Microsoft Forefront Client security. Clients users are arund 8000.  I have few queries and would appreciate if anyone would give some pointers.

    1. FCS 2007 support SQL cluster as database? and can be deployed with the WSUS database running on cluster?
    2. Any option for high availability with FCS servers like FCS windows  cluster \ windows load balanacing ?
    2. Does it support windows server 2008 as FCS Server and windows 7 as client?
    3. Is there any calculation we follow when designing database requirement for FCS Server database?
    4. Whata would be the typical deplyment strategy for FCS across WAN sites. Do we require FCS Servers running on both the sites or one server can distribute policies across the WAN? 
    5. How WSUS will be deployed in such 2 sites senario?
    6. What are the various options available ibn case of disaster ? Any pointers on disaster recovery planning for FCS & WSUS
    7. Is there any maximum limit of users\clients supported by FCS ?
    8. Can we scale it further (like adding additional FCS servers) if clients increases in furture ?


    Any suggetions will be highly appreciated. Thanks in advance ?

    Regards,
    Rohit Goel
    Thursday, January 21, 2010 6:42 AM

Answers

  • Hello!

    Here you have my input.

    2. No, no HA options here. Personally i think the cost does not motivate the function in this case. The only thing you miss while your system is ofline is beeing able to manage clients and alarms are queued on the client so they will pop in when the server is up again.
    2. Yes, windows server 2008 is supported to install FCS server roles on (only 32 bit and not R2).
    3. Yes, Read this! http://blogs.technet.com/fcsnerds/archive/2008/09/25/fcs-with-mom-2005-database-guidance.aspx
    4. The management boundry for FCS is the AD forrest. There is little traffic across WAN in terms of client < -> server traffic. You should plan you WSUS / SCCM design carefully since this can generate traffic.
    5. Well, depending on your WAN "cost" you should have WSUS in each site.
    6. There is a disaster recovery document. http://technet.microsoft.com/en-us/library/bb434995.aspx (you can also find fault tolerance strategies here)
    7. the limmit for a singel FCS deployment is 10 000 clients. if you deploy the enterprise consloe you can handle 10 FCS deployments = 100 000 clients
    8. Yes you can add management servers. However, unless you deploy the enterprise console they will be managed separately.

    Hope it helps!

    /johan
    MCSE, forefront spec | www.msforefront.com
    • Marked as answer by Rohit Goel Monday, January 25, 2010 7:11 AM
    Friday, January 22, 2010 2:29 PM

All replies

  • Hello!

    Here you have my input.

    2. No, no HA options here. Personally i think the cost does not motivate the function in this case. The only thing you miss while your system is ofline is beeing able to manage clients and alarms are queued on the client so they will pop in when the server is up again.
    2. Yes, windows server 2008 is supported to install FCS server roles on (only 32 bit and not R2).
    3. Yes, Read this! http://blogs.technet.com/fcsnerds/archive/2008/09/25/fcs-with-mom-2005-database-guidance.aspx
    4. The management boundry for FCS is the AD forrest. There is little traffic across WAN in terms of client < -> server traffic. You should plan you WSUS / SCCM design carefully since this can generate traffic.
    5. Well, depending on your WAN "cost" you should have WSUS in each site.
    6. There is a disaster recovery document. http://technet.microsoft.com/en-us/library/bb434995.aspx (you can also find fault tolerance strategies here)
    7. the limmit for a singel FCS deployment is 10 000 clients. if you deploy the enterprise consloe you can handle 10 FCS deployments = 100 000 clients
    8. Yes you can add management servers. However, unless you deploy the enterprise console they will be managed separately.

    Hope it helps!

    /johan
    MCSE, forefront spec | www.msforefront.com
    • Marked as answer by Rohit Goel Monday, January 25, 2010 7:11 AM
    Friday, January 22, 2010 2:29 PM
  • Hi Johan,

    Thanks for the valuable inputes . I have few more queries based on your reply. will appreciate any further suggestions..

    So depending on WAN "cost" if i have WSUS on each WAN site...will it be active and downstream configuration for WSUS?
    and do i require all the FCS roles as well on each site i.e. one more managment server, reporting, distribution and collection servers on 2nd site? or both the sites will be managed from one managment server & other server roles ?
    How should my server setup look like . Is it something like follwoing?

    site A
    WSUS
    MAnagment server
    collection server
    distribution server
    reporting server
    Clients polinting to local WSUS server in site A.

    Site B
    WSUS (Downstream server for site A)
    Managment server
    collection server
    distribution server
    reporting server
    clients pointing to local WSUS server on site B.






    Thanks in advance.


    Regards,
    Rohit

    Wednesday, January 27, 2010 5:44 PM