Forefront Client Security Architecture

Forefront Client Security (FCS) servers take one or more of four specific roles, each supported by several other Microsoft products or OS components. Shown here is a large installation where the four roles are played by separate physical servers. The four roles are as follows:

Management, which enables administrators to set the policy for protected clients and monitor a dashboard of status information.

Distribution, which enables administrators to get the latest signature files from Microsoft and distribute them to the protected clients. The Windows Server Update Services (WSUS) software update service distributes the files.

Collection, which collects status information from the scanning agent, using a customized version of the Operations Manager monitoring product.

Reporting, which enables administrators to produce standard and customized reports on the status of protected clients, using SQL Server Reporting Services.

Protected clients run Windows Update client to get the latest signature files from WSUS and a unified version of the Microsoft Malware Protection engine and the Operations Manager agent to check the protected client for malicious software or security policy violations and report status of the scans. The standard Windows Group Policy mechanism and Active Directory are used to control client configuration. SQL Server stores other data used by FCS.