Antigen Enterprise Manager Quick Start Guide, Archive Version
Microsoft® Antigen
Antigen Enterprise Manager Quick Start Guide, Archive Version
Microsoft Corporation
Published: 7/2010
Legal Information
This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
© 2010 Microsoft. All rights reserved.
Microsoft, Forefront, Windows, and Windows Server are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.
Contents
Antigen Enterprise Manager Quick Start Guide
Introducing Antigen Enterprise Manager
Installing Antigen Enterprise Manager
System Requirements
Installing Antigen Enterprise Manager
Express Installation
Enterprise Installation
Getting Started
Launching the AEM Console
At a Glance
Closing the Console
Administration
Adding Users
Adding Servers
Deploying Agents to Managed Servers
Adding Server Groups
Global Configuration: Notifications and Alerts
Job Management
Deploying Antigen to Remote Servers
Creating an Installation Deployment Package
Deploying Template Files
Creating a Template Package
Deploying License Files
Creating a License Package
Creating a Deployment Job
Signature Redistribution Job
Rollback
General Options Job
Manual Scan Job
Retrieve Logs Job
Retrieving Quarantined Data
Filtering Quarantined Data
Deleting and Forwarding Quarantined Data
Using Reports
Running Reports Manually
Engine Versions Report
Saving Reports
Scheduling E-mail Reports
AEM Alert Management
Configuring Alerts
Signature Update Alert
AEM Event Logs
Alert Log
Notification Logs
Antigen Enterprise Manager Quick Start Guide
The Microsoft Antigen Enterprise Manager (AEM) Quick Start Guide will help you install and use AEM.
This document provides information that was originally published on the Microsoft TechNet Library. In order to improve your information experience with current Microsoft products we occasionally move items out of the TechNet Library and into alternative formats.
Introducing Antigen Enterprise Manager
Installing Antigen Enterprise Manager
Administration
Job Management
Using Reports
AEM Alert Management
AEM Event Logs
Introducing Antigen Enterprise Manager
Microsoft® Antigen Enterprise Manager (AEM) is a management tool that provides IT administrators with a way to centrally manage Antigen software solutions on all Microsoft Exchange and SMTP servers. Using a Web-based user interface, AEM provides centralized deployment and reporting.
Centralized deployment allows administrators to deploy various files and settings to all or selected servers in the enterprise. Using AEM, you can deploy the following to remote computers:
Antigen for Exchange, Antigen for SMTP, and Antigen Spam Manager (and their upgrades)
Templates for configuration management
Antigen license files
Scan engine signature file updates in order to centralize the update procedure
General Options to configure system-level settings
Manual scan jobs
Centralized management allows you to centrally manage antivirus, anti-spam, and content filtering information on remote Antigen servers. Information that can be managed includes:
Program log
Incidents database
Quarantine database
Quarantined data
Centralized reporting allows administrators to more closely monitor the Antigen servers in the enterprise and evaluate the effectiveness of antivirus software. AEM collects statistics from all its managed servers and stores them in a central repository. The statistics are also used by AEM to alert administrators to potential problems by monitoring event thresholds and looking for statistical anomalies that may indicate a problem. Reports provide information about the trends in virus, spam, filter, and update activity for each server or the entire enterprise.
This Quick Start Guide will help you install and use Microsoft Antigen Enterprise Manager. For more detailed information on the included topics, and for additional topics not covered in this guide, see the Microsoft Antigen Enterprise Manager User Guide.
Installing Antigen Enterprise Manager
This release of AEM supports local installations on computers running Microsoft Windows Server™ 2003.
Note:
AEM cannot be installed on a server that is used as a domain controller.
System Requirements
These are the minimum requirements necessary to install Antigen Enterprise Manager on a server. To do so, administrators must have domain rights and local administrator rights.
Minimum Server Requirements
Microsoft Windows Server 2003
128 MB of available memory
183 MB of available disk space for the prerequisites listed below
65 MB of available disk space for AEM itself
Internet Explorer 5.5 or higher
Prerequisites
IIS 5.0 or higher
.NET Runtime v. 1.1
ASP.NET v. 1.1
COM+
Microsoft Message Queue and MSMQ Triggers
MSDE or SQL Server
Note:
AEM uses bi-directional DCOM to communicate information between AEM and the agents located on remote computers. In environments in which internal firewalls are present, the firewall configuration must be configured to allow the DCOM protocol.
If you are going to do an Enterprise Installation (which stores the AEM databases on an existing SQL Server), before starting the installation you must:
Create the following two databases:
AntigenEnterpriseManager
AntigenEnterpriseManagerReports
Know the name of the server running SQL Server to be accessed.
