F-Secure Client Security and Policy Manager rollout implementation - F-Secure Community
<main> <article class="userContent"> <p> </p> F-Secure Client Security and Policy Manager rollout implementation <p>This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff to assist in the planning process. </p> <h3>Planning the installation and number of servers required</h3> <div> <ul><li>Use one Policy Manager Server (PMS) for every 10.000 clients if possible. </li> <li>More than 10.000 clients per PMS can be difficult to administer and also places additional load on the server which can lead to a negative user experience. </li> <li>Use one Policy Manager Server per branch office or at least "major branch office". </li> <li>Deploy a Policy Manager Proxy Server (PMP) installation in each branch office where no PMS is installed that has more than ~10 clients. </li> </ul></div> <h3>Rolling out: Preparation</h3> <div> <ul><li>Create the policy domain structure before rolling out the clients. </li> <li>Configure the policy before rolling out the clients. Firewall rules and PMP configuration are worthy of special attention in a distributed environment! </li> <li>Create autoimport rules and check that they function correctly before rolling out. </li> </ul></div> <h3>Rolling out: Implementation</h3> <div> <ul><li>Push-installing more than 20 or so clients at a time from the Policy Manager Console (PMC) is not recommended. It is possible that even with these 'low' numbers, the PMC machine will be unusable for an hour or more. </li> <li>For major rollouts, use a batch calling ilaunchr and use preconfigured JAR package or a MSI installer exported using Policy Manager Console. </li> <li>Use System Center Configuration Manager (SCCM) or other similar tools for deploying the JAR or MSI installation. </li> <li>Deploy the installation to a test environment ("beta group") with at least 10 as "different as possible" clients before running the rollout batch. </li> <li>Test specifically for failing sidegrade, where used; create a brute force removal tool if necessary and test it before the rollout. </li> <li>Roll out small groups of computers at once and then thoroughly test them before continuing; fixing 50 clients is significantly easier than 500. </li> </ul></div> <br> </article> </main>