avast! Small Office Administration console (SOA)
NOTE: The SOA console does NOT have to be installed on the server, and does not use conventional SQL (it uses an embedded SQL lite). Ours is running on a XP SP3 box (very light). You may push a deployment from the console for a domain. Workgroups will not deploy, so installs either occur from users or Administrators. SOA is limited to 200 users (300 users if you use go ahead and use SQL Express 2008 R2, but this is not usually recommended)
For user guides and FAQs please refer to:
1. avast! Endpoint Protection
SOA Installation Guide - http://files.avast.com/iavs5x/setup_console_eps_full.exe
SOA User Manual - http://files.avast.com/files/documentation/small-office-administration-console-user-guide.pdf
SOA Administrator Manual - http://files.avast.com/files/documentation/soa-administrators-guide.pdf
Endpoint Protection User Guides - http://www.avast.com/download-documentation#business-products
Endpoint Protection FAQ - http://www.avast.com/FAQ/AVKB79
Helpful Information
Service Port Numbers
- Please make sure the ports listed below are opened in the network on both the client and server side (you can use the GPO to dispatch on all machines, and make sure to reboot the machines for the changes to be applied). avast! Small Office Administration uses the following ports:
Port for Console: 8731
Secure Port for Console: 8732
Port for Client: 25322
-
Do a discovery task to find all the machines
-
Modify the deployment package for each type of system deployment: Desktop, server, or SharePoint server. NOTE: There is only a single deployment package in SOA
Create a deployment package for each type of OS (Desktop, server)
File Servers
For servers, I will recommend to modify the components of the deployment package (create a light installation package for servers OS’s) which consists of the File System Shield only. This is usually the only real protection required for file servers and this is an industry standard best practice. This assumes that the File Server not being used as a workstation. NOTE: DO NOT use the Network Shield on servers. SharePoint servers should add the SharePoint shield in addition to the File System Shield. If servers are to be managed (see below), then each server type will require its own group, separate from the managed client group. If servers are NOT to be managed, then use the custom install feature to select the correct shield/shields for that server type.
Workstations
For desktop installation, I recommend to remove all the server protection modules from the deployment components, so they are not installed on the client. Note: When creating an installation package please be sure to select the server name / address in the installation package for the clients to communicate with the console after deployment.
Workstations
For desktop installation, I recommend to remove all the server protection modules from the deployment components, so they are not installed on the client. Note: When creating an installation package please be sure to select the server name / address in the installation package for the clients to communicate with the console after deployment. It is best to have the system hosting the SOA console to use a fixed IP vs. DNS name. This will eliminate DNS issues during deployment.
-
Start to deploy by group of 10-20 machines at once, make sure to enable the “Reboot the machine” option in the deployment task settings (this is necessary to finalize the installation process). Important – Before sending out an installation please be sure the mirror is up to date which you can check by going to view tab in the console and check mirror status. Once it’s up to date then you can send out the installation. (NOTE: SOA can be installed with or without mirror)
-
After you send out an installation you may received an error code 0×00000005 which usually means access denied. This is also due when you don’t reboot the client after the initial installation so please do so and then refresh the Console. Also be sure to use the network administrative passwords or a password with full administrative rights to push the client through the network (Domain/Administrator) NOTE: All systems MUST be rebooted after deployment, so plan accordingly.
-
If you find that when you deploy some of your clients license change or remain in the trial mode please check to be sure you’re not over your license count in which case you will have a “KEY” icon over the PC. Please note the total sum of your license count is Computers with Agent + Computers without Agent = License Count. So if you have old clients in the Active Directory that will not receive the installation package, please delete them from your lists and this should resolve your issue.
-
If you find that you will be over your estimated license count or current license please contact us for remedy.
NOTE: When you are deploying, Enable the Admin Shares. Windows XP systems should have File/Printer sharing DISABLED. Windows 7/Vista systems should have File/Printer sharing ENABLED
WORKGROUP VS ACTIVE DIRECTORY
You may push a deployment from the console for a domain. Workgroups will not deploy, so installs either occur from users or Administrators.
ACTIVE DIRECTORY
If using Active Directory you can easily create an installation package to push the client remotely through the network with Network Administrator password and in the Deploying Group. The Endpoint client will remove existing installation of avast! 4 only. Any other avast! version or other anti-virus should be un-installed prior to Endpoint deployment.
WORKGROUP
If using a Workgroup you can only DEPLOY remotely (no push deployments from your console) We recommend to create the installation package manually and send it via email to each client or install it separately via USB Flash disk to manually install it on each client. Once the client has been installed only then will it be detected in the Console. The Endpoint client will remove existing installation of avast! 4 only. Any other avast! version or other anti-virus should be un-installed prior to Endpoint deployment.
NOTE: Windows File and Printer Sharing must be enabled so avast! can create the necessary directories! ALSO, all systems need to be rebooted after installation, so plan accordingly!
Migration from 4.8 to Version 7
A. From avast! ADNM v4.8 to avast! ASOA v7
This scenario is similar to the scenario ADNM v4.8 to AEA v7 so, you just need to:
- Install the ASOA v7 Console on the same machine or on another one.
- Do a discovery job to find the machines which are already running the v 4.8 managed clients
- Do a remote deployment on these machines *(Basically the deployment will detect the old 4.8 version and remove it automatically before installing the new version 7)
- Finally remove the ADNM v 4.8 and its database
B. From avast! BP/BPP v6 to avast! ASOA v7
Here you can decide to install the ASOA v7 console on the same machine as the BP/BPP v6 Console or install it on another one.
- If you decide to install the ASOA v7 on the same machine as the previous BP/BPP v6
- The installer will just upgrade the BP/BPP v6 to the ASOA v7
• Note that in this choice the same database will be used instead of the integrated one which comes with the ASOA v7. - The clients with BP/BPP v6 installed will be connected automatically to the console
- Run a deployment job to upgrade the clients to the version 7
(This SOA Installation guide was created by myself internal Technical Avast Specialist and Platinum Reseller J.R. Gunthrie of Advantage Micro Corporation. The intent of this forum page is to help those during the installation of version 7 Endpoint Protection in their environment.)
Sincerely,
J.R. Guthrie
Advantage Micro Corporation
Che Johnson
avast! Moderator