Know the domain in which SQL Server and AEM are located (if you will be using Microsoft Windows® Integrated Security to connect to a remote server running SQL Server).
• Know a username and password (for SQL Server or Windows Authentication).
Important:
The specified user must have been granted access to both the AntigenEnterpriseManager and AntigenEnterpriseManagerReports databases and have db_owner permission.
Installing Antigen Enterprise Manager
To install Antigen Enterprise Manager:
1.Run SETUP.EXE from the directory containing the AEM installation files.
2.If there are missing system components, the Install Wizard offers to install them for you. Click Yes to have the Install Wizard install missing components or click No if you prefer to install the components manually. If no components are missing, this step is skipped.
Note:
IIS is an installation prerequisite. However, for security reasons, it must be installed and patched manually by an administrator.
3. Select the type of installation:
Express installation – Uses the Microsoft SQL Server 2000 Desktop Engine (MSDE) and installs its own instance of SQL Server on the local computer. The installation continues with the following steps in the express installation section.
Enterprise installation – Uses an existing server running SQL Server. The installation (which has prerequisites; see the preceding system requirements) continues with the following steps in the enterprise installation section.
Express Installation
The express installation process continues as follows:
1.Accept the user information or modify it, if necessary.
2.Accept the destination folder for the installation or modify it, if necessary.
3.Click Install to begin the installation. The installation status is displayed.
4.Click Finish when the installation is complete.
Enterprise Installation
The enterprise installation process continues as follows:
1.Indicate the following:
Authentication Method – Specify whether to use Windows Integrated Security or SQL Server Authentication. Your SQL Server administrator will be able to tell you how the system was set up. If the wrong authentication type is selected, the installation will fail to log on.
Note:
If you are using Windows Integrated Security with a remote server, AEM Server requires credentials accessible to both AEM and the remote computer running SQL Server. This is only supported using AEM and SQL Server in a domain/Microsoft Active Directory® environment.
Server – The local or remote computer running SQL Server to install to. The list will display all the computers running SQL Server that could be discovered in the client’s environment. You are not limited to the entries in this list; you can enter a different server name.
Domain – This field can be ignored if you are using a local computer running SQL Server with integrated security and a local account, or if you are using SQL Server Authentication. If you are using Windows Integrated Security to connect to a remote computer running SQL Server, enter the domain in which SQL Server and AEM are located. Enter the Domain Name, not a fully qualified domain.
User – Enter the name of the user with access to the SQL Server repository.
Password – Enter the password for that user.
Test Logon – After providing the necessary credentials, you can test the logon by using the Test Logon button (provided you have “logon as batch” rights).
2.Specify the target databases in the computer running SQL Server. These are the databases created by your SQL Administrator prior to the AEM install (see above). You can confirm database access to the remote server by clicking both Check Database buttons (provided you have “logon as batch” rights).
3.Accept the user information or modify it, if necessary.
4.Accept the destination folder for the install or modify it, if necessary.
5.Click Install to begin the installation. The installation status is displayed.
6.Click Finish when the installation is complete.
Getting Started
Now that you have installed Microsoft Antigen Enterprise Manager, you should start the Console in order to familiarize yourself with it and to perform some initial configuration steps (see the Administration chapter). For more information about the console, see the "Console Overview" chapter of the Microsoft Antigen Enterprise Manager User Guide.
Launching the AEM Console
The Antigen Enterprise Manager Console is used for all configuration and deployment tasks. To start the Antigen Enterprise Manager Console locally, on the Start menu, point to All Programs, point to Microsoft Antigen Enterprise Manager, and then click Antigen Enterprise Manager Console.
To start the AEM Console remotely, open your Internet browser and enter the server name, followed by /SEMconsole. You will be prompted for the credentials you used when installing AEM. You can also connect to the local computer this way, using a server name of localhost.
Examples:
servername/ SEMconsole starting from a remote server
from the local computer
The Console is divided into two main areas: the left pane is the Navigation area that allows you to access the various AEM components. The right pane is the work area.
At a Glance
When you start the AEM Console, the right pane initially shows the activity in the last 24 hours (called At a Glance). You can instantly see a summary of traffic (the number of messages and files processed), virus statistics, spam statistics, filter statistics, the top five viruses found on your system, and the most active servers (that is, the servers that detected the most items). You can display this data at any time by clicking At a Glance in the Navigation area.
Closing the Console
AEM runs constantly, regardless of whether the Console is open. After you initiate or schedule a job, you can close the Console without affecting the operation of AEM components.
Administration
Before you use Antigen Enterprise Manager for the first time, you should perform some configuration steps.
