F-Secure Client Security and Policy Manager rollout implementation
This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff to assist in the planning process.
Planning the installation and number of servers required
- Use one Policy Manager Server (PMS) for every 10.000 clients if possible.
- More than 10.000 clients per PMS can be difficult to administer and also places additional load on the server which can lead to a negative user experience.
- Use one Policy Manager Server per branch office or at least "major branch office".
- Deploy a Policy Manager Proxy Server (PMP) installation in each branch office where no PMS is installed that has more than ~10 clients.
Rolling out: Preparation
- Create the policy domain structure before rolling out the clients.
- Configure the policy before rolling out the clients. Firewall rules and PMP configuration are worthy of special attention in a distributed environment!
- Create autoimport rules and check that they function correctly before rolling out.
Rolling out: Implementation
- Push-installing more than 20 or so clients at a time from the Policy Manager Console (PMC) is not recommended. It is possible that even with these 'low' numbers, the PMC machine will be unusable for an hour or more.
- For major rollouts, use a batch calling ilaunchr and use preconfigured JAR package or a MSI installer exported using Policy Manager Console.
- Use System Center Configuration Manager (SCCM) or other similar tools for deploying the JAR or MSI installation.
- Deploy the installation to a test environment ("beta group") with at least 10 as "different as possible" clients before running the rollout batch.
- Test specifically for failing sidegrade, where used; create a brute force removal tool if necessary and test it before the rollout.
- Roll out small groups of computers at once and then thoroughly test them before continuing; fixing 50 clients is significantly easier than 500.