|
Centralized Management
Health care provider keeps client PCs updated and secure with integrated system from Microsoft.
Allina Hospitals & Clinics, a large collection of Minnesota hospitals and doctor practices based in Minneapolis, was looking for a better way to keep its client PCs updated with the most current OS patches and virus signatures. The organization also wanted to ensure that patient data was protected, given that its offices are spread out across the state.
Allina chose both the Microsoft Forefront Client Security and Enterprise Manager, and has been using the products for nearly two years with more than 20,000 clients connecting to a single policy server. Microsoft has marketed Forefront as its first Network Access Protection (NAP) implementation; Forefront combines several security applications, including antivirus/antispam, desktop patch management and policy enforcement.
Interestingly, all the clients are running just Windows XP with SP2. Allina is a big Microsoft shop, running Windows Servers, Active Directory, Operations Manager and other products. Even with all this Microsoft infrastructure, the organization still needed to add a Windows 2008 Server to handle the NAP services (they are not supported on earlier Windows Server versions) and change some Active Directory group policies, but it wasn't all that onerous. According to IT staff, the initial policy and server deployment took less than two work days.
"Forefront uses the knowledge of the virus signatures that you have and gives you a full picture of what critical updates are available, which gives you better visibility of your security," says Brad Myrvold, manager of desktop technology for Allina.
Before installing Forefront, hospital IT staff members tried a variety of antivirus solutions from CA, Symantec and McAfee but weren't satisfied for several reasons. Signature updates took too long to complete acro...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ss the wide network, in some cases completely tying up network bandwidth. They also found these solutions difficult to centrally manage, and they didn't integrate well with AD policies. Before deploying Forefront, security policy updates required changes in three different systems. Now there is a single place to manage all the policies.
"By using Forefront, we have eliminated tracking down workstations that bring infections into our test and dev environments," Myrvold says.
"I can enforce hotfixes, virus protection and firewalls all from the same console and series of group policies."
Perhaps the most interesting point about this installation was when Allina's IT staff first ran Forefront. They found more than 500 infected PCs that required remediation. "A few of them needed to be reimaged, and most could be handled with automated tools and didn't need to be rebooted," says Myrvold. The IT staff wanted to disrupt users as little as possible and also wanted to use automated tools to fix the problems.
There were some scalability concerns since Microsoft recommended no more than 10,000 clients per server, but "understanding the effect of various configuration options" helped Allina address them, Myrvold says.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Implementor Brad Myrvold, manager of desktop technology
Company Allina Hospitals & Clinics
Size of deployment 23,000 clients
Problem/solution Multiple update sources and antivirus consoles consolidated into a centralized management tool
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
|
 |
|
