Category Archives: Forefront

Getting in to the mindset of the 70-557 exam

Posted on by
Reply

Having a fairly good lab in place and having played with the technologies, though I’d read the exam objects for Forefront 70-557

Exam topics covered

The following list includes the topics covered on this exam. The percentage indicates the portion of the exam that addresses a particular skill.

Deploying client agents and policies (32 percent)
Configuring server products (34 percent)
Maintaining the infrastructure of the client and server (25 percent)
Monitoring protection status and activity (8 percent)

It seems pretty straight forward, until I flipped back to the top section and notice the following gems:

The typical candidate should have knowledge of the following products and technologies:

Active Directory
Windows Server Update Services (WSUS)
Microsoft SQL Server 2005
Microsoft Operations Manager
Microsoft Exchange Server 2007
Microsoft Office SharePoint Server 2007
Microsoft Live Communication Server
Instant Messenger security

Okay, WSUS, MOM and AD are fair game, I can also understand the SQL 2005 part, but lumping in Exchange, SharePoint and live communications server in to the exam?

Yes, these products need protection, but surely they if they are part of the exam, shouldn’t a section exist in the skills measured section? A quick bit of searching on the net has confirmed my fears. Ms has left out the study topic, but included both the Exchange and SharePoint parts in the exam. Server Protection..Forefront™ Server Security Products

Hold on…. could Configuring server products (34 percent) actually mean cover those two options as well?

Oh yes it does. Delightful. Glad the folks the write the exams give us a the full story on what we should study for ….

I know that separate software exists for protecting Exchange and SharePoint which is under the Forefront banner, so I guess it time to kill another tree and print out the documentation of both those products.

Putting together the pieces

Posted on by
Reply

Got stuck with a bunch of remote support work to do over the weekend, which gave me the time to read through some Ms papers and get the lab working.

Base Network

This is it so far. One happy Domain fully patched with Forefront happily sitting on all the machines and MOM agents all reporting in the the Forefront box.

No email yet, but will dig out the new and shiny Exchange 2007 cd for a bit of a challenge.

Had a dilemma – Should I install the security agents on the ISA servers? The ol’ defense in depth planning suggests it’s a jolly good idea, but several web site and other ISA notables say otherwise.

Time for a bit of research, me thinks!

Update - ISA servers shouldn’t be used as anything other than firewalls (no playing Quake Wars, surfing porn or reading email , I guess on the box any more then)

So the community feeling is FCS isn’t needed on ISA, but in case you haven’t harden the ISA or don’t trust your fellow admins check out this post on setting it up

Patching ISA servers with WSUS

Posted on by
Reply

While playing with a lab, I noticed the the ISA servers weren’t get the Patching goodness from the WSUS server.

A quick check of the logs and I saw the some protocols being denied from the WSUS machine to the ISA’s themselves. Hmm. Too lazy to do the leg work myself, a quick bit of searching and found a nice walk through by Steve Moffat on what and how to allow updates:

http://isaserver.bm/isa_articles/wsus.html

Don’t forget, if you set WSUS up on a non standard port, then create a User defined protocol in ISA for it and apply it to the rule as well.

e.g. WSUS running on TCP port 8530, create a new ISA protocol for TCP 8530 outbound add that to the rule and ditch the HTTP (TCP 80) protocol

Lab work – building a bigger sand box

Posted on by
Reply

Arrgh! The old machine I had set up to run my virtual machines on isn’t up to the RAM or CPU of testing out Ms ForeFront.

I was trying out Ms Virtual Server to overcome a weakness Vmware has when trying to emulate Ms load balancing. Why bother with load balancing? Load balanced ISA’s in arrays is my reason. Having a room full of machines and switches at home isn’t very energy or space friendly, plus with the hot weather I don’t need an indoor sauna  :-)
I decided to try it anyway and to load the six Fore Front roles on to one VM. The Installer demanded a base of 1Gb of RAM and LOTS of disk space. It all so moaned about the system not being dual processor.

My old test box was already running VM’s of a DC, ISA 2004, a file server and a little XP box and things went south fast. It was like running in mud, everything went in to slow motion and swapping between machines wasn’t fun.

Time to go shopping.

One new funky Motherboard, x64 Processor and 8GB of Ram later and it’s time to re-build the lab.

Oh the joys of a clean, full patched and formated system!