INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving

INSTALLATION HANDS-ON

Page 2

About the Hands-On

This hands-on section is structured in a way, that it allows you to

work independently, but still giving you the possibility to consult

step-by-step instructions.

Each given task will be divided into two sections

• Actual Task

• Conditions, goals and short instructions

• Allowing you to work independently

• Detailed instructions (step-by-step work through)

• In case you can not come up with own solutions

Page 3

Task Overview

1. Policy Manager deployment (incl. PMS, PMC and AUSYS)

2. Console initialization and initial configuration

3. AVCS 6.x rollout

Page 4

Infrastructure

Your environment consists of two computers

• Windows 2003 Standard Server (SP3)

• Windows XP Professional (SP2)

Network

• 100 Mbit Ethernet, supporting TCP/IP

• C-class network (192.168.100.0/24)

XP Pro SP2 2003 Server

Root Update Server

Page 5

Task 1

Install Policy Manager with all necessary components (not FSAVCS yet) on a single computer

• Is such an installation possible in this environment?

Once you have a clear plan how to proceed, install the products and configure it as follows

• Limit access to the PMS admin module to local host (use the default ports during installation)

If needed, the next pages will

provide you with a step-by-step

walkthrough

=> After installation is completed,

continue on to page 19

XP Pro SP2 2003 Server

Root Update Server

Page 6

Policy Manager Installation Walk-Through

Insert the F-Secure Product CD (old screenshot!)

• Select ”F-Secure Policy Manager”

Page 7


Choose the installation language

• Click “Next”

Page 8


Read the F-Secure License Terms and accept the agreement

• Click ”Next”

Page 9


Accept Custom installation


Page 10


Also here accept default selections


Page 11


Default installation path C:\Program Files\F-Secure is fine


Page 12


There is no old Policy Manager installed, so accept the default


Page 13


Accept the default Port Numbers


Page 14


Select F-Secure Anti-Virus Client Security 6.x


Page 15


Necessary setup information has been collected. System is ready for

installation

• Click “Start”

Page 16


Installation in process. Do not restart the system until 100 %

completed

• Might take some minutes

Page 17


Components have been installed


Page 18


Installation finished successfully

• Click “Finish”

Page 19

Task 1 Completed

F-Secure Policy Manager is now

installed

• Check the Server Status

• Start/Status Monitor

• Both Apache modules should have Status: OK

• Web Reporting Module will still show an error, because we didn’t initialize the console yet

Initializing and configuring the console

will be your next task

Page 20

Task 2

Initialize and configure Policy Manager Console

• Start the Console and go through the initialization process

• After that, configure the console as follows

• Rename the Root domain to F-Secure

• Restrict all user settings (try to find the easiest way)

• Define the Policy Manager host communication address

• Note: The address defined during the console initialization is the administration module address

• Change the server polling interval to 10 seconds (incoming and outgoing requests)

• Distribute policies!

Task continues on next page…

Page 21

Task 2

Perform a general system check

• Are all modules working properly?

• What does the status monitor say?

• Try out the web reporting, does it work?

Try to complete this task independently

• If needed, next pages will provide you with a step-by-step walk through

=> If you managed to complete this task, continue on page 36

Page 22

Console Initialization Walk-Through

Start Policy Manager from Start menu for initialization


Page 23


Select Administrator mode


Page 24


Accept default


Page 25


Select the location of the key-pair. Defaults are ok.


Page 26


Create administrator’s cryptographic keys

• Move the cursor until the next dialogue box appears

Page 27


Enter the administrative password. Use “password” in this hands-on


Page 28


Click ”Finish”

Page 29


First Policy Manager Console launch

• By default, Policy Manager Console is run in the Anti-Virus Administration mode (AV mode)

Policy Manager is now initialized and ready to use

Next step is the console configuration and first policy distribution

Page 30

Initial Console Configuration Walk-Through

Rename the root domain

• Right-click the root domain

• Select Domain/Host Properties

• Rename “Root” to “F-Secure”

After that start fine tuning the

communication settings

• Click Centralized Management tab

Page 31


Prevent user from changing most important settings

• Click “Do not allow users to change settings…”

Page 32


Define communication settings

• Set Policy Manager Server address (IP address of your PMS computer)

• Set both polling intervals to 10 seconds

Page 33


Distribute the Policy, select File/Distribute (or press CTRL + D)

