F-Secure Client Security and Policy Manager rollout implementation

This discussion has a more recent version.
Jali Posts: 1,769 F-Secure Employee

This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff to assist in the planning process.

Planning the installation and number of servers required

  • Use one Policy Manager Server (PMS) for every 10.000 clients if possible.
  • More than 10.000 clients per PMS can be difficult to administer and also places additional load on the server which can lead to a negative user experience.
  • Use one Policy Manager Server per branch office or at least "major branch office".
  • Deploy a Policy Manager Proxy Server (PMP) installation in each branch office where no PMS is installed that has more than ~10 clients.

Rolling out: Preparation

  • Create the policy domain structure before rolling out the clients.
  • Configure the policy before rolling out the clients. Firewall rules and PMP configuration are worthy of special attention in a distributed environment!
  • Create autoimport rules and check that they function correctly before rolling out.

Rolling out: Implementation

  • Push-installing more than 20 or so clients at a time from the Policy Manager Console (PMC) is not recommended. It is possible that even with these 'low' numbers, the PMC machine will be unusable for an hour or more.
  • For major rollouts, use a batch calling ilaunchr and use preconfigured JAR package or a MSI installer exported using Policy Manager Console.
  • Use System Center Configuration Manager (SCCM) or other similar tools for deploying the JAR or MSI installation.
  • Deploy the installation to a test environment ("beta group") with at least 10 as "different as possible" clients before running the rollout batch.
  • Test specifically for failing sidegrade, where used; create a brute force removal tool if necessary and test it before the rollout.
  • Roll out small groups of computers at once and then thoroughly test them before continuing; fixing 50 clients is significantly easier than 500.