locked
2-part QST on Multiple users needing access to FFCSMC RRS feed

  • Question

  • We are currently in the middle of panning an implementation of FFCS in a 3-server topology.  It is one domain with multiples locations throughout the US.  The company is asking the following questions, and i find them to be pretty damn good questions.  Can anyone help in answering these for me.  Thanks.

     

    This is going to be 3-server topology in one domain.  There are 11 locations throughout the US that are involved in this domain.  The central office will house all of the servers and FF components.  The company is thinking to have a "site administrator" in each location.  They want this SA to be able to view statistics and reports of the workstations/servers located in there location. 

    I am under the assumption that this can be done simply by providing the URL to the Reporting Database Server to the SA's.  Am I correct in thinking this?  If so, what is the best way to perform this request.  If not, please inform me of what I should recommend.

    Also, shouldn't there be only one person (or at least in one location) accessing the FFCSMC?  If there were more than one person accessing it, how would you provide this capability?  Would the best suggestion be to remote into the server running the FFCSMC or does the workstation wanting access install the FFCSMC or something of that nature?

     

     


    Kenneth Rodulfo Microsoft Certified Professional Microsoft Certified Systems Engineer MS Technology Specialist - Forefront MS Technology Specialist - Windows 7 Cisco Certified Network Professional
    • Moved by Nick Gu - MSFT Wednesday, October 13, 2010 5:48 AM (From:Forefront Server Security Management Console)
    Wednesday, October 13, 2010 12:31 AM

Answers

  • ive been researching more and more into this as my project has been going on.  ive come to the conclusion of the following for this situation -

     

     

    A.  you can NOT provide a way to do remote administration of the FFCS Management Console in a sufficient working way, UNLESS you have a tier deployment a.k.a an "enterprise forefront environment" setup.  For example, 12 sites and each site has a 3-server topology implemented in which there is an enterprise management server watching over the other servers.  This gives each person there own respectful management console to work with, pertaining to there local machines.  This would be the correct and "microsoft" way of doing things.

     

    B.  You can have users RDP in, however RDP sucks up major bandwidth and you are limited on connections.  Also, do you really want simultaneous connections messing with the databases? 

     

    C.  Lastly, you can use WTS to allow multiple connections for the management console to be used.  But again, do you really want multiple users writing to the database?  Also, if you are playing the game correctly - you will need a WTS connection (at roughly $600 a pop) for each user.

     

    Regards and i hope this was informational to all.

     

    Ken


    Kenneth Rodulfo MCP, , MCSA, MCSE, MCTS - Forefront, MCTS - Windows 7 Cisco Certified Network Professional
    • Marked as answer by HanldeX84 Tuesday, November 2, 2010 8:21 PM
    Tuesday, November 2, 2010 8:21 PM

All replies

  • Hi

    >>I am under the assumption that this can be done simply by providing the URL to the Reporting Database Server to the SA's.  Am I correct in thinking this?  If so, what is the best way to perform this request.  If not, please inform me of what I should recommend.

    The easy thing is creating a group with access to the reporting server:

    http://technet.microsoft.com/en-us/library/ms156014(SQL.90).aspx

    >> Also, shouldn't there be only one person (or at least in one location) accessing the FFCSMC?  If there were more than one person accessing it, how would you provide this capability?  Would the best suggestion be to remote into the server running the FFCSMC or does the workstation wanting access install the FFCSMC or something of that nature?

    I thing the best options is to install the console. http://blog.hznet.nl/2008/05/installing-the-fcs-console-on-your-admin-client-machine/

     


    Martijn B.
    Wednesday, October 13, 2010 5:54 PM
  • Thanks Martijn, I will give this a try.

     

    However I have one question, the link suggests that I install FFCS Management Console on an admin machine.  Then once i install it, it shows the assumption that i will be able to run the FFCSMC and be able to pull up the stats and etc of all the forefront agents (just like the FFCSMC on the Management Server).  But how does this know how to do this?

     

    Will it prompt for entering information in reference to connecting to either the Management or the Reporting Database Server?

     

     


    Kenneth Rodulfo MCP, , MCSA, MCSE, MCTS - Forefront, MCTS - Windows 7 Cisco Certified Network Professional
    Wednesday, October 13, 2010 6:49 PM
  • ive been researching more and more into this as my project has been going on.  ive come to the conclusion of the following for this situation -

     

     

    A.  you can NOT provide a way to do remote administration of the FFCS Management Console in a sufficient working way, UNLESS you have a tier deployment a.k.a an "enterprise forefront environment" setup.  For example, 12 sites and each site has a 3-server topology implemented in which there is an enterprise management server watching over the other servers.  This gives each person there own respectful management console to work with, pertaining to there local machines.  This would be the correct and "microsoft" way of doing things.

     

    B.  You can have users RDP in, however RDP sucks up major bandwidth and you are limited on connections.  Also, do you really want simultaneous connections messing with the databases? 

     

    C.  Lastly, you can use WTS to allow multiple connections for the management console to be used.  But again, do you really want multiple users writing to the database?  Also, if you are playing the game correctly - you will need a WTS connection (at roughly $600 a pop) for each user.

     

    Regards and i hope this was informational to all.

     

    Ken


    Kenneth Rodulfo MCP, , MCSA, MCSE, MCTS - Forefront, MCTS - Windows 7 Cisco Certified Network Professional
    • Marked as answer by HanldeX84 Tuesday, November 2, 2010 8:21 PM
    Tuesday, November 2, 2010 8:21 PM