Page 34

System Status CheckOverall

Check the status of the Policy

Manager Server

• From the start menu: Start/Programs/F-Secure Policy Manager Server/Status Monitor

• The Web Reporting error should now be fixed

Page 35

System Status Check (Optional)Web Reporting

Open Report web interface

• From the start menu: Start/Programs/F-Secure Policy Manager Server/F-Secure Policy Manager Web Reporting

Page 36

Task 2 completed

Policy Manager initialization and

configuration has been finalized

• The next task will be F-Secure Anti-Virus Client Security 6 rollout

XP Pro SP2 F-SecurePMS / PMC

Root Update Server

Page 37

Task 3

Install AVCS 6.x on your client computer running Windows XP SP2

• Is the installation possible without any changes to the host?

• Any conflicting software installed on the target system?

• Which rollout method is best suited for this environment?

• Which methods are possible?

• Is there a firewall installed on the host preventing certain rollout methods?

Task continues on next page…

Page 38

Task 3

Once you have a clear plan on how to rollout AVCS 6.x, and you have

checked all issues mentioned on the previous page, go ahead with

the rollout

Try to complete this task independently

• If needed, the next pages will provide you with a step-by-step walk through

=> If you managed to complete this task and your client has rebooted,

continue on page 61

Page 39

Pre-Rollout Checks

Check your target host for installed conflicting software

• Check if there is conflicting software installed on the computer

• If there is, check if that product is automatically detected and removed by F-Secure Sidegrade Function

• Important: Always check all your hosts for conflicting software before your start any rollout

Page 40

Pre-Rollout Checks

If the XP Firewall on your host is enabled:

• F-Secure Intelligent Installations requires certain inbound traffic allowed on target host (TCP 135 and 445)

• Try to connect to the ports from your PMS

• Open the command prompt and telnet the ports

• There will be no response, so you need to allow the above mentioned protocols on your target host

• Try to come up with a solution, without disabling the firewall!

Page 41

XP Firewall Configuration

Configure XP SP2 firewall exceptions

• Allow “File and Printer Sharing”

• Press “Edit”

• Enable SMB only (TCP 445)

• Disable all other ports

• Create a new service and allow RPC

• Press “Add Port”

• Name: RPC, Port number: 135

• Confirm by pressing OK

Page 42

Remote Installation Walk-Through

Select ”Installation” tab on the editor pane

• Click “Autodiscover Windows hosts…”

Page 43


Select your target host from the list

• Click “Install”

Page 44


Select F-Secure Anti-Virus Client Security 6.x


Page 45


Check that F-Secure Anti-Virus for Client Security 6.x is the only

selection


Page 46


Include the policy from your root domain “F-Secure”


Page 47


Accept the default domain account

• Domain administrator account will be used to access the target host


Page 48


Check the installation details, correct if necessary (“Back” button)

• Click “Start”

Page 49


Click “Next”

Page 50


Instructor will provide you with the correct keycode

• After typing the keycode, click “Next”

Page 51


Install Virus Protection, E-mail scanning and Internet Shield


Page 52


Select the language the product will use


Page 53


Choose centrally managed installation


Page 54


Specify your Policy Manager Server’s URL


Page 55


No need to add a custom property at this stage


Page 56


At this point you will be able to choose whether to remove conflicting

software automatically

• Accept the default setting


Page 57


Select “Restart after installation, in”

• Change the countdown to 1 minute

• Type a reboot message

• Click “Finish”

Page 58


Wait while Intelligent Installation creates the distribution package

• This step might take some minutes (depending on your system)

• Do not press “Cancel”

Page 59


F-Secure Setup will start and install AVCS 6.x to your computer

Wait until the Reboot message appears on your screen

• Don’t reboot yet, minimize the window

Page 60


The ”Installation progress” window shows you if the installation has finished successfully

• Close this window

• Also close the autodiscover wizard window

• Distribute policies!

• Close Policy Manager Console

On the other computer, open the reboot dialogue again and click reboot

Page 61

System Status Check

After the reboot

• Open F-Secure Anti-Virus Client Security 6.x by double-clicking the F-Secure icon in the system tray

• Click “Central Management”

• Check Last connection and Policy file counter

Page 62

Task 3 Completed

Congratulations! You have successfully finished the

Installation hands-on

F-SecureAVCS 6 F-Secure

PMS / PMC

Root Update Server

Documents

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving