Author Topic: Installation and Migration Guide for Small Office Administratoin Console (SOA)  (Read 101678 times)

0 Members and 1 Guest are viewing this topic.

Che Johnson

  • Guest
avast! Small Office Administration console (SOA)

NOTE: The SOA console does NOT have to be installed on the server, and does not use conventional SQL (it uses an embedded SQL lite). Ours is running on a XP SP3 box (very light).  You may push a deployment from the console for a domain. Workgroups will not deploy, so installs either occur from users or Administrators. SOA is limited to 200 users (300 users if you use go ahead and use SQL Express 2008 R2, but this is not usually recommended)


For user guides and FAQs please refer to:

1. avast! Endpoint Protection

SOA Installation Guide - http://files.avast.com/iavs5x/setup_console_eps_full.exe

SOA User Manual - http://files.avast.com/files/documentation/small-office-administration-console-user-guide.pdf

SOA Administrator Manual - http://files.avast.com/files/documentation/soa-administrators-guide.pdf

Endpoint Protection User Guides - http://www.avast.com/download-documentation#business-products

Endpoint Protection FAQ - http://www.avast.com/FAQ/AVKB79


Helpful Information


Service Port Numbers

1. Please make sure the ports listed below are opened in the network on both the client and server side (you can use the GPO to dispatch on all machines, and make sure to reboot the machines for the changes to be applied).  avast! Small Office Administration uses the following ports:

Port for Console: 8731

Secure Port for Console: 8732

Port for Client: 25322

2. Do a discovery task to find all the machines

3. Modify the deployment package for each type of system deployment: Desktop, server, or SharePoint server. NOTE: There is only a single deployment package in SOA

Create a deployment package for each type of OS (Desktop, server)

File Servers

For servers, I will recommend to modify the components of the deployment package (create a light installation package for servers OS’s) which consists of the File System Shield only. This is usually the only real protection required for file servers and this is an industry standard best practice. This assumes that the File Server not being used as a workstation. NOTE: DO NOT use the Network Shield on servers.   SharePoint servers should add the SharePoint shield in addition to the File System Shield.  If servers are to be managed (see below), then each server type will require its own group, separate from the managed client group. If servers are NOT to be managed, then use the custom install feature to select the correct shield/shields for that server type.

Workstations

For desktop installation, I recommend to remove all the server protection modules from the deployment components, so they are not installed on the client. Note: When creating an installation package please be sure to select the server name / address in the installation package for the clients to communicate with the console after deployment.

Workstations

For desktop installation, I recommend to remove all the server protection modules from the deployment components, so they are not installed on the client. Note: When creating an installation package please be sure to select the server name / address in the installation package for the clients to communicate with the console after deployment. It is best to have the system hosting the SOA console to use a fixed IP vs. DNS name.  This will eliminate DNS issues during deployment.

 4. Start to deploy by group of 10-20 machines at once, make sure to enable the “Reboot the machine” option in the deployment task settings (this is necessary to finalize the installation process). **Important** – Before sending out an installation please be sure the mirror is up to date which you can check by going to view tab in the console and check mirror status. Once it’s up to date then you can send out the installation. (NOTE: SOA can be installed with or without mirror)

 5. After you send out an installation you may received an error code 0×00000005 which usually means access denied. This is also due when you don’t reboot the client after the initial installation so please do so and then refresh the Console. Also be sure to use the network administrative passwords or a password with full administrative rights to push the client through the network (Domain/Administrator) NOTE: All systems MUST be rebooted after deployment, so plan accordingly. 

6. If you find that when you deploy some of your clients license change or remain in the trial mode please check to be sure you’re not over your license count in which case you will have a “KEY” icon over the PC. Please note the total sum of your license count is Computers with Agent + Computers without Agent = License Count. So if you have old clients in the Active Directory that will not receive the installation package, please delete them from your lists and this should resolve your issue.

