The AEA console is required when managing 200+ systems. This Enterprise console is the most powerful anti-virus management tool we have. The avast! AEA console can support tens of thousands of clients. This is achieved through support of multiple avast! Enterprise Administration Servers (AEAS). The AEAS is a mirror of an avast! update server, and each AEAS can manage up to 1000 systems. The AEA console then can manage many AEAS. However, full SQL is required for the “Replication Service” to support multiple AEAS (to support 1000+ clients) There is no migration path currently that will use the existing database from ADNM.
For user guides and FAQs please refer to:
1. avast! Endpoint Protection
Enterprise Administration Console Installation Guide - http://files.avast.com/iavs5x/setup_enterprise_eps.exe
Endpoint Protection User Guides - http://www.avast.com/download-documentation#business-products
Enterprise Administration Required Ports - http://www.avast.com/FAQ/AVKB79#idt_18
Enterprise Administration Console User Manual - http://files.avast.com/files/documentation/enterprise-administration-user-guide.pdf
Endpoint Protection FAQ - http://www.avast.com/FAQ/AVKB79
Installing and configuring Microsoft SQL Server 2008 R2 Express - http://www.avast.com/FAQ/AVKB74
Helpful Information
NOTE: You may push a deployment from the console for a domain. Workgroups will not deploy, so installs either occur from users or administrators.
Service Port Numbers
- Please make sure the ports listed below are opened in the network on both the client and server side (you can use the GPO to dispatch on all machines, and make sure to reboot the machines for the changes to be applied). avast! Small Office Administration uses the following ports:
Mirror 16135
Client communication port 16136
Client communication port, push requests 16139
SSL communication port console 16138
UDP information port 16133
Standard RPC, NETBIOS and SMB TCP ports for remote deployment 135, 139, 445
Standard NETBIOS UDP ports for remote deployment 137, 138
-
When installing the Enterprise Administration Console please make sure to install a MS SQL 2008 R2 as standalone, not from the installation process, so later you can connect the EA to it (best practice)
-
Do a discovery task to find all the machines
-
Create a deployment package for each type of system deployment: Desktop, Server, Sharepoint, Exchange, etc.
Create a deployment package for each type of OS (Desktop, server)
File Servers
For servers, I will recommend to modify the components of the deployment package (create a light installation package for servers OS’s) which consists of the File System Shield only. This is usually the only real protection required for file servers and this is an industry standard best practice. This assumes that the File Server not being used as a workstation. NOTE: DO NOT use the Network Shield on servers. SharePoint servers should add the SharePoint shield in addition to the File System Shield. If servers are to be managed (see below), then each server type will require its own group, separate from the managed client group. If servers are NOT to be managed, then use the custom install feature to select the correct shield/shields for that server type.
Workstations
For desktop installation, I recommend to remove all the server protection modules from the deployment components, so they are not installed on the client. Note: When creating an installation package please be sure to select the server name / address in the installation package for the clients to communicate with the console after deployment.
Workstations
For desktop installation, I recommend to remove all the server protection modules from the deployment components, so they are not installed on the client. Note: When creating an installation package please be sure to select the server name / address in the installation package for the clients to communicate with the console after deployment. It is best to have the system hosting the SOA console to use a fixed IP vs. DNS name. This will eliminate DNS issues during deployment.
-
Start to deploy by group of 10-20 machines at once, make sure to enable the “Reboot the machine” option in the deployment task settings (this is necessary to finalize the installation process). Important – Before sending out an installation please be sure the mirror is up to date which you can check by going to view tab in the console and check mirror status. Once it’s up to date then you can send out the installation. (NOTE: SOA can be installed with or without mirror)
-
After you send out an installation you may received an error code 0×00000005 which usually means access denied. This is also due when you don’t reboot the client after the initial installation so please do so and then refresh the Console. Also be sure to use the network administrative passwords or a password with full administrative rights to push the client through the network (Domain/Administrator) NOTE: All systems MUST be rebooted after deployment, so plan accordingly.
-
If you find that when you deploy some of your clients license change or remain in the trial mode please check to be sure you’re not over your license count in which case you will have a “KEY” icon over the PC. Please note the total sum of your license count is Computers with Agent + Computers without Agent = License Count. So if you have old clients in the Active Directory that will not receive the installation package, please delete them from your lists and this should resolve your issue.
-
If you find that you will be over your estimated license count or current license please contact us for remedy.
-
If you need to install or update to a 2008 R2 SQL please click on the link below.
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1286&nav=0,1,23,727 -
The DEFAULT PASSWORD for the EA Console is ADMIN. This of course can be changed after installing.
NOTE: When you are deploying, Enable the Admin Shares. Windows XP systems should have File/Printer sharing DISABLED. Windows 7/Vista systems should have File/Printer sharing ENABLED
WORKGROUP VS ACTIVE DIRECTORY
You may push a deployment from the console for a domain. Workgroups will not deploy, so installs either occur from users or Administrators.
ACTIVE DIRECTORY
If using Active Directory you can easily create an installation package to push the client remotely through the network with Network Administrator password and in the Deploying Group. The Endpoint client will remove existing installation of avast! 4 only. Any other avast! version or other anti-virus should be un-installed prior to Endpoint deployment.
WORKGROUP
If using a Workgroup you can only DEPLOY remotely (no push deployments from your console) We recommend to create the installation package manually and send it via email to each client or install it separately via USB Flash disk to manually install it on each client. Once the client has been installed only then will it be detected in the Console. The Endpoint client will remove existing installation of avast! 4 only. Any other avast! version or other anti-virus should be un-installed prior to Endpoint deployment.
NOTE: Windows File and Printer Sharing must be enabled so avast! can create the necessary directories! ALSO, all systems need to be rebooted after installation, so plan accordingly!
Migration from 4.8
For those of you that have previously used ADNM (previous version 4 of the Enterprise console with blue icon), you already know 90% of AEA, as it is the same reliable code from ADNM. There are very few differences, such as the combining of Computer Catalog and Task Management modules into the same location. During installation, you are prompted for choice of SQL 2008 R2 Express (to be installed with AEA), or use an existing installation of SQL. If you have either SQL 2005 or SQL 2008, you then can use same SQL instance, but a NEW database will be required (SQL 2008 is preferred). Both ADNM and AEA can coexist simultaneously. During a push Deployment, the Endpoint client installation will uninstall existing avast net clients from avast! version 4 ONLY. If any other version of avast! or other anti-virus is present, then these products will need to be removed prior to an avast! deployment. The Endpoint client will require a reboot after installation, so be prepared for this.
A. From avast! ADNM v4.8 to avast! AEA v7
In this scenario, as the AEA v7 is NOT using the same database NOR the same installation folder as the ADNM v4.8, you just need to:
- ** Most Important, prior to installing the AEA you need to run a uninstall task with the current ADNM and remove 4.8 from the clients
- Install the AEA v7 Console on the same machine or on another one.
- Do a discovery task to find the machines which are already running the v 4.8 managed clients
- Do a remote deployment on these machines *(Basically the deployment will detect the old 4.8 version and remove it automatically before installing the new version 7)
- Finally remove the ADNM v 4.8 and its database
This AEA Installation guide was created by myself internal Avast Specialist and Platinum Reseller J.R. Gunthrie of Advantage Micro Corporation. The intent of this forum page is to help those during the installation of version 7 Endpoint Protection in their environment.)
Sincerely,
J.R. Guthrie
Advantage Micro Corporation
Che Johnson
avast! Moderator