Analysis of Forefront Security Gateway installation and management plan

Source: Internet
Author: User
Tags server array

There are also many ways to install and manage Forefront, but there is usually only one method that is most suitable for enterprises and administrators. In this article, I will introduce you to common security and management methods as well as their differences and applicable situations. We hope that these contents will help you build installation and management plans that suit your needs. Generally, management methods can be divided into remote management and local management. Remote Management can be divided into client console and server console based on the location of the Management Console. Different management methods have their advantages and disadvantages. Only by understanding these advantages and disadvantages can an enterprise administrator select a proper management method.

  1. Remote Installation and Management

Remote Installation and management in enterprises is often a common method. Generally, if an enterprise has an independent data center, remote management is the preferred method. Because the IDC often has a certain distance from the Administrator's location. In addition, data centers are usually in a relatively sealed environment for security and environmental considerations. That is to say, even administrators do not recommend frequent access. For these reasons, I suggest using Remote Installation and management.

As shown in, remote management can be divided into two situations based on the location of the console installation. In the first case, you can install the console on the Administrator's computer and then connect to the server through the console. The second case is that the management console is installed on the server, and the Administrator connects to the Management Console on the server through remote desktop and other means. Although both methods are remote management, the requirements for the enterprise's network environment are different. In the following content, I will expand this content. I believe that after reading the following text, you can choose your own remote management solution.

Solution A: the console is deployed on the Administrator's host.

The administrator can install the Forefront console on his host. Then, connect to the Forefront server on the console. However, to execute this solution, pay attention to the following two aspects: speed and reliability of network connection and requirements of the operating system.

In general, to use this solution, you must require a fast and reliable connection between the Administrator's computer and the computer on the server. Because in the management work, the console needs to respond and display the updated configuration information. If the connection between the two is unreliable or slow, the response speed of the management console will be slow or the information will be lost. This will affect the efficiency of the Administrator, and may even cause an error. Therefore, if the connection is unreliable or the speed is low, we recommend that you use other methods. Generally, the connection speed is best to reach 10 Gb/s per second, and the minimum is no less than 5 Gb/s per second.

In addition to this speed requirement, this scheme also has a requirement on the operating system. By default, the Forefront2010 console can be installed on a 32-version 2008 operating system. However, the functions of the Management Console on version 32 are limited. If you want to run a complete function, you 'd better use a 64-bit operating system. In addition, the 64-bit Windows operating system can improve the performance of its Management Console under the same conditions. This puts a lot of requirements on the Administrator's computer. Because most administrators use the XP operating system (this operating system is definitely a classic operating system ). To use this solution, you must change the operating system type.

Note that the preceding conditions must be met at the same time. If one condition is not met, the B solution or local management method should be adopted.

Solution B: Install the console on the server

In some cases, if the communication between the server and the Administrator host is not ideal, you need to install the console on the server. The administrator can remotely control the management console on the server by connecting to the server through remote desktop. This solution is not subject to the two conditions of Solution A above.

In this solution, although it is remote management, the console runs on the server. Related commands are directly sent from the console on the server. Therefore, the connection between the server console and the server must be reliable and fast. Although it takes some time for the console information to be reported to the Administrator's host, this does not affect server configuration and management. In addition, this solution has no additional requirements on the operating system of the host where the Administrator is located. You only need to install remote desktop or other similar remote control software on your computer.

For this reason, when some conditions of solution A are not met, I suggest you install the console on the server. Connect to the server through remote desktop or other remote control software and perform remote operations on the console. However, when using this solution, you need to pay attention to security issues. Because many remote control software, including Microsoft's remote desktop tools, have many security vulnerabilities. In addition, it can fully control the host of the other party and is also a concern of many hackers. Therefore, I do not recommend using this solution in an insecure environment. For example, it can be used over the Internet. If you want to use the Internet, it is best to use vpn and other relatively safe connections. VPN uses the security tunnel technology, which not only improves the connection security, but also increases the access speed.

Therefore, a VPN Server must be deployed at the same time when B is used. Establish a secure connection channel between the remote client and the Forefront server. In addition, some companies with relatively strong financial strength will establish fiber-optic channels with subsidiaries or subsidiaries in different regions. In this case, optical fiber connections are used for remote management, which is also a reasonable method. In short, although there are no additional requirements on the connection speed and the operating system used by the client when using the B solution, the administrator needs to pay attention to the security of the remote connection. Do not allow others to take advantage of it.

In Solution A, because the console is installed on the host of the client, you cannot run the Forefront Security Gateway entry wizard on the remote management console. To run the entry wizard, you must access the local console. In solution B, because the management console is deployed on the server and the client accesses the Management Console through remote desktop and other protocols, it is equivalent to accessing the local console, so it is not subject to this restriction. That is to say, in solution B, you can run the entry wizard.

In actual work, we will install the console at the same time on the server side and the client where the Administrator is located. Select solution A or solution B based on actual needs. For example, if the administrator uses solution B on A business trip, the Administrator uses solution A when returning to the Enterprise. In other words, the Forefront server of the group company adopts the solution while the server of the branch company below adopts the B solution. This solution is feasible after tests by the author. It is also a relatively flexible and comprehensive solution.

 2. Local management mode and Enterprise Management Server Mode

The local management mode is to install a single Forefront Security Gateway server (including the service and management console) on the server to locally manage the Forefront Security Gateway server. In practice, the local management mode is usually used for the first installation. Because at this time, we need to do a lot of work, and the communication traffic is also relatively large. Therefore, the local management mode is reasonable. When it comes to subsequent management, it usually involves only a small amount of work. You can use the remote management method described above. The author once again stressed that if remote management is selected, the speed and reliability of remote connection should be considered. Select whether to adopt solution A or solution B based on the actual network environment.

In addition, the enterprise management server model is similar to the Management Console. Only the Management Console applies to the Standard Edition, while the Enterprise Management Server model applies to the Enterprise Edition users. Especially if enterprises adopt a Forefront server array, they must adopt the Enterprise Management Server model.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.