7. If you find that you will be over your estimated license count or current license please contact us for remedy.

NOTE: When you are deploying, Enable the Admin Shares. Windows XP systems should have File/Printer sharing DISABLED. Windows 7/Vista systems should have File/Printer sharing ENABLED

WORKGROUP VS ACTIVE DIRECTORY

You may push a deployment from the console for a domain. Workgroups will not deploy, so installs either occur from users or Administrators.

ACTIVE DIRECTORY

If using Active Directory you can easily create an installation package to push the client remotely through the network with Network Administrator password and in the Deploying Group. The Endpoint client will remove existing installation of avast! 4 only.  Any other avast! version or other anti-virus should be un-installed prior to Endpoint deployment.

WORKGROUP

If using a Workgroup you can only DEPLOY remotely (no push deployments from your console)  We recommend to create the installation package manually and send it via email to each client or install it separately via USB Flash disk to manually install it on each client. Once the client has been installed only then will it be detected in the Console.  The Endpoint client will remove existing installation of avast! 4 only.  Any other avast! version or other anti-virus should be un-installed prior to Endpoint deployment.

NOTE: Windows File and Printer Sharing must be enabled so avast! can create the necessary directories!  ALSO, all systems need to be rebooted after installation, so plan accordingly!

Migration from 4.8 to Version 7

A.   From avast! ADNM v4.8 to avast! ASOA v7

This scenario is similar to the scenario ADNM v4.8 to AEA v7 so, you just need to:

- Install the ASOA v7 Console on the same machine or on another one.
- Do a discovery job to find the machines which are already running the v 4.8 managed clients
- Do a remote deployment on these machines *(Basically the deployment will detect the old 4.8 version and remove it automatically before installing the new version 7)
- Finally remove the ADNM v 4.8 and its database

B.   From avast! BP/BPP v6 to avast! ASOA v7

Here you can decide to install the ASOA v7 console on the same machine as the BP/BPP v6 Console or install it on another one.

- If you decide to install the ASOA v7 on the same machine as the previous BP/BPP v6
- The installer will just upgrade the BP/BPP v6 to the ASOA v7
• Note that in this choice the same database will be used instead of the integrated one which comes with the ASOA v7.
- The clients with BP/BPP v6 installed will be connected automatically to the console
- Run a deployment job to upgrade the clients to the version 7

(This SOA Installation guide was created by myself internal Technical Avast Specialist and Platinum Reseller J.R. Gunthrie of Advantage Micro Corporation.  The intent of this forum page is to help those during the installation of version 7 Endpoint Protection in their environment.)

Sincerely,

J.R.  Guthrie
Advantage Micro Corporation

Che Johnson
avast! Moderator
« Last Edit: June 28, 2013, 01:38:59 PM by Che Johnson »

Offline avmaksimov

  • Jr. Member
  • **
  • Posts: 27
Please, make SOA for Server 2012 x64. We are small company and AEA is not proper decision for us.

Che Johnson

  • Guest
Version 8 is available in beta on the forum which installs on 2012. I recommend to install that.

http://forum.avast.com/index.php?topic=124245.0

Offline claudiuc

  • avast! Security Expert
  • Avast Reseller
  • Sr. Member
  • *
  • Posts: 282
  • www.avastantivirus.ro
    • www.avastantivirus.ro
Please make this topic sticky :)
Claudiu C. - Easy Media
Avast & AVG Distributor Romania, Moldova, Hungary
https://www.avastantivirus.ro/

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
I am using EPS ver. 7 on my Server 2012, File System Shield only, un-managed, and it's working perfectly!
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

Che Johnson

  • Guest
Yes, but you can't manage it which is the problem. Version 8 you can.

cgarcia

  • Guest
Is there a migration guide from SOA version 7 to version 8 from one server to another? I followed the links in the first posting and downloaded the files, and there was nothing on migration only new deployments. Any help would be appreciated.

Thanks,

Chris

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Dear Chris,

Version 8 does not always go over the top of version 7 and work cleanly everytime.  Here is what I am planning for next week (final version EPSP ver. 8)

1) Deploy an uninstall to managed WS (and reboot)
2) Upgrade over SOA from ver. 7 to ver. 8
3) Deploy ver. 8

This should be the cleanest path. I do NOT believe that the avast! installer will remove the old client until ver. 9!


Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

nannunannu

  • Guest
I do NOT believe that the avast! installer will remove upgrade the old client until ver. 9!

This would be a terrible oversight.  Please confirm that this is not true.  :(

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
I have been fighting for this this for years.  The installer needs to remove the old version, prior to installing the new version. The ver. 7 installer will only remove version 4, NOT 5, 6, 7, or 8.  I believe the ver. 8 installer is exactly the same. The version 9 installer should be able to remove any / all avast! versions, but this statement is a vaporware staement, so it is not set in stone either. To the best of my knowledge, this is the way I believe things to shake out here. I could be wrong, as I have not been to Prague this year.



Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

nannunannu

  • Guest
I have been fighting for this this for years.  The installer needs to remove the old version, prior to installing the new version. The ver. 7 installer will only remove version 4, NOT 5, 6, 7, or 8.

We had a non-trivial number of v6 machines get into a funky state that required manual intervention where the GUI was still v6 but the engine was v7 but refused to self update definitions or engine updates...  However the slight majority of our machines upgraded from v6 to v7 automatically. 

IE - the behavior we experienced is not completely consistant with what you describe.  Though; admittedly we have seen a lot of machines stuck on "Please wait..." with v7...  So, there you go...  :)

Can someone please confirm what should happen?

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
We have found that Win 7 systems were much more forgiving than Win XP systems.  I had a boatload of systems, upgrdaded from avast! 7 Pro, to 8 Pro, that no longer functioned till ASWCLEAR.

We tried this with EPSP RC and our Win 7 machine and got the "not fully protected"  So, fix now got a BSOD. So, ASWCLEAR again!


Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

Offline Avosec-UK

  • Avosec Technical Support
  • Avast Reseller
  • Sr. Member
  • *
  • Posts: 296
    • Avosec
Do you disable the self-defense module before rolling out a new version?

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
No, sir.

avast! Endpoint Protection version 8 Final Release, download here:

Downloads - http://www.avast.com/en-us/download-trial-business#tab3

Business Client - version 8.0.1490
New User Interface
Compatible with Windows 8 and Windows 2012 Support for Exchange 2013 and Sharepoint 2013 Improved Autosandbox/Sandbox technology Improved General AV performance and stability Software Health module (custom installation) Remote Assistance

Administration Console
AEA Consoles - version 8.0.355
Compatible with Windows 8 and Windows 2012 Global exclusions

SOA Consoles - version 1.3.2
Compatible with Windows 8 and Windows 2012 Global exclusions




Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

 
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

nannunannu

  • Guest
We have found that Win 7 systems were much more forgiving than Win XP systems.  I had a boatload of systems, upgrdaded from avast! 7 Pro, to 8 Pro, that no longer functioned till ASWCLEAR.

We tried this with EPSP RC and our Win 7 machine and got the "not fully protected"  So, fix now got a BSOD. So, ASWCLEAR again!

Honestly, if the console message that obsolete clients are still in use on your network had a "fix it!" button that scheduled a new job, to silent deploy, with the force reinstall (existing) option set, scheduled imediately, with the selected computers already populated via the list that show up in the console message...  That would probably solve 99% of the deployment issues. 

In doing some experimentation, that job with the forced reinstall, worked for most of my problem cases.  YMMV.

I just wish that instead of giving the user a rather unfriendly - your system will now restart - message, with no real opportunity to save work before it is lost, there was a more friendly way of doing the "forced" restart.  I'd suggest a 4 or 5 minute timer on that message window (your computer will restart in n:nn, please save your work) with either a "postpone" or "restart" button instead of the it will happen message with an "ok" button.  Unattended machines will restart after the timer reaches 0:00, machines with users in the middle of something can save and hit reboot, or hit postpone, and have the message show up again in 5, 10 or 15 minutes, until they are ready to take a break and let the computer restart.