For more detailed information on these procedures, see the “Getting Started” chapter of the Microsoft Antigen Enterprise Manager User Guide.
Adding Users
When AEM is installed, the user account used to install it (called the installation administrator) is automatically granted access. In order to perform management tasks, additional users must be added to AEM, which automatically grants them access. To add user accounts, follow these steps:
1.Click Users in the Administration section of the Navigation area. The Manage Users work pane appears.
2.Click Add Users.
3.Add local user accounts or domain accounts manually, or click Browse to select users. For domain accounts, use the format domain\username. For local user accounts, enter the user name. Multiple user names are separated by semicolons (;).
4.Click Insert Users to add all the entered or selected users. The new users will be displayed on the main Manage Users screen.
Adding Servers
You must add and configure each Antigen server to be managed. To add servers, follow these steps:
1.Click Servers in the Administration section of the Navigation area. The Manage Servers work pane appears.
2.Click Add Machines. The Add Machines work pane appears.
3.Enter the servers to add to the AEM database in the Select Machines field (or use Browse to find them). After each server has been added, click Verify to ensure that the server path was entered correctly.
4.Add the selected servers to a Server Group, if desired, with the Apply Groups field. This allows you to manage similar computers as a single unit. All new servers will be added to the Default group, unless you change the assignment here (although they can be reassigned later). For more information on Server Groups, see Adding Server Groups.
5.When you have selected all of the servers to be added, click Insert Machines. The new computers will be displayed in the main Manage Servers work pane.
Deploying Agents to Managed Servers
After you have added servers to the AEM database, you must install an Agent on each server. The Agent, the interface between AEM and a managed server, is installed as follows:
1.Select one or more servers on the Manage Servers work pane, and then click Deploy Agent.
2.Enter a User Name and Password to access the selected computers. (The indicated user must have administrative rights, either as a local administrator to the computers or as a domain administrator.) AEM begins installing the Agent on each selected server.
3.Check the status of the installation. A status update appears in a pop-up window to tell you if the installation was successful. (Note that pop-up blocking software must be disabled in order to see the status.) If you are deploying Agents to several hundred computers, you can close the Console and check the deployment status later, after the jobs have finished, by once again selecting each computer, and then clicking Deployment Status.
Adding Server Groups
You can create groups of servers to facilitate installation deployment, engine updates, or configuration. New servers added to AEM become part of the Default Server Group unless you specify otherwise. To add a new Server Group and move servers to it, follow these steps:
1.Click Server Groups in the Administration section of the Navigation area. The Manage Server Groups work pane appears, displaying the existing Server Groups structure in “tree” format.
2.Select the existing group under which you want to add the new group (server groups can be nested), and then click Add Grp. The Add Group work pane appears.
3.Enter a name for the new group, and then click Insert. The new group will be added to AEM and displayed on the Manage Server Groups work pane.
4.Move existing servers into the new group.
a.Select the group on the Manage Server Groups work pane.
b.Click Assign Servers. The Assign Servers work pane appears. Every server that you have added is listed on it, with a check box next to its name.
c.Select the servers to be assigned to the group.
d.Click Assign.
Note:
A server can be assigned to multiple groups.
Global Configuration: Notifications and Alerts
AEM must be configured for sending notifications and alerts. To do this, follow these steps:
1.Click Global Configuration in the Administration section of the Navigation area. The Global Configuration work pane appears.
2.Enter the following information:
a.SMTP Server—Enter the name of the SMTP server to use: either the computer name (in the format: computername.domain.com) or the IP address.
b.From Address—Enter an e-mail address to be used, in the From: field, for notifications and alerts.
c.Polling Interval—Set the polling interval (in minutes) for AEM to use when gathering information from the managed servers for reporting purposes. There is also a Poll Now button that you would use to instantly gather the information when running reports manually (see "Running Reports Manually").
3.Click Save to retain your work.
Job Management
The Job Management section of the Navigation area comprises the following tasks:
Packages—Work with “packages” of Antigen installation images, license files, or template files that are configured to be deployed by AEM to the managed servers. Clicking Packages displays a work pane containing a list of all existing packages. You can add new packages, as well as copy, rename, edit, and delete existing ones.
Jobs—Work with individual “jobs” for Deployment, Signature Redistribution, Schedule Report, General Options, Manual Scan, and Remote Logs Retrieval. Clicking Jobs displays a work pane containing the various categories and the existing jobs under each. You can add new jobs, as well as edit, copy, and delete existing ones; determine the status of a job; run a job immediately; and roll back some jobs.
Quarantine Manager—Manage all Quarantine databases in the enterprise. Data can be retrieved and filtered for analysis. Quarantined messages and files can be viewed, deleted, and delivered.