F-Secure Client Security and Policy Manager rollout
This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff to assist in the planning process.
Planning the installation and number of servers required
Use one Policy Manager Server (PMS) for every 10.000 clients if possible.
More than 10.000 clients per PMS can be difficult to administer and also places additional load on the server which can lead to a negative user experience.
Use one Policy Manager Server per branch office or at least "major branch office".
Deploy a Policy Manager Proxy Server (PMP) installation in each branch office where no PMS is installed that has more than ~10 clients.
Rolling out: Preparation
Create the policy domain structure before rolling out the clients.
Configure the policy before rolling out the clients. Firewall rules and PMP configuration are worthy of special attention in a distributed environment!
Create autoimport rules and check that they function correctly before rolling out.
Rolling out: Implementation
Push-installing more than 20 or so clients at a time from the Policy Manager Console (PMC) is not recommended. It is possible that even with these 'low' numbers, the PMC machine will be unusable for an hour or more.
For major rollouts, use a batch calling ilaunchr and use preconfigured JAR package or a MSI installer exported using Policy Manager Console.
Use System Center Configuration Manager (SCCM) or other similar tools for deploying the JAR or MSI installation.
Deploy the installation to a test environment ("beta group") with at least 10 as "different as possible" clients before running the rollout batch.
Test specifically for failing sidegrade, where used; create a brute force removal tool if necessary and test it before the rollout.
Roll out small groups of computers at once and then thoroughly test them before continuing; fixing 50 clients is significantly easier than 500.